McAfee VirusScan Enterprise 8.7.0i Running on Production Intranet Database Server

  • I have always heard that the only thing that should be running on a SQL Server database server (or any make perhaps?) is SQL Server. No Microsoft Office, No Firewalls, No Antivirus. no other software period.

    We have a Windows 2003 Enterprise server that we run our SQL Server 2008 Enterprise db on. It sits on a RAID 5 disk subsystem. It powers our intranet and is not accessible from the outside world as it is in a heavily fortified DMZ. There are no files that originate from a client machine being written to the server with the exception of small photographs of adoptable children that are moved from one or two desktop machines within our organization that are also running mcafee. All other files are written to a directory on the server from stored procedures. We push these to other machines within our intranet periodically.

    About a year ago our IT department installed the McAfee VirusScan Enterprise 8.7.0i client on the database server. It performs an on access scan whenever a file is read or written to.

    Performance slowed to a crawl and eventually it was discovered that we had to exclude certain DB files from being scanned. Once that was done performance improved. We then upgraded to 8.7.0 and performance once again improved.

    I would like to hear from other professionals what their preferred method is for virus scanning a db server such as ours, one that never gets input from outside the intranet and rarely from within. Is it really necessary for this to be on our database server? Couldn't the one directory that has files orginating on a desktop be scanned remotely rather than having the app installed? Is it better to have this sitting on the DB Server itself? Does it provide a benefit that a remotely hosted scan can't provide? Can you think of any issues one way or the other?

    Thanks for your input!

    Even as a mother protects with her life
    Her child, her only child,
    So with a boundless heart
    Should one cherish all living beings;

  • I have experience in SQL Server 2005 Production environments, and on Oracle as well. You are right to anticipate that SQL Server shouldn't be having any other applications. AntiVirus retains a lock on the files if they find the file to be suspicious (and you definitely don't have much control on this definition). Even if the antivirus scans through the files remotely, even then this issue or concern would remain persistent.

    You rightly said that there are minimal chances of database files receiving virus infection. Though if really is required, then I would suggest you get copied files in place and scan them, rather than scanning attached database files. If you find backup files infected, you always have an option of validating the original files.

    On a side note, I never encountered situation where DB files were infected from virus.

    Regards,

    Vikas Rajput

    _____________
    Vikas S. Rajput

  • MS recommendation is to exclude all SQL database files from virus scans. That's the mdf, ndf, ldf, trn, bak and the error log files at minimum.

    Gail Shaw
    Microsoft Certified Master: SQL Server, MVP, M.Sc (Comp Sci)
    SQL In The Wild: Discussions on DB performance with occasional diversions into recoverability

    We walk in the dark places no others will enter
    We stand on the bridge and no one may pass

Viewing 3 posts - 1 through 2 (of 2 total)

You must be logged in to reply to this topic. Login to reply