Host-based backup of VMware vSphere VMs.
Post Reply
TimoW
Service Provider
Posts: 25
Liked: 2 times
Joined: Nov 27, 2014 2:20 pm
Full Name: Timo Wende
Contact:

Malware found during VM replication

Post by TimoW »

Dear all,

at a customer we're doing replication from a productive vSphere cluster to a standalone ESXi host located in a different location.
The replication traffic goes through a next generation firewall which is doing deep packet inspection and scans the whole traffic in realtime against known malware.
On two VMs the firewall was blocking the replication due to found malware. This also results in failed replication of those two VMs of course.
The AV scanners on those VMs didn't find any malicous malware.
My Question is: are the blocks (which are transfered via replication to destination host) transfered in their "raw format" or is VBR 9.5.3 doing some compression/encryption?
In case of encrypted data I would assume that the caught malware is a false positive. But if it's raw data I'll need to dig deeper to the VMs.

Thanks a lot!
Timo
Andreas Neufert
VP, Product Management
Posts: 6707
Liked: 1401 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Malware found during VM replication

Post by Andreas Neufert »

Usually we apply compression and deduplication before we transport the data to the other side.
Transport Encryption can be optionally enabled in the traffic rules or will be automatically applied when you use Public IPs at the Veeam Servers.

I would contact the AV vendor and let them analyse logs.
You can as well backup with Veeam the VM and use our Antivirus restore to scan the VM in offline state (no malware can hide themself then).
TimoW
Service Provider
Posts: 25
Liked: 2 times
Joined: Nov 27, 2014 2:20 pm
Full Name: Timo Wende
Contact:

Re: Malware found during VM replication

Post by TimoW »

Hi Andreas,
thank you for clarification. In this case I would really assume that this was a false positive.
But the Antivirus restore feature sounds really interesting. Could you please tell me more about it? Is it part of Update 4? Which engines are integrated?
Andreas Neufert
VP, Product Management
Posts: 6707
Liked: 1401 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Malware found during VM replication

Post by Andreas Neufert » 1 person likes this post

Hi Timo,

you can find additional informations here:
https://www.veeam.com/blog/datalabs-sec ... rview.html
Post Reply

Who is online

Users browsing this forum: No registered users and 96 guests