We have McAfee VirusScan installed on our database server. I would like to
configure the system not to scan *.bak, *.mdf, *.ldf.  My question:
1. Is this the right configuration ?
2. By doing so, any potential security breach ?
3. By doing so, will the SQL box performance improve a bit?

Furthermore, we will have a new clustered SQL insatlled later on in our data
center, any recommendation on antiVirus configuration on SAN ?

Much appreciated.

Hi

By not allowing the file extensions to be scanned will mean any file in any
directory will be able to have this extension, you may want to look at
excluding by directory, which if would leave less possibilities for a rogue
file if your permissions are tight enough, a combination of both would be
even tighter!!.

You may want to run MBSA to see if it recomends anything to be improved.

http://support.microsoft.com/default.aspx?scid=kb;en-us;309422 also
recommends .ndf files but database files can have any extension name so make
sure that any database file extension is included in an exclude list. The
article also gives recommendations for SAN discs.

Make sure that your database do not have the autoclose property set.

If you have full text searching then you should look at not scanning
"C:\Program Files\Microsoft SQL Server\MSSQL\FTData"

A-V software can cause problems such as
http://support.microsoft.com/default.aspx?scid=kb;en-us;170338

The performance effect of the a-v software will depend to some extent on the
hardware you are running, make sure that when it is running it is not too
resource hungry and your disc have not become a bottleneck.

John

Show quoteHide quote

Most anti-virus products will allow you to bypass the scanning of specific
directories.You can selectively disallow the scanning of the data file and
transaction log directories.

Show quoteHide quote

I don't know what type of virus McAfee would be looking for in a mdf or ldf
file. If it scans the entire GB sized files from top to bottom while
referncing every possible virus signature pattern, it would result in a lot
of wasted I/O, CPU cycles, and possibly locking issues.

First make sure you have installed the version specifically designed to run
on a server. Also, it may only be prudent to have it scan only those file
types typically infected by viruses.

Show quoteHide quote

On Fri, 30 Dec 2005 01:57:02 -0800, Lan <L**@discussions.microsoft.com> wrote:
in <AAF5085D-DF64-4E0E-A4F2-7C34D0AC4***@microsoft.com>

I've found McAfee to be about the worst choice for anti virus, especially on a
server.  It's bloated, heavy handed, and almost amateurish in its ability to
discriminate between what constitutes a threat and what doesn't.

For ease of use, small footprint, and utter effectiveness have a look at AVG.
Although I'm disheartened by the fact that they've been acquired by microsoft,
it's been almost a year now and I haven't seen any overtly negative changes yet.

---
Stefan Berglund

Use of NULL and DEFAULT
Record locking within a stored procedure
compare '002' and '00²'
Evaluation of conditions
complex and large triggers