>visible method of virus propagation is via email, there are still plenty that
>infect (compromise) servers via UDP and other unprotected ports. The SQL
>Slammer worm is but one of these. A good firewall is also a near imperative as
>well. Any server that offers file upload/downloads needs to have real-time A/V
>scanning as well, even it is a performance hit.
I was thinking that we should do virus scans of the temp upload folder as well as the final destination folder for these uploaded files. However, I do not think NAV is intended to be used to only perform realtime protection on selected folders. You can easily set up exclusion folders and rules, but I do not believe you can set up inclusion rules.
As for PrismAV, we already have a site license for NAV, and NAV is clearly one the best AntiVirus software products there is. So how about this strategy:
1. identify the folders that will be used for uploading files
2. monitor those folders for changes every five minutes using a batch file (or even using CF itself).
3. if a change is detected, have NAV scan the specific file that was changed.
Seems reasonable to me, although I have never run NAV from the command line to accomplish step 3. One potential problem would be what happens with a folder that changes too frequently. NAV would constantly be starting up and shutting down. I could probably come up with some sort of queuing feature, and offload the scans to another computer so the processor is not tied up so much. Perhaps NAV realtime protection is actually more efficient than doing this periodic check and I would be better off using a lot of exclusion rules.
For SQL Server, what I have read is that you should not use AntiVirus software on a SQL Server box, but if you do, exclude the database and log files from being scanned. Maybe someone has a good list of general exclusion rules for a CF server.
I do not believe NAV would have done anything to prevent the Slammer Worm from doing its damage, and I have my doubts as to NAV's ability to protect against other worms that propogate via security holes in MS server software products. Our hardware firewall blocks every port but the Web ports.
Has anyone actually seen their AV program catch and prevent a virus on their servers? The NAV logs record a history of everything that has been found, so it is not too difficult to check. The only thing I have seen is when a virus that rampaged through our desktops put files onto the network shares it could find. An infected file was on the domain controller, but it just sat there harmlessly. It is somewhat of a zen question. If an virus file is on a computer and nobody is around to click it, is it really a virus. NAV thinks so, but from a practical standpoint, a nighly non-realtime scan is sufficient.
Thank you,
Mike Chabot
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
