To avoid contaminating your production environment by restoring virus-infected data, Cloud Backup provides the Backup Point Virus Detection feature.
Overview
Cloud Backup regularly backs up data from your production environment. If your production data becomes infected, the corresponding backup data also carries the virus. Restoring infected files causes secondary contamination, delays disaster recovery, and increases business losses. Cloud Backup offers Virus Detection for Backup Points to help you select clean, safe backup points for data restoration. With this feature, you can:
-
Enable automatic detection based on backup policies: When setting a backup policy, turn on the Backup Point Virus Detection feature. Cloud Backup automatically scans backup data for viruses after each scheduled backup. This lets you assess the risk level of files in every backup point and efficiently choose safe files during recovery.
-
Perform on-demand manual detection: Based on your specific needs, select a particular backup point from backup history for virus scanning, create a virus detection task on the Virus Detection page, or enable virus detection during file restoration.
If Cloud Backup detects virus-infected files in a backup point, it marks that backup point as risky. When browsing backup points, you can view detailed risk information for individual files.
Supported scope and limits
-
The Backup Point Virus Detection feature supports the following data sources: ECS File Backup (new), Local File Backup (new), OSS Backup, Alibaba Cloud NAS Backup, and On-premises NAS Backup.
-
The Backup Point Virus Detection feature can only scan individual backup files up to 100 MB in size. Files larger than 100 MB are skipped. You can download the “List of Undetectable Files” to view details about these files.
-
Supported regions: See Features Supported by Region.
Supported Virus Types
Cloud Backup Backup Point Virus Detection supports detection of the following virus types (virus_type).
|
virus_type |
Virus Name |
|
Backdoor |
Reverse shell backdoor |
|
DDoS |
DDoS Trojan |
|
Downloader |
Downloader Trojan |
|
Engtest |
Engine test program |
|
Hacktool |
Hacking tool |
|
Trojan |
High-risk program |
|
Malbaseware |
Compromised base software |
|
MalScript |
Malicious script |
|
Malware |
Malicious program |
|
Miner |
Mining program |
|
Proxytool |
Proxy tool |
|
RansomWare |
Ransomware |
|
RiskWare |
Risk software |
|
Rootkit |
Rootkit |
|
Stealer |
Data-stealing tool |
|
Scanner |
Scanner |
|
Suspicious |
Suspicious program |
|
Virus |
Infectious virus |
|
WebShell |
Web shell |
|
Worm |
Worm |
|
AdWare |
Advertising Program |
|
Patcher |
Cracking program |
|
Gametool |
Private server tool |
Important Notes
-
Backup points in the archive tier of a backup vault do not support Backup Point Virus Detection.
-
In replication scenarios, backup points in the replication target vault do not support automatic detection based on backup policies, but they do support on-demand manual detection. If files in a backup point were scanned at the source, the detection results appear on the same backup point and files at the target, so you do not need to rescan them. For more information about on-demand virus detection, see On-demand Manual Detection of Backup Data.
-
After enabling Backup Point Virus Detection in a backup policy, Cloud Backup performs a full virus scan on the first backup point and incremental scans on subsequent backup points.
-
You cannot cancel a virus detection task once it starts.
How it works
Virus detection is built into the backup service. No additional services or clients are required to scan backup data.
Automatic Detection Based on Backup Policies
After enabling Backup Point Virus Detection in a backup policy, the backup service automatically scans each backup point for viruses after every scheduled backup. Scan duration depends on the number of files scanned.
-
Virus detection follows this logic:
-
First scan: Performs a full virus scan on the first backup point in the backup chain.
-
Subsequent scans: Compares against the previous backup point and performs an incremental virus scan only on new or changed files.
-
-
Example:
-
Backup Point 1: Scans 10000 files (full scan).
-
Backup Point 2: Scans only the 2000 new files and 1000 changed files from Backup Point 1 (3000 incremental files total).
-
Backup Point 3: Scans only the 2000 changed files from Backup Point 2 (incremental scan).
-
On-demand Manual Detection
-
On-demand manual detection methods include the following:
-
In the Backup History, select a backup point to manually scan for viruses.
-
In the Backup History, select a backup point to create a restore job and enable the Virus Detection During Restoration feature.
-
On the Restore Jobs page, select a backup point from a backup vault or replication target vault to create a restore job and enable the Virus Detection During Restoration feature.
-
On the Virus Detection page, select a backup point from a backup vault or replication target vault to manually scan for viruses.
-
On the Virus Detection page, if a backup point in a backup vault or replication target vault is infected, use Find Secure Version for Restoration to scan other backup points and restore a clean version.
-
-
On-demand manual detection features:
-
Each backup point is scanned independently. Results are not inherited from other backup points in the same chain, so the same file might be scanned multiple times across different backup points.
-
If you scan the same backup point multiple times, each file is scanned only once, and results are automatically merged.
-
-
Example:
-
For Backup Point 1:
-
/A directory contains 10000 files; /A/B subdirectory contains 4000 files.
-
First scan targets only /A/B directory: 4000 files scanned.
-
Second scan targets /A directory: skips already scanned /A/B files and scans the remaining 6000 files.
-
-
For Backup Point 2: A full on-demand scan checks all 12000 files (9000 + 1000 + 2000).
-
For Backup Point 3: A full on-demand scan checks all 3000 files (1000 + 2000).
-
Access Methods
The following examples use ECS file operations to show how to access the Backup Point Virus Detection feature.
Automatic Detection Based on Backup Policies
On-demand Manual Detection
Virus Detection Status for Backup Points
If Cloud Backup detects virus-infected files in a backup point during scanning, it marks that backup point as risky. When browsing backup points, you can view detailed information about risky files.
In the backup history section under the Backup Plans tab, use the timeline to check the status of each backup point. A green dot indicates Completed. An orange dot indicates Partially Completed (the backup point may contain risky files).
At the top of the backup browsing page, a red warning banner shows the risk discovery time and most recent scan time. In the file list, risky files are marked with a red icon for quick identification.
If you restore a backup point that contains virus-infected files, you can choose:
-
Do not restore the virus-infected files (You can find secure versions on the Virus Detection tab.)
-
I am aware of the risks and still want to restore all the selected items
We recommend that you visit the Virus Detection page to review threat files and find a secure version to recover. For more information, see Find a secure version to recover.
Detection Results
On the Virus Detection page, view statistics for all scanned backup points, including the following:
-
Total Number of Backup Points Detected: The cumulative number of backup points scanned.
-
Total Detected Files: The cumulative count of file scans performed. This is the basis for billing.
-
High Risk: the cumulative total of high-risk files or objects detected.
-
Medium Risk: the total number of medium-risk files or objects detected.
-
Low Risk: the total number of low-risk files or objects detected.
-
Secure: the total number of safe files or objects detected.
The risky file details list includes columns for File Name, MD5, Threat Label, Risk Level, Detection Time, and Actions. Threat labels include WebShell, malicious script, proxy tool, mining program, suspicious program, and others. In the Actions column, click Find Safe Version to Restore to restore a risky file.
For each backup point, you can view historical detection statistics and details about risky files.
Number of Files Detected: the cumulative number of files or objects scanned for this backup point.
Total Number of Files: the total number of files or objects scheduled for detection at this backup point.
Detection Result: Detection results provide detailed classification statistics of scanned files, including the following:
-
High-risk: represents the cumulative number of high-risk files or objects detected at this backup point.
-
Medium: The cumulative number of medium-risk files or objects detected in this backup point.
-
Low: The cumulative number of low-risk files or objects detected in this backup point.
-
Safe: The cumulative number of safe files or objects detected in this backup point.
-
Undetectable Files: The number of files skipped due to size limits or other constraints. This represents the cumulative count of undetectable files or objects in this backup point.
Related operations
On the Virus Detection page, you can click the ⋮ in the Actions column to perform the following related operations.
|
Action |
Description |
|
Download List of Virus Files |
Export detected virus files to a local file. The exported file includes virus file paths, MD5 hash values, risk levels, and virus names. |
|
Download List of Files That Cannot Be Detected |
Files larger than 100 MB are skipped during scanning. Download this list to view details about undetectable backup files. |
|
Forcibly Restore Current Version |
Forcing restoration of risky files may pose risks to the restore target. Proceed with caution. |
Pricing
Virus detection is a paid feature billed by Total Detected Files. You are charged only for files successfully scanned, regardless of whether the scan is automatic or on-demand. Unscanned files incur no charges.
Automatic detection based on backup policies performs incremental virus detection only on newly added or modified files. On-demand manual detection for each backup point is independent and does not affect other detections. Total Detected Files is the sum of historically detected files from both automatic and manual detection. For detailed billing rules, see the How it works section. For more billing information, see Pricing details.
On the Virus Detection tab, the top of the page displays statistics for Total Backup Points Scanned, Total Files Scanned, Important, Medium, Low, and Safe.