I have always heard that the only thing that should be running on a SQL Server database server (or any make perhaps?) is SQL Server. No Microsoft Office, No Firewalls, No Antivirus. no other software period.
We have a Windows 2003 Enterprise server that we run our SQL Server 2008 Enterprise db on. It sits on a RAID 5 disk subsystem. It powers our intranet and is not accessible from the outside world as it is in a heavily fortified DMZ. There are no files that originate from a client machine being written to the server with the exception of small photographs of adoptable children that are moved from one or two desktop machines within our organization that are also running mcafee. All other files are written to a directory on the server from stored procedures. We push these to other machines within our intranet periodically.
About a year ago our IT department installed the McAfee VirusScan Enterprise 8.7.0i client on the database server. It performs an on access scan whenever a file is read or written to.
Performance slowed to a crawl and eventually it was discovered that we had to exclude certain DB files from being scanned. Once that was done performance improved. We then upgraded to 8.7.0 and performance once again improved.
I would like to hear from other professionals what their preferred method is for virus scanning a db server such as ours, one that never gets input from outside the intranet and rarely from within. Is it really necessary for this to be on our database server? Couldn't the one directory that has files orginating on a desktop be scanned remotely rather than having the app installed? Is it better to have this sitting on the DB Server itself? Does it provide a benefit that a remotely hosted scan can't provide? Can you think of any issues one way or the other?
Thanks for your input!
Love them all ... regardless.