VMware Cloud Community
getut
Contributor
Contributor

Mount vmdk from one VM in a different VM... any risks?

I have a Win 2008 server VM that a contractor got infected with a virus. I want to do an "offline" virus scan on that entire VMDK.

Here is my plan, I need to know if there is anything I plan to do that will cause problems... specifically snapshots and things.

1) Snapshot the server VM.

2) Install a separate windows client VM, and nstall malware detection software in it.

3) Attach the servers VMDK to the client VM and scan it.

4) Detach the VMDK from the client VM

5) Attempt to restart the server VM as long as the AV software didn't remove any infected files critical to boot or operation

Apart from the risks with it being non-bootable if the AV software removes any critical files that are infected. Will I encounter any problems with this process that aren't directly related to malware cleaning?

Reply
0 Kudos
5 Replies
markdjones82
Expert
Expert

You will need to have the existing VM powered off in order to attach the VMDK to another machine.   I am not sure if you can attached a snapped VMDK to another box, but in theory it should work.  I personally would just do a clone backup of the original if you have space for that.

http://www.twitter.com/markdjones82 | http://nutzandbolts.wordpress.com
Reply
0 Kudos
vThinkBeyondVM
VMware Employee
VMware Employee

Yes It should be possible as same as MSCS

This may help you :

Clustering using sharing of VMDK's between virtual machines


----------------------------------------------------------------
Thanks & Regards
Vikas, VCP70, MCTS on AD, SCJP6.0, VCF, vSphere with Tanzu specialist.
https://vThinkBeyondVM.com/about
-----------------------------------------------------------------
Disclaimer: Any views or opinions expressed here are strictly my own. I am solely responsible for all content published here. Content published here is not read, reviewed or approved in advance by VMware and does not necessarily represent or reflect the views or opinions of VMware.

Reply
0 Kudos
markdjones82
Expert
Expert

I wouldn't recommend doing it that way though because of file locking issues when not using clustering.

http://www.twitter.com/markdjones82 | http://nutzandbolts.wordpress.com
Reply
0 Kudos
getut
Contributor
Contributor

I don't plan on having the server VM up while I am doing it... so will I still encounter file locking issues?

Would it be better if I just removed the server VM from the inventory before connecting the VMDK to the client VM?

Does anyone know of a resource where I can find if the snapshot in the server VM will be a problem for the client VM or for server VM once the scan is done?

Reply
0 Kudos
markdjones82
Expert
Expert

Your plan was fine minus the snapshot info.  I have not been able to find any info on how to do that out there.  I was referring to the shared disk post the previous poster put out there.

http://www.twitter.com/markdjones82 | http://nutzandbolts.wordpress.com
Reply
0 Kudos