Security Basics mailing list archives
Re: Why NOT to disable Real Time Antivirus on Servers
From: Micheal Espinola Jr <michealespinola () gmail com>
Date: Thu, 3 Nov 2005 14:35:52 -0500
Absolutely not. Letting real-time AV look at your store files is *asking* for database corruption. Microsoft's documentation, and many blogs by Exchange team members and MVP's could not be more clear on this fact. *If* real-time AV is to be installed on an Exchange server, there are a number of exclusions that must be configured so the AV does not cause store corruption. It should also be noted that this is not just a matter of Exchange on a Windows server - but you also have to do similar exclusions for WINS and various other system files and directory structures. So, not only are you saving yourself from a performance hit - but you just might be saving yourself a future headache. On 3 Nov 2005 05:24:55 -0000, edizzle56 () hotmail com <edizzle56 () hotmail com> wrote:
Will the real-time anti-virus even be able to suck viruses out of the exchange information store after they've arrived via SMTP? That would be a key thing to find out.. If you're running a pure exchange server, without having any file shares, I'd advocate disabling the realtime anti-virus as well.. Unless you're actually running an email client or browsing the web from the exchange server.. If it's a server, clients aren't running code on it, does this "real-time" a/v provide some worm protection as well? That would be a valid argument if it defended against network-based attacks-- Verify CPU utilization though, run performance monitor on CPU utilization for a day with it disabled and a day with it enabled, is it really worth arguing about?
-- ME2 <http://www.santeriasys.net/>
Current thread:
- Re: Why NOT to disable Real Time Antivirus on Servers, (continued)
- Re: Why NOT to disable Real Time Antivirus on Servers Abe Getchell (Nov 07)
- Re: Why NOT to disable Real Time Antivirus on Servers Thierry Zoller (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers Paul Wolstenholme (Nov 04)
- Re: Why NOT to disable Real Time Antivirus on Servers Micheal Espinola Jr (Nov 04)
- Re: Why NOT to disable Real Time Antivirus on Servers Brian Loe (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers RCS (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers Kenton Smith (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers tombrown (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers edizzle56 (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Corey Watts-Jones (Nov 04)
- Re: Why NOT to disable Real Time Antivirus on Servers Micheal Espinola Jr (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Anton Muthu Kumar B (InfoSec) - CTD, Chennai (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Kirk Brady (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Nick Duda (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Steven Jones (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers THAVEEWAT VASAVAKUL (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers barcajax (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Herbold, John W. (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Steven Jones (Nov 04)
- Message not available
- RE: Why NOT to disable Real Time Antivirus on Servers Pranav Lal (Nov 07)
- Message not available
- Re: Re: Why NOT to disable Real Time Antivirus on Servers Warren V Camp (Nov 04)