Malware scanning workflow for the MSDP backup images that use the NetBackup client as the scan host
NetBackup version 11.0 and later provides support for as the scan host to perform the malware scan. The uses the client secure communication and performs the scan on the NetBackup client.
The following figure displays the workflow of malware scanning for MSDP backup images:
The following steps depict the workflow for malware scanning for MSDP backup images:
- After you start the On Demand Scan, the primary server validates the backup images and creates the scan jobs for each eligible backup image and identifies the available scan host for them. The following are a few of the criteria by which the backup images are validated:
Backup image must be supported for malware detection.
Backup image must have a valid Instant Access copy.
For an on-demand scan, no scans must be running for the same backup image. For DNAS the related streams are also considered.
Malware detection does not support a media server that is associated with storage.
Catalog must have details of the backup image.
- After the backup images are queued for an on-demand scan, the primary server identifies the storage server. An instant access mount is created on the storage server of the configured share type that is specified in scan host pool.
Note:
Currently the primary server starts 50 scan threads at a time. After the thread is available it processes the next job in the queue. Until then the queued jobs are in the pending state.
For NetBackup version 10.3 and later, large backups are scanned in batches of 500KB files. NetBackup scans each batch with a separate scan thread.
In addition to the Standard workloads, batch operations are supported for VMware workload backups also if backup policy has Enable file recovery from VM backup option enabled.
For recovery time scan, scan in batches feature is not supported.
To configure the NetBackup client as the scan host, see the NetBackup Security and Encryption Guide.
- The primary server identifies the available and the supported MSDP media server and instructs the media server to initiate the malware scan.
If the scan host connectivity type is NetBackup client, then the primary server identifies the available NetBackup client scan host from the scan host pool. It then instructs the NetBackup client scan host to initiate the malware scan.
NetBackup client as the scan host:
The NetBackup client mounts the instant access mount on the scan host.
Scan is initiated using the malware tool that is configured in the scan host pool.
The NetBackup client performs the scan operation and updates the progress of the scan from scan host to the primary server.
- After the scan is completed, the scan host unmounts the instant access mount from the scan host.
NetBackup client as the scan host:
Malware scan status is updated to the primary server. The scan logs are copied to the NetBackup client scan host log directory (
nbmalwarescanner).The NetBackup client scan host updates the scan status and the infected file list along with the skipped file list (if any infected files) to the primary server.
- The primary server updates the scan results and deletes instant access.
- A malware scan status notification is generated.
- The malware scan times out if there is no update on the scan. Default time out period is 48 hours.
Malware detection performs an automated cleanup of eligible scan jobs that are older than 30 days.