• Please help support our sponsors by considering their products and services.
    Our sponsors enable us to serve you with this high-speed Internet connection and fast webservers you are currently using at ADSM.ORG.
    They support this free flow of information and knowledge exchange service at no cost to you.

    Please welcome our latest sponsor Tectrade . We can show our appreciation by learning more about Tectrade Solutions
  • Community Tip: Please Give Thanks to Those Sharing Their Knowledge.

    If you receive helpful answer on this forum, please show thanks to the poster by clicking "LIKE" link for the answer that you found helpful.

  • Community Tip: Forum Rules (PLEASE CLICK HERE TO READ BEFORE POSTING)

    Click the link above to access ADSM.ORG Acceptable Use Policy and forum rules which should be observed when using this website. Violators may be banned from this website. This notice will disappear after you have made at least 3 posts.

SnaDiff generate a SnapShot containing Malware

vkky2k

ADSM.ORG Member
Joined
Jun 17, 2017
Messages
25
Reaction score
0
Points
0
Window administrator detected the malware which was contained in a snapshot during TSM SnapDiff backup and left on NetApp storage.

Was this malware originally contained in the production file, or some how generated during the TSM snapdiff backup?

If it is in the production file, how come it was detected in the snapshot not in the original file?

Thanks for your advise!
 

Trident

TSM/Storge dude
ADSM.ORG Moderator
Joined
Apr 2, 2007
Messages
530
Reaction score
58
Points
0
Location
Oslo, Norway
Website
www.basefarm.no
Hi,
I think the malware was on the disk, so when tsm read the file after snapshot, it got scanned and detected.
 

vkky2k

ADSM.ORG Member
Joined
Jun 17, 2017
Messages
25
Reaction score
0
Points
0
The detecting software is third part one, not TSM. It was found in the snapshot initiated by TSM. So, it seems weird, why the malware was not found any where else, but only in the snpahot? and after removed the snapshot, the malware was found again in next day's snapshot.
 

Trident

TSM/Storge dude
ADSM.ORG Moderator
Joined
Apr 2, 2007
Messages
530
Reaction score
58
Points
0
Location
Oslo, Norway
Website
www.basefarm.no
Hi,

What is your antivirus policy, scan upon read,readwrite, write? When tsm reads a file, it will first be read by a ativirus engine (depending upon policy).

Please add some logs from tsm and othe logs that we may have a look at.
 

vkky2k

ADSM.ORG Member
Joined
Jun 17, 2017
Messages
25
Reaction score
0
Points
0
What you said makes sense.

antivirus software is managed by System Admin. We don’t know how it works.The malware got caught in the SnapDiff snapshot. Now, that group asks us to contact the data owner and to delete the original file.
Shouldn’t it be their or the antivirus’ role to detect the original file containing the malware and quarantine it then TSM would not pick it up?

please advice how it should work.
Thank you!
 

Advertise at ADSM.ORG

If you are reading this, so are your potential customer. Advertise at ADSM.ORG right now.

UpCloud high performance VPS at $5/month

Get started with $25 in credits on Cloud Servers. You must use link below to receive the credit. Use the promo to get upto 5 month of FREE Linux VPS.

The Spectrum Protect TLA (Three-Letter Acronym): ISP or something else?

  • Every product needs a TLA, Let's call it ISP (IBM Spectrum Protect).

    Votes: 18 18.2%
  • Keep using TSM for Spectrum Protect.

    Votes: 61 61.6%
  • Let's be formal and just say Spectrum Protect

    Votes: 12 12.1%
  • Other (please comement)

    Votes: 8 8.1%

Forum statistics

Threads
31,748
Messages
135,357
Members
21,744
Latest member
tsm
Top