Fajar A. Nugraha wrote:
Dennis Peterson wrote:
Fajar A. Nugraha wrote:
Database objects can include blobs (binary large objects). These can
be files including executables, documents, other databases. They can
have viruses. In some instances the blob in an internal representation
and can be difficult to get to without sql. In other cases blobs can
be external storage objects (file system files) and easy to get at.
Regardless, there are many reasons one would wish to scan them for
viruses.
Yes, but (suppose) clamscan finds a virus on file oradata01.dbf. Would
you REALLY spend your time examining which record on what table has the
BLOB?
Yes. It means to us at least that we have security gaps in our ingestion
process and we cannot allow that.
While I agree that "there are many reasons one would wish to scan them
for viruses", one should also realise that in doing so (scanning file
types that are uncommon or not known to have virus) will increase system
CPU usage. If one concerns about CPU usage (as John did), than he
probably shouldn't scan database files.
And why not HP-UX? Or Numa-Q? Or even VAX? I've even had it running on
an E-10k.
My point is simply about popularity. The most popular systems would most
likely have most virus threat. If you use HP-UX, then most likely there
are no known active dangerous threat in the wild (other than some
proof-of-concepts) that would work on that platform. So you could
probably save a lot of resource (including CPU usage) by not scanning
files on that platform.
This is very naive. Database data is OS agnostic. It may as easily
contain blobs for Windows as for HP-UX. The platform does not define the
data end user environment. We are talking about data integrity here. I
am liable for damages if my database dishes up over the Internet an
Excel spreadsheet containing a stock portfolio that happens to have a
macro virus in it. The data can be stored as a blob on a TRS-80 or a Sun
E25K. It doesn't matter. What matters is where the data are used.
Unless of course this system is holding files for other platform (e.g. a
samba file server, mail server, etc.). But then you should be working on
integrating clamav with those server, not scanning file system.
Again, I agree that there are probably a lot of reason for wanting to
scan an entire file system on HP-UX. My point is you can save a lot of
CPU time (without really adding much virus risk) by NOT doing so. Work
selectively instead.
I have over 50 terrabytes of data stored on arrays attached to a Sun
cluster in the US and nearly as much in the EU. Millions of files -
every one of them has been scanned once at least. We don't know what
kind of platform our customers will use but it is probably not going to
be a Sun Sparc server. More likely it will be a Mac or Wintel system.
We're protecting ourselves and our customers by this activity. None of
us think we're going to find a Solaris virus in the data and it wouldn't
matter if we did as the data is not used in any by our Sparc systems.
dp
_______________________________________________
http://lurker.clamav.net/list/clamav-users.html
