Re: Why NOT to disable Real Time Antivirus on Servers

["RCS" <ramseycs () bellsouth net>]

Are any laptops allowed into your environment?  A company I worked for in
the past had AV software on all workstations, and possibly on the servers
(Its been a while, I honestly dont remember), and they were infected by
users in the field bringing their laptops back into the office.   Laptops
used on the road can be an easy target if they cant/dont get AV updates for
a while, then get infected due to out of date virus definitions.

Dedric Ramsey
Ramsey Consulting Services

----- Original Message ----- 
From: <george.peek () gmx net>
To: <security-basics () securityfocus com>
Sent: Wednesday, November 02, 2005 12:34 PM
Subject: Why NOT to disable Real Time Antivirus on Servers


> Greetings,
>
> An Engineer and I are having an argument about keeping Real Time Antivirus
disabled on servers.
> His point is keeping Real Time Antivirus Enabled on servers such as the
Exchange Server takes a huge performance hit on the server.
> My argument is that keeping real time antivirus software disabled defeats
the purpose of PREVENTING a server from being infected in the first place.
Once it is infected, it is all too late already. The antivirus software is
enabled on the workstations.
> He argues that since all of the workstations have the antivirus enabled,
then there is no way for the virus to get in.
> Mine argument that a virus can still get in through other means. I need
examples and case studies to refer to.
> I would like to find different case studies or scenarios where the real
time antivirus was disabled on the servers, enabled on the PCs, and the
company still got infected. Also, would like to find solutions to enabling
real time scan and stream lining it so it does not affect the Exchange
Server as bad.
> Would someone point me in the right direction or post potential case
studies.
> Please post or email me.
>
> George.peek () gmx net
>
> Thank You