Powershell - VBR Backup Scan - Updates

  • 2 February 2024
  • 2 comments
  • 287 views

Userlevel 7
Badge +10

Hello community,
you  probably know my many scripts on the subject of backup data scanning? I am happy to share with you what I am currently working on.

Secure Restore / Scan Backup

Currently "only" Microsoft Windows machines can be scanned using Secure Restore or Scan Backup (see here). However the Disk Publishing (Data Integration API) allows us to publish a disk from different types of backups to a Windows or Linux host. The disk can have a Microsoft Windows, Linux, Unix or other file system. On top Veeam Backup & Replication v12.1 gives us many more options for scanning backup data. For example we now also can mark restore points as clean, suspicious or infected using a PowerShell cmdlet. What if i were to extend one of my scripts with this function? Said and done!

New Script - New Features

The new script presents all existing restore points from a Linux VM, Windows VM or Agent backup to a Linux host, scans the specified restore point and marks the selected restore point as infected, if anything is found. The script utilizes the Veeam Data Integration API and uses ClamAV for antivirus scanning or does a YARA scan using the YARA rules installed on the Linux host. A private key is used to access the Linux system.

The prerequisites are the same as back then (see community post or the readme page in my GitHub repository) 

Script Usage

I now also have the script parameters in a logical order and with a more understandable name (thanks for the feedback).

Example:

.\vbr-securerestore.ps1 -HostToScan <VM or Client Name to be scanned>> -Jobname <Backup Job Name> -Mounthost <Linux system with ClamAV -LinuxUser <Linux Username>  -Keyfile <Privat Key for user access> -AVScan | -YARAScan

The script automatically scans the latest restore point if no restore point gets selected after 15 seconds. 

Monitoring & Reporting

In addition to the visibility within the Veeam Backup & Replication Management Console, the restore point also gets visible in the Veeam One Threat Center, if something bad was found.

And of course this is also displayed in the Veeam One Malware Detection Report.

What's next?
Where it makes sense, I will take over functions from the old script and add the "marking function" to it.

The vbr-cleanrestore.ps1 script will also get this functionality soon. Stay tuned!


Happy scanning

Steve💖


2 comments

Userlevel 7
Badge +19

Fantastic update to your script Steve! Think I’ll get my test VBR VM upgraded and play with your script. 🙂

Userlevel 7
Badge +21

This is a great update Steve as I have been following along with your scripts to see how I can possibly leverage them in our environment for Security purposes with Veeam.  Great work and I will continue testing in my lab.  👍🏼

Comment