Jump to content


 


Register a free account to unlock additional features at BleepingComputer.com
Welcome to BleepingComputer, a free community where people like yourself come together to discuss and learn how to use their computers. Using the site is easy and fun. As a guest, you can browse and view the various discussions in the forums, but can not create a new topic or reply to an existing one unless you are logged in. Other benefits of registering an account are subscribing to topics and forums, creating a blog, and having no ads shown anywhere on the site.


Click here to Register a free account now! or read our Welcome Guide to learn how to use this site.

Photo

When It's Okay to Run more than one Antivirus


  • Please log in to reply
1 reply to this topic

#1 chromebuster

chromebuster

  • Members
  • 899 posts
  • OFFLINE
  •  
  • Gender:Female
  • Location:the crazy city of Boston, In the North East reaches of New England
  • Local time:01:17 AM

Posted 09 March 2011 - 12:43 AM

Hi all,
just thought I'd share this observation with all of you. I was just in contact with one of the lovely folken from Ipswitch, INC. My question was regarding integration of antivirus with their IMail Server and IMail express products. I am planning on using the Express version on my new server that just arrived a few days ago and will be put into production within the year I hope. They have two flavors that are integrated with the mail server: one from Symantec, and the other from Bit Defender. I recognized an issue right away, and that is when I contacted him. Thee issue is that since the server will be used for multiple things, I'm going to need antivirus running across the entire thing. Kevin (that's the guy's name), told me that it's fine to have two antivirus products running in this case since NOD32 (the primary across the server antivirus), won't be scanning anything that has to do with IMail. So, in order to protect the rest of the server, both programs are essential. I just thought I'd bring up this exception to the rule.

Chromebuster

The AccessCop Network is just me and my crew. 

Some call me The Queen of Cambridge


BC AdBot (Login to Remove)

 


#2 Andrew

Andrew

    Bleepin' Night Watchman


  • Moderator
  • 8,260 posts
  • OFFLINE
  •  
  • Gender:Not Telling
  • Location:Right behind you
  • Local time:10:17 PM

Posted 09 March 2011 - 01:27 AM

Quite right. The main problem with having multiple AV's lies with what happens when two (or more) AV programs are active and running in "scan everything that the user runs/opens/downloads as soon as they run/open/download it!" mode. You can see how that would cause issues since each AV tries to gain access to the file being scanned before anyone else and in a manner which excludes anyone else from even looking at the file until they're done scanning it. Other issues arise from when one AV scans the "quarantine" of another AV and tries to delete/quarantine the contents, which the other AV interprets as an attack and tries to prevent. And lastly, in order to defeat malware and AV must sometimes rely on methods which the malware itself uses, so you have cases where AV#1 sees AV#2 doing something suspicious and tries to block it and AV#2 sees it's being blocked and tries to block AV#1 and so forth.

Mail servers, however, often run multiple AV programs without incident since they are configured to only scan mail as it arrives and have most of their system protection and self-protection mechanisms turned off.




0 user(s) are reading this topic

0 members, 0 guests, 0 anonymous users