Update Guide

We regularly release new bucketAV versions to add features, improve performance, or patch vulnerabilities (see our release notes). The latest versions are:

  • bucketAV powered by ClamAV®: v2.19.0
  • bucketAV powered by Sophos®: v2.11.0

bucketAV supports updates without downtime. You don’t need to be afraid of updating bucketAV, even when files are scanned.

Quick Update (#)

Requires bucketAV powered by ClamAV® version >= 2.15.0 or bucketAV powered by Sophos® version >= 2.5.0. If you are using an older version, perform a manual update instead.

  1. Visit the AWS CloudWatch Management Console.
  2. Navigate to Dashboards.
  3. Select the dashboard starting with the name bucketav followed by the name of the AWS region—for example, bucketav-eu-west-1. Step 1
  4. Find the Update tile. Click the Update button. If there is no Update tile in your dashboard, perform a manual update. Step 2
  5. You are redirected to AWS CloudFormation. Click on Next. Step 3
  6. Scroll to the bottom of the page and click on Next. Step 4
  7. Scroll to the bottom of the page and click on Next. Step 5
  8. Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack. Step 6
  9. While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and … Step 7
  10. … wait until the CloudFormation stack status switches to UPDATE_COMPLETE. Step 8

You are done!

Manual Update (#)

Before you update bucketAV to the latest version, you need to find out the current version, engine, and fulfillment option (aka delivery method) you are using.

  1. Visit the AWS CloudFormation Console
  2. Ensure that you are in the correct region.
  3. Navigate to Stacks.
  4. Click on the bucketAV stack (if you followed the docs, the name is bucketav).
  5. Click on the Outputs tab.
  6. The output Engine shows clamav or sophos. In case, the output Engine is missing, you are running clamav.
  7. The output Version shows the current version of bucketAV.
  8. The output FulfillmentOption shows the fulfillment option.

Afterwards, pick the Amazon S3 URL of the matching CloudFormation template from the following table.

EngineFulfillment OptionAmazon S3 URL
ClamAVdedicated-public-vpchttps://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/39d58953-9c3f-4b5d-a00c-3df2aa282f32.1cdaf217-cae8-4fa0-12b1-b3acfd278bdb.template Copy
ClamAVdedicated-private-vpchttps://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/39d58953-9c3f-4b5d-a00c-3df2aa282f32.59c1a761-cd88-4ae6-c3a9-4fe3a42dc4de.template Copy
ClamAVshared-vpchttps://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/39d58953-9c3f-4b5d-a00c-3df2aa282f32.82af3a3c-26a5-4a6e-cfa0-3260ab1a4bec.template Copy
Sophosdedicated-public-vpchttps://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/2b307b6c-8135-4f39-a086-880f7f3ed25e.e161131a-77d8-4967-7887-62860704ce0a.template Copy
Sophosdedicated-private-vpchttps://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/2b307b6c-8135-4f39-a086-880f7f3ed25e.9f44da9d-4754-4902-ba80-945bc79c084f.template Copy
Sophosshared-vpchttps://s3.amazonaws.com/awsmp-fulfillment-cf-templates-prod/2b307b6c-8135-4f39-a086-880f7f3ed25e.728f6884-a74e-4030-ffa3-85ad54b4c2cd.template Copy

In case the current version is 1.x, follow the Migration Steps first!

When upgrading to bucketAV with engine ClamAV, fullfillment option dedicated-private-vpc, and version <=2.13.0 expect an increase of VPC costs by about $68/month, as we replaced the NAT Gateway with 7 VPC Endpoints to enhance network security.

Next, you are ready to update bucketAV.

  1. Select the bucketAV stack (e.g., bucketav) and press the Update button. Step 1
  2. Select Replace current template and paste the Amazon S3 URL that you picked above. Step 2
  3. Click on Next.
  4. Scroll to the bottom of the page and click on Next. Step 3
  5. Scroll to the bottom of the page and click on Next. Step 4
  6. Scroll to the bottom of the page, enable I acknowledge that AWS CloudFormation might create IAM resources, and click on Update stack. Step 5
  7. While the update runs, the stack status is UPDATE_IN_PROGRES. Reload the table from time to time and … Step 6
  8. … wait until the CloudFormation stack status switches to UPDATE_COMPLETE. Step 7

You are done!

Migration Steps (#)

v1 to v2 (#)

  • The product was renamed from VirusScan for Amazon S3 to bucketAV - Antivirus for Amazon S3.
  • EC2 instances now run on spot capacity. Set the CapacityStrategy configuration parameter to OnDemandOnly to launch on-demand instances as before (more expensive).
  • The parameter configuration VolumeSize was removed. No action is needed.
  • The SNS message subject changed from s3-virusscan s3://${BUCKET_NAME} to bucketAV Scan Result for S3 Bucket ${BUCKET_NAME}. No topic subscriber should rely on the subject.
  • The configuration parameter TagKey now defaults to bucketav (previously s3-virusscan) for new installations. You can change the default if needed.
  • If the configuration parameter OpsCenterIntegration is set to true, the source in Ops Items changes from s3-virusscan to bucketAV.
  • Add-Ons
    • The configuration parameter S3VirusScanStackName changed to BucketAVStackName.

v1.3 to 1.4 (#)

If you use bucketAV in a Multi-Account setup, please allowlist all accounts by adding them (comma separated) to the AWSAccountRestriction configuration parameter.

Stay up-to-date

Monthly digest of security updates, new capabilities, and best practices.