Centralized Network Anti-virus

[groovin]

I've used Trend Micro and Norton Corperate in the past, both were pretty good. Sophos is great as well, but I was wondering what other ones are out there for me to evaluate.

Thanks

 

[Garion]

Well, there really is no single centralized AV. You can put AV protection on the mail gateway, the proxy server (for browsing), the mail server, the file server, the clients, etc. Trend tends to make a good suite of products as does Symantec.

Some people recommend "defense in depth" - Block everything you can at every layer you can. Example: Have an AV scanner at your SMTP relay, on your Exchange server (If it's a different box than the SMTP Relay, which is very common) and on your client. If possible, pick at least two different AV products - If one isn't updated or doesn't catch a particular variant, others will.

That being said, there is NO substitute to a well-managed and well-deployed workstation AV strategy - It's definitely the most important. The others can be too easily bypassed (i.e. HTTPS content can't be scanned at the web gateway, password-protected zip files can't be scanned by the mail relay, etc.)

- G

 

[Sideswipe001]

Originally posted by: Garion
Well, there really is no single centralized AV. You can put AV protection on the mail gateway, the proxy server (for browsing), the mail server, the file server, the clients, etc. Trend tends to make a good suite of products as does Symantec.

Some people recommend "defense in depth" - Block everything you can at every layer you can. Example: Have an AV scanner at your SMTP relay, on your Exchange server (If it's a different box than the SMTP Relay, which is very common) and on your client. If possible, pick at least two different AV products - If one isn't updated or doesn't catch a particular variant, others will.

That being said, there is NO substitute to a well-managed and well-deployed workstation AV strategy - It's definitely the most important. The others can be too easily bypassed (i.e. HTTPS content can't be scanned at the web gateway, password-protected zip files can't be scanned by the mail relay, etc.)

- G

We use Symantec Corporate Edition 9.0 at work here - and it is centralized (all installs are instigated from ther server, and the server replicates updated definitions, etc, to the clients). It works nicely so far. I've had experience with it and the Trend Micro one, and I prefer Symantec's so far, as it's been much easier to set up and manage.

Oh, and you don't have to scan it when you automatically delete all non-scannable and encryped attachments (Symantec Mail Security for Exchange). It might not work for everyone, but here if they send an encrypted attachment or unscannable file, it gets deleted no questions asked.

But yes, we do keep all clients with up to date virus scanning. Why not be safe rather than sorry?

 

[groovin]

thanks for the replies.

many antiviruses have an exchange server version. can i get by with just the client version running on an exchange server? i am not to worried about virueses coming in on email because we have another mail server that relays emails to the exchange server... that machine does all the virus scanning. another layer would be great, but im just wondering about this. how is an exchange version different from a normal client version? does it just scan incoming emails? how about if a 0day virus was already in someones box, would a normal client antivirus be able to remove it or would that require an exchange version that can?

thanks again

 

[Garion]

The most important points are the Internet mail gateway (SMTP Relay) and the desktop. That will catch 99% of the viruses. It's great to have it on the Exchange server, but not absolutely necessary compared to the other two.

- G

 

[spidey07]

Originally posted by: Garion
The most important points are the Internet mail gateway (SMTP Relay) and the desktop. That will catch 99% of the viruses. It's great to have it on the Exchange server, but not absolutely necessary compared to the other two.

- G

very true, but as always "defense in depth" is a great thing. Making sure e-mail is scanned, scanned and scanned again works quite well.

 

[groovin]

evaluating CA eTrust now. so far, it looks.... decent.

 

[gaidin123]

Trend's anti virus software has worked great for us. Their control manager seems to be able to centrally manage all of their corporate AV software from one interface. We use their software on our mail gateway and all machines. The incoming mail gets scanned by another virus scanner upstream from us so each attachment should be checked up to 3 times by 2 different vendors before a user actually can open it. It's worked out extremely well.

Gaidin

 

[JackMDS]

Link to: http://www.digitalriver.com/dr...mp;PN=12&sid=26412

:sun: