Forum Discussion

Riadh_R17's avatar
Riadh_R17
Level 5
9 days ago

automated malware scan

Hi @ all 

Does anyone know how to configure malware scan to run automatically after each backup 

flex version = 5.0 

netabckup version = 10.4.0.1

Thanks

  • Hello

    Well the whole process is described below 

    https://www.veritas.com/support/en_US/doc/160799157-160799174-0/v152646970-160799174

    • Riadh_R17's avatar
      Riadh_R17
      Level 5

      Thank you quebek 

      but in the provided doc i could not see the procedure of configuring automated malware scan jobs

      it exlplains how to install malware scan and to launch it manually later, not automatically

       

  • Hello

    You are right, my bad. I am sorry.

    Check out this link:

    https://www.veritas.com/content/dam/www/en_us/documents/technical-documents/TB_netbackup_malware_detection_V1587.pdf

    "NetBackup includes an on-demand scan model in the WebUI that performs periodic image inspections. You can configure automatic scanning to occur when images reach the anomaly score you select."

    How to configure it? I would have searched in anomaly detection in web UI. Unfortunately now I don't have access to any NBU - on a leave....

    • quebek's avatar
      quebek
      Moderator

      Hi

      Still on leave but managed to find the information in the admin guide here:

      https://www.veritas.com/support/en_US/doc/21733320-154479691-0/v153325618-154479691

      Good luck!

  • Hi quebek 

    Thank you for your answer

    i have followed the dos but auto scan still not worked.

    please find below the anomaly_config.conf , is it correct

    [root@prodnbfamedia anomaly_detection]# more anomaly_config.conf
    # $Copyright: Copyright (c) 2024 Veritas Technologies LLC. All rights reserved $
    #---------------------------------------------------------------------------------------------------------------------------------
    # Anomaly detection automatic malware scan configuration
    #
    #  ------------------------------------------------------------------------
    #  Instructions on how to use this template file.
    #  ------------------------------------------------------------------------
    #
    #  1. Create a new file with contents of this template file with name 'anomaly_config.conf'
    #  2. Place 'anomaly_config.conf' at below location
    #      For Linux   : /usr/openv/var/global/anomaly_detection
    #      For Windows : <NetBackup install location>\NetBackup\var\global\anomaly_detection
    #  Note: Previous version Anomaly configuration is no longer available in the config file.
    #-----------------------------------------------------------------------------------------------------------------------------------

    # Use below settings to enable automated malware scan for anomaly detected jobs.
    # 1. Enable automated scan
    #     # Use ENABLE_AUTOMATED_SCAN = 1 under AUTOMATED_MALWARE_SCAN_SETTINGS
         [AUTOMATED_MALWARE_SCAN_SETTINGS]
         ENABLE_AUTOMATED_SCAN=1
    #
    # 2. Enable automated scan for all clients
         Use ENABLE_ALL_CLIENTS=1
    #    # Use ENABLE_ALL_CLIENTS=0 to turn OFF automated scan for all clients.
    #    # Use SCAN_HOST_POOL_NAME to mention the scan host for clients.
        SCAN_HOST_POOL_NAME=netbackupscanner_pool
    #
    # 3. Use clients batch to mention scan host pool for individual clients
    #    # the batch number gets added at end with _<batch number>
    #    #  ENABLE_SCAN_ON_SPECIFIC_CLIENT_<batch_number> &  SCAN_HOST_POOL_NAME_<batch_number>
    #    NUM_CLIENTS_BATCH_SPECIFIED=2
    #    ENABLE_SCAN_ON_SPECIFIC_CLIENT_1=client1,client2
    #    SCAN_HOST_POOL_NAME_1=<scan_host_pool_name1>
    #
    #    ENABLE_SCAN_ON_SPECIFIC_CLIENT_2=client3,client4
    #    SCAN_HOST_POOL_NAME_2=<scan_host_pool_name1>
    #
    #    Note:
    #    # If we have ENABLE_ALL_CLIENTS = 0 and we have clients mentioned under ENABLE_SCAN_ON_SPECIFIC_CLIENT_<batch)number>
    #    # then scan would start only on those clients
    #    # For rest of clients not mentioned under ENABLE_SCAN_ON_SPECIFIC_CLIENT_<batch_number> and if ENABLE_ALL_CLIENTS = 1
    #    # then for those clients,  SCAN_HOST_POOL_NAME=<scan_host_name> would be used.
    #
    # 4. Set anomalySeverity , anomalyScore and ransomwareExtensionImages  to trigger malware scan automatically
    #    # the TRIGGER_SCAN_FOR_LOW_SEVERITY is set to 1 to trigger malware scan automatically for low severity anomaly.
    #    # the TRIGGER_SCAN_FOR_MED_SEVERITY is set to 1 to trigger malware scan automatically for medium severity anomaly.
    #    # the TRIGGER_SCAN_FOR_SCORE_GREATER_THAN is set to positive value to trigger malware scan automatically for anomaly score greater than or equal to given value.
    #    TRIGGER_SCAN_FOR_LOW_SEVERITY=0
    #    TRIGGER_SCAN_FOR_MEDIUM_SEVERITY=0
    #    TRIGGER_SCAN_FOR_SCORE_GREATER_THAN=2.5
    #    TRIGGER_SCAN_FOR_RANSOMWARE_EXT_IMAGES=1
    #
    #    Note:
    #    # Use TRIGGER_SCAN_FOR_LOW_SEVERITY, TRIGGER_SCAN_FOR_MED_SEVERITY, TRIGGER_SCAN_FOR_SCORE_GREATER_THAN to trigger malware scan for respective values.
    #    # By default malware scan is triggered for HIGH severity.
    #

     

  • Hello

    You did notice this:

    "You can configure automatic scanning to occur when images reach the anomaly score you select."

    So it will not be kicked in for all - only for these which do met certain anomaly score!

  • hi,
    you need to remove the hash for the line which you like to enable
    malware scan automatically for anomaly score greater than or equal to given value.
    #    TRIGGER_SCAN_FOR_LOW_SEVERITY=0
    #    TRIGGER_SCAN_FOR_MEDIUM_SEVERITY=0
    #    TRIGGER_SCAN_FOR_SCORE_GREATER_THAN=2.5
    #    TRIGGER_SCAN_FOR_RANSOMWARE_EXT_IMAGES=1