Skip to content

Instantly share code, notes, and snippets.

  • Star 0 You must be signed in to star a gist
  • Fork 0 You must be signed in to fork a gist
Star You must be signed in to star a gist
Embed
What would you like to do?
Veeam Data Integration API with Opswat Metadefender Hash Scanning
Add-PSSnapin VeeamPSSnapin -ErrorAction SilentlyContinue
#connect to your backup server
Connect-VBRServer -Server "YOURBACKUPSERVER"
#get this machine (the data processor) ip address
$targetServer = (Get-NetIPAddress -AddressFamily IPv4 | Select-Object -First 1).IPAddress
$targetServerCreds = Get-VBRCredentials -Name "lab\administrator"
#backup job name
$jobName = "Fileservers"
#job object
$job = Get-VBRBackup -Name $jobName
#objects in this job
$jobObjects = Get-VBRJobObject -Job $jobName
#iterate each of the job objects so we can get the latest restore point for each
Foreach ($jo in $jobObjects)
{
#get latest restore point in this job for this object
$restorePoint = $job | Get-VBRRestorePoint -Name *$($jo.Name)* | Sort-Object –Property CreationTime –Descending | Select-Object -First 1
#set some vars for later
$restoreObjectName = $restorePoint.VmName
Write-Host "Publishing $($restoreObjectName) disks...."
#publish the restore point using the data integration api
$session = Publish-VBRBackupContent -RestorePoint $restorepoint -TargetServerName $targetServer -TargetServerCredentials $targetServerCreds
#write the session to screen
$session
#now find the volume locations mounted to this machine so we can go do things with the files
$volumes = Get-WmiObject win32_volume | Where-Object {$_.name -match "c:\\VeeamFLR\\$($restoreObjectName)" -and $_.label -ne "System Reserved"} | Select-Object Name, FileSystem, Label
Write-Host "Volumes:"
$volumes
$opswatBaseUri = 'https://api.metadefender.com/v4/hash/'
$headers = @{}
$headers.Add('apikey','xxxxxxxxxxxxxxxx') #you will need a valid opswat api key
#iterate each of the volumes mounted for this machine
Foreach ($volume in $volumes)
{
#get the files/recursive look, filter by images.. you can do what you want here. i.e include all or select files like *.msi. *.exe
$files = Get-Childitem -Path $volume.Name -Include *.jpg,*.png,*.gif -File -Recurse -ErrorAction SilentlyContinue
#iterate each of the files
Foreach ($file in $files) {
#do some magic with the files
$file
$hash = Get-FileHash $file -Algorithm SHA256
#scan result may "error" with hash not found, meaning not known to them, so you could perform a deep scan or have
#rules around what and when to scan files, report on hash misses etc.
$scanResult = Invoke-WebRequest -Uri $($opswatBaseUri + $hash.Hash) -Headers $headers
Write-Output $scanResult.content
}
}
#tear it down
Unpublish-VBRBackupContent -Session $session
}
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment