AntiVirus Software  
Author Message
gjpearson1





PostPosted: Fri Dec 30 05:29:07 CST 2005 Top

SQL Server Developer >> AntiVirus Software

We have McAfee VirusScan installed on our database server. I would like to
configure the system not to scan *.bak, *.mdf, *.ldf. My question:
1. Is this the right configuration ?
2. By doing so, any potential security breach ?
3. By doing so, will the SQL box performance improve a bit?

Furthermore, we will have a new clustered SQL insatlled later on in our data
center, any recommendation on antiVirus configuration on SAN ?

Much appreciated.

SQL Server57  
 
 
John





PostPosted: Fri Dec 30 05:29:07 CST 2005 Top

SQL Server Developer >> AntiVirus Software Hi

By not allowing the file extensions to be scanned will mean any file in any
directory will be able to have this extension, you may want to look at
excluding by directory, which if would leave less possibilities for a rogue
file if your permissions are tight enough, a combination of both would be
even tighter!!.

You may want to run MBSA to see if it recomends anything to be improved.

http://support.microsoft.com/default.aspx?scid=kb;en-us;309422 also
recommends .ndf files but database files can have any extension name so make
sure that any database file extension is included in an exclude list. The
article also gives recommendations for SAN discs.

Make sure that your database do not have the autoclose property set.

If you have full text searching then you should look at not scanning
"C:\Program Files\Microsoft SQL Server\MSSQL\FTData"

A-V software can cause problems such as
http://support.microsoft.com/default.aspx?scid=kb;en-us;170338

The performance effect of the a-v software will depend to some extent on the
hardware you are running, make sure that when it is running it is not too
resource hungry and your disc have not become a bottleneck.

John



> We have McAfee VirusScan installed on our database server. I would like to
> configure the system not to scan *.bak, *.mdf, *.ldf. My question:
> 1. Is this the right configuration ?
> 2. By doing so, any potential security breach ?
> 3. By doing so, will the SQL box performance improve a bit?
>
> Furthermore, we will have a new clustered SQL insatlled later on in our
> data
> center, any recommendation on antiVirus configuration on SAN ?
>
> Much appreciated.


 
 
Hilary





PostPosted: Fri Dec 30 05:49:36 CST 2005 Top

SQL Server Developer >> AntiVirus Software Most anti-virus products will allow you to bypass the scanning of specific
directories.You can selectively disallow the scanning of the data file and
transaction log directories.

--
Hilary Cotter
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602.html

Looking for a FAQ on Indexing Services/SQL FTS
http://www.indexserverfaq.com



> We have McAfee VirusScan installed on our database server. I would like to
> configure the system not to scan *.bak, *.mdf, *.ldf. My question:
> 1. Is this the right configuration ?
> 2. By doing so, any potential security breach ?
> 3. By doing so, will the SQL box performance improve a bit?
>
> Furthermore, we will have a new clustered SQL insatlled later on in our
> data
> center, any recommendation on antiVirus configuration on SAN ?
>
> Much appreciated.


 
 
JT





PostPosted: Fri Dec 30 09:23:29 CST 2005 Top

SQL Server Developer >> AntiVirus Software I don't know what type of virus McAfee would be looking for in a mdf or ldf
file. If it scans the entire GB sized files from top to bottom while
referncing every possible virus signature pattern, it would result in a lot
of wasted I/O, CPU cycles, and possibly locking issues.

First make sure you have installed the version specifically designed to run
on a server. Also, it may only be prudent to have it scan only those file
types typically infected by viruses.



> We have McAfee VirusScan installed on our database server. I would like to
> configure the system not to scan *.bak, *.mdf, *.ldf. My question:
> 1. Is this the right configuration ?
> 2. By doing so, any potential security breach ?
> 3. By doing so, will the SQL box performance improve a bit?
>
> Furthermore, we will have a new clustered SQL insatlled later on in our
> data
> center, any recommendation on antiVirus configuration on SAN ?
>
> Much appreciated.


 
 
Stefan





PostPosted: Fri Dec 30 13:09:48 CST 2005 Top

SQL Server Developer >> AntiVirus Software


>We have McAfee VirusScan installed on our database server. I would like to
>configure the system not to scan *.bak, *.mdf, *.ldf. My question:
>1. Is this the right configuration ?
>2. By doing so, any potential security breach ?
>3. By doing so, will the SQL box performance improve a bit?
>
>Furthermore, we will have a new clustered SQL insatlled later on in our data
>center, any recommendation on antiVirus configuration on SAN ?
>
>Much appreciated.

I've found McAfee to be about the worst choice for anti virus, especially on a
server. It's bloated, heavy handed, and almost amateurish in its ability to
discriminate between what constitutes a threat and what doesn't.

For ease of use, small footprint, and utter effectiveness have a look at AVG.
Although I'm disheartened by the fact that they've been acquired by microsoft,
it's been almost a year now and I haven't seen any overtly negative changes yet.

---
Stefan Berglund