Anti-Virus on Production servers?

Forum Moderators: phranque

Message Too Old, No Replies

Anti-Virus on Production servers?

Yes or No?

mattglet

3:17 pm on Feb 17, 2006 (gmt 0)

Relevant post:
[webmasterworld.com ]

I'm trying to determine whether or not we actually need anti-virus on our production servers (both web and database). I know there are people that feel strongly on both accounts. The "Yes" people argue that email and worm exploits can be prevents by AV. The "No" people say that the email is not being opened on the server, only on the recipients local machine after download, and that worms can be blocked by OS patches.

I personally think "Yes", but only if you allow users to upload files, which can be viewed by other people. If you don't allow public uploads, then AV is overkill. Do you agree? What do you think?

txbakers

1:20 pm on Feb 18, 2006 (gmt 0)

I run AV on my main production server.

I agree that no one is opening any emails on the server, and we monitor uploads, but it gives me peace of mind to log in and see the report that these virused emails were scanned and deleted BEFORE being opened by my users.

I've never caught any other viruses on the server, just through the incoming emails, but it's a nice feeling.

aspdaddy

5:31 pm on Feb 23, 2006 (gmt 0)

I have in the past but wont bother on future projects. Most AV require outbound FTP/HHTP to update which is itself a security risk