Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

Re: Why NOT to disable Real Time Antivirus on Servers

From: Micheal Espinola Jr <michealespinola () gmail com>
Date: Thu, 3 Nov 2005 14:35:52 -0500
Absolutely not.  Letting real-time AV look at your store files is
*asking* for database corruption.  Microsoft's documentation, and many
blogs by Exchange team members and MVP's could not be more clear on
this fact.

*If* real-time AV is to be installed on an Exchange server, there are
a number of exclusions that must be configured so the AV does not
cause store corruption.

It should also be noted that this is not just a matter of Exchange on
a Windows server - but you also have to do similar exclusions for WINS
and various other system files and directory structures.

So, not only are you saving yourself from a performance hit - but you
just might be saving yourself a future headache.

On 3 Nov 2005 05:24:55 -0000, edizzle56 () hotmail com
<edizzle56 () hotmail com> wrote:

Will the real-time anti-virus even be able to suck viruses out of the exchange information store after they've 
arrived via SMTP?  That would be a key thing to find out..   If you're running a pure exchange server, without having 
any file shares, I'd advocate disabling the realtime anti-virus as well..   Unless you're actually running an email 
client or browsing the web from the exchange server..   If it's a server, clients aren't running code on it, does 
this "real-time" a/v provide some worm protection as well?  That would be a valid argument if it defended against 
network-based attacks--  Verify CPU utilization though, run performance monitor on CPU utilization for a day with it 
disabled and a day with it enabled, is it really worth arguing about?




--
ME2  <http://www.santeriasys.net/>
Previous By Date Next
Previous By Thread Next

Current thread: