Retrieving malware scanning result of received emails


According to the official document, the content of received emails can be scanned for malware, and the scanned results will be saved in the additional header "X-SES-Virus-Verdict" of email files inside a S3 bucket.

If the email contains malware, "X-SES-Virus-Verdict: FAIL" header will be attached to the email.
Since the result is provided inside the email file, it is impossible to know whether the email contains malware or not until the possibly-malicious-email is read.
How do I safely retrieve that malware scanning result if the result itself is provided inside the email file?
Is there any recommended way?

  • I am not going to use Amazon SNS notifications since it has a limitation of small maximum email size (150 KB).
asked a month ago90 views
1 Answer


I understand you would like to retrieve malware scanning result without opening the received emails in S3.

You can view the virusVerdict object in an SNS notification. Note that there are two types of SNS notifications you can configure for inbound emails. One is to use the SNS notifications to receive emails, the email body is included in the SNS notifications, the 150 KB size restriction applies here. One is to use the SNS topic as an "Alert notification", the email body is not included in the SNS notifications. This is an optional configuration you can use on an action such as "Deliver to Amazon S3 bucket", the 150 KB size restriction doesn't apply here.

Here is an example notification for the alert notification:

answered a month ago
profile picture
reviewed a month ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions