Re: anti-virus on Linux database server

Hi Jeff,

usually, anti-virus software nowadays is mostly a threat-detection, endpoint security monster. For Linux it might be of limited use, maybe it can find root kits or exposed network services. Usually they can't deal with anything Oracle does, to the contrary: Listeners or utl_tcp sockets may even be detected as being bad, and in the worst case, get isolated.

One recent annoyance I had with Sophos, was "PUAs" - potentially unwanted applications. Means: What Sophos thinks your boss might not want on the machine, gets deleted. Amazing, especially since you cannot disable that, only react and whitelist actions from the past. Restoring the file is your own problem. Bah. In this case, I plugged in a (virtual) jump drive with tools to repair a broken file system - woosh, the "stick" was wiped. Imagine my big eyes...

One last hint: Make sure the Anti-Virus stack works with any Linux Kernel version. Some of them insist on given patch levels, and certainly don't accept UEK. Being fixed to very few given kernel versions, introducing AV might corrupt your patch plans. If you have things like ASM Filter Drivers or the older ASMLIB with their own Kernel dependencies, you might easily go crazy.

Stay well,

-- 
Martin Klier // Performing Databases GmbH 
Managing Partner // Senior DB Consultant 
Oracle ACE Director 

martin.klier_at_performing-db.com // https://www.performing-databases.com 



> Von: "Jeffrey Beckstrom" <jbeckstrom_at_gcrta.org>

> An: "Oracle-L Freelists" <oracle-l_at_freelists.org>

> Gesendet: Dienstag, 14. April 2020 19:16:03


> Betreff: anti-virus on Linux database server





> Our tech team is thinking about putting anti-virus software on the database


> server? If you exclude the Oracle binaries and datafiles, is there really

> anything left to scan. Just wondering what other people do.


--
http://www.freelists.org/webpage/oracle-l