Security Basics mailing list archives
Symantec/Norton Real-Time Antivirus Considered Harmful on Exchange Servers
From: josh () securityfocus com, jrandrews.net () securityfocus com (at)
Date: 3 Nov 2005 23:22:41 -0000
I've had to deal Symantec/Norton antivirus before on Exchange servers. This is a nightmare waiting to happen and certainly more then a simple performance issue. I have been through a case where our Exchange Server totally bombed and did not respond to requests for 8 hours because of the Symantec Corporate Agent running on the Exchange Server. I did not originally know what the problem was and finally had to call Microsoft. We managed to figure out and turn off the Symantec AV Agent. Also, the issue did not manifest itself for a month or more and we never found out why it chose to happen then... MS recommends against running any filesystem AV on an Exchange Server and it can even corrupt your Information Store. We had lingering permissions issues afterwards that it took a while to clean up. And yes, the appropriate Exchange directories were in the exclusion list. It didn't matter. I know that the alternative of not running local filesystem AV is not particularly attractive, but it's better then crashing your Exchange server. Regards, Josh
Current thread:
- Symantec/Norton Real-Time Antivirus Considered Harmful on Exchange Servers at (Nov 04)
- Re: Symantec/Norton Real-Time Antivirus Considered Harmful on Exchange Servers Kenton Smith (Nov 07)
- <Possible follow-ups>
- RE: Symantec/Norton Real-Time Antivirus Considered Harmful on Exchange Servers Roger A. Grimes (Nov 07)
- RE: Symantec/Norton Real-Time Antivirus Considered Harmful on Exchange Servers Mike Fetherston (Nov 07)