Security Basics mailing list archives
RE: Why NOT to disable Real Time Antivirus on Servers
From: "Steven Jones" <Steven.Jones () vuw ac nz>
Date: Fri, 4 Nov 2005 10:30:28 +1300
We don't run an anti-virus scanner on the exchange server and it has not been infected in 3 years. There is a difference between passing a virus infected email through an exchange server and actually opening it on the server using outlook or something. So faulty deduction IMHO. The problem with running one on the server is the huge CPU and disk i/o impact.... The best way is to have an intermediate server that does the anti-virus scanning as mail passes into or out of the exchange server. Security professionals often end up only thinking in terms of security and not business needs and the inherent risks and costs.... Somewhere some how you need to balance. Regards thing -----Original Message----- From: Herbold, John W. [mailto:JWHERBOLD () arkbluecross com] Sent: Friday, 4 November 2005 2:53 a.m. To: 'security-basics () securityfocus com' Subject: RE: Why NOT to disable Real Time Antivirus on Servers If your server is not protected, then over time one can deduce that your server will get infected at some point with multiple virus and worms. What kind of performance hit will it be for that server to sit there and spew out worms spam ect to all of your workstations, only to have each one of them kill the same piece of code? Not even to mention the downtime in cleaning and the possible rebuilding of the server. Thanks, John -----Original Message----- From: george.peek () gmx net [mailto:george.peek () gmx net] Sent: Wednesday, November 02, 2005 11:34 AM To: security-basics () securityfocus com Subject: Why NOT to disable Real Time Antivirus on Servers Greetings, An Engineer and I are having an argument about keeping Real Time Antivirus disabled on servers. His point is keeping Real Time Antivirus Enabled on servers such as the Exchange Server takes a huge performance hit on the server. My argument is that keeping real time antivirus software disabled defeats the purpose of PREVENTING a server from being infected in the first place. Once it is infected, it is all too late already. The antivirus software is enabled on the workstations. He argues that since all of the workstations have the antivirus enabled, then there is no way for the virus to get in. Mine argument that a virus can still get in through other means. I need examples and case studies to refer to. I would like to find different case studies or scenarios where the real time antivirus was disabled on the servers, enabled on the PCs, and the company still got infected. Also, would like to find solutions to enabling real time scan and stream lining it so it does not affect the Exchange Server as bad. Would someone point me in the right direction or post potential case studies. Please post or email me. George.peek () gmx net Thank You NOTICE: This e-mail and any files transmitted with it may contain confidential or privileged information that is intended only for the use of the individual or entity to whom they are addressed. This information should be treated with the appropriate level of security to preclude the disclosure of sensitive or privileged information. If you are not the intended recipient, you are hereby advised that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this information is prohibited. If you have received this e-mail in error, please notify the sender, delete this e-mail from your machine's memory, and destroy the hardcopy information. Thank you.
Current thread:
- Re: Why NOT to disable Real Time Antivirus on Servers, (continued)
- Re: Why NOT to disable Real Time Antivirus on Servers edizzle56 (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Corey Watts-Jones (Nov 04)
- Re: Why NOT to disable Real Time Antivirus on Servers Micheal Espinola Jr (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Anton Muthu Kumar B (InfoSec) - CTD, Chennai (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Kirk Brady (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Nick Duda (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Steven Jones (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers THAVEEWAT VASAVAKUL (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers barcajax (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Herbold, John W. (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Steven Jones (Nov 04)
- Message not available
- RE: Why NOT to disable Real Time Antivirus on Servers Pranav Lal (Nov 07)
- Message not available
- Re: Why NOT to disable Real Time Antivirus on Servers edizzle56 (Nov 03)
- Re: Re: Why NOT to disable Real Time Antivirus on Servers Warren V Camp (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Dunigan, Michael (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers DMORROW5 (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Zoran Marjanovic (Nov 04)
- RE: Why NOT to disable Real Time Antivirus on Servers Depp, Dennis M. (Nov 04)
- Re: RE: Why NOT to disable Real Time Antivirus on Servers barcajax (Nov 07)