Malware scanning workflow for MSDP backup images using Agentless host as the scan host
The following figure displays the workflow of malware scanning for MSDP backup images:
The following steps depict the workflow for malware scanning for MSDP backup images:
After triggering , primary server will validate backup images and create scan jobs for each eligible backup image and identify available scan host for them. Following are few of the criteria's on which the backup images are validated:
Backup image must be supported for malware detection.
Backup image must have a valid Instant Access copy.
For an on-demand scan, no existing scan must be running for same backup image. For DNAS the related streams are also considered.
Malware detection does not support media server associated with storage.
Unable to get information for backup image from catalog.
After the backup images are queued for an on-demand scan, the primary server identifies the storage server. An instant access mount is created on the storage server of the configured share type that is specified in scan host pool.
Note:
Currently the primary server starts 50 scan threads at a time. After the thread is available it processes the next job in the queue. Until then the queued jobs are in the pending state.
For NetBackup version 10.3 and later, large backups are scanned in batches of 500K files. Each batch is scanned by a separate scan thread.
For recovery time scan, scan in batches feature is not supported.
Primary server identifies available and supported MSDP media server and instructs the media server to initiate the malware scan.
If the scan host connectivity type is , then it instructs the media server to initiate the malware scan.
MSDP media server deploys the thin client on the scan host over SSH.
Thin client mounts the instant access mount on the scan host.
Scan is initiated using the malware tool that is configured in the scan host pool.
Media server fetches the progress of scan from scan host and update the primary server.
After the scan is completed, the scan host unmounts the instant access mount from the scan host.
Malware scan status is updated to the media server over SSH. Scan logs are copied to the media server log directory.
Media server updates the scan status and the infected file list along with skipped file list (if any infected files) to the primary server.
Primary server updates the scan results and deletes instant access.
Malware scan status notification is generated.
Malware scan will timeout in case there is no update on scan. Default timeout period is 48 hours.
Malware detection performs an automated cleanup of eligible scan jobs that are older than 30 days.
Note:
The infected scan jobs would be cleaned automatically.
See MALWARE_DETECTION_CLEANUP_PERIOD.
Note:
You can download a malware scanner from the Microsoft Azure Marketplace and the AWS Marketplace. Follow the instructions on how to install, configure, and use the malware scanner for AWS and Azure.
Refer to the following for more information:
AWS: AWS Marketplace and NetBackup Marketplace Deployment on AWS Cloud
Microsoft Azure: Microsoft Azure Marketplace and Microsoft Azure Marketplace