Configure malware scan host for Linux NFS share type and Avira
NetBackup malware scanning feature requires configuration of an additional host (a scan-host).
Before configuring scan host ensure that the prerequisites mentioned in the following section are met:
See Prerequisites for a scan host.
Scan host configuration
Note:
For ease of understanding the following documented procedure, refer to
- Install NFS client: $ yum install nfs-utils -y
- Install libnsl: $ yum install libnsl -y
- Create non-root user account for performing a scan: $ useradd scanuser
- Set password of scan user (username: scanuser): $ passwd scanuser
- Provide mount and unmount access to scanuser: $ vim /etc/sudoers
Add the following line:
scanuser ALL=(ALL) NOPASSWD: /bin/umount, /bin/mount
Install malware tool using scanuser: $ su scanuser
- Download the latest available version of NetBackup Malware Scanner tool (Avira) (
NBAntiMalwareClient_2.4.zip) from Veritas Support Downloads:$ unzip NBAntiMalwareClient_2.4.zip
$ cd NBAntiMalwareClient_2.4_LinuxR_x86/
$ sh setup.sh
Or
If malware scanner is already installed and needs to be upgraded:
$ unzip NBAntiMalwareClient_2.4.zip $ cd NBAntiMalwareClient_2.4_LinuxR_x86/ $ sh setup.sh >> NetBackup Malware Scanner is already installed. Do you want to update it? (y/n): default: y Note: To replace all binaries at target location, enter option -ALL
- Copy RSA key: $ hostname
Copy the hostname to notepad for later use.
$ ssh-keyscan <hostname> 2>/dev/null | grep ssh-rsa | awk '{print $3}' | base64 -d | sha256sum
Note:
Copy the RSA key to notepad for later use.
- Create a scan host pool.
For more information on creating the scan host pool, refer to the following section:
- Validate malware scanner configuration through Web UI as follows:
The Validate configuration feature within NetBackup Web UI is available in NetBackup version 10.4 and higher. If NetBackup version is below 10.4 then create small size backup image using a policy type Standard or MS Windows and trigger scan using that image. If the NetBackup or the malware scan job fails, then the job will have the details needed to troubleshoot.