Virus and Malware Scan API (Self-hosted on AWS): Security
All files are scanned on EC2 instances (virtual machines) that run in your AWS account. All infrastructure runs in your AWS account. Only the virus database is fetched from our servers. We don’t have access to your data and infrastructure.
We configure attachmentAV in a way to protect your data. The following describes what we do to protect your data on the network (in transit) and when data is persisted (at rest).
In transit (#)
All network communication is TLS encrypted.
If you deploy attachmentAV into an existing VPC and set the EndpointType configuration parameter to
INTERNAL
the deployed API is not TLS encrypted.
At rest (#)
All data is encrypted:
- EBS volumes are encrypted with KMS using the AWS-managed key
aws/ebs
. - CloudWatch Logs log groups are encrypted using an AWS-managed key.