|
|
Log in / Subscribe / Register

TALPA strides forward

TALPA strides forward

Posted Sep 1, 2008 14:50 UTC (Mon) by kleptog (subscriber, #1183)
In reply to: TALPA strides forward by iabervon
Parent article: TALPA strides forward

These arn't hypothetical problems either. On the postgresql lists there are regularly reports of people complaining that tables spontaneously vanish or worse, the transaction logs suddenly can't be written out. The cause is invariably that some antivirus has blocked the writes and uninstalling it fixes all the problems.

There's enough safeguards to prevent data loss in most cases, but once the scanner starts violating write-order guarentees, the shit will really hit the fan.

to post comments

TALPA strides forward

Posted Sep 1, 2008 19:07 UTC (Mon) by nix (subscriber, #2304) [Link] (2 responses)

Wow. This highlights the need to be able to exclude stuff from antivirus
scanning if anything does: what kind of idiot scans an RDBMS's data for
viruses? This is as silly as searching a filesystem's *metadata* for
viruses and banning only part of a metadata write if it thinks it finds
one: instant disaster...

TALPA strides forward

Posted Sep 1, 2008 21:10 UTC (Mon) by kleptog (subscriber, #1183) [Link] (1 responses)

I suppose popular antivirus software comes with tables of stuff not to scan. Can you imagine the news if an antivirus product killed an Oracle installaion by helpfully renaming a datafile that looked suspicous.

Generally you can configure the software to exclude certain directories from scanning, but the default is always scan everything unless told otherwise. On the whole violating FS semantics for some silly scanning software seems insane.

TALPA strides forward

Posted Sep 1, 2008 22:03 UTC (Mon) by nix (subscriber, #2304) [Link]

Oh, I agree, but the existence of horrible things like Oracle*Mail
indicates that if you think you have to scan everything that might, say,
contain email that might be read by people using vulnerable clients, you
have to add a virus scanner *inside the database* as well, to scan
everything going to and from tables.

Likewise you have to add a scanner inside everything else that maintains
structured/transactioned data storage.

Even discounting the security-brokenness of 'excluding the bad software',
this obviously will not scale.


Copyright © 2026, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds