Security Basics mailing list archives

Previous By Date Next
Previous By Thread Next

RE: Why NOT to disable Real Time Antivirus on Servers

From: "Corey Watts-Jones" <cwattsjones () rogers com>
Date: Thu, 3 Nov 2005 14:35:01 -0500
You should pray that it *doesn't* take them out of the information store.
You have to set exclusions for the mdbdata dirs or your database could go
corrupt. That's why Symantec Mail Security is a separate program entirely. 

Just something to be very careful of. (from personal experiences with a
foolish client)

-----Original Message-----
From: edizzle56 () hotmail com [mailto:edizzle56 () hotmail com] 
Sent: Thursday, November 03, 2005 12:25 AM
To: security-basics () securityfocus com
Subject: Re: Why NOT to disable Real Time Antivirus on Servers

Will the real-time anti-virus even be able to suck viruses out of the
exchange information store after they've arrived via SMTP?  That would be a
key thing to find out..   If you're running a pure exchange server, without
having any file shares, I'd advocate disabling the realtime anti-virus as
well..   Unless you're actually running an email client or browsing the web
from the exchange server..   If it's a server, clients aren't running code
on it, does this "real-time" a/v provide some worm protection as well?  That
would be a valid argument if it defended against network-based attacks--
Verify CPU utilization though, run performance monitor on CPU utilization
for a day with it disabled and a day with it enabled, is it really worth
arguing about?
Previous By Date Next
Previous By Thread Next

Current thread: