Antivirus for S3 buckets

Available in the AWS Marketplace
Home - FAQ - Setup Guide - Update Guide - Add-Ons

Setup Guide

If you have an existing VirusScan for Amazon S3 stack, read the Update Guide instead!

1. Subscribe to the product in AWS Marketplace

Go to the AWS Marketplace. Click on Continue to Subscribe.

Step 1

Click on Accept Terms.

Step 2

The subscription is now Pending.

Step 3

Wait until the subscription is active and click on Continue to Configuration.

Step 4

We provide three Fulfillment Options:

  • Dedicated public VPC (recommended)
    This is the most cost-efficient option where the network setup is included.
  • Dedicated private VPC
    The EC2 instances run in private subnets. The traffic to scan files is routed through Gateway VPC Endpoint and Interface VPC Endpoints (additional traffic charges apply). Other traffic is routed via NAT Gateways (additional traffic charges apply). We recommend this option only if your internal security guidelines require it.
  • Existing VPC
    Only for experienced AWS users. You can deploy VirusScan for Amazon S3 into an existing VPC. Ensure that the AWS API is accessible and update-sites for ClamAV® can be reached.

The Region you select must match with the region of your S3 buckets. If you use S3 buckets in multiple regions, repeat the setup for each region. Click on Continue to Launch.

Step 5

Choose the Action Launch CloudFormation and click on Launch.

Step 6

You are redirected to CloudFormation. Click on Next.

Step 7

Set a Stack name (e.g., s3-virusscan). Under Required Parameters, set the KeyName to an EC2 Key Pair. You can skip the rest of the parameters and go with the defaults (recommended).

Step 8

Scroll to the bottom of the page and click on Next.

Step 9

Scroll to the bottom of the page and click on Next.

Step 10

Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources and click on Create.

Step 11

The stack status is CREATE_IN_PROGRES. Reload the table from time to time and ...

Step 12

... wait until the CloudFormation stack status switches to CREATE_COMPLETE.

Step 13

You can continue to configure your S3 buckets.

2. Configure your S3 buckets

In the AWS S3 Management Console, click on the bucket you want to connect to VirusScan for Amazon S3. Make sure the bucket's region matches the VirusScan for Amazon S3 region.

Step 1

Click on the Properties tab.

Step 2

Scroll down to the Advanced Settings and click on Events.

Step 3

Click on Add notification.

Step 4

Set a Name (e.g., s3-virusscan), select the All objects create events, and set Send to SQS Queue. Select the SQS queue that has ScanQueue in the name (NOT DealLetterQueue). Click on Save.

Done! Upload a file to test the configuration. Select the uploaded file and click on Properties.

Step 6

Click on Tags.

Step 7

Within a few seconds, the s3-virusscan tag is added with the scan result (reload the page if needed).

Step 8

That's it. From now on, each file that gets uploaded to your S3 bucket is scanned for trojans, viruses, and malware automatically. Continue to configure alerting for infected files.

3. Alerting for infected files

Check out the CloudWatch Dashboard for full visibility into VirusScan for Amazon S3.

If you want to receive an email for every infected file, click here.

If you want to receive an email if infected files are found, click here.

So far, files are scanned when they are uploaded. Continue to configure regular scan intervals.

4. Scan at regular intervals

If you want to scan all files in a bucket at regular intervals, you have to install our Scan bucket at regular intervals Add-On.