What should I do when my Windows Admin wants to put an anti-virus on the SQL Servers?

My answer to that one is pretty easy.  Let him / her.  I’m a firm believer that every machine on the network should have anti-virus software installed.  Most anti-virus software is pretty lightweight (especially compared to the amount of hardware that your SQL Server has), and if a virus did get onto the SQL Server the results could be awful.

Now, there are a few configuration changes (in my opinion) that should be made since it is a SQL Server.

  1.  Don’t try and scan the mdf, ndf, or ldf files.  SQL Server has them locked so the anti-virus will just error out when it tries to scan them anyway.  And if the SQL Server is stopped and the anti-virus thinks that it sees a virus in the files, it’ll just corrupt the file when it tries to clean it.
  2.  Make sure that your scans are being done at a time which is appropriate for the load on the SQL Server at that time.  If the scan runs during the day and its an OLTP system, probably not the best idea.  If its an OLAP database then the middle of the night, when the load is running or the early morning when reports are running probably isn’t the best time.
  3. Tell the anti-virus not to do real time scanning of your backup folder (weekly scanning is fine), but this will slow down your backup and restore time.  Make sure that all it does is tell someone if the backup file has a virus, we don’t want it to corrupt the SQL Backup by accident either.

Have other rules that you follow?  Or a conflicting idea?

Post it below, lets discuss?

Denny

Share

Leave a Reply

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Trust DCAC with your data

Your data systems may be treading water today, but are they prepared for the next phase of your business growth?