BlackBerry Forums Support Community
              

Closed Thread
 
LinkBack Thread Tools
Old 02-24-2009, 06:03 PM   #1 (permalink)
Thumbs Must Hurt
 
Join Date: Sep 2004
Model: 8800
Carrier: AT&T
Posts: 60
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default Antivirus Exclusions

Please Login to Remove!

Does anyone have recommendations on antivirus exclusions for a BES - ext 2005 sql db. Should just the BES install dir be excluded? Does it make a difference?

Thanks,
Offline  
Old 02-24-2009, 06:14 PM   #2 (permalink)
BlackBerry Extraordinaire
 
CO_BBTechie's Avatar
 
Join Date: Jul 2007
Location: Denver
Model: 8310
Carrier: AT&T
Posts: 2,044
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Why exclude anything at all? Is your AV scan window that small that you're running into time constraints? Viruses do not follow rules and obey boundaries. Any directory exclusions could increase the likelihood of contracting something and allowing it to go undetected.
__________________
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
Clifford Stoll
Offline  
Old 02-25-2009, 06:41 AM   #3 (permalink)
Feeling Blue, Bigly ;->
 
stuwhite's Avatar
 
Join Date: Jan 2007
Location: U to the K
Model: 9000
PIN: 3, it's the magic number
Carrier: Most of them, it's a Global Village man!
Posts: 1,273
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

No there is no need to exclude anything. It's not like your mail server where mail is processed and stored in files. Virus scan the BES like you would with any other Prod server (except an email one!).
__________________
I was a BES and Exchange admin once.
Then my world turned Blue.
Offline  
Old 02-25-2009, 09:12 AM   #4 (permalink)
BlackBerry Extraordinaire
 
CanuckBB's Avatar
 
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183
Post Thanks: 0
Thanked 2 Times in 2 Posts
Default

I usually put a blanket exclusion on *.mdf and *.ldf

Similar to a mail datastore, I don't trust antivirus scanning to properly scan a database.
Offline  
Old 02-25-2009, 09:31 AM   #5 (permalink)
BlackBerry Elite
 
knottyrope's Avatar
 
Join Date: Jan 2008
Location: Massachusetts
Model: DT60
OS: 123456789
PIN: t of blood has been taken
Carrier: AT&T-US with I dee ten tee errors
Posts: 7,244
Post Thanks: 374
Thanked 383 Times in 353 Posts
Default

No exclusions here on any server other than DB/Store and T logs.

What AV product you running?
Symantec here.
__________________
unlock your phone here http://freemyblackberry.com/

Still rocking my DTEK60
Offline  
Old 02-25-2009, 03:59 PM   #6 (permalink)
BlackBerry Extraordinaire
 
CanuckBB's Avatar
 
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183
Post Thanks: 0
Thanked 2 Times in 2 Posts
Default

I run McAfee.

I just don't want to take the chance that an encrypted bit of data looks like a virus signature, and have a production DB deleted. It's paranoia, but in this business, being paranoid is not a bad thing.
Offline  
Old 02-25-2009, 04:47 PM   #7 (permalink)
BlackBerry Extraordinaire
 
CO_BBTechie's Avatar
 
Join Date: Jul 2007
Location: Denver
Model: 8310
Carrier: AT&T
Posts: 2,044
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by CanuckBB View Post
I run McAfee.

I just don't want to take the chance that an encrypted bit of data looks like a virus signature, and have a production DB deleted. It's paranoia, but in this business, being paranoid is not a bad thing.
Paranoia leads to over engineering... and is better suited for the users, not the admins. Just have your AV quarantine rather than remove. That will give you the final say on what is done with something that was flagged.
__________________
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
Clifford Stoll
Offline  
Old 02-27-2009, 01:18 PM   #8 (permalink)
BlackBerry Extraordinaire
 
CanuckBB's Avatar
 
Join Date: Feb 2006
Location: YYZ
Model: 9900
Carrier: Rogers
Posts: 1,183
Post Thanks: 0
Thanked 2 Times in 2 Posts
Default

Quote:
Originally Posted by CO_BBTechie View Post
Paranoia leads to over engineering... and is better suited for the users, not the admins. Just have your AV quarantine rather than remove. That will give you the final say on what is done with something that was flagged.
I would not wand to quarantine a database .mdf file anymore than delete it. Paranoia leads to being careful and analyzing all possible risks. Excluding files that cannot contain virii is not over engineering...
Offline  
Old 02-27-2009, 01:43 PM   #9 (permalink)
BlackBerry Extraordinaire
 
CO_BBTechie's Avatar
 
Join Date: Jul 2007
Location: Denver
Model: 8310
Carrier: AT&T
Posts: 2,044
Post Thanks: 0
Thanked 0 Times in 0 Posts
Default

Quote:
Originally Posted by CanuckBB View Post
I would not wand to quarantine a database .mdf file anymore than delete it. Paranoia leads to being careful and analyzing all possible risks. Excluding files that cannot contain virii is not over engineering...
I never indicated that exclusions were over engineering... I merely suggested that paranoia (in general) leads to over engineering. You have your take... I have mine.
Planning leads to being careful and analyzing all risks, paranoia leads to rash decisions IMO.
__________________
Treat your password like your toothbrush. Don't let anybody else use it, and get a new one every six months.
Clifford Stoll
Offline  
Closed Thread


Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

vB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are On
Pingbacks are On
Refbacks are On

Allen-Bradley 1747-L542 Processor with M13 Memory Module
$100.0
Allen-Bradley 1747-L542 Processor with M13 Memory Module pictureMicroLogix 1100 1763-L16BWA With Memory Module
$100.0
MicroLogix 1100 1763-L16BWA With Memory Module pictureAllen Bradley 1747-M13 Ser A SLC 500 Memory Module 1747M13
$54.99
Allen Bradley 1747-M13 Ser A SLC 500 Memory Module 1747M13  pictureAllen-Bradley 1756-L55/A CPU Module + 1756-M14 Memory Expansion Module 3.5MB
$135.99
Allen-Bradley 1756-L55/A CPU Module + 1756-M14 Memory Expansion Module 3.5MB pictureIntel Server Board S3210SH / DAS48MB16B0 + 8 Gig Server Memory
$79.0
Intel Server Board S3210SH / DAS48MB16B0 + 8 Gig Server Memory picture






Copyright 2004-2016 BlackBerryForums.com.
The names RIM and BlackBerry are registered Trademarks of BlackBerry Inc.