| Subject | Re: Can virus-scanners interfere with Firebird? |
|---|---|
| Author | Adam |
| Post date | 2006-11-17T01:40:16Z |
--- In firebird-support@yahoogroups.com, "Daniel Albuschat"
<d.albuschat@...> wrote:
Yes, on a number of levels it is possible to get problems.
The most serious problem is where the virus scanner places a lock on a
part of the database file to 'do its thing'. If this operation occurs
at the same time the database engine wishes to modify that part of the
database file, the database engine will be locked out by the OS. This
will cause the database engine to panic and shutdown, disconnecting
and rolling back all active connections (for SS) or the connection
which encountered the problem (CS).
If the virus scanner permits, you should at the very least exclude
your database folders from the scanning paths.
I have also seen a virus scanner with a TCP/IP scanner, which got
quite excited about all the TCP/IP traffic and wanted to analyse to
death each packet. This caused both negative performance impacts in
terms of CPU time and network lag, and even caused a few timeouts to
occur.
Also, expect your CPU and Disk I/O to take a massive hit when the
scheduled scanners start running. This hit can be somewhat mitigated
with RAID and SMP.
But virus scanners are to mitigate the security risks associated with
viruses and other malware. Database servers, unless they are also
email servers or web servers or somehow else exposed to nasties should
be pretty well immune to such threats. If in doubt, buy a cheap
firewall for inside your LAN and port forward 3050 to your database
server, separating it further from nasties that may come through
exchange or IIS or something like that.
Unless your database server is a multi-purpose server, I would think
that specific virus protection would be overkill.
Adam
<d.albuschat@...> wrote:
>virus scanners.
> Hi there,
>
> I was just thinking about (because a client asked that question)
> whether a virus-scanner
> could interfere with Firebird's operations.
> Have there been reported any problems with virus-scanners?
> I've done a search in this newsgroup myself (all the "no virus found
> on this outgoing mail
> make quite some noise), but haven't found an actual problem with
Yes, on a number of levels it is possible to get problems.
The most serious problem is where the virus scanner places a lock on a
part of the database file to 'do its thing'. If this operation occurs
at the same time the database engine wishes to modify that part of the
database file, the database engine will be locked out by the OS. This
will cause the database engine to panic and shutdown, disconnecting
and rolling back all active connections (for SS) or the connection
which encountered the problem (CS).
If the virus scanner permits, you should at the very least exclude
your database folders from the scanning paths.
I have also seen a virus scanner with a TCP/IP scanner, which got
quite excited about all the TCP/IP traffic and wanted to analyse to
death each packet. This caused both negative performance impacts in
terms of CPU time and network lag, and even caused a few timeouts to
occur.
Also, expect your CPU and Disk I/O to take a massive hit when the
scheduled scanners start running. This hit can be somewhat mitigated
with RAID and SMP.
But virus scanners are to mitigate the security risks associated with
viruses and other malware. Database servers, unless they are also
email servers or web servers or somehow else exposed to nasties should
be pretty well immune to such threats. If in doubt, buy a cheap
firewall for inside your LAN and port forward 3050 to your database
server, separating it further from nasties that may come through
exchange or IIS or something like that.
Unless your database server is a multi-purpose server, I would think
that specific virus protection would be overkill.
Adam