This is something that I see with clients every once in a while.
The question that you should ask is: what is the technical reason for it.
In almost if not all cases the answer is: every computer system should have a
virus scanner on it (…because the security officer demands it).
So my immediate reaction then is: does every router and switch or any other
system with an embedded OS running have a virus scanner running?
As others have pointed out: I can’t see a technical reason to run a virus
scanner on a linux server running Oracle, provided it’s administered and
configured reasonably from a technical perspective.
Don’t get me wrong: for every operating system there is software that
classifies as malware/virus. But if a sensible approach is taken to security
(not draconic: sensible), this should take care of most potential issues.
The point is that the downside of the AV software can be huge, most of us know
about how it can interrupt and slow down database processing immensely.
So one of the things, if it gets really pushed, that I insist on is having
someone ONSITE that EXACTLY knows EVERYTHING the virus scanner does so in case
of issues with the database it can be investigated immediately. This also means
as a DBA you can work together to make sure nothing of the database processing
is touched by the virus scanner during execution, doing disk IO and doing
network IO.
...I yet have to see the first person with a client that has a deep knowledge
of how a linux virus scanner actually works.
ps. this is not anarchistic ‘fighting the power’, this is fighting unreasonable
and technically incorrect rules that have been created by people with an
insufficient technical knowledge.
Frits Hoogland
http://fritshoogland.wordpress.com ;<http://fritshoogland.wordpress.com/>
frits.hoogland@xxxxxxxxx <mailto:frits.hoogland@xxxxxxxxx>
Mobile: +31 6 14180860
On 14 Apr 2020, at 19:16, Jeffrey Beckstrom <JBECKSTROM@xxxxxxxxx> wrote:
Our tech team is thinking about putting anti-virus software on the database
server? If you exclude the Oracle binaries and datafiles, is there really
anything left to scan. Just wondering what other people do.