Cloud Backup provides the Backup Point Virus Detection feature to prevent virus contamination in the production environment due to restoration of virus-infected data. This topic describes the backup point virus detection feature of Cloud Backup, including the feature introduction, limits, usage notes, working mechanism, procedure, and fees.
Feature introduction
Cloud Backup periodically backs up data in your production environment. If the data in your production environment is contaminated by viruses, the corresponding data in backup vaults also carries viruses. If you restore data from a backup vault to your production environment and the files used for restoration are infected with viruses, the restoration will cause secondary pollution to the production environment. This significantly affects the timeliness of disaster recovery and causes business losses. Cloud Backup provides the backup point virus detection feature. This feature allows you to restore data from pure and secure backup points. This feature supports:
Automatic detection based on a backup policy: When you configure a backup policy, you can enable the Backup Point Virus Detection feature. Cloud Backup then automatically detects viruses on the backup data after each scheduled backup is completed. This way, you can understand the risks of backup files at each backup point and efficiently select secure files for data restoration.
Manual detection: You can select a backup point in the backup history for virus detection based on your business requirements. You can also create a virus detection task for a backup point on the Virus Detection page, or use the virus detection during restoration feature.
If Cloud Backup detects that a virus-infected file exists at a backup point, Cloud Backup marks the backup point as risky. When you browse backup points, you can view the risks of the backup files at the backup points.
Limits
The Backup Point Virus Detection feature supports the following data sources: Elastic Compute Service (ECS) file backup (new version), on-premises file backup (new version), Object Storage Service (OSS) backup, Apsara File Storage NAS (NAS) backup, and on-premises NAS backup.
The Backup Point Virus Detection feature can only detect a single backup file whose size does not exceed 100 MB. If the size of a single backup file exceeds 100 MB, the detection is skipped. In this case, you can download the list of files that cannot be detected to view the specific backup file information.
For more information about the regions that support the feature, see Features available in each region.
Supported virus types
The following table lists the virus types supported by the Backup Point Virus Detection feature of Cloud Backup.
Virus type | Virus name |
Backdoor | Reverse shell |
DDoS | DDoS trojan |
Downloader | Downloader trojan |
Engtest | Engine test program |
Hacktool | Hacking tool |
Trojan | High-risk program |
Malbaseware | Tainted basic software |
MalScript | Malicious script |
Malware | Malware |
Miner | Mining software |
Proxytool | Proxy tool |
RansomWare | Ransomware |
RiskWare | Riskware |
Rootkit | Rootkit |
Stealer | Stealer |
Scanner | Scanner |
Suspicious | Suspicious process |
Virus | File-infecting virus |
WebShell | Webshell |
Worm | Worm |
AdWare | Adware |
Patcher | Patcher |
Gametool | Gametool |
Usage notes
Archive-tier backup points in backup vaults do not support the Backup Point Virus Detection feature.
In cross-region backup scenarios, automatic detection based on backup policies is not supported for backup points in mirror vaults, but manual detection is supported. If viruses are detected for the files at a backup point on the source, the detection result is also displayed at the same backup point and files on the destination. You do not need to perform a secondary detection. For more information about manual virus detection, see Manual virus detection.
After you enable the Backup Point Virus Detection feature in a backup policy, Cloud Backup performs a full virus detection for the first backup point and incremental virus detections for subsequent backup points.
How it works
The virus detection feature is seamlessly integrated with Cloud Backup. You can perform virus detection on backup data without the need to deploy any service or client.
Automatic detection based on backup policies:
After you enable the Backup Point Virus Detection feature in a backup policy, Cloud Backup automatically detects viruses at the backup point after each scheduled backup is completed. The time required for virus detection depends on the number of files detected.
Cloud Backup detects viruses on the same backup link according to the policy. After the policy takes effect, Cloud Backup performs a full virus detection at the first backup point. For a subsequent backup point, Cloud Backup performs an incremental virus detection on only the files that are added and changed compared with the previous backup point.
As shown in the preceding figure, Cloud Backup performs a full virus detection at backup point 1, and a total of 10,000 files are detected. At backup point 2, Cloud Backup performs an incremental virus detection on only 1,000 changed files and 2,000 new files compared with backup point 1, and a total of 3,000 files are detected. At backup point 3, Cloud Backup performs an incremental virus detection on only 2,000 files that are changed compared with backup point 2, and a total of 2,000 files are detected.
Manual detection:
You can use one of the following methods to perform manual detection:
In the Backup History section, select a backup point to detect viruses.
In the Backup History section, select a backup point to create a restore job. Enable the Virus Detection During Restoration feature to detect viruses.
On the Restore Jobs tab, select a backup point in a backup vault or in a remote mirror vault to create a restore job. Enable the Virus Detection During Restoration feature to detect viruses.
On the Virus Detection tab, select a backup point in a backup vault or in a remote mirror vault to detect viruses.
On the Virus Detection tab, if a backup point in a backup vault or in a remote mirror vault is infected with viruses, click Find Secure Version for Restoration and select a secure backup point for virus detection and restoration.
When you perform manual virus detection, a detection is independently performed at each backup point and the backup point does not inherit the detection results of other backup points in the same backup link. The same file may be detected multiple times. However, if multiple manual detections are performed at the same backup point, the same file is detected only once and multiple detection results are automatically merged.
As shown in the preceding figure, for backup point 1, directory /A contains 10,000 files and directory /A/B contains 4,000 files. If you select only directory /A/B for virus detection for the first time, 4,000 files in the directory are detected. However, if you select directory /A for virus detection for the second time, only 6,000 (10,000 - 4,000) files are detected. This is because directory /A/B has already been detected. For backup point 2, if you select all files for manual virus detection, a total of 12,000 (9,000 + 1,000 + 2,000) files are detected. For backup point 3, if you select all files for manual virus detection, a total of 3,000 (1,000 + 2,000) files are detected.
Procedure
The following example describes how to use the Backup Point Virus Detection feature to detect viruses for ECS files.
Automatic detection based on backup policies
For more information about how to create a backup policy, see Manage backup policies.
Manual detection
Click Virus Detection and select Include All Files, Include Files, or Exclude Files to detect viruses.
Enable the Virus Detection During Restoration feature. Cloud Backup detects viruses on all files to be restored during restoration.
Configure When Recovery Items Contain Detected Viruses. To restore data at a backup point that already contains a virus-infected file, you can select one of the following options:
Do not restore the virus-infected files (You can find secure versions on the Virus Detection tab.)
For more information about how to find a secure version, see Find Secure Version for Restoration.
I am aware of the risks and still want to restore all the selected items
In the Select Source step, select the backup vault and the client from which the backup point is to be detected. Click Next.
In the Select Backup step, select the backup point to detect. Click Next.
In the Select File to Detect step, select Include All Files, Include Files, or Exclude Files. Click OK.
If Cloud Backup detects that a virus-infected file exists at a backup point, Cloud Backup marks the backup point as risky. When you browse backup points, you can view the risks of the backup files at the backup points.
Find Secure Version for Restoration
On the Virus Detection tab, click Find Secure Version for Restoration in the Actions column.
Select the secure versions of backup points for the at-risk files and click Next.
Select backup points to search for secure ones where the files are not infected by viruses. Then, click Search.
After the restore job is created, view the status of the secure version in the Status column on the Restore Jobs tab.
If Secure version unavailable is displayed, replace proper backup points to search for a secure version.
If Secure version available is displayed, choose More > Use Secure Version for Restoration in the Actions column. For more information, see Use Secure Version for Restoration.
Use Secure Version for Restoration
Choose More > Use Secure Version for Restoration in the Actions column.
In the Select Backup step, select a backup point that has a secure version. Click Next.
In the Select Restore Items step, click Next.
In the Restore Destination step, select a destination and click Next.
In the Destination Path step, select Specify Path or Origin Path for restoration. Then, click Start to Restore.
On the Restore Jobs tab, view the status of the restore job. If the status is displayed as Completed, the restoration is successful.
Detection results
On the Virus Detection tab, you can view the statistics of all backup points that have been detected for viruses, including:
Total Number of Backup Points Detected: the total number of backup points that have been detected.
Number of Files Detected: the total number of files or objects detected. The value is also the total number of billable files detected. You are charged for using the virus detection feature based on this number. The fee is included into your Cloud Backup service bill.
High Risk: the total number of high-risk files or objects detected.
Medium Risk: the total number of medium-risk files or objects detected.
Low Risk: the total number of low-risk files or objects detected.
Secure: the total number of secure files or objects detected.
In addition, for each backup point, you can view not only the statistics of all historical detection results, but also the details of at-risk files.
Number of Files Detected: the total number of files or objects detected at the backup point.
Total Number of Files: the total number of files or objects that are planned to be detected at the backup point.
Detection Result: the specific statistics of the detected files, including:
High Risk: the total number of high-risk files or objects that have been detected at the backup point.
Medium Risk: the total number of medium-risk files or objects that have been detected at the backup point.
Low Risk: the total number of low-risk objects or objects that have been detected at the backup point.
Secure: the total number of secure files or objects that have been detected at the backup point.
Number of Files That Cannot Be Detected: the number of files or objects that cannot be detected due to the limits of the feature, such as the limit on file size.
Fees
You are charged for using the virus detection feature. You are charged for both policy-based automatic detection and manual detection based on the number of files detected. Files that fail to be detected are not billed. For more information about how to calculate the number of files detected, see How it works. For more information, see Pricing.