1. Field of the Invention
The present invention relates generally to computers, and more particularly, to performing an antivirus scan during a data scrub operation in a computing environment.
2. Description of the Related Art
In today's society, computer systems are commonplace. Computer systems may be found in the workplace, at home, or at school. Computer systems may include data storage systems, or disk storage systems, to process and store data. Large amounts of data have to be processed daily and the current trend suggests that these amounts will continue being ever-increasing in the foreseeable future. Data within a storage system may become corrupted with errors and viruses within the storage system. A need exists for simultaneously determining data errors while performing antivirus scans on data.
SUMMARY OF THE DESCRIBED EMBODIMENTS
Processing very large amounts of information and data occurring in the storage system is a key problem to solve. Data processing systems are often arranged with redundant data storage in order to permit recovery of lost data, for example, from damaged media. Simultaneously, as new data is written to the data storage system, it is critical to perform an antivirus scan and therefore, a need exists for performing an antivirus scan during a data scrub operation.
Accordingly, and in view of the foregoing, various exemplary method, system, and computer program product embodiments for an antivirus scan during a data scrub operation are provided. In one embodiment, by way of example only, an antivirus scan is concurrently performed as an overlap with the data scrub operation, wherein the data scrub operation periodically inspects and corrects memory errors. Additional system and computer program product embodiments are disclosed and provide related advantages.
In addition to the foregoing exemplary method embodiment, other exemplary system and computer product embodiments are provided and supply related advantages. The foregoing summary has been provided to introduce a selection of concepts in a simplified form that are further described below in the Detailed Description. This Summary is not intended to identify key features or essential features of the claimed subject matter, nor is it intended to be used as an aid in determining the scope of the claimed subject matter. The claimed subject matter is not limited to implementations that solve any or all disadvantages noted in the background.
In order that the advantages of the invention will be readily understood, a more particular description of the invention briefly described above will be rendered by reference to specific embodiments that are illustrated in the appended drawings. Understanding that these drawings depict embodiments of the invention and are not therefore to be considered to be limiting of its scope, the invention will be described and explained with additional specificity and detail through the use of the accompanying drawings, in which:
As mentioned previously, with increasing demand for faster, more powerful and more efficient ways to store information, optimization of storage technologies is becoming a key challenge. In order to address the challenges of data corruption, errors, and computer software viruses, data processing systems may be arranged with redundant data storage in order to permit recovery of lost data, for example, from damaged media, RAID (Redundant Array of Independent Disks) controllers may initiate background read operations on attached hard drives in order to find locations on the media that may have been damaged, causing either hard data errors or recoverable data errors that require significant levels of Error Recovery. This process may be referred to throughout the description as a data scrub operation (e.g., data scrubbing), If a hard error is encountered during data scrubbing, the bad Logical Block Address (LBA) may be reassigned and when the drive is a member of a RAID configuration (other than RAID 0), any lost data can be recreated and rewritten, addition, the Raid arrays may be implemented with the data scrub to verify all strides of arrays are valid.
Data scrubbing tasks may be performed to locate drives that are starting to fail and then fail the located drives before multiple failures cause raid algorithms to be prevented from rebuilding the data. In addition, an Antivirus application programming interface (API) may be included for scanning of new data as it is being written in order to capture any existing virus' that may be present during a write operation and that may can be found before user access for a read operation. However, one problem that exists for real-time scanning is that there may be large server CPU requirements host delays caused by processing time. Thus, the mechanisms of the present invention concurrently perform the anti virus scan that is to be done at the same time as the data scrub (e.g., background scrub tasks). In so doing, a continuous scanning for virus's while not impacting host input/output (IO) is accomplished. The data scrubs usually run continuously taking many days to complete before repeating, so new virus checking will be regularly executed. Once a potential virus signature is found, a notification may be sent to the API and/or system OS to process.
It should be noted that although the previous description, by way of example only, applied to a raid array data scrubbing, the present invention may also be applied to a variety of computing architecture environments. For example, the present invention may be applied to a single drive/Hard Disk Drive (HDD) and/or solid-state drive (SSD). The mechanisms of the illustrated embodiments may concurrently performing the antivirus scan as an overlap with the data scrub operation by moving down to the HDD and SSD levels and thereby increase the computing systems processing power and functionality.
Turning to
To facilitate a clearer understanding of the methods described herein, storage controller 240 is shown in
In some embodiments, the system memory 243 of storage controller 240 includes operation software 250 and stores program instructions and data which the processor 242 may access for executing functions and method steps associated with executing the steps and methods of the present invention. As shown in
In some embodiments, cache 245 may be implemented with a volatile memory and non-volatile memory and coupled to microprocessor 242 via a local bus (not shown in
The storage controller 240 may include an antivirus scan module 255 and a data scrub operation module 257. The antivirus scan module 255 and a data scrub operation module 257 may be one complete module functioning simultaneously or separate modules. The antivirus scan module 255 and a data scrub operation module 257 may have some internal memory (not shown) in which the compression algorithm may store unprocessed, processed, or “semi-processed” data. The antivirus scan module 255 and the data scrub operation module 257 may work in conjunction with each and every component of the storage controller 240, the hosts 210, 220, 225, and other storage controllers 240 and hosts 210, 220, and 225 that may be remotely connected via the storage fabric 260. Both the antivirus scan module 255 and the data scrub operation module 257 may be structurally one complete module or may be associated and/or included with other individual modules. The antivirus scan module 255 and the data scrub operation module 257 may also be located in the cache 245 or other components of the storage controller 240.
The storage controller 240 includes a control switch 241 for controlling the fiber channel protocol to the host computers 210, 220, 225, a microprocessor 242 for controlling all the storage controller 240, a nonvolatile control memory 243 for storing a microprogram (operation software) 250 for controlling the operation of storage controller 240, cache 245 for temporarily storing (buffering) data, and buffers 244 for assisting the cache 245 to read and write data, a control switch 241 for controlling a protocol to control data transfer to or from the antivirus scan module 255 and the data scrub operation module 257 in which information may be set. Multiple buffers 244 may be implemented to assist with the methods and steps as described herein.
In one embodiment, the cluster hosts/nodes, 210, 220, 225 and the storage controller 240 are connected through a network adaptor (this could be a fibre channel) 260 as an interface i.e., via a switch called “fabric.” In one embodiment, the operation of the system shown in
In use, the antivirus scanning module 308 may be adapted for concurrently performing the antivirus scan as an overlap with the data scrub operation, wherein the data scrub operation periodically inspects and corrects memory errors. For example, the antivirus scanning module 308 may be capable of virus and/or content scanning for malicious code. In particular, such virus scanning may include a search for viruses, worms, and Trojan horses. Further, the content scanning may serve to detect harassing or malicious content, junk e-mails, misinformation (virus hoaxes), etc. It should be noted that by concurrently performing the antivirus scan as an overlap with the data scrub operation, the mechanisms of the illustrated embodiments reduce the number of antivirus scan input/output (I/O) operations and data scrub I/O operations while allowing for an increased number of host input/output (I/O) operations from a host. By reducing the IOs/storage operations to storage devices, wear on the system is minimized. Based on results of such scanning by the antivirus scanning module 308, the central processing unit 306 may conditionally allowed to read the data saved in the storage 302 and write data to the storage 302. In particular, access to the storage 302 may be precluded if any malicious code is found in the data to be read or written. Further, various alerts may be generated based on the results of the scanning
Turning to
As will be appreciated by one skilled in the art, aspects of the present invention may be embodied as a system, method or computer program product. Accordingly, aspects of the present invention may take the form of an entirely hardware embodiment, an entirely software embodiment (including firmware, resident software, micro-code, etc.) or an embodiment combining software and hardware aspects that may all generally be referred to herein as a “circuit,” “module” or “system.” Furthermore, aspects of the present invention may take the form of a computer program product embodied in one or more computer readable medium(s) having computer readable program code embodied thereon.
Any combination of one or more computer readable medium(s) may be utilized. The computer readable medium may be a computer readable signal medium or a computer readable storage medium. A computer readable storage medium may be, for example, but not limited to, an electronic, magnetic, optical, electromagnetic, infrared, or semiconductor system, apparatus, or device, or any suitable combination of the foregoing. More specific examples (a non-exhaustive list) of the computer readable storage medium would include the following: an electrical connection having one or more wires, a portable computer diskette, a hard disk, a random access memory (RAM), a read-only memory (ROM), an erasable programmable read-only memory (EPROM or Flash memory), an optical fiber, a portable compact disc read-only memory (CD-ROM), an optical storage device, a magnetic storage device, or any suitable combination of the foregoing. In the context of this document, a computer readable storage medium may be any tangible medium that may contain, or store a program for use by or in connection with an instruction execution system, apparatus, or device.
Program code embodied on a computer readable medium may be transmitted using any appropriate medium, including but not limited to wireless, wired, optical fiber cable, RF, etc., or any suitable combination of the foregoing. Computer program code for carrying out operations for aspects of the present invention may be written in any combination of one or more programming languages, including an object oriented programming language such as Java, Smalltalk, C++ or the like and conventional procedural programming languages, such as the “C” programming language or similar programming languages. The program code may execute entirely on the user's computer, partly on the user's computer, as a stand-alone software package, partly on the user's computer and partly on a remote computer or entirely on the remote computer or server. In the latter scenario, the remote computer may be connected to the user's computer through any type of network, including a local area network (LAN) or a wide area network (WAN), or the connection may be made to an external computer (for example, through the Internet using an Internet Service Provider).
Aspects of the present invention are described above with reference to flowchart illustrations and/or block diagrams of methods, apparatus (systems) and computer program products according to embodiments of the invention. It will be understood that each block of the flowchart illustrations and/or block diagrams, and combinations of blocks in the flowchart illustrations and/or block diagrams, may be implemented by computer program instructions. These computer program instructions may be provided to a processor of a general purpose computer, special purpose computer, or other programmable data processing apparatus to produce a machine, such that the instructions, which execute via the processor of the computer or other programmable data processing apparatus, create means for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
These computer program instructions may also be stored in a computer readable medium that may direct a computer, other programmable data processing apparatus, or other devices to function in a particular manner, such that the instructions stored in the computer readable medium produce an article of manufacture including instructions which implement the function/act specified in the flowchart and/or block diagram block or blocks. The computer program instructions may also be loaded onto a computer, other programmable data processing apparatus, or other devices to cause a series of operational steps to be performed on the computer, other programmable apparatus or other devices to produce a computer implemented process such that the instructions which execute on the computer or other programmable apparatus provide processes for implementing the functions/acts specified in the flowchart and/or block diagram block or blocks.
The flowchart and block diagram in the above figures illustrate the architecture, functionality, and operation of possible implementations of systems, methods and computer program products according to various embodiments of the present invention. In this regard, each block in the flowchart or block diagrams may represent a module, segment, or portion of code, which comprises one or more executable instructions for implementing the specified logical function(s). It should also be noted that, in some alternative implementations, the functions noted in the block might occur out of the order noted in the figures. For example, two blocks shown in succession may, in fact, be executed substantially concurrently, or the blocks may sometimes be executed in the reverse order, depending upon the functionality involved. It will also be noted that each block of the block diagrams and/or flowchart illustration, and combinations of blocks in the block diagrams and/or flowchart illustration, may be implemented by special purpose hardware-based systems that perform the specified functions or acts, or combinations of special purpose hardware and computer instructions.
While one or more embodiments of the present invention have been illustrated in detail, one of ordinary skill in the art will appreciate that modifications and adaptations to those embodiments may be made without departing from the scope of the present invention as set forth in the following claims.