问题
Our company uses Sophos Anti-Virus with a default configuration that performs on-access scanning on all files.
We are considering turning this off for source code files but are concerned about the potential risk this poses. In our case these files are .cs files containing C# source code.
Does this really pose a risk?
Edit
Within the company we have had a number of issues with viruses recently (all got caught by Sophos) and about 90% of these came from developer machines.
Developers are doing Windows dev work so have full admin rights on their machines.
回答1:
Source code files for statically typed, compiled languages are usually simple text files that can't do anything to your system unless they are compiled into executable code.
On the other hand if your source files are actually script/batch files they can often be executed "as-is" by the operating system. So there may be some value in scanning script files and turning it off for any other source file type.
At the simplest this would probably involve the AV filtering on file extension (ie scan all files ending in js, jvs, bat, vbs etc.) Of course this is not 100% fool proof unless the AV also analyses the content of the file too.
So in summary there is almost zero risk in turning off AV scan on .CS source code files. Any viruses coming from developers machines are almost certainly due to the combination of administrative rights and developers who download additional "tools" that actually contain the virus.
If your developers are still working on XP, this is one situation where moving to Vista (or Windows 7) might actually be a good idea due to the improved security thanks to UAC.
回答2:
Viruses usually don't care about injecting malicious code into uncompiled source files, they usually like to trick you into installing some sh*tty application which turns your machine into a bot.
Got a better solution, tho. Uninstall your virus software, run as a normal user, and don't download and install anything on your dev machine that you aren't 100% sure about.
回答3:
Are the files flagged by Sophos the code files or other stuff? We've been using Sophos for at least five years on the Scan All setting without any issues, and we have admin rights
回答4:
The default settings are to NOT scan all files, only infectable file types. Check that "Scan all files" is unchecked. You are safe only scanning the default list of file types sophos scans for.
回答5:
I'd say no. But then again - I haven't had an antivirus on my machine for nearly 7 years now and haven't caught a single virus either. So I guess I'm a special case.
来源:https://stackoverflow.com/questions/1404999/development-machines-and-anti-virus-policy