BlackBerry Forums Support Community               

Closed Thread
 
LinkBack Thread Tools
Old 02-24-2009, 05:03 PM   #1 (permalink)
Thumbs Must Hurt
 
Join Date: Sep 2004
Model: 8800
Carrier: AT&T
Posts: 60
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Antivirus Exclusions

Please Login to Remove!

Does anyone have recommendations on antivirus exclusions for a BES - ext 2005 sql db. Should just the BES install dir be excluded? Does it make a difference?

Thanks,
Offline  
Old 02-24-2009, 05:14 PM   #2 (permalink)
BlackBerry Extraordinaire
 
CO_BBTechie's Avatar
 
Join Date: Jul 2007
Location: Denver
Model: 8310
Carrier: AT&T
Posts: 2,044
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Why exclude anything at all? Is your AV scan window that small that you're running into time constraints? Viruses do not follow rules and obey boundaries. Any directory exclusions could increase the likelihood of contracting something and allowing it to go undetected.
__________________
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
Clifford Stoll
Offline  
Old 02-25-2009, 05:41 AM   #3 (permalink)
Feeling Blue, Bigly ;->
 
stuwhite's Avatar
 
Join Date: Jan 2007
Location: U to the K
Model: 9000
PIN: 3, it's the magic number
Carrier: Most of them, it's a Global Village man!
Posts: 1,273
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

No there is no need to exclude anything. It's not like your mail server where mail is processed and stored in files. Virus scan the BES like you would with any other Prod server (except an email one!).
__________________
I was a BES and Exchange admin once.
Then my world turned Blue.
Offline  
Old 02-25-2009, 08:12 AM   #4 (permalink)
BlackBerry Extraordinaire
 
CanuckBB's Avatar
 
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183
Post Thanks: 0
Thanked 2 Times in 2 Posts
Default

I usually put a blanket exclusion on *.mdf and *.ldf

Similar to a mail datastore, I don't trust antivirus scanning to properly scan a database.
Offline  
Old 02-25-2009, 08:31 AM   #5 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: Passp
OS: 10.2.1
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 6,753
Post Thanks: 274
Thanked 296 Times in 280 Posts
Default

No exclusions here on any server other than DB/Store and T logs.

What AV product you running?
Symantec here.
__________________
irony : many old timer posters have de-evolved into the trolls they once fought
I am on http://supportforums.blackberry.com
BES 10 running sweet for my Passport, Z30, Z10 and Q10
Offline  
Old 02-25-2009, 02:59 PM   #6 (permalink)
BlackBerry Extraordinaire
 
CanuckBB's Avatar
 
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183
Post Thanks: 0
Thanked 2 Times in 2 Posts
Default

I run McAfee.

I just don't want to take the chance that an encrypted bit of data looks like a virus signature, and have a production DB deleted. It's paranoia, but in this business, being paranoid is not a bad thing.
Offline  
Old 02-25-2009, 03:47 PM   #7 (permalink)
BlackBerry Extraordinaire
 
CO_BBTechie's Avatar
 
Join Date: Jul 2007
Location: Denver
Model: 8310
Carrier: AT&T
Posts: 2,044
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by CanuckBB View Post
I run McAfee.

I just don't want to take the chance that an encrypted bit of data looks like a virus signature, and have a production DB deleted. It's paranoia, but in this business, being paranoid is not a bad thing.
Paranoia leads to over engineering... and is better suited for the users, not the admins. Just have your AV quarantine rather than remove. That will give you the final say on what is done with something that was flagged.
__________________
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
Clifford Stoll
Offline  
Old 02-27-2009, 12:18 PM   #8 (permalink)
BlackBerry Extraordinaire
 
CanuckBB's Avatar
 
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183
Post Thanks: 0
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by CO_BBTechie View Post
Paranoia leads to over engineering... and is better suited for the users, not the admins. Just have your AV quarantine rather than remove. That will give you the final say on what is done with something that was flagged.
I would not wand to quarantine a database .mdf file anymore than delete it. Paranoia leads to being careful and analyzing all possible risks. Excluding files that cannot contain virii is not over engineering...
Offline  
Old 02-27-2009, 12:43 PM   #9 (permalink)
BlackBerry Extraordinaire
 
CO_BBTechie's Avatar
 
Join Date: Jul 2007
Location: Denver
Model: 8310
Carrier: AT&T
Posts: 2,044
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by CanuckBB View Post
I would not wand to quarantine a database .mdf file anymore than delete it. Paranoia leads to being careful and analyzing all possible risks. Excluding files that cannot contain virii is not over engineering...
I never indicated that exclusions were over engineering... I merely suggested that paranoia (in general) leads to over engineering. You have your take... I have mine.
Planning leads to being careful and analyzing all risks, paranoia leads to rash decisions IMO.
__________________
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
Clifford Stoll
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On





Copyright 2004-2014 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.