OT - Multiple Virus Scanners

Glenn Steen glenn.steen at gmail.com
Wed Aug 16 21:01:20 IST 2006

On 16/08/06, Julian Field <mailscanner at ecs.soton.ac.uk> wrote:
> Hash: SHA1
> Glenn Steen wrote:
> > On 16/08/06, Peter Peters <P.G.M.Peters at utwente.nl> wrote:
> >> Hash: SHA1
> >>
> >> Glenn Steen wrote on 15-8-2006 14:39:
> >>
> >> > If you have a site license for a commercial AV, you might be entiteled
> >> > to download/use/update their *nix priduct too. This is true for at
> >> > least McAfee.
> >>
> >> We do. But we explicitly have decided against using that on our main
> >> servers. It is already running on the clients and Exchange. I want to
> >> use another scanner to protect from mistakes that might show up on one
> >> of the scanners. It will be picked up by the other scanners.
> >>
> > Oh yes, very true.
> > But if you (as we have had in the past) have a somewhat quirky GSE
> > that sometime fail to get updated, and have the resources to spare, on
> > the gateway.... Then adding it into the mix isn't a bad idea either.
> As you might imagine, I have a PC with rather a lot of viruses on it,
> for testing stuff, and all sorts of virus-laden email. A lot of the
> time, I don't use any anti-virus software at all, as it just gets in the
> way. But when I do, I use different software (F-Prot) than the one we
> have a site licence for (Sophos).
> I think running different AV on the gateway from what you run on the
> desktop (if you are limited by financial constraints, and cannot run 3
> on the gateway) is a very good idea. If Sophos is a bit late in getting
> the detector update for the latest new worm, then you don't want all
> your layers of protection failing together. If you run the same software
> everywhere, it will all fail at the same time, demolishing your
> defences. You want multiple, different, layers of defence.
No argument, but... as some have mentioned, there are good reasons to
have it (at least mcafee) on both (in the mcafee case you likely emply
EPO, which will use a completely different path for getting the
updates.... and with their track record, you really want more than one
path, so that at least one subsustem is updated asap;). And all the
theorizing has been from the standpoint that one should always have
more than one AV on the MS gateway.
Apart from that, we're in complete agreement:-)

-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se

More information about the MailScanner mailing list