Corporate environments contain an extensive mix of software components such as security applications, database servers and productivity software. With the diverse number and types of applications that can exist within the infrastructure, it is inevitable that some sort of interaction will occur and, in some cases, cause serious issues.
Supporting the EnterpriseIQ ERP software solution, and the Oracle databases they run on, has introduced the IQMS System Administration team to quite a few interesting situations related to software interactions. One of these situations is the easily overlooked interaction between a database server and anti-virus software. On most desktop systems, the interactions between the anti-virus software and client software is fairly localized. On the other hand, when anti-virus software is installed on a centralized corporate server such as a database machine, the effects of a misconfigured anti-virus package can be globally felt if things go wrong.
By design, databases and their associated control files are under constant and heavy use, meaning that any interference with these files could create issues (read corruption) within the database environment. Now introduce an anti-virus solution that has not been configured to take into account the application of the machine it is being installed on. It is conceivable that everything may run smoothly for a period of time before there are signs of trouble.
For example, passive anti-virus software scans targeting any active database files may not pickup any suspicious looking data signatures and then a single small entry into the database could alter the data signature enough to look like a virus, causing the data files in question to be quarantined. Not a good scenario for an active system. The end result is usually the database goes offline, or worse, corrupts the control files needed to keep the system synchronized properly.
Active scanning can cause even more subtle issues both with performance of the database engine and corruption. When anti-virus software is actively scanning transaction files, there is an overhead introduced when the scan takes control of the file in question. Then depending on the action being performed against the database, it is possible that critical data can be lost if the active scan has locked a needed file for examination. Effects of this can be structure synchronization issues, data loss or data corruption. Recovery of these issues, if at all possible, can be costly and very time consuming.
So does this mean that database servers are doomed to be virus infested security issues? Of course not. There is a requirement, however, of knowing the database environment, what files are active and where they are located, and having some contact with the database or anti-virus provider to determine what exclusions are recommended. While every database server is a little bit different, for the Oracle environment, the following exclusion recommendations have been suggested by Oracle:
- Oracle data files
- Control files
- Redo-log files
- Archived redo-log files if database is in archive log mode
- Files with extension ‘.ora’
- Password file
- Files with extension ‘.log’ under ORACLE_HOME
Oracle also notes that the anti-virus vendor may have other recommendations based on how the anti-virus product scans files. In addition, Oracle does note that anti-virus packages can consume significant operating system resources that may impact database performance, but if the performance is acceptable, there are no other restrictions to having anti-virus software run alongside the Oracle server.