Anti-Virus and Databases
General Guidelines
General Guidelines
Prevention is better than cure. If a virus could get onto your database server and your data is valuable then you should protect it with anit-virus software. If there is a risk that you could pass an infected file on to a downstream server then you should protect with anti-virus. However, it is better to remove any way for the virus to arrive instead.
- For optimal performance it is generally better not to run Anti-Virus on your database server.
- If you do run Anti-Virus on your database server then exclude some key files to limit performance impact (see links in Bibliography for more detail).
Some examples of situations where running anti-virus on your database server may be necessary...
- Internet facing database servers
- Database servers with open ports to other servers that meet any of the criteria on this list
- Database servers that read or execute files from other servers.
- A database server that also runs HTTP servers, like IIS, or Apache.
- A database server that also hosts file shares.
- A database server that handles incoming or outgoing email messages (e.g. for SQL Server: SQL Mail or Database Mail)
Bibliography
Bibliography
https://support.microsoft.com/en-us/help/309422/choosing-antivirus-software-for-computers-that-run-sql-serverhttps://red9.com/blog/how-to-configure-antivirus-for-sql-server/https://www.brentozar.com/archive/2014/05/configure-anti-virus-sql-servers/https://docs.microsoft.com/en-us/troubleshoot/sql/performance/performance-consistency-issues