Re: Anti-Virus on Server - Advice
From: David H. Lipman (DLipman~nospam~_at_Verizon.Net)
Date: 09/08/05
- Next message: boaz: "Re: VX2 - My Victory!"
- Previous message: David H. Lipman: "Re: VundoFix - where?"
- In reply to: Richard Tubb: "Anti-Virus on Server - Advice"
- Next in thread: John Tiesi: "Re: Anti-Virus on Server - Advice"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Date: Thu, 8 Sep 2005 09:42:56 -0400
From: "Richard Tubb" <richard@netlinktrading.co.uk>
| Hi,
|
| I'm looking for opinions & advice on running Anti-Virus software on Windows
| 2000/2003 servers.
|
| I'd always suggested running AV software (such as Sophos' products) on file
| servers and e-mail servers, but have recently come across a scenario with a
| customer server that was labouring badly with high CPU usage. Although an AV
| product on the server wasn't the main culprit, when looking at ways to
| reduce CPU usage (as an upgrade was unlikely) I considered that incorrectly
| running an AV package on a file server might unnecessarily increase disk and
| CPU usage when checking every file it reads.
|
| Is there a best practice for AV on file servers? As long as a specific
| Server version of a vendors AV package is used, is this ok? What downsides
| if someone installed a standard desktop AV package on a server by accident -
| would this severely impair server performance whilst it AV checked every
| file it dealt with for LAN users? Even when running AV on the client
| desktop, is it still prudent to have AV on the file server?
|
| Any thoughts and opinions welcome.
|
| Regards,
|
| Richard Tubb.
| www.netlinktrading.co.uk
|
I suggest McAfee VirusScan Enterprise software v7.1E or v8.0i
This particular software works on both servers and workstations but has addition modules
that are run on the server such as the Alert Manager. Other AV applications may ONLY be for
a workstation or a server but not both. If that is the case, it won't allow the
installation on a server if it is not a server version.
It is ALWAYS prudent to install on a server even if all the workstations are protected. And
*all* workstations must have AV software. Take the Lovsan/Blaster worm. Prior to Microsoft
putting out a RPC/DCOM fix for TCP port 135 (the infection vector) McAfee had signatures for
it. In this case as the exploit tried to write blaster.exe to the system the "On Access"
scanner blocked this file and thus the platform was not infected. Thus protecting the
server and a workstation was not necessarily involved.
The McAfee VirusScan v8.0i has added features that v7.1E does not have these are Buffer
Overflow detection and Intrusion Detection. These mitigate known and unknown buffer
overflow situations that may be exploitable and attempted hacking attacks.
It is good practice to perform an "On Demand" scan of all server drives periodically and to
have "On Access" scanning all the time.
-- Dave http://www.claymania.com/removal-trojan-adware.html http://www.ik-cs.com/got-a-virus.htm
- Next message: boaz: "Re: VX2 - My Victory!"
- Previous message: David H. Lipman: "Re: VundoFix - where?"
- In reply to: Richard Tubb: "Anti-Virus on Server - Advice"
- Next in thread: John Tiesi: "Re: Anti-Virus on Server - Advice"
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ] [ attachment ]
Relevant Pages
|
