Snapshot scoring for intelligent recovery

The invention claimed is: 1 . A method for restoring a data volume, comprising: receiving a request to restore the data volume, the data volume being stored on one or more storage devices that are part of a storage system; identifying a risk map that is associated with the data volume, the risk map including a plurality of entries, each entry mapping a different respective one of a plurality of snapshot identifiers to a respective risk assessment score for a snapshot corresponding to the snapshot identifier, the respective risk assessment score being generated by security software that is executed on a host device, the respective risk assessment score representing a level of threat or potential harm posed by one or more files in the data volume, each of the risk assessment scores being within a range defined by a first value and a second value, the first value corresponding to corresponding to a detection of a virus in the risk assessment score's respective snapshot; identifying a risk policy that corresponds to the data volume, the risk policy specifying a risk assessment score threshold that must be met by a snapshot in order for the snapshot to be used to restore the data volume the risk assessment co threshold specifying a boundary risk assessment score that a snapshot can have and still be used for data volume restoration; retrieving the risk assessment score threshold from the risk policy; performing a search of the risk map to identify a snapshot whose respective risk assessment score satisfies the risk assessment score threshold, the respective risk assessment score of the identified snapshot being generated and stored in the risk map prior to receipt of the request to restore the data volume; and using the identified snapshot to restore the data volume, wherein the risk scores stored in the risk map are used as input for evaluating the risk policy, the risk policy being evaluated as part of executing requests to restore the data volume, the disk policy being evaluated separately for each of the requests to restore the data volume. 2 . The method of claim 1 , wherein identifying the risk policy includes performing a search of a risk policy database to identify a risk policy that corresponds to the data volume. 3 . The method of claim 1 , wherein the identified snapshot is a most recent snapshot whose respective risk assessment score satisfies the risk assessment score threshold. 4 . The method of claim 1 , wherein the security software includes anti-virus software. 5 . The method of claim 1 , wherein the risk map is populated by a management system that is configured to receive risk assessment scores from host devices where the data volume is mounted and update the risk map with the received risk assessment scores, the management system being further configured to implement a data protection mechanism for generating snapshots of the data volume. 6 . The method of claim 5 , wherein the risk map is stored in a memory of the management system. 7 . The method of claim 1 , wherein the plurality of snapshot identifiers corresponds to a plurality of snapshots and the risk management ap is stored in the storage system together with the plurality of snapshots. 8 . A computing device, comprising: a memory; and processing circuitry that is operatively coupled to the memory, the processing circuitry being configured to perform the operations of: receiving a request to restore a data volume, the data volume being stared on one or more storage devices that are part of a storage system; identifying a risk map that is associated with the data volume, the risk map including a plurality of entries, each entry mapping a different respective one of a plurality of snapshot identifiers to a respective risk assessment score for a snapshot corresponding to the snapshot identifier, the respective risk assessment score being generated by security software that is executed on a host device, the respective risk assessment score representing a level of threat or potential harm posed by one or more files in the data volume, each of the risk assessment scores being within a range defined by a first value and a second value, the first value corresponding to absence of any threat in the risk assessment score's respective snapshot, and the second value corresponding to a detection of a virus in the risk assessment score's respective snapshot; identifying a risk policy that corresponds to the data volume, the risk policy specifying a risk assessment score threshold that must be met by a snapshot in order for the snapshot to be used to restore the data volume, the risk assessment score threshold specifying a boundary risk assessment score that a snapshot can have and still be used for data volume restoration; retrieving the risk assessment score threshold from the risk policy; performing a search of the risk map to identify a snapshot whose respective risk assessment score satisfies the risk assessment score threshold the respective risk assessment score of the identified snapshot being generated and stored in the risk map prior to receipt of the request to restore the data volume; and using the identified snapshot to restore the data volume, wherein the risk scores stored in the risk map are used as input for evaluating the risk policy, the risk policy being evaluated as part of executing requests to restore the data volume, the risk policy being evaluated separately for each of the requests to restore the data volume. 9 . The computing device of claim 8 , wherein identifying the risk policy includes performing a search of a risk policy database to identify a risk policy that corresponds to the data volume. 10 . The computing device of claim 8 , wherein the identified snapshot is a most recent snapshot whose respective risk assessment score satisfies the risk assessment score threshold. 11 . The computing device of claim 8 , wherein the security software includes anti-virus software. 12 . The computing device of claim 8 , wherein the risk map is populated by a management system that is configured to receive risk assessment scores from host devices where the data volume is mounted and update the risk map with the received risk assessment scores, the management system being further configured to implement a data protection mechanism for generating snapshots of the data volume. 13 . The computing device of claim 12 , wherein the risk map is stored in a memory of the management system. 14 . The computing device of claim 8 , wherein the computing device includes a storage processor that is part of the storage system, and the risk map is stored in the memory. 15 . A non-transitory computer-readable medium storing one or more processor-executable instructions, which, when executed by a processing circuitry, cause the processing circuitry to perform a process including the operations of: receiving a request to restore a data volume, the data volume being stored on one or more storage devices that are part of a storage system; identifying a risk map that is associated with the data volume, the risk map including a plurality of entries, each entry mapping a different respective one of a plurality of snapshot identifiers to a respective risk assessment score for a snapshot corresponding to the snapshot identifier, the respective risk assessment score being generated by security software that is executed on a host device, the respective risk assessment score representing a level of threat or potential harm posed by one or more files in the data volume, each of the risk assessment scores being within a range defined by a