IBM Spectrum Computing Group

Expand all | Collapse all

Anti-virus - Exclusion rules

  • 1.  Anti-virus - Exclusion rules

    Posted 18 days ago
    Hi! 

    I had searched around but had no luck. I am trying to find any documentation relating to what directories, executables, etc., can be excluded from Anti-virus scanning. I can see the Anti-virus is scanning LSF and Process Manager related files; however, I need to have some documentation available to share with the Security team. 

    This affects the Performance of the server, with all scanning and checking.

    Thanks!
    Alan


    ------------------------------
    alan tsuji
    ------------------------------


  • 2.  RE: Anti-virus - Exclusion rules

    Posted 16 days ago

    There is no documentation like that.  If a file is executable, it's supposed to be scanned. (and yes, it's a complete pain - I had a db2cc that had a start time of 12 *minutes* due to the AV scanning every single JAR).

    The only sane way around this is to use an AV that can fingerprint a file (i.e. the file has an hash of xxx, and has been scanned) then as long as the hash doesn't change, you don't need to scan it on every run. (I'm not aware of any product that works like this - but then again, it's not my area).

    Alternatively, if you can mount the binaries from a Read-Only filesystem, you can exclude them from the runtime scans (provided you still scan then daily/weekly). 



    ------------------------------
    José Pina Coelho
    ------------------------------