Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Anti-Virus on an Oracle server? 1

Status
Not open for further replies.
aking

aking

Technical User
Aug 11, 2002
112
GB
Hi, I've got 2 oracle 10g servers running. They are running on windows 2003 servers and they've been ok for last few years. I come from windows background so i installed Anti-Virus on the servers as a default part of the build even before i installed Oracle. A consultant has flown over from one of our software providers, taken one look at the production server and told me that anti-virus should NEVER be running on an oracle server.
??
I figure this advice is coming from a big business perspective where they have huge servers locked in vaults that never connect to the internet - or something!
I am coming from a SMB perspective and it is hard to imagine running a windows box without AV, i really don't want to un-install it, and its hard to take people seriously when they tell me my instance is gonna fail when i've been running it this way in blissful ignorance for past 5 years.
Does anyone else run anti-virus on their oracle servers? or have I just been lucky?
 
Sort by date Sort by votes
We run Sophos anti-virus on Windows Oracle Servers and it has occasionally caused us grief with file-locking. However, nothing that's not fairly easily worked-around or eliminated by exclusions etc.

The internet - allowing those who don't know what they're talking about to have their say.
 
Upvote 0 Downvote
that's nice to hear since i'm running sophos too.
i don't think i've had any issues like that.
do you exclude all of the flash recovery area?
otherwise i'm guessing to exclude *.log for the redo logs, and maybe *.ctl for the control files.

The other thing i wonder (and this is specific to sophos) is the way the default option "Allow me to control exactly what is scanned" works. For example there are no entries for *.log or *.ctl in the list of scanned extensions within sophos antivirus, so it should not scan those file types anyway - perhaps this is why it has been working so well? I think i will have to ask sophos, i have emailed them but no reply, i cant find anything on their knowledgebase and i don't know how to test whether a file is being scanned by sophos or not.
 
Upvote 0 Downvote
Glad to help, if only a little. We don't exclude the flash recovery area, but Sophos is administered by a separate part of the organisation so it's difficult for me to be precise about how they implement the exclusions I asked for.

The internet - allowing those who don't know what they're talking about to have their say.
 
Upvote 0 Downvote
FYI: Spoke to Sophos just now, there is a doc about running sophos on windows oracle servers but is internal only. So that's now been escalated to be released for public viewing - but i've no idea how long this takes.
Gist of the article seems to be only 3 exclusions, namely: *.dbf, *.ctl & *.log
Which seems suspiciously simple for an oracle solution! ;) But I will see how this goes on a test server.
(and since my server is already working i guess this can only make it more stable....)
 
Upvote 0 Downvote
Hi,
do your Oracle servers actually connect directly to the internet ( not thru a firewall or proxy server?)

If you are on an Intranet and control what users can access outside that, an Anti-Virus is probably not needed and could possibly cause an issue if it runs a scan while Oracle is actively writing to a file...( Maybe..since we never had an anti-virus on our Oracle boxes, I don't know)



[profile]

To Paraphrase:"The Help you get is proportional to the Help you give.."
 
Upvote 0 Downvote
Thanks for the info re. Sophos, I'll pass it on to my colleagues. Have a star!

The internet - allowing those who don't know what they're talking about to have their say.
 
Upvote 0 Downvote
Hi Turkbear,
My servers do connect to the internet and of course I have a firewall on my gateway to the internet (hardware firewall).
I've got various networks, all with small number of users, windows servers and requirements for remote access. All of this adds up to: I need servers that can connect to the internet and be connected to.
 
Upvote 0 Downvote
Hi,
Understood..Then get the best Anti-Virus/Anti-Spyware you can find. If Sophos can certify Oracle compatibility - as you use Oracle ( 24/7 active, shutdown sometimes,...) , then go with it..Try to schedule the scans when the database is inactive or down, but keep real-time protection running always.



[profile]

To Paraphrase:"The Help you get is proportional to the Help you give.."
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

TheLazyPig
  • Locked
  • Question
Oracle Data Validation 1
Replies
4
Views
242
TheLazyPig
TheLazyPig
KeyserSoze
  • Locked
  • Question
TOAD for Oracle - Icons
Replies
1
Views
277
Andrzejek
Andrzejek
Chopstik
  • Locked
  • Question
How to identify a package based on a code snippet 1
Replies
1
Views
673
Andrzejek
Andrzejek
annie1975
  • Locked
  • Question
sql script in an cron job script failing
Replies
3
Views
279
carp
carp
gc6294
  • Locked
  • Question
Search for a character in Oracle SQL statement 1
Replies
3
Views
206
Andrzejek
Andrzejek

Part and Inventory Search

Sponsor

Back
Top