From 91e75c3871f6edbcf1e421ef4a59896f4da1abb9 Mon Sep 17 00:00:00 2001 From: Misty Stanley-Jones Date: Mon, 6 Nov 2017 14:32:08 -0800 Subject: [PATCH] Add content about antivirus (#5152) --- _data/toc.yaml | 2 ++ engine/security/antivirus.md | 16 ++++++++++++++++ 2 files changed, 18 insertions(+) create mode 100644 engine/security/antivirus.md diff --git a/_data/toc.yaml b/_data/toc.yaml index cc73e57724..e9e7c194bd 100644 --- a/_data/toc.yaml +++ b/_data/toc.yaml @@ -354,6 +354,8 @@ guides: title: Manage keys for content trust - path: /engine/security/trust/trust_sandbox/ title: Play in a content trust sandbox + - path: /engine/security/antivirus/ + title: Antivirus software and Docker - path: /engine/security/apparmor/ title: AppArmor security profiles for Docker - path: /engine/security/seccomp/ diff --git a/engine/security/antivirus.md b/engine/security/antivirus.md new file mode 100644 index 0000000000..903d9ed1a7 --- /dev/null +++ b/engine/security/antivirus.md @@ -0,0 +1,16 @@ +--- +title: Antivirus software and Docker +description: General guidelines for using antivirus software with Docker +keywords: antivirus, security +--- + +When antivirus software scans files used by Docker, these files may be locked +in a way that causes Docker commands to hang. + +One way to reduce these problems is to add the Docker data directory +(`/var/lib/docker` on Linux or `$Env:ProgramData` on Windows Server) to the +antivirus's exclusion list. However, this comes with the trade-off that viruses +or malware in Docker images, writable layers of containers, or volumes will not +be detected. If you do choose to exclude Docker's data directory from background +virus scanning, you may want to schedule a recurring task that stops Docker, +scans the data directory, and restarts Docker. \ No newline at end of file