Skip to Main Content
  • Questions
  • Anti-Malware Software Installation on LINUX servers with Oracle DB

Breadcrumb

May 4th

Question and Answer

Connor McDonald

Thanks for the question, Dmitry.

Asked: November 25, 2020 - 7:21 pm UTC

Last updated: February 07, 2022 - 2:48 am UTC

Version: Oracle 11.2.0.4

Viewed 1000+ times

You Asked

Hello!

Our Billing system works with Oracle DB of version 11.2.0.4 (next year we are planning to upgrade all DBs to 19C with RAC).
Oracle DBs run on LINUX servers.
We got a requirement from our customer to install Anti-Malware Software on all LINUX servers (DB and Application).
Please advise how it will affect the Oracle software and DBs.
What will be the Oracle recommendations for such approach.

Thank you in advance!

and Connor said...

Paraphrasing from MOS note 782354.1

Such software *may* lock a file as its scan it.. This lock interrupts the normal functioning of the database. To prevent any disaster situation such as database crash/hang, we recommend the following files to be excluded from online anti-virus scanning.

- Oracle datafiles
- Control files
- Redo-log files
- Archived redo-log files if database is in archive log mode
- Files with extension '.ora'
- Password file
- Files with extension ' .log' under ORACLE_HOME
- File in ADR directory
- Oracle Software directories (including Oracle_HOME and Oracle base)

You can also contact your anti-virus vendor to know more on the details of the scanning mechanism of the particular anti-virus software and for any additional Oracle files that has to be excluded from the scanner. Sometimes excluding only these files are not sufficiant, so exclude the entire folder/directory of oracle database files.

Rating

  (1 rating)

Is this answer out of date? If it is, please let us know via a Comment

Comments

G S S Prasad, February 07, 2022 - 2:17 am UTC

I have referred the below

How To Configure Anti-Virus On Oracle Database Server (Doc ID 782354.1)

is the below Oracle RAC files need to be excluded in the Anti virus Scan

- > CDB ROOT/PDB SEED areas, OCR and MGMT areas, Grid home and Grid Base directories should also be excluded from scanning.

-> Oracle uses ASM for data files, and the data file area etc. is not mounted as a normal file system.
Is it necessary to explicitly exclude them from the scan?

Connor McDonald
February 07, 2022 - 2:48 am UTC

ASM is very unlikely to even be seen from anti-virus because its not a file system (unless you are using ACFS as well).


More to Explore

Administration

Need more information on Administration? Check out the Administrators guide for the Oracle Database