Ransomware attackers specifically target and attempt to destroy backup systems to increase the probability of payment. Hardening your system is critical. Please ensure you have reviewed your platform security using the Security Hardening Checklist
Cohesity

COHESITY Documentation

Explore our documentation to get started, discover products & new features, access troubleshooting guides, register sources, platforms support.

Products
Data Security Alliance
Visit Cohesity.com
Demos
Support
Blogs
Developers
Partner Portals
Cohesity Community
© 2026 Cohesity, Inc. All Rights Reserved.
Terms of Use|
Privacy Policy|
Legal|
  1. Home
  2. NetBackup™ Security and Encryption Guide
  3. Section IV. Malware scanning
  4. Scan host configurations
  5. Configuring scan host
  6. Manual scan host configuration
  7. Configure malware scan host for Linux NFS share type and Avira
NetBackup™ Security and Encryption Guide

Configure malware scan host for Linux NFS share type and Avira

NetBackup malware scanning feature requires configuration of an additional host (a scan-host).

Before configuring scan host ensure that the prerequisites mentioned in the following section are met:

See Prerequisites for a scan host.

Scan host configuration

Note:

For ease of understanding the following documented procedure, refer to

Video.

  1. Install NFS client: $ yum install nfs-utils -y
  2. Install libnsl: $ yum install libnsl -y
  3. Create non-root user account for performing a scan: $ useradd scanuser
  4. Set password of scan user (username: scanuser): $ passwd scanuser
  5. Provide mount and unmount access to scanuser: $ vim /etc/sudoers

    Add the following line:

    scanuser  ALL=(ALL)   NOPASSWD: /bin/umount, /bin/mount

    Install malware tool using scanuser: $ su scanuser

  6. Download the latest available version of NetBackup Malware Scanner tool (Avira) (NBAntiMalwareClient_2.4.zip) from Veritas Support Downloads:

    $ unzip NBAntiMalwareClient_2.4.zip

    $ cd NBAntiMalwareClient_2.4_LinuxR_x86/

    $ sh setup.sh

    Or

    If malware scanner is already installed and needs to be upgraded:

    $ unzip NBAntiMalwareClient_2.4.zip
       $ cd NBAntiMalwareClient_2.4_LinuxR_x86/
       $ sh setup.sh
       >> NetBackup Malware Scanner is already installed. Do you want to update it? (y/n): default: y
       Note: To replace all binaries at target location, enter option -ALL
  7. Copy RSA key: $ hostname

    Copy the hostname to notepad for later use.

    $ ssh-keyscan <hostname> 2>/dev/null | grep ssh-rsa | awk '{print $3}' | base64 -d | sha256sum

    Note:

    Copy the RSA key to notepad for later use.

  8. Create a scan host pool.

    For more information on creating the scan host pool, refer to the following section:

    See Configuring a scan host pool.

  9. Validate malware scanner configuration through Web UI as follows:

    The Validate configuration feature within NetBackup Web UI is available in NetBackup version 10.4 and higher. If NetBackup version is below 10.4 then create small size backup image using a policy type Standard or MS Windows and trigger scan using that image. If the NetBackup or the malware scan job fails, then the job will have the details needed to troubleshoot.

Feedback

Was this page helpful?
Previous

Configure malware scan host for Windows NFS share type and Microsoft Defender

Next

Configuring NetBackup client as the scan host

Feedback

Was this page helpful?