RE: Should webservers, eg. IIS 6 have anti--virus installed on them?

• Previous message: Sebastian Zdrojewski: "R: Should webservers, eg. IIS 6 have anti--virus installed on them?"
• In reply to: Depp, Dennis M.: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
• Next in thread: Brunner, Mark: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: <focus-ms@securityfocus.com>
Date: Tue, 19 Jul 2005 23:02:31 +0800

 
Greetings,

I think there are 2 main schools here:
1. AV required depending on server role and usage. If documents remain
relatively static(web server serves content only), then lock down, fully
patched and no AV required. It is secondary. If running a site where
documents are uploaded by users, e.g. a web based document management
system(e.g. sharepoint) where documents are uploading reqularly then a AV is
required for sure.

2. AV required always. Filtered scanning required.

/Gill

> -----Original Message-----
> From: Depp, Dennis M. [mailto:deppdm@ornl.gov]
> Sent: Tuesday, July 19, 2005 5:00 AM
> To: Jeff; focus-ms@securityfocus.com
> Subject: RE: Should webservers, eg. IIS 6 have anti--virus
> installed on them?
>
> Jeff,
>
> Interesting comments. Especially about not having IIS in a domain.
>
> Gill,
>
> To me the issue of virus protection depends on how you get
> content installed on a machine and what type of content is on
> the machine If you have a lot of users loading documents to
> your web servers, you might want to consider adding virus
> protection to the servers. Of course you should also have
> virus protection on the desktops as well. I would not
> configure on access virus scanning, but instead would have
> scheduled scanning.
>
> Dennis
>
> -----Original Message-----
> From: Jeff [mailto:jeff@turbofish.com]
> Sent: Monday, July 18, 2005 4:15 PM
> To: focus-ms@securityfocus.com
> Subject: RE: Should webservers, eg. IIS 6 have anti--virus
> installed on them?
>
> Another thing with IIS is it is always good to keep it out of
> the domain altogether. Plus, I monitor all traffic to and
> from the machine. For example, our email/IIS server doesn't
> attach to the network, it sits all by it's lonesome on a
> completely different hub that doesn't touch any of the
> networked machines. Ok, it doesn't really get lonely, I talk
> to it everyday and it does sit right next to the other
> servers. I think I caught it winking at the big SQL server
> the other day - people are beginning to talk.
> But seriously, you need to check SP everyday and keep all of
> the holes filled so yes, you are correct, that is number one.
> At the same time, I have found it helpful to pick and choose
> which patches to install. I have had hardware updates from
> Microsoft that caused me nothing but grief.
>
> Other concerns with running a IIS server is data. I don't
> even like hooking it's SQL server [smallish - just to run web
> data with] with our big SQL server because of security
> reasons. I even turn off the lights just so that the other
> servers won't get jealous
>
> Viruses shouldn't be too much of a trouble with IIS because
> the vast majority of all viruses are activated via email, the
> rest with a few rogue sites. Don't run an email client on it,
> don't surf the web with it, keep all extra ports locked down,
> keep all of the service packs and security releases, be
> careful if you run an email server that saves the emails in
> temp files, and just as an extra protection, it wouldn't hurt
> to have a anti-virus running.
>
> Ok, I'm going home to start working on the non system admin
> programming side of my job - maybe even get some sleep. I
> hate these 16 hour work days without sleep. You know it's bad
> when I enjoy getting a power outages that knocked off all of
> the PC's in our network. No power, no PC/server problems!
>
> -----Original Message-----
> From: Shyaam
> Sent: Monday, July 18, 2005 10:20 AM
> To: ssgill@gilltechnologies.com
> Cc: focus-ms@securityfocus.com
> Subject: Re: Should webservers, eg. IIS 6 have anti--virus
> installed on them?
>
> According to my level of knowledge(which is very minimal, in
> this especially), I would say that a web server should be
> patched well first.
> the
> anti-virus is a secondary issue. Ofcourse, you need an
> antivirus too, but there should always be good patches
> implemented which checks for the latest signatures.
> --Shyaam
>
> On 7/17/05, Sarbjit Singh Gill <ssgill@gilltechnologies.com> wrote:
> >
> > Greetings
> >
> > Should IIS have anti-virus installed on them. I know I
> would do it for
>
> > a fileserver but for IIS, I rather lock it down.
> >
> > Thanks.
> > /Gill
> >
> >
> >
> ----------------------------------------------------------------------
> > -----
> >
> ----------------------------------------------------------------------
> > -----
> >
> >
>
>
> --
> Thank you in advance for your time and consideration.
> Yours Sincerely,
> R.S.Shyaam Sundhar
>
> --------------------------------------------------------------
> ----------
> ---
> --------------------------------------------------------------
> ----------
> ---
>
>
>
> --------------------------------------------------------------
> ----------
> ---
> --------------------------------------------------------------
> ----------
> ---
>
>
> --------------------------------------------------------------
> -------------
> --------------------------------------------------------------
> -------------

---------------------------------------------------------------------------
---------------------------------------------------------------------------

• Previous message: Sebastian Zdrojewski: "R: Should webservers, eg. IIS 6 have anti--virus installed on them?"
• In reply to: Depp, Dennis M.: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
• Next in thread: Brunner, Mark: "RE: Should webservers, eg. IIS 6 have anti--virus installed on them?"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]