I'm wondering if anyone has a recommendation regarding antivirus running on a Jade host and any file exclusions.
SQL server (http://support.microsoft.com/kb/309422) recommends excluding the database and backup files and I wondered if the recommendation for Jade would be the same (e.g. exclude *.dat, *.bin and *.da_). I also wondered whether the journal files should be excluded.
Obviously each site will need to consider this as part of their security policies and how at risk the host server is.
Anti Virus Exclusions
-
Chris Holmes
- Posts: 4
- Joined: Wed Aug 26, 2009 9:12 pm
- Location: York - United Kingdom
Re: Anti Virus Exclusions
Hi,
We normally exclude *.dat and *.log files for both the database and backup locations.
Like you say each site needs to consider their individual security policy and how at risk their server is.
If you do include .dat and .log files you would need to asses impact on the JADE DB of running your particular virus scanner in both scheduled and real-time modes.
Cheers.
We normally exclude *.dat and *.log files for both the database and backup locations.
Like you say each site needs to consider their individual security policy and how at risk their server is.
If you do include .dat and .log files you would need to asses impact on the JADE DB of running your particular virus scanner in both scheduled and real-time modes.
Cheers.
Re: Anti Virus Exclusions
We don't usually add any antivirus exclusions and haven't noticed any performance problems, but it would be up to the individual site.
I have a catapult. Give me all the money or I will fling an enormous rock at your head.
-
GerardO'Brien
- Posts: 12
- Joined: Tue Jul 07, 2009 9:49 am
Re: Anti Virus Exclusions
Some antivirus products seem friendlier than others. Some lock access to files or regions within files momentarily, denying the creator/owner access, causing distress. Some never seem to cause an issue.
What can happen isn't really known as antivirus products typically don't publish much about how/why they operate. The database can be denied access to any of its files at any time if the antivirus product is crappy enough. Some products initiate real time processing based on events, like closing a new or updated file. This can include leaping in and locking access to the file while it is checked. Some lock regions so you might see messages logged like
>> [IOCB::_write] error - The process cannot access the file because another process has locked a portion of the file. (33)
It can be wasteful of resources scanning the database files and it can have unintended side effects if the AV product turns out to be a bit of a thug.
If I was going to exclude stuff I would exclude:
.dat files in the database directory (or directories)
.bak files in the <ReorgBackupDirectory> directory (if used), or the database directory (or directories) (if not)
.reo files in the <ReorgWorkDirectory> directory (if used), or the database directory (or directories) (if not)
.log files in the <JournalArchiveDirectory> directory (if used) or the <JournalRootDirectory>\archive directory (if not)
.log files in the <JournalRootDirectory>\current directory
the .empty.jnl$ file in the <JournalRootDirectory>\current directory
the restoreinfo file in the database directory
.dat files, .da_ files, and the backupinfo file in the backup directory (or directories)
.log files and .lo_ files in their backup directory (or directories)
What can happen isn't really known as antivirus products typically don't publish much about how/why they operate. The database can be denied access to any of its files at any time if the antivirus product is crappy enough. Some products initiate real time processing based on events, like closing a new or updated file. This can include leaping in and locking access to the file while it is checked. Some lock regions so you might see messages logged like
>> [IOCB::_write] error - The process cannot access the file because another process has locked a portion of the file. (33)
It can be wasteful of resources scanning the database files and it can have unintended side effects if the AV product turns out to be a bit of a thug.
If I was going to exclude stuff I would exclude:
.dat files in the database directory (or directories)
.bak files in the <ReorgBackupDirectory> directory (if used), or the database directory (or directories) (if not)
.reo files in the <ReorgWorkDirectory> directory (if used), or the database directory (or directories) (if not)
.log files in the <JournalArchiveDirectory> directory (if used) or the <JournalRootDirectory>\archive directory (if not)
.log files in the <JournalRootDirectory>\current directory
the .empty.jnl$ file in the <JournalRootDirectory>\current directory
the restoreinfo file in the database directory
.dat files, .da_ files, and the backupinfo file in the backup directory (or directories)
.log files and .lo_ files in their backup directory (or directories)
Re: Anti Virus Exclusions
Thanks for the replies. We had suggested that the database files and journal file should be excluded. I hadn't thought as far as the reorganisation files.
I was also wondering whether the temporary files in the TransientDBPath should be excluded
I was also wondering whether the temporary files in the TransientDBPath should be excluded
Re: Anti Virus Exclusions
Another place where AV software can get in the way is the .$$$ files that are created in the "Windows Temp" folder by the patch versioning process, particularly if doing a full schema load with patch versioning enabled.
Cheers,
BeeJay.
Cheers,
BeeJay.
-
Brendon Moon
- Posts: 1
- Joined: Tue Sep 20, 2011 11:19 am
Re: Anti Virus Exclusions
Current real-time scan exclusions are as follows on all JSC workstations :
$$$
BAK
DAT
LOG
REO
$$$
BAK
DAT
LOG
REO
Return to “Design and Architecture”
Who is online
Users browsing this forum: No registered users and 15 guests