OT - Multiple Virus Scanners

Glenn Steen glenn.steen at gmail.com
Wed Aug 16 21:01:20 IST 2006


On 16/08/06, Julian Field <mailscanner at ecs.soton.ac.uk> wrote:
> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA1
>
>
>
> Glenn Steen wrote:
> > On 16/08/06, Peter Peters <P.G.M.Peters at utwente.nl> wrote:
> >> -----BEGIN PGP SIGNED MESSAGE-----
> >> Hash: SHA1
> >>
> >> Glenn Steen wrote on 15-8-2006 14:39:
> >>
> >> > If you have a site license for a commercial AV, you might be entiteled
> >> > to download/use/update their *nix priduct too. This is true for at
> >> > least McAfee.
> >>
> >> We do. But we explicitly have decided against using that on our main
> >> servers. It is already running on the clients and Exchange. I want to
> >> use another scanner to protect from mistakes that might show up on one
> >> of the scanners. It will be picked up by the other scanners.
> >>
> > Oh yes, very true.
> > But if you (as we have had in the past) have a somewhat quirky GSE
> > that sometime fail to get updated, and have the resources to spare, on
> > the gateway.... Then adding it into the mix isn't a bad idea either.
>
> As you might imagine, I have a PC with rather a lot of viruses on it,
> for testing stuff, and all sorts of virus-laden email. A lot of the
> time, I don't use any anti-virus software at all, as it just gets in the
> way. But when I do, I use different software (F-Prot) than the one we
> have a site licence for (Sophos).
>
> I think running different AV on the gateway from what you run on the
> desktop (if you are limited by financial constraints, and cannot run 3
> on the gateway) is a very good idea. If Sophos is a bit late in getting
> the detector update for the latest new worm, then you don't want all
> your layers of protection failing together. If you run the same software
> everywhere, it will all fail at the same time, demolishing your
> defences. You want multiple, different, layers of defence.
>
No argument, but... as some have mentioned, there are good reasons to
have it (at least mcafee) on both (in the mcafee case you likely emply
EPO, which will use a completely different path for getting the
updates.... and with their track record, you really want more than one
path, so that at least one subsustem is updated asap;). And all the
theorizing has been from the standpoint that one should always have
more than one AV on the MS gateway.
Apart from that, we're in complete agreement:-)

-- 
-- Glenn
email: glenn < dot > steen < at > gmail < dot > com
work: glenn < dot > steen < at > ap1 < dot > se


More information about the MailScanner mailing list