NOD32 and MS SQL

Discussion in 'NOD32 version 2 Forum' started by tensor, Mar 23, 2005.

Thread Status:
Not open for further replies.
  1. tensor

    tensor Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    7
    Is anyone aware of any issues between NOD and SQL?

    I have the SQL directory excluded from AMON, but since I installed NOD, the server has locked up hard twice.

    Any info or links are greatly appreciated.
     
  2. bsilva

    bsilva Registered Member

    Joined:
    Mar 24, 2004
    Posts:
    238
    Location:
    MA, USA
    What version of sql are you running? I have it running on a sql server 7 and no problems.
     
  3. tensor

    tensor Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    7
    SQL Server Developer Edition v.8.00.384 (SP1)
    on Windows 2000 Advanced Server (SP4)

    Thank you.
     
  4. Marcos

    Marcos Eset Staff Account

    Joined:
    Nov 22, 2002
    Posts:
    14,374
    Please make sure IMON's icon is grey (not red). If it's red, click the Quit button in the main IMON panel and reboot the machine to remove IMON completely from the system.
     
  5. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    I've been running NOD and SQL Server 2005 Express Dec04 CTP (9.0.981) on a development machine without any apparent problems. Granted, however, I'm not running SQL all of the time and/or really pushing it much, just when I am testing out some functionality.
     
  6. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    As you alluded to - that's probably not a great test scenario for someone wanting to know the NOD32/MsSQL interaction for a production server environment.

    fwiw - we have NOD32 running on a win2k3 machine running MsSQL server 8 I think... we have no more problems with SQL/Server than we had with any other Anti-Virus software.... we have fully migrated ONE of the SQL/Server databases to a MySQL database running on another box (still access it via CFM on the win2k3 machine) and are actively trying to get the client owner of the other application to convert AWAY from SQL/Server too.

    Problems we have with SQL/Server are NOT caused by any AV interaction - rather SQL/Server itself - let's just leave it at that!
     
  7. Alec

    Alec Registered Member

    Joined:
    Jun 8, 2004
    Posts:
    355
    Location:
    Dallas, TX
    Agreed, definitely not the same as someone running it in production. :)

    I only responded to say that there weren't any immediately and obviously noticeable problems (like hard lockups as soon as the server process started) on my end with the version I had. That's all. You never know what information might help. BTW, I don't even bother excluding the SQL data directory because I don't have AMON configured to scan all files... so it wouldn't touch the mdf's and ldf's anyway.
     
  8. tensor

    tensor Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    7
    Thanks for all the replies.

    I have disabled IMON (grayed out) and have excluded the SQL directory from AMON.

    When I first encountered this server, it had no AV and no updates whatsoever. I installed NOD and immediately detected the Win2K/CodeRed.D trojan and deleted it. I also applied SP4 and some 40 critical updates. The server has stabalized and has not locked up today :D

    I have not researched this virus and its consequences to a SQL server so any insight is appreciated.
     
  9. tensor

    tensor Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    7
    Update from my last post, the server just locked up again. What's interesting is that it happened at exactly the same time yesterday, 12:15pm. I guess there is some virus activity still on there even tho NOD is running.
     
  10. Blackspear

    Blackspear Global Moderator

    Joined:
    Dec 2, 2002
    Posts:
    15,115
    Location:
    Gold Coast, Queensland, Australia
    Is it possible to reboot the server and run a scan in Safe Mode? There is a thread HERE on tweaking Nod32 for such a scan.

    Alternatively, can you slave that drive off a clean virus free computer and run a scan that way?

    Hope this helps...

    Let us know how you go.

    Cheers :D
     
  11. tensor

    tensor Registered Member

    Joined:
    Oct 20, 2004
    Posts:
    7
    I ran the code red cleaner and it deleted the following:
    c:\inetpub\scripts\root.exe
    The trojan.virtualroot was successfully removed.

    Looking back at the NOD logs, this file was not listed.

    Hopefully this will stabalize the server.

    When I have an opportunity, I will try to scan in safe mode. Thanks for the tip!
     
  12. webyourbusiness

    webyourbusiness Registered Member

    Joined:
    Nov 16, 2004
    Posts:
    2,640
    Location:
    Throughout the USA and Canada
    Do you mean the whole server locked up, or that MS/SQL server locked up and the server it's (windows) was working?

    If you meant the latter - it's normal! MS/SQL Server is the worst DBMS I've EVERY worked on - and I've worked on TONS! Basically, the server can run for anything from hours, to days, sometimes weeks, but then MS SQL/Server will lock up and the ONLY way to get the flippin' thing back is to do a reboot!

    We have SQL/Server restarts scheduled in the middle of the night - it has reduced the number of lock ups of the SQL engine, but not eliminated them -and this is a SQL/Server machine with only ONE active appplication using the DBMS... !!!! Junk, junk and MORE M$ junk!
     
Thread Status:
Not open for further replies.