Download EXECUTIVE SUMMARY

Recommendations for Configuration
of Antivirus Software
For use with software applications produced by ProfitStars®
Date created: Nov 30, 2004
Last updated: September 15, 2009
Intended audience:
IT professionals and end users
This document is available in electronic form at:
http://www.profitstar.com/dev/AntivirusRecommendations.pdf
Summary
Many of our clients routinely use antivirus software to protect their computer
systems and networks from malicious software attacks. Commonly used antivirus
programs include:


Norton AntiVirus™ and
Symantec AntiVirus™ (both
from Symantec Corporation)
McAfee VirusScan®


Computer Associates eTrust™
AntiVirus
Panda Security antivirus
products
This document describes our recommendations for configuring antivirus software for
optimal compatibility with the following ProfitStars applications:


PROFITstar® (including
Profitstar Suite™)
PROFITability®


PROFITstar® Portfolio
PROFITstar® Budget Manager
Recommended Actions
To facilitate program stability, data integrity, and optimal performance, without
compromising security, ProfitStars recommends that the PROFITstar/PROFITability
data folders (PS, PA, or Common) be excluded from real-time virus scanning. If
this is not possible, then antivirus programs, performing file-level, real-time virus
scans, should be configured to specifically exclude a few file types that are
associated with ProfitStars data. These are:




.add
.adi
.adm
.adt




.ai
.am
.csv
.psbackup
The exclusions apply only to the ProfitStars data directories. (See Final Notes on
page 6.)
IMPORTANT: We are not recommending that antivirus protection in general be
disabled. Nor are we recommending that ProfitStars program files be excluded from
virus protection. We are recommending only that the data files for ProfitStars
programs be excluded from real-time virus scans.
If necessary, data files can be included in your scheduled scans, however, be aware
of the following issues:
Why would scanning ProfitStars data for viruses cause problems?
At least three kinds of problems might occur when scanning ProfitStars data files:
1. The antivirus program modifies a ProfitStars data file. Antivirus programs
sometimes incorrectly detect a virus—they identify a virus when in fact no
virus is present. (This is called a “false positive.” It is unusual, but quite
possible, to encounter false positives when scanning large quantities of
binary data.) The antivirus may attempt to “fix” the apparent problem,
which involves modifying the supposedly infected file. Any such alteration of
a data file could cause serious data corruption.
2. The antivirus program removes a ProfitStars data file. Again, suppose the
antivirus software encounters a false positive. Rather than attempting to fix
the infection, the antivirus may be configured to quarantine the infected file,
or to perform a quarantine if an attempted fix fails. For purposes of
ProfitStars programs, which use that file, quarantining is equivalent to
deleting. The file will be missing when it is expected to be there. Again, the
consequences for program stability and data integrity could be serious.
3. The antivirus software causes a sharing violation. This kind of error is
possible with “on-demand” scans—those which are launched manually by a
user, or automatically by a task scheduler. If a ProfitStars program attempts
to open a data file while it is being scanned by the antivirus program, a
sharing-related I/O error might occur. (This kind of error should not be
encountered with real-time scans.)
Potential problems with performance
Real-time file protection can also introduce a significant performance penalty.
Therefore, an additional reason to consider disabling real-time file protection is that
it might improve the performance of ProfitStars programs.
Some users access shared data for ProfitStars applications on a network drive. In
this case, it is possible for real-time scanning to be enabled twice, once at the server
and again at the workstation, imposing a double performance penalty. The shared
data should be excluded from real-time protection at the file server and at all client
workstations.
Does excluding data from virus protection put my systems at risk?
The risk is negligible. Malicious software has to be executed—run by a host
computer—in order to do damage. ProfitStars data is not executable, and therefore
poses very little virus threat.
ProfitStars, A Jack Henry Company · 17110 Marcy Street, Ste 200 · Omaha, NE 68118 · P 800.356.9099 · F 402.431.8822 ·
www.profitstars.com
Page 2 of 6
How can I minimize my exposure in the ProfitStars data directories?
Data for ProfitStars programs resides in directories that could be used by malicious
software to store potentially executable and destructive code. Totally excluding the
data directories from virus scans could leave the directories vulnerable to
exploitation. A better alternative would be to scan only selected files within those
directories. Specifically, we recommend that all file types not associated with data for
ProfitStars programs be scanned. (ProfitStars data-related file types are documented
on page 1.) Under this recommended configuration, high-risk file types like
executable files would always be scanned, minimizing the risk of malicious
exploitation.
What about report files generated by PROFITstar or PROFITability?
Four kinds of report files generated by ProfitStars applications are potentially
exploitable by viruses:
1.
2.
3.
4.
Adobe Acrobat (.pdf) files
HTML files (.htm or .html)
Zip files (.zip)
Self-extracting report files (.exe)
Adobe Acrobat and HTML files are at relatively low risk of exploitation. Zip files and
especially the self-extracting report files would be more of a concern. None of these
report file types is a ProfitStars data file type. They will always be scanned if you
exclude only those file types listed on page 1.
Doesn’t excluding data from virus scans violate security best practices?
No. Data files are commonly excluded from virus scans. Files, which are not
executable, and which are stored in proprietary formats not “understood” by
antivirus software, may be legitimately excluded. This is especially true if there is a
risk of virus scans interfering with the normal operation of the database in question.
For example, to avoid data corruption, Microsoft strongly recommends excluding
certain data files used by Exchange Server from virus scans. Likewise, Microsoft
recommends excluding some system data used by Windows 2000 or Server 2003
domain controllers. According to Symantec, Microsoft SQL Server databases should
be excluded. Anecdotal evidence from SQL Server administrators supports
Symantec’s advice. Refer to the resources listed on page 4 for further information.
Data for ProfitStars programs is not executable, and is therefore highly unlikely to be
targeted by viruses. It is stored in formats, mostly with binary encoding, which are
not “understood” by antivirus programs. Furthermore, if antivirus software interferes
with the normal operation of the database, serious side effects can result.
Excluding data for ProfitStars programs from virus scans does not violate security
best practices. It also makes good sense, given the added benefits in program
stability, data integrity, and performance.
ProfitStars, A Jack Henry Company · 17110 Marcy Street, Ste 200 · Omaha, NE 68118 · P 800.356.9099 · F 402.431.8822 ·
www.profitstars.com
Page 3 of 6
Where to go for more information
How to include or exclude files from virus scans
Refer to the knowledge resources from your antivirus provider.
General antivirus information from Microsoft
“Antivirus software: frequently asked questions”
http://www.microsoft.com/athome/security/protect/antivirus.mspx
“The Antivirus Defense-in-Depth Guide”
http://www.microsoft.com/technet/security/guidance/avdind_0.mspx
Microsoft’s antivirus business partners (about 2 dozen), including links to
each:
http://support.microsoft.com/kb/49500
“Messaging Hygiene at Microsoft,” describes Microsoft’s corporate approach to
e-mail security. Note the following: “Organizations that want to employ filelevel antivirus software on Exchange Server 2003 servers should use extra
precautions. Because the file-level antivirus software is typically not aware of
the internal structure of the Exchange-specific data (such as Exchange
databases and log files), scanning such contents often results in server
failures and may cause data corruption. The file-level antivirus software must
be specifically configured to exclude any Exchange Server–related data, such
as mailbox stores, transaction logs, temporary directories, message queues,
and other relevant file locations.” The same is true for the data used by
ProfitStars applications.
http://www.microsoft.com/downloads/details.aspx?FamilyId=7A993A61CE35-4EB8-AA8D-796F9793F6A3&displaylang=en#QuickInfoContainer
Microsoft recommends excluding their e-mail server databases and some domain
controller directories from virus scans
“Overview of Exchange Server 2003 and antivirus software”
http://support.microsoft.com/?id=823166
“Exchange and antivirus software”
http://support.microsoft.com/?id=328841
ProfitStars, A Jack Henry Company · 17110 Marcy Street, Ste 200 · Omaha, NE 68118 · P 800.356.9099 · F 402.431.8822 ·
www.profitstars.com
Page 4 of 6
“Virus scanning recommendations on a Windows 2000 or on a Windows
Server 2003 domain controller”
http://support.microsoft.com/kb/822158
Symantec recommends excluding SQL Server databases from virus scans
“Can Symantec AntiVirus Corporate Edition scan a SQL database?” [Symantec
says no, but does not elaborate on what the consequences of doing so might
be.]
http://service1.symantec.com/SUPPORT/entsecurity.nsf/docid/2002120911393848
“A Short Tour of Symantec System Center 5.0 in Symantec AntiVirus 8.x”
["The 'Exclude selected files and folders' box should be checked if you have
large databases, such as SQL, or a local e-mail server like Microsoft
Exchange. Certain third-party software packages will also suggest excluding
their software from being scanned."]
http://service1.symantec.com/SUPPORT/entsecurity.nsf/docid/2002110112002748
Anecdotal advice from system administrators re: SQL Server databases &
antivirus software
From www.sqlservercentral.com: (You must be a registered member to view,
but membership is free.) The advice of contributors to this forum is
consistently, “Exclude SQL Server databases from virus protection.”)
http://www.sqlservercentral.com/forums/shwmessage.aspx?messageid=10
9903
If you have further questions, please contact your Client Services analyst.
ProfitStars, A Jack Henry Company · 17110 Marcy Street, Ste 200 · Omaha, NE 68118 · P 800.356.9099 · F 402.431.8822 ·
www.profitstars.com
Page 5 of 6
Final Notes
If file-level, real-time virus scans are performed, and the file types listed on page 1
are excluded, be aware of the following:


The same file types should be excluded from the real-time virus scanning of
files nested in ZIP files. This applies to zipped copies of data for ProfitStars
programs, including PROFITstar or PROFITability backups. Special measures
must be taken when these ZIP files reside in directories other than ProfitStars
data directories.
The question mark wild card character ‘?’ represents (in the case of
ProfitStars files) a single digit from zero ‘0’ to nine ‘9’.
ProfitStars, A Jack Henry Company · 17110 Marcy Street, Ste 200 · Omaha, NE 68118 · P 800.356.9099 · F 402.431.8822 ·
www.profitstars.com
Page 6 of 6