17.3. Compatibility and Work with Antivirus Software#
17.3. Compatibility and Work with Antivirus Software #
Предупреждение
The use of antivirus software on hosts running a Tantor SE server is not recommended. Interception of file operations and scanning can lead to reduced performance and interfere with proper server operation.
If corporate security policies require the use of antivirus software, configure exclusions for the following directories and files:
The cluster's data directory (
$PGDATA). Determined by the data_directory configuration parameter. Default:/var/lib/postgresql/tantor*.Subdirectories of tablespaces referenced by symbolic links created in
$PGDATA/pg_tblspc.The WAL directory. If the cluster was initialized with
initdbusing the-X(--waldir) option, exclude the directory referenced by the$PGDATA/pg_walsymbolic link.The Unix-domain socket directory. Determined by the unix_socket_directories configuration parameter. Default:
/var/run/postgresql.The log file directory. Determined by the log_directory configuration parameter. If a relative path is specified, it is calculated relative to
$PGDATA. Default:log.The WAL archive directory. Determined by the archive_command and restore_command configuration parameters.
Directories used for backups created with pg_basebackup and wal-g.
Subdirectories under
/opt/tantor:/opt/tantor/db— Tantor SE software components./opt/tantor/usr— Tantor SE additional supplied utilities./opt/tantor/var— service data and components of Tantor SE additional supplied utilities./opt/tantor/etc— configuration files for Tantor SE additional supplied utilities./opt/tantor/eco— Tantor Platform.
/usr/lib/systemd/system/*tantor*and/etc/ld.so.conf.d/tantor*—unit systemdfiles and dynamic loader configuration files./var/lib/postgresql/.*— Tantor SE user profile files read at process startup and the command history of psql utility./dev/shm— dynamic memory mapped files whendynamic_shared_memory_type = posixis used.Directories mounted as
tmpfs. The list can be obtained usingmount | grep tmpfscommand./var/lib/docker/volumes— Docker volume directories when using the Tantor Platform.
Exclusions shall be applied both to real-time scanning and to scheduled scans.
After configuring exclusions, it is recommended to:
Verify that there are no I/O errors in the Tantor SE server log.
Monitor checkpoint execution time using CHECKPOINT.
Perform a backup and restore test.
Conduct load testing.