2

I have the problem, that in each backup of my mail system (File based archive on Windows Server 2012 R2), errors occur while backing up virus-infected e-mail attachment files. This is caused by the real-time scan (in my case of TrendMicro OfficeScan) which didn't recognized the viruses on receive-time and removes them at file-access-time - which causes backup errors.

My question is: What is the fastet and performance friendliest way of initiating a anti virus scan on all files in a known directory D:\mail\ with a known file extension .$01?

In my research I found no way of a manual CLI-based anti virus scan for TrendMicro Office Scan.

My idea is to simply read in all the files to hopefully trigger the realtime-scan.

Ludwig Behm
  • 161
  • 7

1 Answers1

1

Ok, I got it pretty fast. But I'm not sure, if that's everything we can achieve.

Only listing the files didn't trigger the av scan, so we need a look inside. More specific: We have to open the file.

This is what I came up with: A PowerShell script starting before the backup, running in the given archive directory.

$d=Get-ChildItem -Filter '*.$01' -Recurse;
% {try{$_.OpenRead().Close()}catch{}} -InputObject $d -ErrorAction SilentlyContinue

In my demo example with 44 directories, 29000 files, 1488 of them *.$01-files to inspect and 2 of them with viruses, this script only needed 345ms. Which is pretty neat for me.

Further thoughts:

  • it looks like the file handles are closed on powershell exit resulting in thousands of file handles
    • how to close the handle immediately after every file open/close?
  • removing powershell speed limits
  • optimizing the ForEach - the % already performs better than ForEach-Object
  • moving the code to c#
  • multi-threaded
Ludwig Behm
  • 161
  • 7