pg_snakeoil: The PostgreSQL Antivirus

Running typical on-access antivirus software on a PostgreSQL server has severe
drawbacks such as severely affecting performance or making the filesystem
unreliable.  The failure modes are extremely problematic when a
non-PostgreSQL-aware scanner blocks access to a file due to viruses, or even
false-positives and bugs in the scanner software.

We typically recommend not to run such software on PostgreSQL servers, as
PostgreSQL knows how to discern between code and data and will not execute any
viruses stored in a database. However, running anti-virus software is sometimes
required by local policy.

pg_snakeoil provides ClamAV scanning of all data in PostgreSQL in a way that
does not interfere with the proper functioning of PostgreSQL and does not cause
collateral damage or unnecessary downtimes.

https://github.com/credativ/pg_snakeoil
https://github.com/credativ/pg_snakeoil/releases/tag/v1.0

postgres=# SELECT so_is_infected('X5O<...Eicar string...>');
 so_is_infected
----------------
 t
(1 row)

postgres=# SELECT so_virus_name('X5O<...Eicar string...>');
    so_virus_name
----------------------
 Eicar-Test-Signature
(1 row)

Christoph

PS: Examples redacted because this mail shouldn't get filtered out :)
--
Senior Berater, Tel.: +49 2166 9901 187
credativ GmbH, HRB Mönchengladbach 12080, USt-ID-Nummer: DE204566209
Trompeterallee 108, 41189 Mönchengladbach
Geschäftsführung: Dr. Michael Meskes, Jörg Folz, Sascha Heuer
Unser Umgang mit personenbezogenen Daten unterliegt
folgenden Bestimmungen: https://www.credativ.de/datenschutz