Security Basics mailing list archives
RE: Why NOT to disable Real Time Antivirus on Servers
From: "Mark Brunner" <mark_brunner () hotmail com>
Date: Thu, 3 Nov 2005 17:30:10 -0500
I would have to agree, however, you should be running an email specific product on the email server. Symantec has product specific for Exchange, Notes and others. It has been my experience that Real-Time scanning on a mail server (which shouldn't be running anything else, and should not be used as a "file" server) is unnecessary additional overhead. Install the Desktop A/V component, and configure it to scan as any other server, but exclude the mail databases and stores. Allow the mail integrated product to do the mail scanning. Otherwise you risk data corruption. The right tool for the right job. Cheers, Mark -----Original Message----- From: Micheal Espinola Jr [mailto:michealespinola () gmail com] Sent: Wednesday, November 02, 2005 4:13 PM To: security-basics () securityfocus com Subject: Re: Why NOT to disable Real Time Antivirus on Servers Based on real-world testing and application - I agree with your colleague. The performance hit is not worth it. Even on powerful servers on high-speed networks, myself and my users (when testing got to that point) noticed a significant performance difference. Sorry, no case study. Just undocumented testing with Symantec products. I'd be interested to hear about anyone's testing with other AV apps. On 2 Nov 2005 17:34:12 -0000, george.peek () gmx net <george.peek () gmx net> wrote:
Greetings, An Engineer and I are having an argument about keeping Real Time Antivirus
disabled on servers.
His point is keeping Real Time Antivirus Enabled on servers such as the
Exchange Server takes a huge performance hit on the server.
My argument is that keeping real time antivirus software disabled defeats
the purpose of PREVENTING a server from being infected in the first place. Once it is infected, it is all too late already. The antivirus software is enabled on the workstations.
He argues that since all of the workstations have the antivirus enabled,
then there is no way for the virus to get in.
Mine argument that a virus can still get in through other means. I need
examples and case studies to refer to.
I would like to find different case studies or scenarios where the real
time antivirus was disabled on the servers, enabled on the PCs, and the company still got infected. Also, would like to find solutions to enabling real time scan and stream lining it so it does not affect the Exchange Server as bad.
Would someone point me in the right direction or post potential case
studies.
Please post or email me. George.peek () gmx net Thank You
-- ME2 <http://www.santeriasys.net/>
Current thread:
- Why NOT to disable Real Time Antivirus on Servers george . peek (Nov 02)
- Re: Why NOT to disable Real Time Antivirus on Servers Micheal Espinola Jr (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Mark Brunner (Nov 04)
- Re: Why NOT to disable Real Time Antivirus on Servers Abe Getchell (Nov 07)
- Re: Why NOT to disable Real Time Antivirus on Servers Thierry Zoller (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers Paul Wolstenholme (Nov 04)
- Re: Why NOT to disable Real Time Antivirus on Servers Micheal Espinola Jr (Nov 04)
- Re: Why NOT to disable Real Time Antivirus on Servers Brian Loe (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers RCS (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers Kenton Smith (Nov 03)
- <Possible follow-ups>
- Re: Why NOT to disable Real Time Antivirus on Servers tombrown (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers edizzle56 (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Corey Watts-Jones (Nov 04)
(Thread continues...)
- Re: Why NOT to disable Real Time Antivirus on Servers Micheal Espinola Jr (Nov 03)