Malware scanning workflow for MSDP backup images using NetBackup client as the scan host
NetBackup version 11.0 and later provides support for and as the scan host to perform the malware scan. The requires SSH credentials to connect and perform the scan through thin client. The uses the client secure communication and performs the scan on the NetBackup client.
The following figure displays the workflow of malware scanning for MSDP backup images:
The following steps depict the workflow for malware scanning for MSDP backup images:
After triggering , primary server will validate backup images and create scan jobs for each eligible backup image and identify available scan host for them. Following are few of the criteria's on which the backup images are validated:
Backup image must be supported for malware detection.
Backup image must have a valid Instant Access copy.
For an on-demand scan, no existing scan must be running for same backup image. For DNAS the related streams are also considered.
Malware detection does not support media server associated with storage.
Catalog must have details of backup image.
After the backup images are queued for an on-demand scan, the primary server identifies the storage server. An instant access mount is created on the storage server of the configured share type that is specified in scan host pool.
Note:
Currently the primary server starts 50 scan threads at a time. After the thread is available it processes the next job in the queue. Until then the queued jobs are in the pending state.
For NetBackup version 10.3 and later, large backups are scanned in batches of 500K files. Each batch is scanned by a separate scan thread.
For recovery time scan, scan in batches feature is not supported.
For configuring NetBackup client as the scan host, refer to the steps mentioned in the following section:
Primary server identifies the available and supported MSDP media server and instructs the media server to initiate the malware scan.
If the scan host connectivity type is , then the primary server identifies the available NetBackup client scan host from the scan host pool and instructs the NetBackup client scan host to initiate the malware scan.
as the scan host:
NetBackup client mounts the instant access mount on the scan host.
Scan is initiated using the malware tool that is configured in the scan host pool.
NetBackup client perform the scan operation and updates the progress of scan from scan host to the primary server.
After the scan is completed, the scan host unmounts the instant access mount from the scan host.
as the scan host:
Malware scan status is updated to the primary server. Scan logs are copied to the NetBackup client scan host log directory (
nbmalwarescanner).NetBackup client scan host updates the scan status and the infected file list along with the skipped file list (if any infected files) to the primary server.
Primary server updates the scan results and deletes instant access.
Malware scan status notification is generated.
Malware scan will timeout in case there is no update on scan. Default timeout period is 48 hours.
Malware detection performs an automated cleanup of eligible scan jobs that are older than 30 days.
More Information