Re: Why NOT to disable Real Time Antivirus on Servers

[Abe Getchell <mailing.list.spooler () gmail com>]

I'll chime in - five days late! In my experience, it doesn't matter what 
AV software you're using or on what kind of hardware you're running your 
mail server. You're going to experience an immediately noticeable 
performance hit when enabling "real time protection" (or whatever your 
AV software chooses to call it). Focus, instead, on scanning all mail 
entering and leaving the mail server (regardless of transport) and 
providing adequate client-side protection. Since most virus infections 
I've run across (besides the major worm outbreaks) have generally come 
from a user downloading a piece of code from somewhere and executing it 
on their workstation, you should be pretty safe. You're not downloading 
and executing stuff from the Internet on your mail server, are you?

--
Abe Getchell
abegetchell () gmail com
http://abegetchell.com/

Micheal Espinola Jr wrote:
> Based on real-world testing and application - I agree with your
> colleague.  The performance hit is not worth it.  Even on powerful
> servers on high-speed networks, myself and my users (when testing got
> to that point) noticed a significant performance difference.
>
> Sorry, no case study.  Just undocumented testing with Symantec
> products.  I'd be interested to hear about anyone's testing with other
> AV apps.