the AV got on their network because symantec corporate edition didn't detect it, despite their docs saying they can detect this family of virus's since December 2003 (which is the third time in under a month i've had this happen on our network - although mcaffee doesn't detect this virus either and as of yesterday you have to request a specific patch from mcaffee support for this)
The problem in all our customer cases is that the database server is not firewalled from the rest of the network and I can't see a customer buying a firewall for *each* server that they need to run and only allowing the relevant ports to it. Their entire network was *supposedly* firewalled with only certain ports going out, but I think the infection was caused by a user dialing into the internet on their laptop and then infecting the lan when plugging it in on monday morning I liked simon's comment about the shares with SB and i'd also like to mention that the preferred method of communication on a windows server is via a network share and not sbz or ftp! as to various versions of software, mcaffee kills the processing speed of pc's in a big way - (symantec is a little better). the speed of updates is a big minus for symantec but i'd say that all a/v software is really slow to react at the moment with the amount of virus's. -- u2-users mailing list [EMAIL PROTECTED] http://www.oliver.com/mailman/listinfo/u2-users
