Get the most recent malware detection logs from each Veeam Server and send over email with summary

Hi Everyone,

I'm sharing the script to collect the latest Malware Detection logs from specific lists of Veeam Backup servers in their default directory as the attachment with the server name at the end.

When there is no new malware detection log file generated on the day, then no email will be sent out.

You can update the $Servers and the $ParamSendmailMessage accordingly to suit your needs, as well as the CSS styling.

$Servers = 'VBR01', 'BACKUP01', 'BKP-SVR', 'VBRSVR02'
$LocalIPAddress = (Resolve-DnsName -Name $ENV:COMPUTERNAME | Where-Object { $_.Type -eq 'A' } | Select-Object -ExpandProperty IPAddress) -join ', '
$Filter = '*.LOG'

$paramSendMailMessage = @{
       From       = "$ENV:COMPUTERNAME@$env:userdnsdomain"
       To         = 'your.email@veeam.com'
       Subject    = "Malware report summary as of $(Get-Date -Format 'F')"
       SmtpServer = 'smtp.domain.com'
       BodyAsHtml = $true
       Priority   = 'High'
}

$HtmlHead = @"
<style>
    body {
        font-family: Calibri;
    }
    table {
        width: 100%;
        border-collapse: collapse;
        border: 1px solid;
    }
    th {
        background-color: green;
        border: 1px solid;
        padding: 1px;
    }
    td {
        border: 1px solid;
        padding: 1px;
    }
</style>
"@

$htmlPreContent = '<H3>Statistics:</H3>'
$attachments = $Stats = @()

ForEach ($server In $Servers)
{
       Write-Host "Processing $($server) ..." -NoNewline -ForegroundColor Cyan

       $paramGetChildItem = @{
              Filter     = $Filter
              LiteralPath = \\$($server)\C$\ProgramData\Veeam\Backup\Malware_Detection_Logs
              ErrorAction = 'SilentlyContinue'
       }

       $logItem = Get-ChildItem @paramGetChildItem | Sort-Object LastWriteTime | Select-Object -Last 1

       If ($logItem -and ($logItem.LastWriteTime.Date -eq (Get-Date).Date))
       {
              Write-Host "... found todays's $($logItem.Name) file" -ForegroundColor Yellow

              $destination = "$($env:Temp)\Malware-Detection-Logs_$($server).LOG"

              $paramCopyItem = @{
                     Destination = $destination
                     Force       = $true
              }
              $logItem | Copy-Item @paramCopyItem

              $Stats += Get-Content -Path $destination |
              Where-Object { $_ -like '`[*' } |
              ForEach-Object { $_.Split('.')[-1] } |
              Group-Object |
              Select-Object -Property @{ n = 'Server'; e = { $server } }, @{ n = 'Extension'; e = { $_.Name } }, Count |
        Sort-Object -Property Count

              $attachments += $destination
       }
       Else
       {
              Write-Host '... found no current Malware_Detection_Logs file' -ForegroundColor Green
       }
}

If ($attachments)
{
       Write-Host "Sending email with $($attachments.Count) attachments." -ForegroundColor Magenta
       $body = ($stats | ConvertTo-Html -Head $HtmlHead -PreContent $htmlPreContent) -join "`r`n"
       $body += "<BR>Sent from $($ENV:COMPUTERNAME) [$($LocalIPAddress)]" -join "`r`n"

       Send-MailMessage @paramSendMailMessage -Attachments $attachments -Body $body

       ForEach ($attachment In $attachments)
       {
              Get-Item -Path $attachment | Remove-Item -Force
       }
}

This script is helpful for me as the malware detection alert notification does not include the location of the harmful file like below:

This is the sample email body for the malware detected from the logs:

By generating this report from all the list of Veeam Servers, I can modify the malware detection settings and also search for malicious files.

I hope this can be helpful for everyone here.