Antivirus Software and Docker Compatibility

content/manuals/engine/security/antivirus.md

cb20a5ed4514e8913a9cfe485c3809af6360e6e7bc9591d90000000300000347

---
title: Antivirus software and Docker
description: General guidelines for using antivirus software with Docker
keywords: antivirus, security
---

When antivirus software scans files used by Docker, these files may be locked
in a way that causes Docker commands to hang.

One way to reduce these problems is to add the Docker data directory
(`/var/lib/docker` on Linux, `%ProgramData%\docker` on Windows Server, or `$HOME/Library/Containers/com.docker.docker/` on Mac) to the
antivirus's exclusion list. However, this comes with the trade-off that viruses
or malware in Docker images, writable layers of containers, or volumes are not
detected. If you do choose to exclude Docker's data directory from background
virus scanning, you may want to schedule a recurring task that stops Docker,
scans the data directory, and restarts Docker.

Chunks

3ca8de86 (1st chunk of `content/manuals/engine/security/antivirus.md`)

Title: Antivirus Software and Docker Compatibility

Summary

Antivirus software can interfere with Docker operations by locking files. Excluding the Docker data directory from scans can mitigate this, but it also reduces the antivirus's ability to detect threats within Docker images and volumes. Scheduling periodic scans of the Docker data directory while Docker is stopped is a potential compromise.