that you should at least have an active scan of certain directories
(where uploads occur).
John
-----Original Message-----
From: Mike Chabot [mailto:[EMAIL PROTECTED]
Sent: Wednesday, July 21, 2004 1:53 PM
To: CF-Talk
Subject: Re: Anti-Virus Software on a Server
>While AV Software may not protect against windows and other security
>holes, if your CF server allows any uploads of files or anything, I'd
>definitely say AV Software is a GOOD THING.
>
>John
I am not suggesting that people should stop running AV software. Rather,
I am making the case that realtime protection may be more detrimental
than beneficial for servers.
Even with a site where people upload files, the risk of viruses damaging
the server in this manner is not that substantial in my view. What is
someone going to upload? The most common case is a Word doc with a
macrovirus. I have not seen a macrovirus is a long time, but I am sure
they are still around and have the capability of infecting old versions
of MS Word. It would be nice to rid these files of the macroviruses
before someone downloads the doc. However, these viruses are not the
type that bring down a server. Are people uploading .exe or .vbs files
onto the server? A ColdFusion rule that prevents these files from being
saved would be the better strategy, and even this I would consider to be
more of a hack attempt than an actual virus. I do not know of any virus
that is capable of automatically uploading itself to servers via
Web-based forms, but I suppose this is an avenue future virus writers
can explore.
Thank you,
Mike Chabot
[Todays Threads] [This Message] [Subscription] [Fast Unsubscribe] [User Settings] [Donations and Support]
