"True, but, how did that virus get inside the domain in the first place? "  
They had no clue.  One conceivable method would be a compromised laptop that 
was outside the LAN for a while and not updated until hitting the LAN again - 
DOH! Hit the LAN, infect some servers, then find out the laptop was 
infected.... We have plenty of laptops that float around (and yes I know with 
SCCM I can adopt a desired config to keep things off my LAN until they meet x 
requirements, but we are nowhere near that  yet).

Good points and yes, I for one am interested in what you guys decide.

Dave
PS I agree ePO is a major pain in the arse....

From: Sherry Abercrombie [mailto:[EMAIL PROTECTED]
Sent: Thursday, August 28, 2008 10:12 AM
To: NT System Admin Issues
Subject: Re: AV on *all* servers...or no?

True, but, how did that virus get inside the domain in the first place?  We 
scan email in multiple places (gateway, Exchange) with mutliple virus scanning 
engines, workstations have virus scan that scan's on access, on read, on write 
etc, then it shouldn't ever get in.

I'm not necessarily advocating removing virus scan from all servers all the 
time, I just think that this idea (I'm talking about my local setup) of every 
server having the same setup/configuration needs to be re-evaluated.

I'll let ya'll know what we decide in our meeting this afternoon.
On 8/28/08, David Lum <[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote:

What about viruses (viruii?) that spread via network share? Taking the gateway 
out won't stop those kind (W32/Sircam, etc). Textron had an issue when as soon 
as they'd bring up a new server it would get infected as soon as it joined the 
domain because some other had the virus...



Dave



From: Sherry Abercrombie [mailto:[EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]>]
Sent: Thursday, August 28, 2008 9:27 AM
To: NT System Admin Issues
Subject: Re: AV on *all* servers...or no?



Ok, this is something that I've been dealing with/battling the powers that be 
for the last several weeks.  Unfortunately, I'm stuck with McAfee Virus Scan 
Enterprise using EPO to manage it.  Over the last several weeks I've had a 
problem with my backups to various servers failing (Backup Exec v11d) with an 
error that it cannot connect to the remote agent on the specified server.  Then 
the next day or a day or so later, it's fine for several days, so I KNOW it's 
not a failure of Backup Exec or the remote agent.  In researching the problem, 
I can pinpoint when it is failing in the BE job log, and pinpoint that McAfee 
on-demand scan is happening at the same time on the server.  Problem goes away 
when I finally manage to get EPO to stop the on demand scan on the server 
(don't get me started on EPO, it's a royal pain in the ocola).  My argument is 
that not all servers need to have virus scan on them, and that they can be 
further secured by removing their gateway.  I firmly believe that servers such 
as file and print that users can write data to absolutely must have a virus 
scan application on them, regardless of performance hit.   Users just can't be 
trusted.  But most servers that are not directly touched by users saving files 
to it, not surfing the internet (IMNSHO, no servers should ever be used to surf 
the internet from), have their gateway removed and no or minimal virus scanning 
on them should be a reasonable approach.  BTW, we are having a group meeting 
this afternoon at 1PM to discuss this subject.  I guess I've been a squeaky 
wheel ;)

On 8/28/08, [EMAIL PROTECTED]<mailto:[EMAIL PROTECTED]> <[EMAIL 
PROTECTED]<mailto:[EMAIL PROTECTED]>> wrote:

IMHO, it isn't needed on all servers, or even the majority of them, *IF*
your clients are up to date with AV software.  I sometimes don't want the
extra overhead on my servers of having AV installed, management of the
software, patching of software, the all-too-often conflict of AV with other
software, etc.

But, OTOH, I don't necessarily think it's a bad thing to have AV installed
on all servers in certain circumstances when done right.  Just not
NEEDED.... (IMHO).

JR


Original Message:
-----------------
From: David Lum [EMAIL PROTECTED]
Date: Thu, 28 Aug 2008 08:53:12 -0700
To: 
[email protected]<mailto:[email protected]>
Subject: AV on *all* servers...or no?



[Cross posted here and on the Vipre Enterprise list]

There is some debate among my fellow IS staff here weather AV should be on
all 200+ of our servers. From my standpoint my question would be "Why not?"
- put it on all servers and exclude what's necessary We are "SQL heavy" and
I'm sure performance is the primary concern , but is there any compelling
reason to completely leave it off of some servers?

Dave Lum - Systems Engineer
971-222-1025
Northwest Evaluation Association - www.nwea.org<http://www.nwea.org>



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

--------------------------------------------------------------------
mail2web LIVE - Free email based on Microsoft(r) Exchange technology -
http://link.mail2web.com/LIVE



~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~



--
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke












--
Sherry Abercrombie

"Any sufficiently advanced technology is indistinguishable from magic."
Arthur C. Clarke





~ Finally, powerful endpoint security that ISN'T a resource hog! ~
~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/>  ~

Reply via email to