Abstract: Filename-based malware pre-scanning is described herein. A method as described herein can include obtaining, by a device operatively coupled to a processor, a malware scan request for a first file in a directory of a file system, the first file having a first filename belonging to a filename sequence; appending, by the device, the first file to a first malware scan queue; and appending, by the device, respective second files in the directory to a second malware scan queue that is distinct from the first malware scan queue, wherein the respective second files are distinct from the first file and have respective second filenames belonging to the filename sequence.

Abstract: Filename-based malware pre-scanning is described herein. A method as described herein can include establishing sequential malware scanning for respective files in a first directory of a file system according to filenames of the respective files; comparing an elapsed time since a previous malware scan for a first file of the respective files in the first directory having a first filename in a filename sequence to a scan age threshold associated with a scheduled malware scan task for the first directory; and, in response to the elapsed time since the previous malware scan for the first file being determined to be less than the scan age threshold, removing the scheduled malware scan task with respect to the first file and at least one second file of the respective files in the first directory having respective second filenames in the filename sequence.

Abstract: Efficient configuration replication using a configuration change log is described herein. A method as described herein can include identifying, by a device operatively coupled to a processor, modified configurations from among a group of configurations associated with a first computing cluster; fetching, by the device, the modified configurations from the first computing cluster; and replicating, by the device, the modified configurations from the first computing cluster to a second computing cluster that is distinct from the first computing cluster and omitting replication of one or more unmodified configurations from among the group of configurations associated with the first computing cluster.

Abstract: Priority scanning of files written by malicious users in a data storage system is described herein. A data storage system as described herein can include a user lookup component that obtains identities of users that have made at least one modification to a first file stored on the data storage system, resulting in a set of modifying users; a comparison component that compares respective modifying users of the set of modifying users to respective malicious users of a set of malicious users; and a scan priority component that, in response to the comparison component identifying at least one match between a modifying user of the set of modifying users and a malicious user of the set of malicious users, assigns a first scan priority to the first file that is higher than a second scan priority assigned to a second, different file stored on the data storage system.

Abstract: User-based recovery point objectives (RPOs) for disaster recovery are described herein. A method as described herein can include obtaining, by a device operatively coupled to a processor, transient information associated with a file stored by a data storage system; determining, by the device, whether the transient information associated with the file indicates that a condition for replicating the file has been met; and inserting, by the device, the file into a replication queue associated with the data storage system in response to a positive result of the determining.

Abstract: Malware scanning for network-attached storage systems is provided herein. A data storage system as described herein can include a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can include a file identification component that obtains an identifier for a target file stored by the data storage system; a lookup component that searches a scan status data structure for a malware scan result corresponding to the identifier for the target file; and a file access component that grants access to the target file in response to the lookup component obtaining the malware scan result from the scan status data structure and the malware scan result indicating that the target file contains no malware.

Abstract: Efficient configuration replication using a configuration change log is described herein. A method as described herein can include identifying, by a device operatively coupled to a processor, modified configurations from among a group of configurations associated with a first computing cluster; fetching, by the device, the modified configurations from the first computing cluster; and replicating, by the device, the modified configurations from the first computing cluster to a second computing cluster that is distinct from the first computing cluster and omitting replication of one or more unmodified configurations from among the group of configurations associated with the first computing cluster.

Abstract: User-based recovery point objectives (RPOs) for disaster recovery are described herein. A method as described herein can include obtaining, by a device operatively coupled to a processor, transient information associated with a file stored by a data storage system; determining, by the device, whether the transient information associated with the file indicates that a condition for replicating the file has been met; and inserting, by the device, the file into a replication queue associated with the data storage system in response to a positive result of the determining.

Abstract: User-based recovery point objectives (RPOs) for disaster recovery are described herein. A method as described herein can include obtaining, by a device operatively coupled to a processor, transient information associated with respective files stored by a data storage system; associating, by the device, the respective files with respective priority values based on the transient information; and queueing, by the device, the respective files for replication in an order defined by the priority values associated with the respective files.

Abstract: Identification and control of malicious users on a data storage system is described herein. A data storage system as described herein can include a file tracking component that records identities of users that have made at least one modification to a file stored on the data storage system, resulting in a set of recorded users; a user monitor component that increments respective malware counts associated with respective users of the set of recorded users in response to a malware scan of the file indicating that the file contains malware; and an access control component that restricts usage of the data storage system by a first user of the set of recorded users in response to a malware count associated with the first user exceeding a first threshold.

Abstract: Filename-based malware pre-scanning is described herein. A method as described herein can include obtaining, by a device operatively coupled to a processor, a malware scan request for a first file in a directory of a file system, the first file having a first filename belonging to a filename sequence; appending, by the device, the first file to a first malware scan queue; and appending, by the device, respective second files in the directory to a second malware scan queue that is distinct from the first malware scan queue, wherein the respective second files are distinct from the first file and have respective second filenames belonging to the filename sequence.

Abstract: Filename-based malware pre-scanning is described herein. A method as described herein can include establishing sequential malware scanning for respective files in a first directory of a file system according to filenames of the respective files; comparing an elapsed time since a previous malware scan for a first file of the respective files in the first directory having a first filename in a filename sequence to a scan age threshold associated with a scheduled malware scan task for the first directory; and, in response to the elapsed time since the previous malware scan for the first file being determined to be less than the scan age threshold, removing the scheduled malware scan task with respect to the first file and at least one second file of the respective files in the first directory having respective second filenames in the filename sequence.

Abstract: Efficient heartbeat with remote servers by network-attached storage (NAS) cluster nodes is provided herein. A data storage system as described herein can include a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can include a node assignment component that generates assignments for NAS nodes resulting in respective associated NAS nodes, the assignments associating respective ones of the NAS nodes with respective distinct anti-malware servers, and a heartbeat messaging component that instructs the respective associated NAS nodes to transmit heartbeat request messages to the respective distinct anti-malware servers according to the assignments.

Abstract: Server selection for optimized malware scanning on network-attached storage systems is provided herein. A data storage system as described herein can include a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can include a load determination component that determines respective available capacities of anti-malware servers based on loading information obtained from the anti-malware servers and a task assignment component that assigns a malware scan task to a selected anti-malware server of the anti-malware servers based on the respective available capacities of the anti-malware servers.

Abstract: Malware scan status determination for network-attached storage systems is provided herein. A data storage system as described herein can include a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can include a data creation component that creates a scan status data structure associated with a network-attached storage (NAS) device, the scan status data structure comprising respective records that indicate a file identifier and a malware scan status for respective files stored on the NAS device, and a data update component that updates a record in the scan status data structure corresponding to a target file stored on the NAS device in response to receiving a malware scan result for the target file.

Abstract: An adaptive connection policy for dynamic load balancing of client connections is provided herein. A data storage system as described herein can include a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can include a watermarking component that defines operating ranges and connection policies for respective performance parameters associated with the data storage system, a performance monitoring component that tracks respective performances of computing nodes of the data storage system with respect to the respective performance parameters, and a policy selection component that selects a connection policy for a performance parameter of the respective performance parameters, resulting in a selected connection policy, in response to a performance of at least one computing node of the data storage system being outside of an operating range of the operating ranges for the performance parameter.

Abstract: Priority scanning of files written by malicious users in a data storage system is described herein. A data storage system as described herein can include a user lookup component that obtains identities of users that have made at least one modification to a first file stored on the data storage system, resulting in a set of modifying users; a comparison component that compares respective modifying users of the set of modifying users to respective malicious users of a set of malicious users; and a scan priority component that, in response to the comparison component identifying at least one match between a modifying user of the set of modifying users and a malicious user of the set of malicious users, assigns a first scan priority to the first file that is higher than a second scan priority assigned to a second, different file stored on the data storage system.

Abstract: Identification and control of malicious users on a data storage system is described herein. A data storage system as described herein can include a file tracking component that records identities of users that have made at least one modification to a file stored on the data storage system, resulting in a set of recorded users; a user monitor component that increments respective malware counts associated with respective users of the set of recorded users in response to a malware scan of the file indicating that the file contains malware; and an access control component that restricts usage of the data storage system by a first user of the set of recorded users in response to a malware count associated with the first user exceeding a first threshold.

Abstract: An adaptive connection policy for dynamic load balancing of client connections is provided herein. A data storage system as described herein can include a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can include a watermarking component that defines operating ranges and connection policies for respective performance parameters associated with the data storage system, a performance monitoring component that tracks respective performances of computing nodes of the data storage system with respect to the respective performance parameters, and a policy selection component that selects a connection policy for a performance parameter of the respective performance parameters, resulting in a selected connection policy, in response to a performance of at least one computing node of the data storage system being outside of an operating range of the operating ranges for the performance parameter.

Abstract: Efficient heartbeat with remote servers by network-attached storage (NAS) cluster nodes is provided herein. A data storage system as described herein can include a memory that stores computer executable components and a processor that executes computer executable components stored in the memory. The computer executable components can include a node assignment component that generates assignments for NAS nodes resulting in respective associated NAS nodes, the assignments associating respective ones of the NAS nodes with respective distinct anti-malware servers, and a heartbeat messaging component that instructs the respective associated NAS nodes to transmit heartbeat request messages to the respective distinct anti-malware servers according to the assignments.