Anti-Virus on Server - Advice

Anti-Virus on Server - Advice
Secure Home | Search | About
Login Password
Register Now! Lost Password?
 Microsoft Antivirus Discussions    Post an article   get this group's latest topics as an RSS feed add this group's latest topics to your My MSN content add this group's latest topics to your My Yahoo content add this group's latest topics to your Google content
Subject Author Date
Anti-Virus on Server - Advice Richard Tubb 09-08-2005
Posted by Richard Tubb on September 8, 2005, 7:33 am
If you were  Registered and logged in, you could reply and use other advanced thread options
Hi,

I'm looking for opinions & advice on running Anti-Virus software on Windows
2000/2003 servers.

I'd always suggested running AV software (such as Sophos' products) on file
servers and e-mail servers, but have recently come across a scenario with a
customer server that was labouring badly with high CPU usage. Although an AV
product on the server wasn't the main culprit, when looking at ways to
reduce CPU usage (as an upgrade was unlikely) I considered that incorrectly
running an AV package on a file server might unnecessarily increase disk and
CPU usage when checking every file it reads.

Is there a best practice for AV on file servers? As long as a specific
Server version of a vendors AV package is used, is this ok? What downsides
if someone installed a standard desktop AV package on a server by accident -
would this severely impair server performance whilst it AV checked every
file it dealt with for LAN users? Even when running AV on the client
desktop, is it still prudent to have AV on the file server?

Any thoughts and opinions welcome.

Regards,

Richard Tubb.
www.netlinktrading.co.uk



Posted by David H. Lipman on September 8, 2005, 9:42 am
If you were  Registered and logged in, you could reply and use other advanced thread options

| Hi,
|
| I'm looking for opinions & advice on running Anti-Virus software on Windows
| 2000/2003 servers.
|
| I'd always suggested running AV software (such as Sophos' products) on file
| servers and e-mail servers, but have recently come across a scenario with a
| customer server that was labouring badly with high CPU usage. Although an AV
| product on the server wasn't the main culprit, when looking at ways to
| reduce CPU usage (as an upgrade was unlikely) I considered that incorrectly
| running an AV package on a file server might unnecessarily increase disk and
| CPU usage when checking every file it reads.
|
| Is there a best practice for AV on file servers? As long as a specific
| Server version of a vendors AV package is used, is this ok? What downsides
| if someone installed a standard desktop AV package on a server by accident -
| would this severely impair server performance whilst it AV checked every
| file it dealt with for LAN users? Even when running AV on the client
| desktop, is it still prudent to have AV on the file server?
|
| Any thoughts and opinions welcome.
|
| Regards,
|
| Richard Tubb.
| www.netlinktrading.co.uk
|

I suggest McAfee VirusScan Enterprise software v7.1E or v8.0i

This particular software works on both servers and workstations but has addition
modules
that are run on the server such as the Alert Manager. Other AV applications may
ONLY be for
a workstation or a server but not both. If that is the case, it won't allow the
installation on a server if it is not a server version.

It is ALWAYS prudent to install on a server even if all the workstations are
protected. And
*all* workstations must have AV software. Take the Lovsan/Blaster worm. Prior
to Microsoft
putting out a RPC/DCOM fix for TCP port 135 (the infection vector) McAfee had
signatures for
it. In this case as the exploit tried to write blaster.exe to the system the
"On Access"
scanner blocked this file and thus the platform was not infected. Thus
protecting the
server and a workstation was not necessarily involved.

The McAfee VirusScan v8.0i has added features that v7.1E does not have these are
Buffer
Overflow detection and Intrusion Detection. These mitigate known and unknown
buffer
overflow situations that may be exploitable and attempted hacking attacks.

It is good practice to perform an "On Demand" scan of all server drives
periodically and to
have "On Access" scanning all the time.

--
Dave
http://www.claymania.com/removal-trojan-adware.html
http://www.ik-cs.com/got-a-virus.htm



Posted by John Tiesi on September 8, 2005, 3:41 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
In addition, you might want to take a look at the physical configuration of
your server. It might be that a second processor is needed or possibily,
depending on the age of the server, a new server is needed. I suggest you
talk to your vendor for more specifics on this.


> Hi,
>
> I'm looking for opinions & advice on running Anti-Virus software on
> Windows 2000/2003 servers.
>
> I'd always suggested running AV software (such as Sophos' products) on
> file servers and e-mail servers, but have recently come across a scenario
> with a customer server that was labouring badly with high CPU usage.
> Although an AV product on the server wasn't the main culprit, when looking
> at ways to reduce CPU usage (as an upgrade was unlikely) I considered that
> incorrectly running an AV package on a file server might unnecessarily
> increase disk and CPU usage when checking every file it reads.
>
> Is there a best practice for AV on file servers? As long as a specific
> Server version of a vendors AV package is used, is this ok? What downsides
> if someone installed a standard desktop AV package on a server by
> accident - would this severely impair server performance whilst it AV
> checked every file it dealt with for LAN users? Even when running AV on
> the client desktop, is it still prudent to have AV on the file server?
>
> Any thoughts and opinions welcome.
>
> Regards,
>
> Richard Tubb.
> www.netlinktrading.co.uk
>



Posted by Srikrishna Komatineni on September 9, 2005, 8:11 pm
If you were  Registered and logged in, you could reply and use other advanced thread options
My 2c here..
Trendmicro AV has been running quite good without any problems. IMHO the
server AV shall be dumb enough to allow the client connections without doing
much to the legitimate requests and at the same time protecting from viruses
or other such things..

so far Trendmicro proved it can do the job



> Hi,
>
> I'm looking for opinions & advice on running Anti-Virus software on
> Windows 2000/2003 servers.
>
> I'd always suggested running AV software (such as Sophos' products) on
> file servers and e-mail servers, but have recently come across a scenario
> with a customer server that was labouring badly with high CPU usage.
> Although an AV product on the server wasn't the main culprit, when looking
> at ways to reduce CPU usage (as an upgrade was unlikely) I considered that
> incorrectly running an AV package on a file server might unnecessarily
> increase disk and CPU usage when checking every file it reads.
>
> Is there a best practice for AV on file servers? As long as a specific
> Server version of a vendors AV package is used, is this ok? What downsides
> if someone installed a standard desktop AV package on a server by
> accident - would this severely impair server performance whilst it AV
> checked every file it dealt with for LAN users? Even when running AV on
> the client desktop, is it still prudent to have AV on the file server?
>
> Any thoughts and opinions welcome.
>
> Regards,
>
> Richard Tubb.
> www.netlinktrading.co.uk
>



Posted by Lanwench [MVP - Exchange] on September 11, 2005, 8:30 am
If you were  Registered and logged in, you could reply and use other advanced thread options


> Hi,
>
> I'm looking for opinions & advice on running Anti-Virus software on
> Windows 2000/2003 servers.
>
> I'd always suggested running AV software (such as Sophos' products)
> on file servers and e-mail servers, but have recently come across a
> scenario with a customer server that was labouring badly with high
> CPU usage. Although an AV product on the server wasn't the main
> culprit, when looking at ways to reduce CPU usage (as an upgrade was
> unlikely) I considered that incorrectly running an AV package on a
> file server might unnecessarily increase disk and CPU usage when
> checking every file it reads.
> Is there a best practice for AV on file servers? As long as a specific
> Server version of a vendors AV package is used, is this ok? What
> downsides if someone installed a standard desktop AV package on a
> server by accident - would this severely impair server performance
> whilst it AV checked every file it dealt with for LAN users? Even
> when running AV on the client desktop, is it still prudent to have AV
> on the file server?
> Any thoughts and opinions welcome.
>
> Regards,
>
> Richard Tubb.
> www.netlinktrading.co.uk

I second the Trend recommendation - ServerProtect. Scan on inbound only (for
realtime scanning).



Similar ThreadsPosted
OEM AntiVirus Software Advice January 31, 2006, 10:41 am
Server Antivirus software July 12, 2005, 8:07 pm
Antivirus for Server 2003 Standard R2 May 25, 2006, 11:46 am
Antivirus for SMTP Relay server March 13, 2007, 11:23 am
Re: AntiVirus Software for Server 2003 November 19, 2007, 1:38 pm
Sophos Antivirus- "could not contact server" March 4, 2008, 2:42 am
Need an antivirus for Server 2008 64bits July 4, 2008, 10:56 am
Migration of Symantec AntiVirus Server from version 10.0 to 10.1 problem September 28, 2006, 3:49 am
help please. malware removal advice October 3, 2005, 7:57 pm
low on virtual memory advice October 30, 2005, 5:00 am

The site map in XML format XML site map

Contact Us | Privacy Policy