Prerequisites for a scan host
A scan host is a host machine that has the required malware tool configured. Once it is integrated with NetBackup, NetBackup initiates scanning on the scan host.
Ensure that you meet the following prerequisites:
The minimum required configuration for the scan host is 8 CPU and 32-GB RAM.
The malware tool must be installed and configured.
For the supported operating systems of the scan host, refer to the Software Compatibility List.
The scan host must have a share type configured, that is, an NFS or an SMB client.
If the scan host connectivity type is :
NetBackup footprint is not required on the scan host. The existing systems with the NetBackup client or media server can be used as scan host, too.
The scan host must be reachable from the media server over SSH.
Note:
The SSH connection to the scan host from the media server must be successful. You can verify this connection by running the following command from the media server:
ssh scanuser@scanhost
If the scan host connectivity type is :
NetBackup footprint is required on the scan host.
The NetBackup primary server and the media server providing the Instant Access mounts must be reachable from the NetBackup client.
By default, the NetBackup client scan host would be in a deactivate state. After adding NetBackup client scan host to scan host pool you must activate the scan host.
The malware tool uses the temporary location to store the files that are created during the malware scan. The path of the temporary location is configured in the web UI in the Malware global settings. Ensure that the user has write permissions to this path.
For archive scanning purposes, it is recommended to have the free disk space of 10 GB on the scan host.
Note:
(Applicable for NetBackup version 10.0 and later) Any other malware scanner tools that are installed on the scan host with on-access/real time protection enabled can interfere with backup scanning. Disable or add NFS/SMB mounts on the scan host to the exclusion list of the scanner.
For example, on a Windows scan host, the user must disable the option of the Windows Defender while the malware scan is in progress.
Depending on the platform, ensure that the following additional prerequisites are met:
Windows:
Linux:
Note:
It is recommended to keep only the required ports open for malware scanning.
Allow NFS/SMB read from the NetBackup storage server. Refer to NetBackup Network Ports Reference Guide.
Allow SSH from the NetBackup media server (used for connecting to scan host).
Allow Malware signature updates. The updates that are needed depend on the malware scanner that is used. For NetBackup Malware Scanner, the update happens over HTTPS (https://oem.avira-update.com/update).