Add content about antivirus (#5152)

_data/toc.yaml

@@ -354,6 +354,8 @@ guides:
           title: Manage keys for content trust
         - path: /engine/security/trust/trust_sandbox/
           title: Play in a content trust sandbox
+      - path: /engine/security/antivirus/
+        title: Antivirus software and Docker
       - path: /engine/security/apparmor/
         title: AppArmor security profiles for Docker
       - path: /engine/security/seccomp/

engine/security/antivirus.md

@@ -0,0 +1,16 @@
+---
+title: Antivirus software and Docker
+description: General guidelines for using antivirus software with Docker
+keywords: antivirus, security
+---
+
+When antivirus software scans files used by Docker, these files may be locked
+in a way that causes Docker commands to hang.
+
+One way to reduce these problems is to add the Docker data directory
+(`/var/lib/docker` on Linux or `$Env:ProgramData` on Windows Server) to the
+antivirus's exclusion list. However, this comes with the trade-off that viruses
+or malware in Docker images, writable layers of containers, or volumes will not
+be detected. If you do choose to exclude Docker's data directory from background
+virus scanning, you may want to schedule a recurring task that stops Docker,
+scans the data directory, and restarts Docker.