Table of contents
Topics on this page

AWS S3 scans and tags

Scan a file

To scan a file, upload it to the S3 bucket to scan:

  1. In AWS, go to Services > S3 and find your S3 bucket to scan.
  2. On the Overview tab, select Upload to add your file to the bucket.

    File Storage Security detects that a file has been added to the S3 bucket and scans the file. For details on the scanning process, see this Architecture diagram.

You can now view the tags within the AWS environment.

You can also view scan results in CloudWatch and be notified of scan results through SNS.

View tags

File Storage Security adds AWS tags to the files it scans. The tags contain a short description of the scan results, and start with the prefix fss-*. If ScanResultTagFormat is Separated tags or Merged tag, you'll only see thefss-* tags pertaining to the latest scan; tags from past scans are not kept. Additionally, all non-fss-* tags are preserved. If ScanResultTagFormat is No tag, File Storage Security will not add or remove any tags on the files.

Below is an image of the tags, as they appear in AWS S3.

screen shot

To view the tags added by File Storage Security:

  1. In AWS, go to Services > S3 and find your S3 bucket to scan.
  2. Under Overview, select a file that has been scanned.
  3. Select Properties.
  4. Select the Tags box.

    The tags added by File Storage Security should appear. If ScanResultTagFormat is Separated tags, the tags are:

    • fss-error-message: Appears if the fss-scan-result tag value is failure. Shows error message text.
    • fss-scan-date: Shows the date and time in UTC that the file was scanned.
    • fss-scan-result: Shows the scan result. Possible values are:

      • no issues found: Indicates that no malware was detected.
      • malicious: Indicates that known malware was detected.
      • failure: Indicates that the scan failed. (A failure does not necessarily mean that File Storage Security failed.)
    • fss-scan-detail-code: Appears if fss-scan-result is not failure. Shows status code that indicate the details of the scan.

      • 0: Scan completed without any more details.
      • 100~199: Some scans are skipped due to existing parameters. Contact support if you need assistance.
    • fss-scan-detail-message: Appears if fss-scan-result is not failure. Shows the status code message corresponding to fss-scan-detail-code.

    • fss-scanned: Indicates whether the file was scanned by File Storage Security. Possible values are true and false.

    If ScanResultTagFormat is Merged tag, the tag is:

    • fss-tags: Combines all the tags tagged with Separated tags into one string. Each tag's key and value are concatenated by =; all tags' key and value pairs are concatenated by +. For example, fss-scanned=true+fss-scan-date=2022/04/16 10:44:13+fss-scan-result=no issues found+fss-scan-detail-code=0+fss-scan-detail-message=.

    If you don't see these tags and ScanResultTagFormat is not No tag, it means the file has not been scanned.