[qxmat]

Last year I tried to source an on-demand AV scanner because we'd exhausted what clamav was capable of (it non-deterministically craps out after 2Gb and can't scan binaries). If I couldn't find a suitable drop-in replacement I was going recommend an enterprise work-flow scanning solution that had AWS cloud integration (i.e. automatically move objects through ingress/output/quarantine S3 buckets or some kind of API we could hook to tag objects with a 'passed' label).

My requirements were simple: it had to run in our cloud (AWS, eu-west-2) because of PII concerns, preferably "serverless"/ephemeral and we needed to scan assets our data analysts would use in their day to day operations (tiny files, massive files - a bit of everything).

After a several time consuming days I had to give up because I found nothing. The Internet has become a mirage of av/malware scanning solutions that no longer exist (one of our guys reported that Sophos had a CLI tool - savscan - but when I looked it appeared to be discontinued). Almost every major vendor I came across offered an end-point product that ran on their cloud or had moved out of the malware/virus scanning market in favour of a DPI firewall. I was hampered by a lack of product documentation/feature comparison tables on the "enterprise" vendor marketing websites and sad "cloudification" of stacks that really ought to have a CLI binary.