What should I do when my Windows Admin wants to put an anti-virus on the SQL Servers? - SQL Server with Mr. Denny
Home > IT Blogs > SQL Server with Mr. Denny > What should I do when my Windows Admin wants to put an anti-virus on the SQL Servers?
>>VIEW ALL POSTS  

SQL Server with Mr. Denny

« VMware 3.5 won’t start any VMs if the Licensing server is down
Order To Restore Database Backups In »
Dec 25 2008   11:00AM GMT

What should I do when my Windows Admin wants to put an anti-virus on the SQL Servers?



Posted by: mrdenny
SQL, Anti-Virus

My answer to that one is pretty easy.  Let him / her.  I’m a firm believer that every machine on the network should have anti-virus software installed.  Most anti-virus software is pretty lightweight (especially compared to the amount of hardware that your SQL Server has), and if a virus did get onto the SQL Server the results could be awful.

Now, there are a few configuration changes (in my opinion) that should be made since it is a SQL Server.

  1.  Don’t try and scan the mdf, ndf, or ldf files.  SQL Server has them locked so the anti-virus will just error out when it tries to scan them anyway.  And if the SQL Server is stopped and the anti-virus thinks that it sees a virus in the files, it’ll just corrupt the file when it tries to clean it.
  2.  Make sure that your scans are being done at a time which is appropriate for the load on the SQL Server at that time.  If the scan runs during the day and its an OLTP system, probably not the best idea.  If its an OLAP database then the middle of the night, when the load is running or the early morning when reports are running probably isn’t the best time.
  3. Tell the anti-virus not to do real time scanning of your backup folder (weekly scanning is fine), but this will slow down your backup and restore time.  Make sure that all it does is tell someone if the backup file has a virus, we don’t want it to corrupt the SQL Backup by accident either.

Have other rules that you follow?  Or a conflicting idea?

Post it below, lets discuss?

Denny

AddThis Social Bookmark Button     Comment     RSS Feed     Email a friend

Comment on this Post


You must be logged-in to post a comment. Log-in/Register

SQL Server and Cloud Links for the Week | Brent Ozar - SQL Server DBA  |   Dec 29 2008   2:05PM GMT

[...] Should you install antivirus on SQL Servers? Denny Cherry says yes, and I agree - as long as you follow Denny’s recommendations.  I’ve seen instances where SQL Server won’t start correctly because antivirus software grabbed a lock on an mdf/ldf file before SQL Server started.  I’d also add a reason to his list: not all SQL Servers just run SQL and nothing else.  Sometimes you’re dealing with other third party apps on there and their admins will RDP in to do administration.  Those folks are virus-prone.  People are the problem. <sigh> [...]