Virtual machines are an indispensable part of modern computer technologies. On a single physical machine, also known as the “host machine”, a large number of virtual machines can function at the same time, thus forming a virtual computing environment. Thus, for example, in order to form a corporate virtual environment, one deploys a group of virtual machines, often making use of standard models (pattern) of virtual machines. Accordingly, the virtual machines deployed from the same standard model will contain a large number of identical files.
A virtual machine, like any physical computer system, is also vulnerable to malicious software. Consequently, there is a need for antivirus checking of the files contained on the virtual machines. This task is accomplished (decided), inter alia, with the help of a distributed antivirus system, made up of a security virtual machine. A security virtual machine (SVM) makes it possible to optimize the process of using the resources of the host machine (which are limited), since in this case the host machine does not have to provide additional resources to each virtual machine when conducting the antivirus checking of files, but rather it is sufficient to allocate them only to the SVM. In this case, the virtual machines transfer the files (data) requiring an antivirus check to the SVM. At the same time, this approach also has a major drawback. This is due to the fact that, during a massive antivirus check an antivirus check of all or nearly all VMs), the SVM will receive and perform the check simultaneously on many files from many virtual machines (VMs), which may result in lower performance of the SVM, overfilling of the queue of requests for an antivirus check from the VMs, and consequently lower performance of the VMs awaiting the results of the antivirus check. Furthermore, the VMs themselves may stand idle for a long time, awaiting a response for the antivirus file checking, at least because the VMs deployed from an identical standard model may send a large number of identical files (data) to the SVM. Furthermore, the VMs may contain identical instructions as to the time of performing the antivirus check or the location of the files needing an antivirus check. This results in a massive antivirus checking of the identical data residing on the VMs.
There are various approaches at present to optimizing the performance of an antivirus check on virtual machines, one of which is using a common database residing on the SVM. This database will contain the results for previously performed antivirus file checks.
However, one also needs to consider the following circumstance: the effective use of a common database will only occur when the common database is filled with the results of antivirus checks already performed. Therefore, this approach will be rather ineffective when performing the initial massive antivirus checks or when performing a massive checking of a VM involving updates made to the VM. This is due to the fact that, during such a massive antivirus check, the virtual machines will send practically simultaneously the very same files (i.e., identical files) to the SVM, which are not yet present in the common database, and, consequently, the very same file will be checked several times, resulting in both increased overall time for the antivirus checking of files located on the plurality of virtual machines and standstill of the VMs awaiting the results of the antivirus file checking.
For this reason, in order to make efficient use of the advantages of the common database, it is preferably to fill the common database during the antivirus check while taking into consideration the files being sent for the antivirus check from all virtual machines.