Good Anti-virus for large hard drives and files?

Discussion in 'other anti-virus software' started by moody, Jul 14, 2006.

Thread Status:
Not open for further replies.
  1. moody

    moody Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    12
    I'm building a media server with a lot of storage to hold my DVDs, music and TV shows recorded by my PVR program. The storage will be RAID-5 arrays of about 1 terabyte each. Only data will be stored on these arrays the system drive will be a separate and much smaller disk.

    Do I need an anti-virus to scan the data drives or just the system drive? If I do need to scan the data drives, what anti-virus can scan drives that big holding multi-gigabyte files without taking a day or more? Also recording video to a drive is very sensitive to disruption. I dont want to have a capture of a TV show ruined because the anti-virus suddenly decided to kick in.

    I've read NOD32 has very fast scanning but I dont know whether its real time scanner would cause problems. Perhaps an on demand only anti-virus would be better.
     
  2. Howard Kaikow

    Howard Kaikow Registered Member

    Joined:
    Apr 10, 2005
    Posts:
    2,802
    Speed should not be the prime criteria. More important are:

    1. Whether the software allows you to choose what action to take when an alleged malware is detected. Otherwise, false positives may lead to an "automatic cleaning" of the files. This problem has been reported for McAfee VS 10.

    2. How effective is the detection, and whether the software is more likely than others to produce false postives.

    3. Frequency of virus definition updates to protect from recently discovered baddies.

    4. Impact on other software.

    Then I would consider cost and speed.
     
  3. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    kaspersky i think because it has only check new or changed files so after the first scan it wont take so long
     
  4. Howard Kaikow

    Howard Kaikow Registered Member

    Joined:
    Apr 10, 2005
    Posts:
    2,802

    That's a negative, not a positive.

    It is very easy for a program to change dates and times to hide that a file has changed, or is new.
     
  5. Don Pelotas

    Don Pelotas Registered Member

    Joined:
    Jun 29, 2004
    Posts:
    2,257
    It doesn't work like that, Howard (btw it's an option and not the default setting), but i do agree that speed in the on-demand scan should not the most important thing, effectiveness would be my first criteria.
     
  6. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    True, but lot tougher to hide changes to checksums, and NTFS security descriptors.
     
  7. Bubba

    Bubba Updates Team

    Joined:
    Apr 15, 2002
    Posts:
    11,271
    True....and I'll assume that's what lodore was referring to above in regards to "or changed files"....and not just simplistic date\time changes.
     
  8. Howard Kaikow

    Howard Kaikow Registered Member

    Joined:
    Apr 10, 2005
    Posts:
    2,802
    Please clarify.
    Other than the dates/times, how can a program guess that a file may have changed.
     
  9. Howard Kaikow

    Howard Kaikow Registered Member

    Joined:
    Apr 10, 2005
    Posts:
    2,802
    An AV program has no way of telling that content has changed.
     
  10. Marcelo

    Marcelo Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    74
    Location:
    Rio de Janeiro, Brazil.
    Sorry, but that´s not true. In fact it´s very hard to hide from a security program that a file has changed if that program has stored any kind of checksum of that particular file before it was changed.
     
  11. Ned Slider

    Ned Slider Registered Member

    Joined:
    Mar 24, 2005
    Posts:
    169
    Storing and checking checksum in the alternate data stream (ADS), maybe.
     
  12. Howard Kaikow

    Howard Kaikow Registered Member

    Joined:
    Apr 10, 2005
    Posts:
    2,802
    Of course, but the issue is how the AV program can tell a file has been changed.
     
  13. Marcelo

    Marcelo Registered Member

    Joined:
    Oct 11, 2005
    Posts:
    74
    Location:
    Rio de Janeiro, Brazil.
    The AV program can calculate a checksum of the file and store it on an ADS, as previously mentioned, store it on a database, etc.

    If even a single bit of the file is changed the checksum will no longer be equal to the one previously stored.

    As I said earlier, it´s actually very hard to hide from a security program that uses this method, and it´s not the only method available, that a file has been changed.
     
  14. moody

    moody Registered Member

    Joined:
    Dec 30, 2005
    Posts:
    12
    Thanks to all for your help. I'm assuming from the lack of comments to the contrary that the data drives do need to be scanned. With this much storage speed is of importance to me as I cant have the system tied up for half a day or more performing a scan. Come fall TV season, there probably wont be a day that the server isnt recording something. Also, as I mentioned in my original post recording videos is very sensitive to having resources diverted even momentarily.

    I've gotten one recomendation of Kaspersky, are there any other anti-virus programs that fit my needs?
     
  15. lodore

    lodore Registered Member

    Joined:
    Jun 22, 2006
    Posts:
    9,006
    of course i was the one that said kaspersky but nod32 is also a good option because it does scan fast and doesnt hog resourse so eiether of those two should fit your needs
     
  16. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Howard

    KAV does two things it maintains checksums on certain system files that aren't that big. It keeps them in a data base.

    For larger files where it takes longer to compute checksums to scan, a database of the files NTFS descriptors is stored. While I confess I only vaguely understand this Kaspersky has explained that not only are changes in the file detected, but if the file remains the same, but is just moved, that can be detected.
     
  17. Howard Kaikow

    Howard Kaikow Registered Member

    Joined:
    Apr 10, 2005
    Posts:
    2,802
    If they are doing this in a separate database, that's OK.
    I'd really hate to see the day when each app took the liberty of adding application dependent stuff to EVERY file.

    Actually, I speak with forked tounge!

    I was one of the architects of ISO/IEC 13346 (see http://www.standards.com/index/html?Standards , on which UDF is based. We provided for both application dependent and system dependent optional file attributes that could be used any which way but loose.

    Ideally, the file systems could add an attribute tat keeps track of whether a file has changed. That would be a lot better than each app having its own database for the same purpose.
     
  18. TonyW

    TonyW Registered Member

    Joined:
    Oct 12, 2005
    Posts:
    2,634
    Location:
    UK
  19. Peter2150

    Peter2150 Global Moderator

    Joined:
    Sep 20, 2003
    Posts:
    17,048
    Howard it is indeed a separate database and in KAV style well self protected.

    and it is fast. Full original scan on my system takes about 55 Minutes. Subsequent scans range between 4-6 minutes.
     
Loading...
Thread Status:
Not open for further replies.