An Interesting Antivirus Strategy?

[ekisner]

I was thinking earlier this morning, and I came to the realization that it could be very interesting for Veeam and a (or multiple) antivirus providers to partner up. Imagine you could have 3 separate AVs scanning your backup files without conflict!

Consider the following application flow, scheduling options a-plenty:
- Backup is mounted by Veeam
- AV scan of the guest backup contents is initiated
- Results are reported back to Veeam to be handled via Veeam application logic

It would probably need to be detect-only, but just knowing that your backups have a latent virus in them is enough to know that you need to respond to the issue.

As an additional benefit, the AV could be installed on multiple veeam proxies, say 1 per physical host, allowing for the AV load to be offloaded from the guest OS... yes you'd still want something watching for in-memory and heuristic stuff, but you wouldn't need to do "full" scans on your guests ever again. Almost an improved vShield option, sans real-time protection.

I can't imagine it would be too hard at all... a VSS provider could allow the backup files to be scanned even during a backup window (so if you've got a massive file server, you can still scan it without impacting backup schedules). The only thing needed would be for Veeam to have the application logic needed to follow the process, and an AV provider to maybe make it more flexible to initiate a targeted scan against a volume.

[Gostev]

I can't imagine it would be too hard at all

Correct, and I know of some customers who are doing this already... it is very easy to automate indeed - the single PowerShell cmdlet to mount a restore point on a mount server, and then you just sick the antivirus to perform ad-hoc scan of C:\VeeamFLR via its own API.

[kubimike]

Im hard-core Mcafee EPO its my fav!