But see the response. What if I can exploit something on your webserver to upload a virus to your server, and use your server to distribute it to others? Download.Ject etc? So, it's not doing anything bad to your server, but your server is being used to deliver the badness to others. That's where AV on your server is going to clean these things up.
And, someone, somehow, needs to get the content onto your webserver in the first place, unless you let developers sit at the console typing in webpages by hand using notepad. So that's another infection vector. Nothing is simple. AV is one more line of defense. Wether it's worth implementing depends on your situation. For the record (in reference to an earlier post) I like Symantec's corporate offering, and Trend's stuff as well. Cheers Ken > -----Original Message----- > From: [EMAIL PROTECTED] [mailto:ActiveDir- > [EMAIL PROTECTED] On Behalf Of Susan Bradley, CPA aka Ebitz - SBS > Rocks [MVP] > Sent: Thursday, 6 October 2005 5:19 AM > To: [email protected] > Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment > > Read the thread and see this blog post that Harlan did on the topic. I > don't think it's as cut and dried as this. The idea is that the > webserver in this instance would have no connection to your domain. > > http://windowsir.blogspot.com/2005/07/av-software-on-web-servers- > revisited.html > > We want to do it because it's cheap and it's there. But in reality it > is a bandaid and is reactive. > [EMAIL PROTECTED] wrote: > > >>>>if you set up a server for a select job, lock it down.... only serve > up > >>>> > >>>> > >static pages.. why 'does' it need to be covered by A/V was the topic > > > > > > > >Maybe because if your server can "serve" anything, it can be "served" in > >return. Where I come from, we call it the "scratch my back, I scratch > your > >back" factor :) > > > >With the prevalence of network-burrowing, SMB-crawling worms and trojans, > the > >fact that you are serving static files is no protection at all. > > > > > >Sincerely, > > > >Dèjì Akómöláfé, MCSE+M MCSA+M MCP+I > >Microsoft MVP - Directory Services > >www.readymaids.com - we know IT > >www.akomolafe.com > >Do you now realize that Today is the Tomorrow you were worried about > >Yesterday? -anon > > > >________________________________ > > > >From: [EMAIL PROTECTED] on behalf of Susan Bradley, CPA > aka > >Ebitz - SBS Rocks [MVP] > >Sent: Wed 10/5/2005 10:28 AM > >To: [email protected] > >Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment > > > > > > > >I came <<this close>> to ripping out Trend in my office due to the BSOD, > >false positives and the infamous Friday incident. They are on probation > >right now. > > > >The ones bantered around in our A/V wars discussions: > > > >Symantec [not yellow box but corp] > >Sophos > >CA > > > >I have a fellow SBSer in AU who LOVES Nod32. > > > >Pick one... they are in reality ALL reactionary. > > > >Real geeks don't use A/V anyway. [you should have seen the thread on > >whether to stick a/v on a web server on the focus on ms listserve... if > >you set up a server for a select job, lock it down.... only serve up > >static pages.. why 'does' it need to be covered by A/V was the topic] > > > > > > > >Tim Vander Kooi wrote: > > > > > > > >>I've only been on the list a short time, but I must have missed the > >>mandatory Trend Micro brainwashing. :-) > >>So far from what I have noticed there seems to be a set answer to all AV > >>questions. > >>Question: I'm curious about the capabilities of NOD32. > >>Answers (en mass): You should use Trend Micro. > >>Question: Is anyone using Symantec? > >>Answer (again en mass): You should buy Trend Micro. > >> > >>Not that there is anything wrong with Trend Micro's product, it's great > >>in my opinion, but these responses don't seem to be very helpful with > >>regard to the questions being asked. > >> > >>My apologies to the list "gods" if TM is the list sponsor. :-) > >>Tim > >> > >>-----Original Message----- > >>From: [EMAIL PROTECTED] > >>[mailto:[EMAIL PROTECTED] On Behalf Of Glen Miller > >>Sent: Wednesday, October 05, 2005 11:55 AM > >>To: '[email protected]' > >>Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment > >> > >>Look into a product called Office Scan, by a company called Trend Micro. > >>I have been using this product happily since 1998. It saved me from the > >>"I love you" bug and a few rather nasty ones since. > >> > >>"I want my two dollars!" > >> > >> > >>And Joe! Petitioning Webster's to include Joe-isms as an actual word. > >> > >> > >> > >> > >>-----Original Message----- > >>From: [EMAIL PROTECTED] > >>[mailto:[EMAIL PROTECTED] On Behalf Of Ahmed Al Awah > >>Sent: Tuesday, October 04, 2005 12:35 PM > >>To: '[email protected]' > >>Subject: RE: [ActiveDir] Anti-virus protection in domain enviroment > >> > >>Since we're on topic..is anyone using Symantec AntiVirus 10 corp edition > >>for A/V protection in a domain environment? > >> > >>-----Original Message----- > >>From: Susan Bradley, CPA aka Ebitz - SBS Rocks [MVP] > >>[mailto:[EMAIL PROTECTED] > >>Sent: October 4, 2005 11:07 AM > >>To: [email protected] > >>Subject: Re: [ActiveDir] Anti-virus protection in domain enviroment > >> > >> > >>My 1 cent. > >> > >>I should go back to lurking...but... when choosing your a/v solution > >>there's something to check on... some of the a/v vendors have > >>historically needed admin rights to update or have had vulnerabilities > >>themselves. > >> > >>Might be something to investigate and consider when chosing an a/v > >>...especially on a DC. > >> > >>In my own historical issues with Trend, the OfficeProtect dat file > >>upgrade to XP sp2 wasn't properly 'vetted" and flatlined my workstations > >> > >>and last I heard cost Trend $8 mil in lost sales. They've also had a > >>security vulnerability patched somewhat recently. > >> > >>Epo's had their issues as well.... > >> > >>http://xforce.iss.net/xforce/xfdb/21839 > >> > >>ISS X-Force Database: epolicy-msde-obtain-password(12787): ePolicy > >>Orchestrator could allow an attacker to obtain MSDE SA password: > >>http://xforce.iss.net/xforce/xfdb/12787 > >> > >>ISS X-Force Database: epolicy-execute-commands(14166): ePolicy > >>Orchestrator command execution: http://xforce.iss.net/xforce/xfdb/14166 > >> > >> > >> > >>Al Garrett wrote: > >> > >> > >> > >> > >> > >>>My 2 cents... > >>>EpO has worked outstanding for us. > >>>Does inventory reports, finds "rogues", demonstrates to pointy-haired > >>>bosses how many infections are avoided and how dangerous it is "out > >>>there." > >>>Combined with CommTouch Anti-Spam solution. > >>> > >>> -----Original Message----- > >>> *From:* [EMAIL PROTECTED] > >>> List info : http://www.activedir.org/List.aspx List FAQ : http://www.activedir.org/ListFAQ.aspx List archive: http://www.mail-archive.com/activedir%40mail.activedir.org/
