[unisog] How often to pull anti virus updates from vendors

John Valenti valenti at msu.edu
Wed Dec 5 16:51:30 GMT 2001

I've been looking at Sophos (to replace our Norton). I'm not sure how it 
will work out in practice, but the Sophos setup seems pretty good.
You download signatures to a central server, that can even be automated by 
receiving an email message from them (in addition to daily updates). Then, 
at least with Win2000, it is pushed out to the clients. I think the default 
time interval for that is every two hours.

I subscribed to their virus warnings email list a few months back, they 
seem to keep on top of things pretty well. (Maybe it helps that they are 
based in England?) And they identify viruses by how common they are in the 

We are looking at adding virus scanning to our central email system (big 
can of worms!). It seems like that is the most important one to get updated 
quickly, since most of the client side viruses travel via that route.

At 09:33 AM 12/5/2001 -0600, Michael Harris wrote:
>with two new rapid replicating e-mail worm/script/viruses in the last three
>days I think it may be time to reevaluate how often new antivirus files are
>being pulled from the AV vendor sites.
>it seems weekly won't cut it any more, but is daily enough?
>is hourly a performance burden?
>what implications does that have to host based AV (e-mail, proxy, other)?
>or clients side AV? if updates came in three hours in a row could the files
>be distributed to all your clients that fast, without unreasonable burden on
>network performance?

* John Valenti Systems Analyst, Labor & Industrial Relations *
* 408 S Kedzie Hall, Michigan State University, E. Lansing, MI 48824 *
* (517) 353-1807 fax (517) 355-7656 valenti at msu.edu *

More information about the unisog mailing list