[unisog] How often to pull anti virus updates from vendors
valenti at msu.edu
Wed Dec 5 16:51:30 GMT 2001
I've been looking at Sophos (to replace our Norton). I'm not sure how it
will work out in practice, but the Sophos setup seems pretty good.
You download signatures to a central server, that can even be automated by
receiving an email message from them (in addition to daily updates). Then,
at least with Win2000, it is pushed out to the clients. I think the default
time interval for that is every two hours.
I subscribed to their virus warnings email list a few months back, they
seem to keep on top of things pretty well. (Maybe it helps that they are
based in England?) And they identify viruses by how common they are in the
We are looking at adding virus scanning to our central email system (big
can of worms!). It seems like that is the most important one to get updated
quickly, since most of the client side viruses travel via that route.
At 09:33 AM 12/5/2001 -0600, Michael Harris wrote:
>with two new rapid replicating e-mail worm/script/viruses in the last three
>days I think it may be time to reevaluate how often new antivirus files are
>being pulled from the AV vendor sites.
>it seems weekly won't cut it any more, but is daily enough?
>is hourly a performance burden?
>what implications does that have to host based AV (e-mail, proxy, other)?
>or clients side AV? if updates came in three hours in a row could the files
>be distributed to all your clients that fast, without unreasonable burden on
* John Valenti Systems Analyst, Labor & Industrial Relations *
* 408 S Kedzie Hall, Michigan State University, E. Lansing, MI 48824 *
* (517) 353-1807 fax (517) 355-7656 valenti at msu.edu *
More information about the unisog