Security Basics mailing list archives

RE: Why NOT to disable Real Time Antivirus on Servers

From: "Zoran Marjanovic" <Zoran.Marjanovic () registrarbih gov ba>
Date: Fri, 4 Nov 2005 14:01:32 +0100

 
George,

File level AV client on a dedicated exchange server will consume
resources much needed for smooth messaging,
especially if the number of e-mail clients is high and they are very
active. 
If you are really sure that your network is completely covered with AV
clients (file-level and e-mail client aware), 
the clients are updated regularly and you monitor it from your AV
server, you patch your network regularly,
have AV filter for mail (preferably not the same brand as file-level
clients (I prefer GFIx4 engines), and it is ok to keep it on an smtp
gateway),
have a web filter on your internet gateway, and good app firewall, than
you do not need file level av client on your exchange.  
If you do not have everything I listed, then your network is not well
protected and you are open for viruses/worms.
If you get one, it will possibly shut your network down and you won't
really benefit of a healthy exchange at that time. 
No need to mention that exchange server should not be used for web
browsing or running any client apps.
There is an MS webcast transcript on their site that talk about your
question. The Q/A part is the most interesting.


Zoran  


On 2 Nov 2005 17:34:12 -0000, george.peek () gmx net <george.peek () gmx net>
wrote:

Greetings,

An Engineer and I are having an argument about keeping Real Time

Antivirus disabled on servers.


His point is keeping Real Time Antivirus Enabled on servers such as

the Exchange Server takes a huge performance hit on the server.


My argument is that keeping real time antivirus software disabled

defeats the purpose of PREVENTING a server from being infected in the
first place. Once it is infected, it is all too late already. The
antivirus software is enabled on the workstations.


He argues that since all of the workstations have the antivirus

enabled, then there is no way for the virus to get in.


Mine argument that a virus can still get in through other means. I

need examples and case studies to refer to.


I would like to find different case studies or scenarios where the

real time antivirus was disabled on the servers, enabled on the PCs, and
the company still got infected. Also, would like to find solutions to
enabling real time scan and stream lining it so it does not affect the
Exchange Server as bad.


Would someone point me in the right direction or post potential case

studies.


Please post or email me.

George.peek () gmx net

Thank You



--
ME2  <http://www.santeriasys.net/>

Current thread:

RE: Why NOT to disable Real Time Antivirus on Servers, (continued)
- RE: Why NOT to disable Real Time Antivirus on Servers Nick Duda (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Steven Jones (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers THAVEEWAT VASAVAKUL (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers barcajax (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Herbold, John W. (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Steven Jones (Nov 04)
  - Message not available
    - RE: Why NOT to disable Real Time Antivirus on Servers Pranav Lal (Nov 07)
- Re: Re: Why NOT to disable Real Time Antivirus on Servers Warren V Camp (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Dunigan, Michael (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers DMORROW5 (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Zoran Marjanovic (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Depp, Dennis M. (Nov 04)
- Re: RE: Why NOT to disable Real Time Antivirus on Servers barcajax (Nov 07)