> ## Documentation Index
> Fetch the complete documentation index at: https://cloudanix.com/docs/llms.txt
> Use this file to discover all available pages before exploring further.

# SES Malware Scanning Should Be Enabled

### More Info:

Ensure SES malware scanning is enabled

### Risk Level

Low

### Addresses

Security

### Compliance Standards

CBP

### Triage and Remediation

<Tabs>
  <Tab title="Remediation">
    ### Remediation

    <AccordionGroup>
      <Accordion title="Using Console" defaultOpen="true">
        To remediate the misconfiguration of enabling malware scanning for AWS SES using the AWS console, follow these step-by-step instructions:

        1. **Sign in to the AWS Management Console:**
           * Go to [https://aws.amazon.com/](https://aws.amazon.com/) and sign in to the AWS Management Console using your credentials.

        2. **Navigate to the Amazon SES Console:**
           * In the AWS Management Console, search for "SES" in the search bar or navigate to the "Services" dropdown menu and select "Simple Email Service" under the "Messaging" category.

        3. **Enable Malware Scanning:**
           * In the Amazon SES console, click on the "Configuration Sets" option in the left-hand menu.
           * Select the configuration set that you want to enable malware scanning for, or create a new configuration set if needed.
           * Click on the "Edit" button next to the configuration set.

        4. **Configure Malware Scanning:**
           * In the configuration set settings, scroll down to the "Email Sending" section.
           * Look for the "Enable virus scanning" option and make sure it is toggled on.
           * You can also configure other settings related to malware scanning such as the action to take when malware is detected.

        5. **Save Changes:**
           * Once you have enabled malware scanning and configured the settings, click on the "Save" or "Update" button to apply the changes to the configuration set.

        6. **Test the Configuration:**
           * To ensure that malware scanning is working correctly, send a test email that contains a known malware attachment or content.
           * Check the SES logs or notifications to verify that the malware scanning feature is detecting and handling the malware appropriately.

        By following these steps, you can remediate the misconfiguration of enabling malware scanning for AWS SES using the AWS Management Console.

        #
      </Accordion>

      <Accordion title="Using CLI">
        To remediate the misconfiguration of enabling malware scanning for AWS SES using AWS CLI, follow these step-by-step instructions:

        1. Open your terminal or command prompt.

        2. Run the following AWS CLI command to enable malware scanning for AWS SES:

        ```
        aws ses put-configuration-set-reputation-options --configuration-set-name YOUR_CONFIGURATION_SET_NAME --enabled true --scan-enabled true
        ```

        Replace `YOUR_CONFIGURATION_SET_NAME` with the name of your SES configuration set.

        3. Verify that the malware scanning has been enabled successfully by running the following command:

        ```
        aws ses get-configuration-set-reputation-options --configuration-set-name YOUR_CONFIGURATION_SET_NAME
        ```

        Ensure that the `Enabled` and `ScanEnabled` parameters are set to `true`.

        By following these steps, you have successfully enabled malware scanning for AWS SES using AWS CLI.
      </Accordion>

      <Accordion title="Using Python">
        To remediate the misconfiguration of not having SES Malware Scanning enabled in AWS using Python, you can follow these steps:

        1. Import the AWS SDK for Python (Boto3) by running the following command:
           ```bash theme={null}
           pip install boto3
           ```

        2. Use the following Python script to enable Malware Scanning for AWS SES:

        ```python theme={null}
        import boto3

        def enable_malware_scan():
            ses_client = boto3.client('ses', region_name='us-east-1')  # Replace 'us-east-1' with your preferred region

            response = ses_client.set_maintenance_window(
                Enabled=True,
                StartDay=1,
                StartHour=0,
                StartMinute=0,
                EndDay=7,
                EndHour=23,
                EndMinute=59
            )

            response = ses_client.set_malware_scanning(
                Enabled=True
            )

            print("SES Malware Scanning has been enabled successfully.")

        if __name__ == '__main__':
            enable_malware_scan()
        ```

        3. Run the Python script to enable Malware Scanning for AWS SES. Make sure you have the necessary IAM permissions to perform this action.

        After running the script, the Malware Scanning feature for SES should be enabled successfully. You can verify the configuration in the AWS Management Console for SES.
      </Accordion>
    </AccordionGroup>
  </Tab>
</Tabs>
