Best Practice? (SQL Server & Anti-virus )

  • I am working on a project to bring our SQL Servers up to best practice standards.  One of the best practices that I came across was to run anti-virus software on the SQL Server server but exclude yoru database folder from regular scans.  It didn't go into any more detail as to why this is a best practice.  I could see how you wouldn't want a virus scanner scanning your databases during day while there is a bunch of activity.  It would definitely affect performance.  This seems to be the only reason I could think of.  Am I missing something else?  The virus scanner doesn't do anything to the databases, does it?  We use primarily Norton here and we haven't been excluded our database files from scans but we do the scans during off hours.  If anyone has any more info on this, I would appreciate hearing it.

    Thanks,

    John

  • I usually tell my clients not to run anti-virus on SQL servers, to me it's just a waste of resources on that machine...I don't see the need to scan folders, since I recommend that documents, etc are NOT stored on the same box...so the risk of viruses is minimal. 

    That's just my opinion...I'm not sure if there are any official recommendations on this topic or not...

     

    Steve

  • U don't want to run anti-vir, where your data lies. This is per mcafee, there's a danger in data corruption. I happen to have program files on my server so it does need to be run. I have 4 partions, so run the vir. scan on two, the other do is where my logs and dat files reside.

  • you have to use an Anti-virus program to check if there any virus hit the server (if this happened, regestery may be affested, some files may be deleted, Memory will be Fill up with Nothing , processor is working on nothing, .. etc)

    I set norton Antivirus Corporate Edition NOT to scan the MDF, NDF, LDF , TRN and BAK files, and not to scan important Folders .

    and also not to scan all (pagefile.sys) files which is the virtual memory files.

    also in in File System RealTime Protection page in norton Antivirus Corporate Edition

    1- I made to (scan files when) >> [ Modified { scan or created } ] from (Advanced) Button

    2- and I made (Nework) in (Drive Types) >> Unchecked

    I hope this help u.


    Alamir Mohamed
    Alamir_mohamed@yahoo.com

  • Just to piggy-back, what Alamir suggests as far as extensions are concerned is what we practice. However, we do scan important folders such as %systemroot% and %systemroot%\win32. The reason being a lot of viruses will place their files in these directories. Blaster and its variants placed files in %systemroot%, for instance.

    K. Brian Kelley
    @kbriankelley

  • Thanks for all the good info guys.  So the main reason not to scan the data files is because of data corruption?  How does it corrupt the files?

    Thanks,

    John

  • If the antivirus grabs the file first when SQL Server attempts to start up, things like that. Also remember than many antivirus agents are going to scan changing files frequently. If the files remain locked open (as with .mdf, .ndf, and .ldf files if you don't have autoclose on), the agents aren't actually going to be able to touch the files. So there's not a lot of point scanning those particular files. By extension, the backup files because you don't want antivirus conflicting with your attempt to backup to a particular file.

    K. Brian Kelley
    @kbriankelley

  • My 2 cents worth on this point - this week I've had 2 clients who both came to grief with Norton AntiVirus on their servers.  In both cases when the servers were built, the SQL Data directories had not been included in Norton's exclusion list, and the contention between SQL & Norton left teh databases in "suspect" mode.

    One case had a happy outcome, and the other one not so happy.  Message to all - if you HAVE to put Antivirus gear on a SQL Server - make sure the data files are protected from it!

Viewing 8 posts - 1 through 7 (of 7 total)

You must be logged in to reply to this topic. Login to reply