On 16.10.2012 07:43, prabhjeet kaur wrote: > Dear members, > thanks for reply > > > My actual question is: > 1. Suppose the disk image whose snapshot is taken is affected by some > malicious content. So, the snapshot we taken is also corrupted. > Now if this snapshot is used to recover any disk image in future or can > be used as virtual appliance then it can be dangerous as it effects > other images.
The general idea is correct - snapshots with malicious content are dangerous. But I fail to see an easy solution to fix this problem by any kind of patching. The only 100% safe approach is going back to a snapshot which is not affected and delete all snapshots which have been taken during the period where the malware was around. It is somewhat less safe to fix the problem in current state and delete all snapshots taken during the period the malware was around. > How this problem can be overcome. How can we find that snapshot we taken > 1-2 months before is not malicious. > This problem can be solved by patching snapshot or we can try some other > thing to overcome this problem. How do you intend to patch a snapshot? You seem to assume that this is possible without having an idea how it could be achieved. And I have no idea either. For example VDI images simply represent the disk content in 1MB blocks, and differencing images similarly represent a single sector change by copying the rest of the 1MB block over. This representation has absolutely no knowledge or direct relationship to files as supported by the guest OS, and thus it is not directly feasible to patch the images without potentially destroying the integrity of all snapshots depending on the patched image. Furthermore, patching an old snapshot might not have the desired effect of changing all dependent snapshots, as they can have copies of the original content. So far I see no convincing solution, just a desire to solve a real problem. Klaus > > Regards, > Prabhjeet Kaur _______________________________________________ vbox-dev mailing list [email protected] https://www.virtualbox.org/mailman/listinfo/vbox-dev
