I am using Oracle on a PC with Enterprise Red Hat Linux and I am considering
installing Sophos Antivirus for Linux. How do you use antivirus
software with Linux?
Answer: If this Linux server is not accessible to the
Internet, virus protection seems unnecessary to me!
I've administered hundreds of Linux servers, and until your note, I did not
even know that a Linux anti-virus product existed!
First, Oracle servers should always be in a secure environment, and unless
you are on a Windows platform where you cannot control security, antivirus
software should not be necessary. One of the most common issues with
Oracle on Windows is installing antivirus software.
If you don't configure the
software to bypass the Oracle executables and dbf files (everything in
$ORACLE_BASE), the antivirus software will stop Oracle and scan each dbf
file every time it is read!
In Oracle, the dbf files can be read hundreds
of times per second.
this adds significant overhead and ruins performance.
Second, Linux viruses are
quite rare, with the exception of "inside jobs" like a
Linux rootkits. If you examine the
stages of a Linux rootkit attack, you can see how antivirus software
will not protect your server. There is also a security issue because
internet access is required to stay current with antivirus updates, and
opening-up an Oracle server to the web is never a good idea unless you
follow security best practices.
Databases that are configured to allow Internet
communications from other web portals face an exceptional data security
challenge, and special techniques are used to
secure Oracle databases on the web. Foreign hackers will constantly
attempt to hack into Oracle web portals, eventually locating a weakness in
the Net Services architecture.
Just for grins, turn it off, and see if your
end-user response time improves. . . .
As of 2015, Linux experts
do not recommend any Linux antivirus products. The whole market
for Antivirus software is driven by Windows crapware, and on a well-designed
operating system, viruses are much more difficult to deploy:
"Malware in Windows Land is usually spread by
email clients, browser bits, or IM clients, which graciously accept the
poisoned fruit from others, then neatly deposit it on their masters'
systems, where malware authors know it will likely be executed and do their
bidding -- without ever asking permission.
Some malware programs require that you open an
attachment. Others don't even require that user error. By hook or by crook,
malware on Windows often gets executed, infecting the local system first,
then spreading itself to others. What a terrible neighborhood. I'm glad I
don't live there.
On Linux, there is built-in protection against
such craft. Newly deposited files from your email client or Web browser are
not given execute privileges. Cleverly renaming executable files as
something else doesn't matter, because Linux and its applications don't
depend on file extensions to identify the properties of a file, so they
won't mistakenly execute malware as they interact with it."
In sum, Linux antivirus on Oracle servers appears to be
a waste of computing resources.