Security Basics mailing list archives
Re: Why NOT to disable Real Time Antivirus on Servers
From: Abe Getchell <mailing.list.spooler () gmail com>
Date: Mon, 07 Nov 2005 11:13:39 -0500
I'll chime in - five days late! In my experience, it doesn't matter what AV software you're using or on what kind of hardware you're running your mail server. You're going to experience an immediately noticeable performance hit when enabling "real time protection" (or whatever your AV software chooses to call it). Focus, instead, on scanning all mail entering and leaving the mail server (regardless of transport) and providing adequate client-side protection. Since most virus infections I've run across (besides the major worm outbreaks) have generally come from a user downloading a piece of code from somewhere and executing it on their workstation, you should be pretty safe. You're not downloading and executing stuff from the Internet on your mail server, are you?
-- Abe Getchell abegetchell () gmail com http://abegetchell.com/ Micheal Espinola Jr wrote:
Based on real-world testing and application - I agree with your colleague. The performance hit is not worth it. Even on powerful servers on high-speed networks, myself and my users (when testing got to that point) noticed a significant performance difference. Sorry, no case study. Just undocumented testing with Symantec products. I'd be interested to hear about anyone's testing with other AV apps.
Current thread:
- Why NOT to disable Real Time Antivirus on Servers george . peek (Nov 02)
- Re: Why NOT to disable Real Time Antivirus on Servers Micheal Espinola Jr (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Mark Brunner (Nov 04)
- Re: Why NOT to disable Real Time Antivirus on Servers Abe Getchell (Nov 07)
- Re: Why NOT to disable Real Time Antivirus on Servers Thierry Zoller (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers Paul Wolstenholme (Nov 04)
- Re: Why NOT to disable Real Time Antivirus on Servers Micheal Espinola Jr (Nov 04)
- Re: Why NOT to disable Real Time Antivirus on Servers Brian Loe (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers RCS (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers Kenton Smith (Nov 03)
- <Possible follow-ups>
- Re: Why NOT to disable Real Time Antivirus on Servers tombrown (Nov 03)
- Re: Why NOT to disable Real Time Antivirus on Servers edizzle56 (Nov 03)
- RE: Why NOT to disable Real Time Antivirus on Servers Corey Watts-Jones (Nov 04)
- Re: Why NOT to disable Real Time Antivirus on Servers Micheal Espinola Jr (Nov 04)
(Thread continues...)
- Re: Why NOT to disable Real Time Antivirus on Servers Micheal Espinola Jr (Nov 03)