Anomaly configuration to enable automatic scanning
Starting with NetBackup 11.0, the automatic scan is available for the images with high anomaly severity.
Use the configuration file on the primary server to do the required settings.
In NetBackup 10.1 and later, the anomaly detection process can trigger automatic malware scan for all anomalies based on the configuration file settings.
Use the configuration file on the anomaly proxy server to do the required settings.
You need to modify the anomaly configuration file to specify values for the scan host and trigger parameters.
See Prerequisites for a scan host.
You can enable automatic malware scan on secondary domain for anomalous imported images using the Enable automatic scan for imported copy option on the web UI.
See Configure backup anomaly detection settings.
To enable automatic malware scan for the images on which an anomaly was detected
- Create the anomaly_config.conf configuration file on the primary server on the given location:
On Windows : Install_Path\NetBackup\var\global\anomaly_detection
On UNIX : /usr/openv/var/global/anomaly_detection
- Add the following contents in the anomaly_config.conf configuration file:
#Use this setting to start malware scan on anomaly detected image automatically.
[AUTOMATED_MALWARE_SCAN_SETTINGS]
#1 = Enable 0 = Disable
ENABLE_AUTOMATED_SCAN=1
# Enable all clients. In this case pool mentioned SCAN_HOST_POOL_NAME will be used for clients not mentioned
# under batch
ENABLE_ALL_CLIENTS=1 (for primary copy)
SCAN_HOST_POOL_NAME=<scan_host_pool_name> # Default pool name
#Use specific pool for mentioned clients
NUM_CLIENTS_BATCH_SPECIFIED=2
ENABLE_SCAN_ON_SPECIFIC_CLIENT_1=client1,client2
SCAN_HOST_POOL_NAME_1=<scan_host_pool_for_batch_1>
ENABLE_SCAN_ON_SPECIFIC_CLIENT_2=client3,client4
SCAN_HOST_POOL_NAME_2=<scan_host_pool_for_batch_2>
- Note that SCAN_HOST_POOL_NAME is a mandatory field.
For the ENABLE_SCAN_ON_SPECIFIC_CLIENT_n option, you should specify complete client names.
- Ensure that all settings are under [AUTOMATED_MALWARE_SCAN_SETTINGS]. Review the following descriptions of the settings:
ENABLE_AUTOMATED_SCAN=1
Starts malware scan for images with high anomaly severity.
ENABLE_ALL_CLIENTS=1
Enable all clients for scan. If this value is 0, scanning happens only on the clients that are mentioned for the following option:
ENABLE_SCAN_ON_SPECIFIC_CLIENT_<Batch_Number>
NUM_CLIENTS_BATCH_SPECIFIED=<batches> - This option specifies the number of batches for different scan host pool. For example, if you want to use a specific scan host pool for a set of clients, use this setting.
- Do the following to automatically trigger malware scan for various severity levels of anomalies:
For low severity anomaly, set the TRIGGER_SCAN_FOR_LOW_SEVERITY option as follows:
TRIGGER_SCAN_FOR_LOW_SEVERITY=1
For medium severity anomaly, set the TRIGGER_SCAN_FOR_MEDIUM_SEVERITY option as follows:
TRIGGER_SCAN_FOR_MEDIUM_SEVERITY=1
To automatically trigger malware scan for the anomaly severity of the image that is greater than or equal to the given value, set the TRIGGER_SCAN_FOR_SCORE_GREATER_THAN option to a positive value.
For example:
TRIGGER_SCAN_FOR_SCORE_GREATER_THAN=2.5