Yes, for crying out loud yes.
Every server that can access the Internet or be access from the Internet, or that can be accessed from a computer that can access the Internet should have an anti-virus on it. Preferably a corporate wide solution like Trend Micro, McAfee, Norton, etc. so that the server reports back to a central server to make it easier to find out if a machine has a problem.
Next comes what should be scanned. I prefer to exclude the mdf, ndf, and ldf files. I don’t like to exclude the entire folder as this creates a hiding place where a virus could stick infected files. If possible have it exclude the mdf, ndf and ldf files from old the correct folders only. Even if a virus scanner wanted to scan the database files it wouldn’t be able to as the files are locked open by the SQL Server so that nothing else can access them. By not excluding the files all you are doing is throwing alerts to the monitoring server that files couldn’t be scanned.
Odds are a full scan doesn’t need to be done against the server all that often as the files on the hard drive of the server aren’t going to change all that often. Any virus that comes in from the network should be caught by the real time engine that is running at the time. You will want to do a full scan every once and a while (every couple of weeks or so) incase something came in over the network was saved and setup to launch at the next reboot but wasn’t yet in the virus definition file.
Denny
2 Responses
I have a question from the statement above, and really need some assistance on a project for my computer class..
In the above solution you state that a “corporate wide” solution should be implemented, and report back to a central server…where should that central server logically be located in the network to push up dates to all other servers and down to each computer in the network?
The central server would be located in the main office, or there could even be one within each office if there are multiple offices with all the computers checking into the local offices server, which then would (if the vendor software allows) send all that data to the master server.