Video Screencast Help
Symantec Secure Login will be live on Connect starting February 25. Get the details here.

Incorporating SQL DB file scanning capability in Symantec AV engine (Case # 04719136)

Created: 19 Jul 2013 • Updated: 19 Jul 2013 | 1 comment
BANE's picture
0 Agree
0 Disagree
0 0 Votes
Login to vote
Status: In Review

Wrt our discussion with Symantec support team on SQL DB files Scanning exclusion in AV, At present Symantec AV is not capable to read & scan these files (*.mdf, *.ndf, *.ldf,*.trn, *.bak*.wrk, *.tuf) and scanning of these files may lead to performance issue on these DB servers.

Besides the above observations, we also aware about previous Trojan attacks on SQL DB (W32.Narilam)! Considering all these analysis and protection from future threats, we want to raise a feature enhancement request with Symantec development support for incorporating below capabilities in upcoming scan engine.

  1. AV scanning availability for all SQL DB files (*.mdf, *.ndf, *.ldf,*.trn, *.bak*.wrk, *.tuf)
  2. AV scanning of SQL DB files should not impact on DB server performance
  3. AV scanning should not lock Core DB files (mdf, ldf, ndf), it may force DB in suspect mode
  4. AV scanning should not lock other DB files (trn, bak, wrk & tuf), It impact on log shipping

Please take this with Microsoft also and check the feasibility and availability of smooth scanning of SQL DB files with Symantec AV engine.

You can refer below case for more details.

Case # 04719136 - AV Exclusion for Microsoft SQL Server Database Related files has been created    [ ref:_00D30jPy._50050MNa5T:ref ]

Comments 1 CommentJump to latest comment

TSE-JDavis's picture

This is not likely to be incorporated. Scan Engine and Protection Engine are meant to be simple file scanners. You should consider either developing or finding software that will send the files contained in the database to an icap program like Scan Engine for scanning. This is how our Protection for SharePoint Servers product works.

Login to vote