Обсуждение: Anti virus scanning for Postgres database servers
Hi Everyone,
The oganization I work for uses some postgres databases installed on Linux servers. The security team is planning to initiate Microsoft Defender Anti Virus scanning on these servers in an "Active" mode.
This will mean that the Postgres Installation directories and files will be scanned by Microsoft Defender and quarantine any threats.
We have requested to exclude the data directories from the Antivirus scanning.
Is anyone aware of any performance, operational, or data-loss related challenges with Anti Virus scanning of Postgres binaries?
Thanking you in advance.
Greetings,
Soumen Rana
2025年9月23日(火) 6:21 soumen rana <soumenrana.06@gmail.com>: > > Hi Everyone, > > The oganization I work for uses some postgres databases installed on Linux servers. The security team is planning to initiateMicrosoft Defender Anti Virus scanning on these servers in an "Active" mode. > > This will mean that the Postgres Installation directories and files will be scanned by Microsoft Defender and quarantineany threats. > > We have requested to exclude the data directories from the Antivirus scanning. > Is anyone aware of any performance, operational, or data-loss related challenges with Anti Virus scanning of Postgresbinaries? I'm pretty sure I've worked on support cases in the past caused by antivirus software doing things it shouldn't... If the antivirus software in question modifies files in any way, it will corrupt your PostgreSQL installation. A few places warning against using antivirus software on PostgreSQL data directories: - https://www.highgo.ca/2021/01/27/avoiding-identifying-and-dealing-with-postgresql-database-corruption-part-1/ - https://www.postgresql.eu/events/pgconfeu2023/sessions/session/4602/slides/406/data_corruption.pdf - https://docs.microfocus.com/UCMDB/11.0/ucmdb-docs/docs/eng/doc_lib/Content/database/PostgresConfig_c_notes.htm Regards Ian Barwick
On Mon, 2025-09-22 at 13:03 -0700, soumen rana wrote: > This will mean that the Postgres Installation directories and files will be > scanned by Microsoft Defender and quarantine any threats. > > We have requested to exclude the data directories from the Antivirus scanning. > Is anyone aware of any performance, operational, or data-loss related > challenges with Anti Virus scanning of Postgres binaries? I think that should be safe, at least until Microsoft starts to perceive PostgreSQL as a threat... Yours, Laurenz Albe
On Tue, Sep 23, 2025 at 08:22:51AM +0200, Laurenz Albe wrote: > On Mon, 2025-09-22 at 13:03 -0700, soumen rana wrote: > > This will mean that the Postgres Installation directories and files will be > > scanned by Microsoft Defender and quarantine any threats. > > > > We have requested to exclude the data directories from the Antivirus scanning. > > Is anyone aware of any performance, operational, or data-loss related > > challenges with Anti Virus scanning of Postgres binaries? > > I think that should be safe, at least until Microsoft starts to perceive > PostgreSQL as a threat... Uh, if the anti-virus software does not modify any files, you are likely to get false positives when the antivirus software thinks Postgres data is a virus. If the anti-virus software modifies the data directory in any way, you are likely to get database corruption or a non-operational database. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.
Microsoft defender locks the data files in the data directory during the scans. Which created a problem for us in the past. You need to skip the data directory from the Microsoft defender scans.
On Tue, 23 Sept, 2025, 2:51 am soumen rana, <soumenrana.06@gmail.com> wrote:
Hi Everyone,The oganization I work for uses some postgres databases installed on Linux servers. The security team is planning to initiate Microsoft Defender Anti Virus scanning on these servers in an "Active" mode.This will mean that the Postgres Installation directories and files will be scanned by Microsoft Defender and quarantine any threats.We have requested to exclude the data directories from the Antivirus scanning.Is anyone aware of any performance, operational, or data-loss related challenges with Anti Virus scanning of Postgres binaries?Thanking you in advance.Greetings,Soumen Rana
On Tue, 2025-09-23 at 08:03 -0400, Bruce Momjian wrote: > On Tue, Sep 23, 2025 at 08:22:51AM +0200, Laurenz Albe wrote: > > On Mon, 2025-09-22 at 13:03 -0700, soumen rana wrote: > > > This will mean that the Postgres Installation directories and files will be > > > scanned by Microsoft Defender and quarantine any threats. > > > > > > We have requested to exclude the data directories from the Antivirus scanning. > > > Is anyone aware of any performance, operational, or data-loss related > > > challenges with Anti Virus scanning of Postgres binaries? > > > > I think that should be safe, at least until Microsoft starts to perceive > > PostgreSQL as a threat... > > Uh, if the anti-virus software does not modify any files, you are likely > to get false positives when the antivirus software thinks Postgres data > is a virus. If the anti-virus software modifies the data directory in > any way, you are likely to get database corruption or a non-operational > database. Absolutely. I was commenting the suggestion to exempt the data directory from the virus scan and only scan the PostgreSQL binaries. Yours, Laurenz Albe
On Tue, Sep 23, 2025 at 05:49:39PM +0200, Laurenz Albe wrote: > On Tue, 2025-09-23 at 08:03 -0400, Bruce Momjian wrote: > > On Tue, Sep 23, 2025 at 08:22:51AM +0200, Laurenz Albe wrote: > > > On Mon, 2025-09-22 at 13:03 -0700, soumen rana wrote: > > > > This will mean that the Postgres Installation directories and files will be > > > > scanned by Microsoft Defender and quarantine any threats. > > > > > > > > We have requested to exclude the data directories from the Antivirus scanning. > > > > Is anyone aware of any performance, operational, or data-loss related > > > > challenges with Anti Virus scanning of Postgres binaries? > > > > > > I think that should be safe, at least until Microsoft starts to perceive > > > PostgreSQL as a threat... > > > > Uh, if the anti-virus software does not modify any files, you are likely > > to get false positives when the antivirus software thinks Postgres data > > is a virus. If the anti-virus software modifies the data directory in > > any way, you are likely to get database corruption or a non-operational > > database. > > Absolutely. I was commenting the suggestion to exempt the data directory > from the virus scan and only scan the PostgreSQL binaries. Ah, yes, the Postges binaries should be safe to scan, and probably useful to scan. -- Bruce Momjian <bruce@momjian.us> https://momjian.us EDB https://enterprisedb.com Do not let urgent matters crowd out time for investment in the future.