S3 virus and malware alerting powered by bucketAV

Michael Wittig – 12 Feb 2021

Allowing users to upload files to S3 is risky. You have to ensure that malicious files like a virus or malware are not distributed to other users. Therefore, we recommend an antivirus solution such as bucketAV.

S3 virus and malware alerting

As soon as a virus is detected, your team is notified in Slack or Microsoft Teams by marbot. Let’s get started.


  1. Install bucketAV - Antivirus for Amazon S3.
  2. Add marbot to Slack or Microsoft Teams.
  3. Invite marbot to a channel.
  4. Send @marbot What is my endpoint id? to the channel.
  5. Copy the returned URL (e.g., https://api.marbot.io/v1/endpoint/YOUR_ENDPOINT_ID).
  6. Visit the Amazon SNS Console.
  7. Ensure that you are in the correct region.
  8. Navigate to Topics.
  9. Search for the FindingsTopic and click on the found topic.
  10. Click on the Create Subscription button.
  11. Set Protocol to HTTPS.
  12. Set Endpoint to the URL returned by marbot.
  13. Set Subscription filter policy to:

    {"status": ["infected", "no"]}
  14. Click on the Create subscription button to save.
    bucketAV Setup

That’s it. New findings are reported to Slack or Microsoft Teams like this:

bucketAV Alert

Michael Wittig

Michael Wittig

Consultant focusing on Amazon Web Services (AWS). Entrepreneur building marbot.io. Author of Amazon Web Services in Action, Rapid Docker on AWS, and cloudonaut.io.

You can contact me via Email, Twitter, and LinkedIn.

Published on

marbot teaser

Chatbot for AWS Monitoring

Configure monitoring for Amazon Web Services: CloudWatch, EC2, RDS, EB, Lambda, and more. Receive and manage alerts via Slack. Solve incidents as a team.

Add to Slack
Microsoft Teams
Add to Teams