S3 Virus Scan and Malware Protection Step-by-Step Guide
Do users or 3rd party systems upload data to your S3 buckets? How do you ensure that viruses, trojans, ransomware and other kinds of malware are detected before causing harm?
Besides sharing our learnings about all things AWS at cloudonaut, we’re building bucketAV, a solution to protect Amazon S3 and Cloudflare R2 from viruses and malware.
This is the first part of our series Made by cloudonaut where we present the solutions we are building: bucketAV, attachmentAV, HyperEnv, and marbot.
Video: S3 Virus Scan Step-by-Step Guide
Check out our video, where we walk you through the steps required to protect your S3 buckets from viruses and malware.
Why protect S3 with an antivirus solution?
We started bucketAV back in 2015 because one of our consulting clients had the need to scan files uploaded by users for viruses and malware, before publishing them on their website. Most traditional antivirus solutions scan file systems but don’t come with the ability to scan an object store, like bucketAV.
Besides that, here is a list with the main use cases where you should consider protecting your S3 buckets with an antivirus solution:
- User-generated content
- Comply with industry standards
- Incoming files from 3rd party data providers
- File storage of users and customers
- Content and software distribution
Next, let me explain the architecture of our antivirus solution.
Architecture: Fault-Tolerant, Cost-Effective, Scalable
When designing the architecture for bucketAV, we had the following goals in mind:
- Fault Tolerance
- Cost Effectiveness
- Scalability
- Security
The architecture consists of the following building blocks:
- S3 buckets stores files that need to be scanned.
- S3 Event Notifications, or EventBridge is used to trigger real-time scan jobs.
- SQS queue to receive and store scan jobs.
- Auto-scaling group to manage a fleet of EC2 instances.
- EC2 instance runs bucketAV and the antivirus engine (ClamAV/Sophos).
- SNS topic to notify add-ons and humans about the scan results.
You might wonder why we use EC2 instead of Lambda or Fargate. The short answer: EC2 is cost-efficient and provides the best performance. The long answer is: Why does bucketAV use EC2 to protect S3 from malware?.
Try bucketAV
Protect Amazon S3 from viruses, trojans, ransomware, and other kinds of malware. Get started with a free trial today!
Andreas Wittig
I’ve been building on AWS since 2012 together with my brother Michael. We are sharing our insights into all things AWS on cloudonaut and have written the book AWS in Action. Besides that, we’re currently working on bucketAV, attachmentAV, HyperEnv, and marbot.
Here are the contact options for feedback and questions.