TALPA strides forward

Posted Sep 1, 2008 19:07 UTC (Mon) by nix (subscriber, #2304)
In reply to: TALPA strides forward by kleptog
Parent article: TALPA strides forward

Wow. This highlights the need to be able to exclude stuff from antivirus
scanning if anything does: what kind of idiot scans an RDBMS's data for
viruses? This is as silly as searching a filesystem's *metadata* for
viruses and banning only part of a metadata write if it thinks it finds
one: instant disaster...

to post comments

TALPA strides forward

Posted Sep 1, 2008 21:10 UTC (Mon) by kleptog (subscriber, #1183) [Link] (1 responses)

I suppose popular antivirus software comes with tables of stuff not to scan. Can you imagine the news if an antivirus product killed an Oracle installaion by helpfully renaming a datafile that looked suspicous.

Generally you can configure the software to exclude certain directories from scanning, but the default is always scan everything unless told otherwise. On the whole violating FS semantics for some silly scanning software seems insane.

TALPA strides forward

Posted Sep 1, 2008 22:03 UTC (Mon) by nix (subscriber, #2304) [Link]

Oh, I agree, but the existence of horrible things like Oracle*Mail
indicates that if you think you have to scan everything that might, say,
contain email that might be read by people using vulnerable clients, you
have to add a virus scanner *inside the database* as well, to scan
everything going to and from tables.

Likewise you have to add a scanner inside everything else that maintains
structured/transactioned data storage.

Even discounting the security-brokenness of 'excluding the bad software',
this obviously will not scale.