RE: Why NOT to disable Real Time Antivirus on Servers

• Previous message: David Gillett: "RE: Investigation- Web pages visited"
• Maybe in reply to: george.peek_at_gmx.net: "Why NOT to disable Real Time Antivirus on Servers"
• Next in thread: Steven Jones: "RE: Why NOT to disable Real Time Antivirus on Servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]

To: "'security-basics@securityfocus.com'" <security-basics@securityfocus.com>
Date: Thu, 3 Nov 2005 07:52:52 -0600

If your server is not protected, then over time one can deduce that your
server will get infected at some point with multiple virus and worms. What
kind of performance hit will it be for that server to sit there and spew out
worms spam ect to all of your workstations, only to have each one of them
kill the same piece of code? Not even to mention the downtime in cleaning
and the possible rebuilding of the server.

Thanks,

John

-----Original Message-----
From: george.peek@gmx.net [mailto:george.peek@gmx.net]
Sent: Wednesday, November 02, 2005 11:34 AM
To: security-basics@securityfocus.com
Subject: Why NOT to disable Real Time Antivirus on Servers

Greetings,

An Engineer and I are having an argument about keeping Real Time Antivirus
disabled on servers.

His point is keeping Real Time Antivirus Enabled on servers such as the
Exchange Server takes a huge performance hit on the server.

My argument is that keeping real time antivirus software disabled defeats
the purpose of PREVENTING a server from being infected in the first place.
Once it is infected, it is all too late already. The antivirus software is
enabled on the workstations.

He argues that since all of the workstations have the antivirus enabled,
then there is no way for the virus to get in.

Mine argument that a virus can still get in through other means. I need
examples and case studies to refer to.

I would like to find different case studies or scenarios where the real time
antivirus was disabled on the servers, enabled on the PCs, and the company
still got infected. Also, would like to find solutions to enabling real time
scan and stream lining it so it does not affect the Exchange Server as bad.

Would someone point me in the right direction or post potential case
studies.

Please post or email me.

George.peek@gmx.net

Thank You

NOTICE: This e-mail and any files transmitted with it may contain confidential or privileged information that is intended only
for the use of the individual or entity to whom they are addressed. This information should be treated with the appropriate
level of security to preclude the disclosure of sensitive or privileged information. If you are not the intended recipient, you
are hereby advised that any disclosure, copying, distribution, or the taking of any action in reliance on the contents of this
information is prohibited. If you have received this e-mail in error, please notify the sender, delete this e-mail from your
machine's memory, and destroy the hardcopy information. Thank you.

• Previous message: David Gillett: "RE: Investigation- Web pages visited"
• Maybe in reply to: george.peek_at_gmx.net: "Why NOT to disable Real Time Antivirus on Servers"
• Next in thread: Steven Jones: "RE: Why NOT to disable Real Time Antivirus on Servers"
• Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]