|
I spoke with Kenneth White (Head of Product Security) at Mongo Europe '18 on this and asked him if he could get the docs team to add some wording in the Production Notes. With regards to AV and MongoDB he said:
"Regarding anti-virus, for customers who must run AV on an underlying Linux or Windows instance, we strongly urge administrators to explicitly exclude the database files and working db directories from AV scanners. For one, data in MongoDB are highly compressed and if using Wired Tiger ESE, content is also encrypted and thus opaque to other processes running on the machine. In other words, you would almost certainly experience a significant performance impact in I/O, and possibly CPU as well, but likely receive no benefit of malware detection. We are aware of no commercial anti-virus or endpoint threat protection on the market which can decompress (much less decrypt) native Wired Tiger binary files. Further, any product that would attempt real-time kernel or process injection to try to identify in-memory targets would substantially lower mongodb reliability and availability. Such configurations are not supported."
Hope this helps.
|