Re: Why NOT to disable Real Time Antivirus on Servers

[Paul Wolstenholme <wolstena () sfu ca>]

On Nov 2, 2005, at 1:21 PM, Thierry Zoller wrote:

> gpgn> He argues that since all of the workstations have the antivirus
> gpgn> enabled, then there is no way for the virus to get in.
>
> You should not rely on the user to have is AV solution enabled
> everytime. Then there are bugs, crashes in the AV soft, rogue
> workstations etc. Better have 2 lines of defencse than 1 here imho.

Most definitely. The more depth the better.

You could mitigate the performance hit on the Exchange box by having a 
relay server in front of the Exchange box that does the AV scanning 
(and spam tagging if your like). Some people use Postfix and 
amavisd-new (with their favourite AV scanner). If the load becomes too 
high on the relay server you can run amavisd-new on another box as 
well.

> gpgn> Mine argument that a virus can still get in through other
> gpgn> means. I need examples and case studies to refer to.