Please start any new threads on our new site at http://forums.sqlteam.com. We've got lots of great SQL Server experts to answer whatever question you can come up with.

Our new SQL Server Forums are live! Come on over! We've restricted the ability to create new threads on these forums.

SQL Server Forums
Profile | Active Topics | Members | Search | Forum FAQ
Username:
Password:
Save Password
Forgot your Password?

 All Forums
 General SQL Server Forums
 Data Corruption Issues
 Bak file Trojan
 Reply to Topic
 Printer Friendly
Author Previous Topic Topic Next Topic  

iesa
Starting Member

USA
2 Posts

Posted - 03/10/2015 :  12:00:43  Show Profile  Reply with Quote
I recently found that I could no longer download the BAK file from the SQL instance on our website, hosted remotely, to the local network. Sonicwall would always kill the download, indicating "ScrInject.UR (Trojan) blocked".

After finding no suspicious data in the 200 or so tables, I created a copy of the database and started deleting tables, creating a BAK (overwrite), and then testing download. Eventually I deleted ALL tables, including sysdiagrams - and Sonicwall still won't allow download.

Is it possible for Trojan code to reside in a BAK file, even when it has no tables at all?

Craig Johnson

gbritton
Flowing Fount of Yak Knowledge

2780 Posts

Posted - 03/10/2015 :  12:18:09  Show Profile  Reply with Quote
hard to see how. or at least, it would have to be pretty sophisticated. but just to be sure, how big is your BAK file on that database with no tables? Easy enough to compare it to others to see if there's room for something else in there.
Go to Top of Page

tkizer
Almighty SQL Goddess

USA
38200 Posts

Posted - 03/10/2015 :  12:27:43  Show Profile  Visit tkizer's Homepage  Reply with Quote
Is the software blocking the bak extension? Have you tried a different extension?

Tara Kizer
SQL Server MVP since 2007
http://weblogs.sqlteam.com/tarad/
Go to Top of Page

iesa
Starting Member

USA
2 Posts

Posted - 03/10/2015 :  15:17:31  Show Profile  Reply with Quote
With tables, it's a 100 MB bak file. No tables, it's 8.3 MB. Sonicwall allows the download to progress to 20% or 30%, then kills it.

My bak file download had been functional for a few years now, then it just stopped working. Changing the extension doesn't help.

If it's unlikely that the table-less file actually contains a malicious code, I would have to suspect a false positive by SonicWall, wouldn't I?

Craig Johnson
Go to Top of Page

gbritton
Flowing Fount of Yak Knowledge

2780 Posts

Posted - 03/10/2015 :  15:38:15  Show Profile  Reply with Quote
Sounds like a false +ve to me
Go to Top of Page

Lincolnburrows
Yak Posting Veteran

52 Posts

Posted - 05/27/2015 :  05:37:06  Show Profile  Reply with Quote
To repair bak file no other option is better then external software
Go to Top of Page
  Previous Topic Topic Next Topic  
 Reply to Topic
 Printer Friendly
Jump To:
SQL Server Forums © 2000-2009 SQLTeam Publishing, LLC Go To Top Of Page
This page was generated in 0.02 seconds. Powered By: Snitz Forums 2000