Educause Security Discussion mailing list archives

Previous By Date Next
Previous By Thread Next

Re: AV - Full scans or On Access Scans

From: Eric Case <ecase () EMAIL ARIZONA EDU>
Date: Thu, 10 Apr 2008 08:11:07 -0700
At 09:12 AM 4/10/2008 -0400, Jenkins, Matthew wrote:

However, because that's all theory, I don't trust on-access scans
enough to not do (or want to do) a full system scan of all hosts.  I
am curious if anyone else has thoughts on that.  Does a full system
scan really buy us anything, other than sleep at night (a highly
valued commodity)?  Just a thought.


     The full scan can be configured differently than the on access
scan.  You might set on access to scan the first 100K of the exe and
the full scan to scan the full file and maybe even scan archives (zips).

     You might file things you didn't think you'd find.  When we
switch to our current procedure we found 3 year old viruses that were
not disinfected.  The IT guys just disabled the service but left the
service and the virus intact.  The full scan found the virus, deleted
it, logged it and notified us.  It made that first morning interesting.
-Eric




Eric Case, CISSP  <ecase () Arizona edu>
Information Security Officer
College of Engineering   <http://www.Engr.Arizona.edu>
1127 E James E. Rogers Way Room 200
Tucson, AZ 85721-0020
Mobile Phone 520-275-6436
Previous By Date Next
Previous By Thread Next

Current thread: