Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

  • Congratulations Mike Lewis on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Possible Index Cache Virus

Status
Not open for further replies.

rdphill

Technical User
Dec 17, 2007
20
US
Here is an interesting one for you.

Last week, Wednesday, I opened a ticket with Commvault due to services on Commserve not starting on boot.

Was told to remove all updates/SP5 and reinstall. I did that with no resolution.

The next day after doing this, all backups were pending with some form of communication or indexing error.

Started a ticket with CV. The tech that worked it felt that the entire application needed to be removed/reinstalled because of the services issue. Completed late Thursday.

It was recommended I force FULLS only on all systems because the index cache had been moved. Friday, all fulls, no issues, Saturday, all fulls, no issues, Sunday, I was sick of looking at Commvault so I let incremental back-ups run.

Monday morning, right back to where I was before the reinstall. Commvault hasn't given this much credence, but I have a theory. At some pont I was able to capture a print screen from Office scan on one of my media agents that reads, "(A virus has been found in the compressed file.) from F:\Program Files\CommVault Systems\Galaxy\IndexCache\drvsetdn.EML "

I cant find this file or even the path now but the msg came from somewhere.

I believe when the incrementals were allowed to run, the index cache had to be restored. At that point it must have restored the virus.

Anyway, thought I would share this for anyone else that might see strange behavior.

Rick
 
Status
Not open for further replies.

Part and Inventory Search

Sponsor

Back
Top