Click here to monitor SSC
SQLServerCentral is supported by Red Gate Software Ltd.
 
Log in  ::  Register  ::  Not logged in
 
 
 
        
Home       Members    Calendar    Who's On


Add to briefcase

McAfee VirusScan Enterprise 8.7.0i Running on Production Intranet Database Server Expand / Collapse
Author
Message
Posted Wednesday, June 23, 2010 10:59 AM


SSC-Enthusiastic

SSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-EnthusiasticSSC-Enthusiastic

Group: General Forum Members
Last Login: Friday, June 6, 2014 5:04 AM
Points: 147, Visits: 301
I have always heard that the only thing that should be running on a SQL Server database server (or any make perhaps?) is SQL Server. No Microsoft Office, No Firewalls, No Antivirus. no other software period.

We have a Windows 2003 Enterprise server that we run our SQL Server 2008 Enterprise db on. It sits on a RAID 5 disk subsystem. It powers our intranet and is not accessible from the outside world as it is in a heavily fortified DMZ. There are no files that originate from a client machine being written to the server with the exception of small photographs of adoptable children that are moved from one or two desktop machines within our organization that are also running mcafee. All other files are written to a directory on the server from stored procedures. We push these to other machines within our intranet periodically.

About a year ago our IT department installed the McAfee VirusScan Enterprise 8.7.0i client on the database server. It performs an on access scan whenever a file is read or written to.

Performance slowed to a crawl and eventually it was discovered that we had to exclude certain DB files from being scanned. Once that was done performance improved. We then upgraded to 8.7.0 and performance once again improved.

I would like to hear from other professionals what their preferred method is for virus scanning a db server such as ours, one that never gets input from outside the intranet and rarely from within. Is it really necessary for this to be on our database server? Couldn't the one directory that has files orginating on a desktop be scanned remotely rather than having the app installed? Is it better to have this sitting on the DB Server itself? Does it provide a benefit that a remotely hosted scan can't provide? Can you think of any issues one way or the other?

Thanks for your input!



Love them all ... regardless.
- Buddha
Post #941945
Posted Monday, August 23, 2010 5:44 AM
SSC Rookie

SSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC RookieSSC Rookie

Group: General Forum Members
Last Login: Thursday, November 28, 2013 3:17 AM
Points: 29, Visits: 191
I have experience in SQL Server 2005 Production environments, and on Oracle as well. You are right to anticipate that SQL Server shouldn't be having any other applications. AntiVirus retains a lock on the files if they find the file to be suspicious (and you definitely don't have much control on this definition). Even if the antivirus scans through the files remotely, even then this issue or concern would remain persistent.

You rightly said that there are minimal chances of database files receiving virus infection. Though if really is required, then I would suggest you get copied files in place and scan them, rather than scanning attached database files. If you find backup files infected, you always have an option of validating the original files.

On a side note, I never encountered situation where DB files were infected from virus.

Regards,
Vikas Rajput


_____________
Vikas S. Rajput
Post #973362
Posted Monday, August 23, 2010 6:05 AM


SSC-Forever

SSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-ForeverSSC-Forever

Group: General Forum Members
Last Login: Today @ 2:38 AM
Points: 40,157, Visits: 36,543
MS recommendation is to exclude all SQL database files from virus scans. That's the mdf, ndf, ldf, trn, bak and the error log files at minimum.


Gail Shaw
Microsoft Certified Master: SQL Server 2008, MVP
SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

We walk in the dark places no others will enter
We stand on the bridge and no one may pass

Post #973374
« Prev Topic | Next Topic »

Add to briefcase

Permissions Expand / Collapse