| Author |
Message
|
| chhetri_sanjay |
 Posted: Thu Jan 17, 2013 9:14 am Post subject: AntiVirus Exclusion MQ Files |
 |
|
Novice
Joined: 17 Jan 2013
Posts: 23
|
Folks,
Anybody has an idea what MQ files and MQ file some extension can be excluded from anti virus scan list ? Its for MQ 7.1.0.2 - WINDOWS Platfrom...
Thank you in advance....
_________________
----------------------------------------
Let's do someting new 
---------------------------------------- |
|
| Back to top |
|
 |
| mqjeff |
| Posted: Thu Jan 17, 2013 9:19 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| All MQ files should be excluded from being touched by any other piece of software. |
|
| Back to top |
|
|
| chhetri_sanjay |
| Posted: Thu Jan 17, 2013 9:21 am Post subject: |
|
|
Novice
Joined: 17 Jan 2013
Posts: 23
|
Thank for your prompt reply.
_________________
----------------------------------------
Let's do someting new
---------------------------------------- |
|
| Back to top |
|
|
| chhetri_sanjay |
| Posted: Thu Jan 17, 2013 1:04 pm Post subject: |
|
|
Novice
Joined: 17 Jan 2013
Posts: 23
|
Does it matter if we scan it ? .... just curious .....
_________________
----------------------------------------
Let's do someting new
---------------------------------------- |
|
| Back to top |
|
|
| Vitor |
| Posted: Thu Jan 17, 2013 1:33 pm Post subject: |
|
|
Grand High Poobah
Joined: 11 Nov 2005
Posts: 26093
Location: Texas, USA
|
| chhetri_sanjay wrote: |
| Does it matter if we scan it ? .... just curious ..... |
Why? You think IBM has a keylogger in there?
_________________
Honesty is the best policy.
Insanity is the best defence. |
|
| Back to top |
|
|
| chhetri_sanjay |
| Posted: Thu Jan 17, 2013 1:52 pm Post subject: |
|
|
Novice
Joined: 17 Jan 2013
Posts: 23
|
I don't mean that .... It does not harm ... does it ? This is my question ...
it's new thing i came across ..... sometime in windows environment we might encounter with viruses while using FTP utility. It's just my thought ....... please advise .....
_________________
----------------------------------------
Let's do someting new
---------------------------------------- |
|
| Back to top |
|
|
| gbaddeley |
| Posted: Thu Jan 17, 2013 2:41 pm Post subject: |
|
|
Jedi Knight
Joined: 25 Mar 2003
Posts: 2538
Location: Melbourne, Australia
|
| mqjeff wrote: |
| All MQ files should be excluded from being touched by any other piece of software. |
If that piece of software has any detrimental impact on MQ operation....
Its possible that MQ messages (in queue files or recovery log files) could contain virus payload in the form of a file or document that is subsequently used by an application.
A queue manager could directly execute a virus program via a PROCESS or SERVICE object.
_________________
Glenn |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Fri Jan 18, 2013 6:17 am Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
Open a PMR asking which MQ files, if any, are safe to Virus Scan or Backup while MQ is running, and then share the results of that PMR with your Security team and Backup team.
Or schedule downtime where you shut off MQ on the server and let them scan and backup all they want.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| chhetri_sanjay |
| Posted: Fri Jan 18, 2013 7:13 am Post subject: |
|
|
Novice
Joined: 17 Jan 2013
Posts: 23
|
Sounds good .... Thank you
_________________
----------------------------------------
Let's do someting new
---------------------------------------- |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Jan 18, 2013 7:43 am Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9472
Location: US: west coast, almost. Otherwise, enroute.
|
| chhetri_sanjay wrote: |
| Does it matter if we scan it ? .... just curious ..... |
This presumes that message content would NEVER look like a virus to the anti-virus software.
While this is unlikely, before you implement something that might modify or delete your message(s), I'd get your management and auditors to sign off on this.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| PeterPotkay |
| Posted: Fri Jan 18, 2013 2:34 pm Post subject: |
|
|
Poobah
Joined: 15 May 2001
Posts: 7722
|
I'd be more concerned that the very act of scanning active files might cause negative impact to the Queue Manager.
I did open that PMR a few years ago. I was told to NOT scan or backup any MQ files while the QM was running.
_________________
Peter Potkay
Keep Calm and MQ On |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Jan 18, 2013 2:42 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9472
Location: US: west coast, almost. Otherwise, enroute.
|
It would certainly impact I/O, which would impact performance and SLA's.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Fri Jan 18, 2013 6:06 pm Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| bruce2359 wrote: |
| It would certainly impact I/O, which would impact performance and SLA's. |
And the odds of a random stretch of binary data written in a queue manager file matching the binary signature of a random virus increases linearly with the number of viruses out there.
So the odds of the virus scanner deciding to remove *that* piece of your q storage file, which happens to cross the boundaries of three physical messages, none of which contain an actual virus, increases linearly with the number of known viruses out there.
And if anyone tells you that the number of viruses increases linearly???
   |
|
| Back to top |
|
|
| bruce2359 |
| Posted: Fri Jan 18, 2013 7:16 pm Post subject: |
|
|
Poobah
Joined: 05 Jan 2008
Posts: 9472
Location: US: west coast, almost. Otherwise, enroute.
|
| mqjeff wrote: |
| So the odds of ... |
One of my clients shipped executables in mq messages. FTE ships files of who-knows-what.
Odds of something happening go from 0 to 1 quite quickly - when it happens.
_________________
I like deadlines. I like to wave as they pass by.
ב''ה
Lex Orandi, Lex Credendi, Lex Vivendi. As we Worship, So we Believe, So we Live. |
|
| Back to top |
|
|
| mqjeff |
| Posted: Sat Jan 19, 2013 5:24 am Post subject: |
|
|
Grand Master
Joined: 25 Jun 2008
Posts: 17447
|
| bruce2359 wrote: |
| mqjeff wrote: |
| So the odds of ... |
One of my clients shipped executables in mq messages. FTE ships files of who-knows-what.
Odds of something happening go from 0 to 1 quite quickly - when it happens. |
Yes, I agree that it's perfectly possible that a regular mq message can contain a binary executable that can contain a virus.
I was talking about the chance that a random section of a random part of a q file would contain the same set of bytes that matched the signature of a virus exec.
In either situation, one *still* does not want one's virus scanner program to remove any section of a q storage file, there by corrupting the queue and damaging any remaining messages on the queue. |
|
| Back to top |
|
|
|
|
