Re: Antivirus checking backup shadow copy
- From: "Lanwench [MVP - Exchange]" <lanwench@xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 27 Jun 2005 13:18:04 -0400
In news:eZ2gwZzeFHA.3160@xxxxxxxxxxxxxxxxxxxx,
Dave Nickason [SBS MVP] <gwdibble@xxxxxxxxxxxxxxxxxxxxxx> typed:
> I run realtime scanning on the server and have for years. You do
> need to properly configure it to not scan certain directories. I'm
> not sure exactly what you're seeing - you have a share that's blocked
> from virus scanning and you're running into a problem when shadow
> copies of that directory are scanned? What problem is that causing?
>
> As far as scanning only on write, IMO that's a bad idea. Let's say I
> send you a file that's a brand new virus. You save the file, which
> won't make itit into the virus definitions until tomorrow. If you're
> scanning only on write, that file was never detected as a virus, and
> tomorrow when you execute the file, it won't be caught then either,
> even though the signature file has been updated to included it. ETrust AV
> won't even allow you to turn off scanning of outbound files
> (say what you want about CA, that's the AV they use at MS).
Enabling bidirectional scanning will absolutely more often than not lead to
huuuuge network/file access performance problems and you will get a lot of
calls. Especially in single-server networks, which comprise the vast
majority of SBS installs, I'd say.
Yes, you're always running a risk of infection, and other problems, by the
sheer fact of letting users access computers at all - but you can mitigate
this risk.
a) use managed corporate workstation AV and make sure it updates often.
Trend is set to update hourly, on all my systems.
b) run full nightly scans on the server, which should also be set to update
hourly
c) use different scan engines on servers/workstations if you really want to
cast your net wide.
d) run nightly full scans of all workstations (make sure users log out, not
shut down, at night).
Etc. It's all risk management, as is anything these days...
Most viruses these days are mail-borne anyway, and I find waaay more
trojans/malware than actual viruses in the file system these days. I expect
my experience is not unique.
>
>
>
> "NickC" <NoSpam@xxxxxxxxxxxxxx> wrote in message
> news:%23kKEm0meFHA.3712@xxxxxxxxxxxxxxxxxxxxxxx
>>
>> "Andrew Hodgson" <me3@xxxxxxxxxxx> wrote in message
>> news:fhhtb11b8fqog2o6ln2rfg3ic9j73dg9l2@xxxxxxxxxx
>>> On Sun, 26 Jun 2005 12:15:58 +0100, "NickC" <NoSpam@xxxxxxxxxxxxxx>
>>> wrote:
>>>
>>>> Has anyone found a fix to prevent Trend Micro SMB from triggering
>>>> during backup shadow copy when detecting viruses in excluded
>>>> directories?
>>>
>>> Don't use the on access virus scanner on a server machine.
>>
>> Andrew,
>>
>> Wow that sounds dangerous, I'm not sure I would feel safe without
>> Real-time
>> scan (as Trend Micro call it) running on the server. It would
>> certainly solve the problem but is it worth the risk?
>>
>> What does everyone else do, on access / real-time scanning on the
>> server or
>> not?
>>
>> Nick
.
- References:
- Antivirus checking backup shadow copy
- From: NickC
- Re: Antivirus checking backup shadow copy
- From: Andrew Hodgson
- Re: Antivirus checking backup shadow copy
- From: NickC
- Re: Antivirus checking backup shadow copy
- From: Dave Nickason [SBS MVP]
- Antivirus checking backup shadow copy
- Prev by Date: How to install POP3 connector on SBS2k3?
- Next by Date: Fix for Slow Shutdown in SBS 2003 SP1
- Previous by thread: Re: Antivirus checking backup shadow copy
- Next by thread: Re: Antivirus checking backup shadow copy
- Index(es):
Relevant Pages
|
