This is an old post from BleedYellow sometime in 2010. But someone needs to be reminded of this today I’m sure! I don’t have many of these that I feel might still be relevant, but I might dig up a couple more. 😉
This is definitely an age-old recommendation, but it is something that most customers have problems with. OS-level Antivirus. IBM has finally published a technote (1417504) Recommendations for exclusions when running Operation (sic) System Antivirus. This will definitely be handy to be able to show a customer direct instructions from IBM and not “just” recommendations from a third party (who sees this all the time where a customer wants to see some “official” documentation rather than a best practice).
Also, you need to disable any specific Lotus Notes scanning on your desktop AV software if it’s enabled.
First of all, not setting the exclusions will cause performance issues as the AV software has to scan/check the database/application prior to letting Domino use it. Your disk I/O will be abysmal. Trust me.
Secondly, it can cause other random problems (see below) or database corruption.
If you are running a Domino server that also has AV for the OS, you need to get this technote to your Security Administrators and make sure they enable these exclusions! And also, don’t just get *.nsf excluded. This technote is very timely because I just had a customer today with some exclusions in place who didn’t just have the entire data directory excluded. When a 16GB mail db was going through a copy-style compact, the *.tmp file that was created for the compact couldn’t get renamed back to the proper *.nsf file because the AV software had a lock on the tmp file. I just searched for this while writing this blog post (so that you could see how compact -c works in general) and there is also a technote from IBM (1102756 – technote no longer available) on a similar scenario when running AV software for Domino.
In a nutshell, if you are running OS-level AV on your Domino servers, you need to exclude the following from being scanned:
- Domino Data directory
- View rebuild directory
- Transaction Log directory
- DAOS directory
- Directory links