Virus Scanning Blob files loaded in SQL Server
-
Can a virus scanner scan data being uploaded into a blob field in a database.
We are looking at uploading attachments to our database to keep them insync with data entered into the application.
-
u want the anti virus to check the attachments before u save them in the database.
if u have one on ur server then am sure it would be scand first, but u have to be able to do some thing if there were a virus in the document.
have u search for some thing made for this..
..>>..
MobashA
-
That is why I posted this question, I was hoping someone else out there has run into this same issue and has some guidance instead of myself or our PeopleSoft Admin from blindly searching the web to see what we can find.
Yes, I realize the best way is to scan the atteachments before they get into the system; however, I am not a virus scanning expert, but a DBD/DBA. The application that will be deployed is a web based app. How can we scan attachments before they are entered into the system?
-
can u think of using a pointer to the file instead of storing the hole file in the database, and sotre the file on the file system. this way u can scan the attachments any time u want.
..>>..
MobashA
-
The problem with that is keeping the file system backups in sync with the database backups. We want to ensure if a restore is completed, all related information is also in sync.
-
I'm not aware of any product out there that scans BLOBs. You can force most virus scanners to scan a particular file, however, so if you can have it written to a directory, force the scan, and then do the upload into the database, you would effectively do the same thing.
K. Brian Kelley
@kbriankelley -
Again, not being one significantly versed in virus scanning software (I do use one), is there a virus scanning software package that can be run from the command line (OS) against a specified file and return a value to indicate if the file is infected or not? If the value returned can provide more info than pass/fail, that would be better.
-
We store files in our database as blobs. Our Dev people developed a .Net app that calls the virus scanner API to process the file before it is stored. The file is passed to the virus scanner as a stream (relatively easy to do in .Net). The process allows us to capture any issues with the file and reject it before it gets to the database.
I cannot give you our code on how to do this, but I would expect your anti-virus vendor to provide some advice on how to build the necessary code.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
-
EdVassie (5/28/2008)
We store files in our database as blobs. Our Dev people developed a .Net app that calls the virus scanner API to process the file before it is stored. The file is passed to the virus scanner as a stream (relatively easy to do in .Net). The process allows us to capture any issues with the file and reject it before it gets to the database.I cannot give you our code on how to do this, but I would expect your anti-virus vendor to provide some advice on how to build the necessary code.
I understand regarding the code, but can you tell me what Virus software you are using? That alone would be a big help.
-
We use McAfee VirusScan Enterprise 8.5
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
-
I lied, but not intentionally. Is this process a part of the web app or is it done from within the database? This is also needed to see if we can do the necessary customization on the PeopleSoft side or if we have to approach from another direction (perhaps using the CLR).
-
The process was originally coded in the distant days of SQL Server 2000 so for us it is done in the application layer. It could be done as a CLR routine if you think the routines you are calling are safe for in-process use. Where it is called is a matter of site convenience. Either way you will need .Net developers to produce the code.
Original author: https://github.com/SQL-FineBuild/Common/wiki/ 1-click install and best practice configuration of SQL Server 2019, 2017 2016, 2014, 2012, 2008 R2, 2008 and 2005.
When I give food to the poor they call me a saint. When I ask why they are poor they call me a communist - Archbishop Hélder Câmara
-
This helps quite a bit. If you think of anything else that may be useful, please let me know.
-
Lynn,
which version is installed on the respective servers? McAfee, Symantec, Trend Micro, other?
K. Brian Kelley
@kbriankelley -
At this moment, I'd say other. I sent an email to one of our network people asking what we are using. I'm not at work (on vacation) and really don't feel like VPNing in to see for myself.
I'd like to say we are using ETrust, but really not sure off the top of my head.
Viewing 15 posts - 1 through 15 (of 21 total)
You must be logged in to reply to this topic. Login to reply