TALPA strides forward

Posted Sep 1, 2008 21:10 UTC (Mon) by kleptog (subscriber, #1183)
In reply to: TALPA strides forward by nix
Parent article: TALPA strides forward

I suppose popular antivirus software comes with tables of stuff not to scan. Can you imagine the news if an antivirus product killed an Oracle installaion by helpfully renaming a datafile that looked suspicous.

Generally you can configure the software to exclude certain directories from scanning, but the default is always scan everything unless told otherwise. On the whole violating FS semantics for some silly scanning software seems insane.

to post comments

TALPA strides forward

Posted Sep 1, 2008 22:03 UTC (Mon) by nix (subscriber, #2304) [Link]

Oh, I agree, but the existence of horrible things like Oracle*Mail
indicates that if you think you have to scan everything that might, say,
contain email that might be read by people using vulnerable clients, you
have to add a virus scanner *inside the database* as well, to scan
everything going to and from tables.

Likewise you have to add a scanner inside everything else that maintains
structured/transactioned data storage.

Even discounting the security-brokenness of 'excluding the bad software',
this obviously will not scale.