+1. I do this everywhere. Perimeter, mail, clients, non-local admins. My best-protected client uses Barracuda --> AV/ScanMail on Exchange --> AV on clients for mail, and data is OpenDNS --> perimeter firewall --> firewall on clients (not just XP's firewall) non-local admins.
It takes a far amount of work especially up front, but it's worth it. David Lum // SYSTEMS ENGINEER NORTHWEST EVALUATION ASSOCIATION (Desk) 971.222.1025 // (Cell) 503.267.9764 -----Original Message----- From: Ben Scott [mailto:mailvor...@gmail.com] Sent: Monday, April 05, 2010 10:10 AM To: NT System Admin Issues Subject: Re: Enterprise Anti-Virus On Sun, Apr 4, 2010 at 2:19 PM, Alex Eckelberry <al...@sunbelt-software.com> wrote: > However, if you were running Ninja/VIPRE for Exchange anyway, I'm curious > why you bothered to enable the email protection on the client anyway? We're not running Sunbelt for either client or server (not yet, anyway), but I can answer that one: So that if a countermeasure fails at one level, it gets caught at the next. It's called "defense in depth", and it's a basic tenet of security design (and robust engineering in general). Ideally, one has multiple vendors/engines/signatures in the mix, but even if it's a single-vendor solution, you're defending against "anti-virus on the server got screwed up and something got through while the admins were fixing the server". -- Ben ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~ ~ Finally, powerful endpoint security that ISN'T a resource hog! ~ ~ <http://www.sunbeltsoftware.com/Business/VIPRE-Enterprise/> ~