Discussions specific to the VMware vSphere hypervisor
Post Reply
TimoW
Service Provider
Posts: 7
Liked: 1 time
Joined: Nov 27, 2014 2:20 pm
Full Name: Timo Wende
Contact:

Malware found during VM replication

Post by TimoW » Mar 01, 2019 7:49 am

Dear all,

at a customer we're doing replication from a productive vSphere cluster to a standalone ESXi host located in a different location.
The replication traffic goes through a next generation firewall which is doing deep packet inspection and scans the whole traffic in realtime against known malware.
On two VMs the firewall was blocking the replication due to found malware. This also results in failed replication of those two VMs of course.
The AV scanners on those VMs didn't find any malicous malware.
My Question is: are the blocks (which are transfered via replication to destination host) transfered in their "raw format" or is VBR 9.5.3 doing some compression/encryption?
In case of encrypted data I would assume that the caught malware is a false positive. But if it's raw data I'll need to dig deeper to the VMs.

Thanks a lot!
Timo

Andreas Neufert
Veeam Software
Posts: 3849
Liked: 693 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Malware found during VM replication

Post by Andreas Neufert » Mar 01, 2019 8:02 am

Usually we apply compression and deduplication before we transport the data to the other side.
Transport Encryption can be optionally enabled in the traffic rules or will be automatically applied when you use Public IPs at the Veeam Servers.

I would contact the AV vendor and let them analyse logs.
You can as well backup with Veeam the VM and use our Antivirus restore to scan the VM in offline state (no malware can hide themself then).

TimoW
Service Provider
Posts: 7
Liked: 1 time
Joined: Nov 27, 2014 2:20 pm
Full Name: Timo Wende
Contact:

Re: Malware found during VM replication

Post by TimoW » Mar 01, 2019 8:11 am

Hi Andreas,
thank you for clarification. In this case I would really assume that this was a false positive.
But the Antivirus restore feature sounds really interesting. Could you please tell me more about it? Is it part of Update 4? Which engines are integrated?

Andreas Neufert
Veeam Software
Posts: 3849
Liked: 693 times
Joined: May 04, 2011 8:36 am
Full Name: Andreas Neufert
Location: Germany
Contact:

Re: Malware found during VM replication

Post by Andreas Neufert » Mar 01, 2019 8:18 am 1 person likes this post

Hi Timo,

you can find additional informations here:
https://www.veeam.com/blog/datalabs-sec ... rview.html

Post Reply

Who is online

Users browsing this forum: ccouchman and 24 guests