- 1 S3 Bucket for hosting the AWS CodeBuild files (buildspec.yml). Let's call this source bucket
- 1 S3 Bucket where the ClamAV signature files will be uploaded. Let's call this target bucket
- Zip and upload this repo to the source bucket
Project Name: Type any name
Source Provider: Amazon S3
Bucket: <The source bucket name>
S3 object key: <The object key to the zip file>
Environment image: Use an image managed by AWS CodeBuild
Build specification: Use the buildspec.yml in the source code root directory
Buildspec name: buildspec.yml
Certificate: Do not install any certificate
Artifacts Type: No Artifacts
Cache Type: No cache
Service Role: Create a service role in your account
VPC: No VPC
Make sure that the service role has permissions to upload to the target S3 bucket.
Once the project is successfully created, you may now setup Build Triggers to run it daily.
Enable the target bucket's website hosting and setup the correct public bucket policy.
Tell freshclam to use the mirror. In /etc/clamav/freshclam.conf, make sure the following exists:
PrivateMirror <s3-url>
This overrides the DatabaseMirror configuration directive disabling DNS-based signature lookup.
If you want to go even further, you can setup AWS CloudFront in front of the S3 bucket serving the AV signatures.