As a DBA, I was taught that running Anti-virus software on a database server
was not a very good thing to do. My network admin is planning a Windows 2000
migration and would like all machines across the domain to run AV software.
Can anyone tell me about their experience running AV software on their
database server, and whether this is a good idea or not.
The box runs SQL 6.5sp5a (soon to be 2k) and does not touch the outside
world at all.
Thanks for your help,
CurtisAs much as you may want to keep anti-virus software away
from a SQL box, you'll soon realize that that's a lost
battle. When there is a virus crisis, whatever arguments
you may have to avoid anti-virus on your SQL box, you'll
end being defeated badly.
My experience is to simply give up on avoiding virus scan
completely, and ask for the SQL files being excluded from
the virus scan. I typically ask the security folks to
exclude the following files from being scanned: *.MDF,
*.LDF, *.NDF, *.BAK, *.TRN, and *.BKP.
The primary reason you don't want anti-virus scanning is
that the virus scan software may get hold of a SQL
data/log file and prevents SQL Server from opening it,
resulting in the database being put into the suspect mode.
Usually, these data/log files are open all the time, and
therefore not an issue. But sometimes we may need to shut
down SQL Server instance or detach a database. Before we
restart SQL Server or attach the database, if the virus
software gets ahead of us, we are screwed.
There are also some issues with SQL Server running in a
cluster.
Check out: Q309422 and Q250355
Linchi
>--Original Message--
>As a DBA, I was taught that running Anti-virus software
on a database server
>was not a very good thing to do. My network admin is
planning a Windows 2000
>migration and would like all machines across the domain
to run AV software.
>Can anyone tell me about their experience running AV
software on their
>database server, and whether this is a good idea or not.
>The box runs SQL 6.5sp5a (soon to be 2k) and does not
touch the outside
>world at all.
>Thanks for your help,
>Curtis
>
>.
>
2012年2月13日星期一
anti-virus software
I'd like to hear if most people using anti-virus software
on the SQL production server? Also, what are the
performance implications of doing this?
TIA,
JB
JB,
I would recommend that you do not scan the SQL Server data or log file
directories, otherwise it should be OK. Depends on the anti-virus
product that you are using. I haven't had any problems with Sophos -
generally the anti-virus products these days are quite good, there used
to be stability and performance problems with them a few years ago. If
you had asked this question a few years ago I would have recommended you
don't install one, but I think it's OK now.
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602m.html
JB wrote:
> I'd like to hear if most people using anti-virus software
> on the SQL production server? Also, what are the
> performance implications of doing this?
> TIA,
> JB
|||I agree with Mark, don't virus check your sql data and log files. At best it
can lead to performance problems...
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:OveS0WAlEHA.2500@.TK2MSFTNGP09.phx.gbl...[vbcol=seagreen]
> JB,
> I would recommend that you do not scan the SQL Server data or log file
> directories, otherwise it should be OK. Depends on the anti-virus
> product that you are using. I haven't had any problems with Sophos -
> generally the anti-virus products these days are quite good, there used
> to be stability and performance problems with them a few years ago. If
> you had asked this question a few years ago I would have recommended you
> don't install one, but I think it's OK now.
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602m.html
>
> JB wrote:
on the SQL production server? Also, what are the
performance implications of doing this?
TIA,
JB
JB,
I would recommend that you do not scan the SQL Server data or log file
directories, otherwise it should be OK. Depends on the anti-virus
product that you are using. I haven't had any problems with Sophos -
generally the anti-virus products these days are quite good, there used
to be stability and performance problems with them a few years ago. If
you had asked this question a few years ago I would have recommended you
don't install one, but I think it's OK now.
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602m.html
JB wrote:
> I'd like to hear if most people using anti-virus software
> on the SQL production server? Also, what are the
> performance implications of doing this?
> TIA,
> JB
|||I agree with Mark, don't virus check your sql data and log files. At best it
can lead to performance problems...
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:OveS0WAlEHA.2500@.TK2MSFTNGP09.phx.gbl...[vbcol=seagreen]
> JB,
> I would recommend that you do not scan the SQL Server data or log file
> directories, otherwise it should be OK. Depends on the anti-virus
> product that you are using. I haven't had any problems with Sophos -
> generally the anti-virus products these days are quite good, there used
> to be stability and performance problems with them a few years ago. If
> you had asked this question a few years ago I would have recommended you
> don't install one, but I think it's OK now.
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602m.html
>
> JB wrote:
anti-virus software
I'd like to hear if most people using anti-virus software
on the SQL production server? Also, what are the
performance implications of doing this?
TIA,
JBJB,
I would recommend that you do not scan the SQL Server data or log file
directories, otherwise it should be OK. Depends on the anti-virus
product that you are using. I haven't had any problems with Sophos -
generally the anti-virus products these days are quite good, there used
to be stability and performance problems with them a few years ago. If
you had asked this question a few years ago I would have recommended you
don't install one, but I think it's OK now.
--
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602m.html
JB wrote:
> I'd like to hear if most people using anti-virus software
> on the SQL production server? Also, what are the
> performance implications of doing this?
> TIA,
> JB|||I agree with Mark, don't virus check your sql data and log files. At best it
can lead to performance problems...
--
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:OveS0WAlEHA.2500@.TK2MSFTNGP09.phx.gbl...
> JB,
> I would recommend that you do not scan the SQL Server data or log file
> directories, otherwise it should be OK. Depends on the anti-virus
> product that you are using. I haven't had any problems with Sophos -
> generally the anti-virus products these days are quite good, there used
> to be stability and performance problems with them a few years ago. If
> you had asked this question a few years ago I would have recommended you
> don't install one, but I think it's OK now.
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602m.html
>
> JB wrote:
> > I'd like to hear if most people using anti-virus software
> > on the SQL production server? Also, what are the
> > performance implications of doing this?
> > TIA,
> > JB
on the SQL production server? Also, what are the
performance implications of doing this?
TIA,
JBJB,
I would recommend that you do not scan the SQL Server data or log file
directories, otherwise it should be OK. Depends on the anti-virus
product that you are using. I haven't had any problems with Sophos -
generally the anti-virus products these days are quite good, there used
to be stability and performance problems with them a few years ago. If
you had asked this question a few years ago I would have recommended you
don't install one, but I think it's OK now.
--
Mark Allison, SQL Server MVP
http://www.markallison.co.uk
Looking for a SQL Server replication book?
http://www.nwsu.com/0974973602m.html
JB wrote:
> I'd like to hear if most people using anti-virus software
> on the SQL production server? Also, what are the
> performance implications of doing this?
> TIA,
> JB|||I agree with Mark, don't virus check your sql data and log files. At best it
can lead to performance problems...
--
Wayne Snyder, MCDBA, SQL Server MVP
Mariner, Charlotte, NC
www.mariner-usa.com
(Please respond only to the newsgroups.)
I support the Professional Association of SQL Server (PASS) and it's
community of SQL Server professionals.
www.sqlpass.org
"Mark Allison" <marka@.no.tinned.meat.mvps.org> wrote in message
news:OveS0WAlEHA.2500@.TK2MSFTNGP09.phx.gbl...
> JB,
> I would recommend that you do not scan the SQL Server data or log file
> directories, otherwise it should be OK. Depends on the anti-virus
> product that you are using. I haven't had any problems with Sophos -
> generally the anti-virus products these days are quite good, there used
> to be stability and performance problems with them a few years ago. If
> you had asked this question a few years ago I would have recommended you
> don't install one, but I think it's OK now.
> --
> Mark Allison, SQL Server MVP
> http://www.markallison.co.uk
> Looking for a SQL Server replication book?
> http://www.nwsu.com/0974973602m.html
>
> JB wrote:
> > I'd like to hear if most people using anti-virus software
> > on the SQL production server? Also, what are the
> > performance implications of doing this?
> > TIA,
> > JB
Anti-Virus Precautions
I'm about to setup my first CRM 3.0 coupled with SQL2000 dedicated server an
d
was wondering if there are any folders or file types that the anti virus
program should be excluded from scanning to prevent corruption.
Please be specific as to each program, CRM and SQL2000.
Thank you as always for your wisdom.
He has half the deed done who has made a beginning ~ HoraceI can't say about the CRM but for SQL Server at the minimum you want to
exclude:
folders with .mdf, .ndf and .ldf files
SQL Server ad related services log files
Backup files
Here is a little more info that may be helpful.
http://support.microsoft.com/kb/309422
Andrew J. Kelly SQL MVP
"WaltB123" <WaltB123@.noemail.postalias> wrote in message
news:6FE4F82C-DD2F-43CA-96CE-32C6BC5155F0@.microsoft.com...
> I'm about to setup my first CRM 3.0 coupled with SQL2000 dedicated server
> and
> was wondering if there are any folders or file types that the anti virus
> program should be excluded from scanning to prevent corruption.
> Please be specific as to each program, CRM and SQL2000.
> Thank you as always for your wisdom.
> --
> He has half the deed done who has made a beginning ~ Horace|||Thank you for the heads up. Is there a newsgroup for CRM I can post to? I
didnt see one on the managed newsgroups list.|||Hello,
You can exclude the directories where your database files, backup files and
audit files for SQL server are stored in your antivirus program. In that way
antivirus wont scan those folders.
Thanks
Prakash
"WaltB123" wrote:
> I'm about to setup my first CRM 3.0 coupled with SQL2000 dedicated server
and
> was wondering if there are any folders or file types that the anti virus
> program should be excluded from scanning to prevent corruption.
> Please be specific as to each program, CRM and SQL2000.
> Thank you as always for your wisdom.
> --
> He has half the deed done who has made a beginning ~ Horace
d
was wondering if there are any folders or file types that the anti virus
program should be excluded from scanning to prevent corruption.
Please be specific as to each program, CRM and SQL2000.
Thank you as always for your wisdom.
He has half the deed done who has made a beginning ~ HoraceI can't say about the CRM but for SQL Server at the minimum you want to
exclude:
folders with .mdf, .ndf and .ldf files
SQL Server ad related services log files
Backup files
Here is a little more info that may be helpful.
http://support.microsoft.com/kb/309422
Andrew J. Kelly SQL MVP
"WaltB123" <WaltB123@.noemail.postalias> wrote in message
news:6FE4F82C-DD2F-43CA-96CE-32C6BC5155F0@.microsoft.com...
> I'm about to setup my first CRM 3.0 coupled with SQL2000 dedicated server
> and
> was wondering if there are any folders or file types that the anti virus
> program should be excluded from scanning to prevent corruption.
> Please be specific as to each program, CRM and SQL2000.
> Thank you as always for your wisdom.
> --
> He has half the deed done who has made a beginning ~ Horace|||Thank you for the heads up. Is there a newsgroup for CRM I can post to? I
didnt see one on the managed newsgroups list.|||Hello,
You can exclude the directories where your database files, backup files and
audit files for SQL server are stored in your antivirus program. In that way
antivirus wont scan those folders.
Thanks
Prakash
"WaltB123" wrote:
> I'm about to setup my first CRM 3.0 coupled with SQL2000 dedicated server
and
> was wondering if there are any folders or file types that the anti virus
> program should be excluded from scanning to prevent corruption.
> Please be specific as to each program, CRM and SQL2000.
> Thank you as always for your wisdom.
> --
> He has half the deed done who has made a beginning ~ Horace
2012年2月11日星期六
Anti-Virus on SQL Server? - Merits and Arguments?
Do any of you run any anti-virus software on your SQL Servers -- for
dedicated SQL Server boxes?
We have some varying views within our organization on what approach to take
to protecting the SQL Server.
We do not have any file shares, or IIS or any unneeded services running on
our dedicated SQL Server's -- thus I guess I do not see the merit of using
anti-virus software on the SQL Server itself when the attach vectors are
fairly minimized.
Our SQL Servers are all internal, no DMZ, no external. The only major
vulnerability would be internal threats (which are minimized by other
internal controls, i.e. AV at the desktop, etc.).
Is patch management, properly configured SQL Server security, and a good
understanding of what services are open on the particular box enough to
protect against 90-95% of the vulnerabilities that may exist?
Thanks for your opinion,
Aaron"Aaron Vance" <thisisnttheemailyourlookingfor@.nospam.com> wrote in message
news:u$mL3kF4DHA.3576@.TK2MSFTNGP11.phx.gbl...
We run anti-virus software on ALL of our servers regardless of role.
take
Let's say you protect against 95% of all virus vulnerabilities, that still
leaves a 5% exposure. I understand the points you are making, however if one
of my servers were compromised, and I had to make an explanation to
management -- I would not be comfortable in saying that I took most steps in
protecting these servers but not all.
Steve|||> "Aaron Vance" <thisisnttheemailyourlookingfor@.nospam.com> wrote in message
Let's say you protect against 95% of all virus vulnerabilities, that still
leaves a 5% exposure. I understand the points you are making, however if
one
of my servers were compromised, and I had to make an explanation to
management -- I would not be comfortable in saying that I took most steps
in
protecting these servers but not all.
Steve
dedicated SQL Server boxes?
We have some varying views within our organization on what approach to take
to protecting the SQL Server.
We do not have any file shares, or IIS or any unneeded services running on
our dedicated SQL Server's -- thus I guess I do not see the merit of using
anti-virus software on the SQL Server itself when the attach vectors are
fairly minimized.
Our SQL Servers are all internal, no DMZ, no external. The only major
vulnerability would be internal threats (which are minimized by other
internal controls, i.e. AV at the desktop, etc.).
Is patch management, properly configured SQL Server security, and a good
understanding of what services are open on the particular box enough to
protect against 90-95% of the vulnerabilities that may exist?
Thanks for your opinion,
Aaron"Aaron Vance" <thisisnttheemailyourlookingfor@.nospam.com> wrote in message
news:u$mL3kF4DHA.3576@.TK2MSFTNGP11.phx.gbl...
quote:
> Do any of you run any anti-virus software on your SQL Servers -- for
> dedicated SQL Server boxes?
We run anti-virus software on ALL of our servers regardless of role.
quote:
> We have some varying views within our organization on what approach to
take
quote:
> to protecting the SQL Server.
> We do not have any file shares, or IIS or any unneeded services running on
> our dedicated SQL Server's -- thus I guess I do not see the merit of using
> anti-virus software on the SQL Server itself when the attach vectors are
> fairly minimized.
> Our SQL Servers are all internal, no DMZ, no external. The only major
> vulnerability would be internal threats (which are minimized by other
> internal controls, i.e. AV at the desktop, etc.).
> Is patch management, properly configured SQL Server security, and a good
> understanding of what services are open on the particular box enough to
> protect against 90-95% of the vulnerabilities that may exist?
Let's say you protect against 95% of all virus vulnerabilities, that still
leaves a 5% exposure. I understand the points you are making, however if one
of my servers were compromised, and I had to make an explanation to
management -- I would not be comfortable in saying that I took most steps in
protecting these servers but not all.
Steve|||> "Aaron Vance" <thisisnttheemailyourlookingfor@.nospam.com> wrote in message
quote:
> news:u$mL3kF4DHA.3576@.TK2MSFTNGP11.phx.gbl...
We run anti-virus software on ALL of our servers regardless of role.
[QUOTE]
> take
on[QUOTE]
using[QUOTE]
>
Let's say you protect against 95% of all virus vulnerabilities, that still
leaves a 5% exposure. I understand the points you are making, however if
one
of my servers were compromised, and I had to make an explanation to
management -- I would not be comfortable in saying that I took most steps
in
protecting these servers but not all.
Steve
anti-virus on sql server box?
hi!
i am using sql 2005 with sp1 standard edition.
i have a question regarding the antivirus software. Is it ok to install anti-virus software on the sql server box? what are the issues involved if we install anti-virus software on the sql server box?
I heard, it causes some performance and other issues.
Is there anything we need to take care of .if we decide to install anti-virus software on the sql server box?
Can anybody share experience on this?
Thanks
Personally, I am very much against installing anti-virus software on a SQL Server box, for performance reasons. You see conflicting advice from Microsoft about this. The Perf people say no, and the security people say yes. If you decide to run AV on your SQL Server, make sure to exclude the data and log files from the scanning.|||
Generally speaking, it is not a good idea to have anti-virus products on a SQL Server.
Consider that anti-virus products protect the computer from user activities in the Workstation service.
On a SQL Server, there 'should' not be any user activities in the Workstation service.
|||I disagree with the other posts here.ALWAYS run anti-virus on ALL machines on the network, servers and pcs, with current virus defs.
On SQL server, exclude the data and log directories from the scanning and virus protection.
Many viruses will infect all machines on the entire network, and if you don't have AV on ALL machines, when you remove it from all your PCs, it will hide on your SQL server box until it infects the entire network again and again and again. I know because this has happened to me, with more than one customer who has the same "performance" concerns.
|||Yes, I agree with Tlom. There are several approaches, defined by the policy of the companies which way you can take if you secure SQL Server. You can either exclude the data file and directories or exclude the appropuiate MDF / LDF extensions (which assumes that you are using these extensions with your files) I prefer the extensions exclusion which will makes it even not possible to inject a virus in the data directories of SQL Server.
Jens K. Suessmeyer.
http://www.sqlserver2005.de
|||Thank you everyone for your replies. I really appreciate it.So if you exclude the data and log files, are there any performance issues and other issues like communication/blocking etc ?
Thanks
|||
I hope this will help you:
Guidelines for choosing antivirus software to run on the computers that are running SQL Server
http://support.microsoft.com/kb/309422/en-usAnti-Virus on SQL Configuration
Hi:
We have Symantec Enterprise Anti-Virus 10.0 but it is not currently
installed on our new SQL box. I would like to know what files and folders t
o
exclude from scanning before I install. I have search Symantec knowledgebas
e
but no answers. Does MS have a page on this like they do for Exchange or is
it pretty much the same as Exchange?
Thanks,http://support.microsoft.com/?kbid=309422
http://www.sqlservercentral.com/col...rusprograms.asp
Andrew J. Kelly SQL MVP
"Cindy" <Cindy@.discussions.microsoft.com> wrote in message
news:1C577C85-E5D4-48B0-BBE1-B363C06C706B@.microsoft.com...
> Hi:
> We have Symantec Enterprise Anti-Virus 10.0 but it is not currently
> installed on our new SQL box. I would like to know what files and folders
> to
> exclude from scanning before I install. I have search Symantec
> knowledgebase
> but no answers. Does MS have a page on this like they do for Exchange or
> is
> it pretty much the same as Exchange?
> Thanks,|||Thanks Andrew. It would be nice if MS had step by step like with Exchange.
Symantec has nothing but the other article you pointed me to helps.
Cindy
"Andrew J. Kelly" wrote:
> http://support.microsoft.com/?kbid=309422
>
> http://www.sqlservercentral.com/col...rusprograms.asp
>
>
> --
> Andrew J. Kelly SQL MVP
>
> "Cindy" <Cindy@.discussions.microsoft.com> wrote in message
> news:1C577C85-E5D4-48B0-BBE1-B363C06C706B@.microsoft.com...
>
>
We have Symantec Enterprise Anti-Virus 10.0 but it is not currently
installed on our new SQL box. I would like to know what files and folders t
o
exclude from scanning before I install. I have search Symantec knowledgebas
e
but no answers. Does MS have a page on this like they do for Exchange or is
it pretty much the same as Exchange?
Thanks,http://support.microsoft.com/?kbid=309422
http://www.sqlservercentral.com/col...rusprograms.asp
Andrew J. Kelly SQL MVP
"Cindy" <Cindy@.discussions.microsoft.com> wrote in message
news:1C577C85-E5D4-48B0-BBE1-B363C06C706B@.microsoft.com...
> Hi:
> We have Symantec Enterprise Anti-Virus 10.0 but it is not currently
> installed on our new SQL box. I would like to know what files and folders
> to
> exclude from scanning before I install. I have search Symantec
> knowledgebase
> but no answers. Does MS have a page on this like they do for Exchange or
> is
> it pretty much the same as Exchange?
> Thanks,|||Thanks Andrew. It would be nice if MS had step by step like with Exchange.
Symantec has nothing but the other article you pointed me to helps.
Cindy
"Andrew J. Kelly" wrote:
> http://support.microsoft.com/?kbid=309422
>
> http://www.sqlservercentral.com/col...rusprograms.asp
>
>
> --
> Andrew J. Kelly SQL MVP
>
> "Cindy" <Cindy@.discussions.microsoft.com> wrote in message
> news:1C577C85-E5D4-48B0-BBE1-B363C06C706B@.microsoft.com...
>
>
Anti-virus Exclusion list
Currently, I install an Anti-virus solution on MS SQL Server. It protects windows OS. In order to speed up the SQL performance, I dont want this Anti-virus to scan my SQL database. I want to know what's the exclusion list for the Anti-virus application. Thanks,
Hi,all file extension that are used for SQL Server, by default this is mdf,ndf,ldf but this can be changed by the user, so you will need to have a look at your database. The logfiles .log can be dismissed, as there is no heavy load on them.
The information about the datafiles is stored in the sysfiles table, therefore you will have to query this table for each database in order to get the extensions. I prepared something for you which should help you to identity the needed extensions.
CREATE Table #Extensions
(
Extension VARCHAR(10)
)
INSERT INTO #Extensions
EXEC sp_msforeachdb 'Select REVERSE(LEFT(REVERSE(filename),CHARINDEX(CHAR(46),REVERSE(filename))-1)) from sysfiles'
SELECT DISTINCT Extension FROM #Extensions
If you data is stored in specific folders, you could also try to exclude this folder instead of using the file extension filter (if you application is able to do this)
HTH, Jens K. Suessmeyer.
http://www.sqlserver2005.de
|||Hi,
All anti virus server have Exclusion List which means it won't scan those files(Extension) listed , you have to enter .mdf,.ldf & .ndf to its Extention Exclusion List and then it won't scan your Database. http://www.nus.edu.sg/comcen/antivirus/faq.htm#10 FYI & E.G.
Hemantgiri S. Goswami
订阅:
博文 (Atom)