High Performance Computing Group

 View Only
  • 1.  Anti-virus - Exclusion rules

    Posted Tue October 05, 2021 10:15 AM
    Hi! 

    I had searched around but had no luck. I am trying to find any documentation relating to what directories, executables, etc., can be excluded from Anti-virus scanning. I can see the Anti-virus is scanning LSF and Process Manager related files; however, I need to have some documentation available to share with the Security team. 

    This affects the Performance of the server, with all scanning and checking.

    Thanks!
    Alan


    ------------------------------
    alan tsuji
    ------------------------------

    #SpectrumComputingGroup


  • 2.  RE: Anti-virus - Exclusion rules

    IBM Champion
    Posted Thu October 07, 2021 07:59 AM

    There is no documentation like that.  If a file is executable, it's supposed to be scanned. (and yes, it's a complete pain - I had a db2cc that had a start time of 12 *minutes* due to the AV scanning every single JAR).

    The only sane way around this is to use an AV that can fingerprint a file (i.e. the file has an hash of xxx, and has been scanned) then as long as the hash doesn't change, you don't need to scan it on every run. (I'm not aware of any product that works like this - but then again, it's not my area).

    Alternatively, if you can mount the binaries from a Read-Only filesystem, you can exclude them from the runtime scans (provided you still scan then daily/weekly). 



    ------------------------------
    José Pina Coelho
    ------------------------------