Educause Security Discussion mailing list archives
Re: AV - Full scans or On Access Scans
From: Eric Case <ecase () EMAIL ARIZONA EDU>
Date: Thu, 10 Apr 2008 08:11:07 -0700
At 09:12 AM 4/10/2008 -0400, Jenkins, Matthew wrote:
However, because that's all theory, I don't trust on-access scans enough to not do (or want to do) a full system scan of all hosts. I am curious if anyone else has thoughts on that. Does a full system scan really buy us anything, other than sleep at night (a highly valued commodity)? Just a thought.
The full scan can be configured differently than the on access scan. You might set on access to scan the first 100K of the exe and the full scan to scan the full file and maybe even scan archives (zips). You might file things you didn't think you'd find. When we switch to our current procedure we found 3 year old viruses that were not disinfected. The IT guys just disabled the service but left the service and the virus intact. The full scan found the virus, deleted it, logged it and notified us. It made that first morning interesting. -Eric Eric Case, CISSP <ecase () Arizona edu> Information Security Officer College of Engineering <http://www.Engr.Arizona.edu> 1127 E James E. Rogers Way Room 200 Tucson, AZ 85721-0020 Mobile Phone 520-275-6436
Current thread:
- Re: AV - Full scans or On Access Scans, (continued)
- Re: AV - Full scans or On Access Scans Basgen, Brian (Apr 09)
- Re: AV - Full scans or On Access Scans Charlie Prothero (Apr 09)
- Re: AV - Full scans or On Access Scans Halliday,Paul (Apr 09)
- Re: AV - Full scans or On Access Scans Eric Case (Apr 09)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Consolvo, Corbett D (Apr 10)
- Re: AV - Full scans or On Access Scans Zach Jansen (Apr 10)
- Re: AV - Full scans or On Access Scans Marc Scarborough (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans Eric Case (Apr 10)
- Re: AV - Full scans or On Access Scans Basgen, Brian (Apr 10)
- Re: AV - Full scans or On Access Scans Valdis Kletnieks (Apr 10)
- Re: AV - Full scans or On Access Scans Di Fabio, Andrea (Apr 10)
- Re: AV - Full scans or On Access Scans Gary Flynn (Apr 10)
- Re: AV - Full scans or On Access Scans Halliday,Paul (Apr 10)
- Re: AV - Full scans or On Access Scans Jimmy Kuo (Apr 10)
- Re: AV - Full scans or On Access Scans Jenkins, Matthew (Apr 10)
- Re: AV - Full scans or On Access Scans I. W. Woodle (Apr 11)
- Re: AV - Full scans or On Access Scans King, Ronald A. (Apr 11)
- Re: AV - Full scans or On Access Scans Koerber, Jeff (Apr 17)