Super User Asked by Adam Przedniczek on August 7, 2020
I have a small network of several Windows 10 machines (all protected by BitDefender 2020 Total Security), one of which acts as server with Firebird database.
For some time the database is deteriorating – in some random records some fields have altered values.
I completly changed the server machine for a brand new with fresh Windows 10 installation and antivirus, on which the database was recreated from GBK archive.
The primary machine was carefully check for RAM errors (with MemTest86) and SSD errors (CrystalDiskInfo and ADATA SSD ToolBox) – everything was in 100% fine.
I don’t have no suspicions other than that the server was hacked, but it looks like an alleged malware / virus must move inside database (even packed GBK archive), because only GBK file was moved to new machine (on verified pendrive).
Is it even possible that the virus is stored inside the database (e.g. in the form of stored procedures, etc.) and it transfers with GBK archive?
If so, how to detect and remove it from database?
(Firebird database is stored in the form of single FDB file, which was scanned by BitDefender without any results)
Since Firebird has to be installed specifically on a machine, and is not as widely used as other software, e.g. browsers or word processors, it is very unlikely that general malware would target that SQL DBMS to store code, though not entirely impossible for a targeted attack on a high-value site.
Much more likely, poorly written code or deteriorating SSD (or HHD) is causing the issue. For example, inappropriate record or table locking could allow simultaneous transactions to leave the DB in an undefined state. My experience has been that Firebird is a very reliable DB with very small footprint, but with any DB, care mnust be taken to resolve multi-user conflict.
Correct answer by DrMoishe Pippik on August 7, 2020
Get help from others!
Recent Questions
Recent Answers
© 2024 TransWikia.com. All rights reserved. Sites we Love: PCI Database, UKBizDB, Menu Kuliner, Sharing RPP