That's the super-paranoid in you talking. If ANY machine on the network gets infected, they're all potential victims regardless of the AV solution you have in place. Why is this, you ask (go ahead; ask)? AV products are by their very nature, "reactive". What this means is that if a brand-new virus hits the streets, then if could infect your entire network before your precious AV distribution server could get, much less redistribute the updated bits and signatures. Do what you can, update your sigs and bits every 4 hours, and push them to the clients. Jim Harrison MCP(NT4, W2K), A+, Network+, PCG http://isaserver.org/Jim_Harrison/ http://isatools.org Read the help / books / articles! -----Original Message----- From: mithu@xxxxxxxxxx [mailto:mithu@xxxxxxxxxx] Sent: Thursday, November 18, 2004 10:35 PM To: [ISAserver.org Discussion List] Subject: [isalist] RE: AntiVirus & ISA 2000 http://www.ISAserver.org If a LAN machine got compromised - and, there was a worm/virus that targets ISA Server 2000 on the inside in some way - is it not possible to get a virus with some unknown w2k vulnerability? System resources are not an issue for me - I'm just more concerned about knowing that it does not cause any system problems on ISA 2000. If it has no affect on the firewall functions then it would be nice to at least know you are looking out for viruses. Of course, I'd like to hear your expert opinions on my reasoning.... > Hello > No worm can come in since there is no allow or publish rule created from > outside to ISA itself. It just passes packets. As an example if there is a > new virus going to web servers running IIS, ISA machine just passes it > unless you run any server on ISA and then you need an army > > > -----Original Message----- > > From: mithu@xxxxxxxxxx [mailto:mithu@xxxxxxxxxx] > > Sent: November 18, 2004 11:16 PM > > To: [ISAserver.org Discussion List] > > Subject: [isalist] RE: AntiVirus & ISA 2000 > > > > http://www.ISAserver.org > > > > What about a worm that comes thru some unexpected future w2k > > vulnerability? > > > > Has anyone put Symantec AntiVirus Corporate for the server's own > > protection in a ISA 2000 box? > > > > > > > I see no reason to put AV on the firewall. How would it ever become > > > infected? You never run the browser, you never run e-mail clients, you > > > never run any client software or server software other than the ISA > > > firewall software on it. You don't allow connections from hosts to any > > > vulnerable ports either. So, the only function of AV software is to > > > introduce perforamnce reduction and potential for increased attack > > > surface.=20 > > > > > > HTH, > > > > > > Tom > > > www.isaserver.org/shinder > > > Tom and Deb Shinder's Configuring ISA Server 2004 > > > http://tinyurl.com/3xqb7 > > > MVP -- ISA Firewalls > > > > > > > > > -----Original Message----- > > > From: Andrew English [mailto:andrew@xxxxxxxxxxxxxxxxxxxxxx]=20 > > > Sent: Thursday, November 18, 2004 8:32 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: AntiVirus & ISA 2000 > > > > > > http://www.ISAserver.org > > > > > > I can't see why not? I use Trend Server Protect on my ISA 2004 box.=20 > > > > > > Andrew > > > > > > > > > -----Original Message----- > > > From: mithu@xxxxxxxxxx [mailto:mithu@xxxxxxxxxx]=20 > > > Sent: Thursday, November 18, 2004 8:27 PM > > > To: [ISAserver.org Discussion List] > > > Subject: [isalist] RE: AntiVirus & ISA 2000 > > > > > > http://www.ISAserver.org > > > > > > To protect the server itself. Is Symantec AntiVirus Corp 9.0 an > > > acceptable > > > solution to run on the machine? Will it interfere with the ISA in > > > anyway? > > > > > > > Please clarify what you are asking about. > > > >=20 > > > > Are you asking about AV to scan the data flowing through ISA, or are > > > you > > > > asking about AV to protect the server itself? > > > >=20 > > > > John Tolmachoff > > > > Engineer/Consultant/Owner > > > > eServices For You > > > >=20 > > > > > -----Original Message----- > > > > > From: mithu@xxxxxxxxxx [mailto:mithu@xxxxxxxxxx] > > > > > Sent: Thursday, November 18, 2004 10:29 AM > > > > > To: [ISAserver.org Discussion List] > > > > > Subject: [isalist] AntiVirus & ISA 2000 > > > > >=20 > > > > > http://www.ISAserver.org > > > > >=20 > > > > > On this site it says don't install any applications on an ISA 2000 > > > box - > > > > > now, does that include AntiVirus software? > > > > >=20 > > > > > If AV software is allowable - what do you recommend? Is Norton > > > AntiVirus > > > > > Corporate 9.0 a workable solution on an ISA 2000 box? > > > > >=20 > > > > > Thanks. > > > > >=20 > > > > ------------------------------------------------------ > > List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist > > ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp > > ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ > > ------------------------------------------------------ > > Other Internet Software Marketing Sites: > > World of Windows Networking: http://www.windowsnetworking.com > > Leading Network Software Directory: http://www.serverfiles.com > > No.1 Exchange Server Resource Site: http://www.msexchange.org > > Windows Security Resource Site: http://www.windowsecurity.com/ > > Network Security Library: http://www.secinf.net/ > > Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com > > ------------------------------------------------------ > > You are currently subscribed to this ISAserver.org Discussion List as: > > ara@xxxxxxxxxx > > To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist > > Report abuse to listadmin@xxxxxxxxxxxxx ------------------------------------------------------ List Archives: http://www.webelists.com/cgi/lyris.pl?enter=isalist ISA Server Newsletter: http://www.isaserver.org/pages/newsletter.asp ISA Server FAQ: http://www.isaserver.org/pages/larticle.asp?type=FAQ ------------------------------------------------------ Other Internet Software Marketing Sites: World of Windows Networking: http://www.windowsnetworking.com Leading Network Software Directory: http://www.serverfiles.com No.1 Exchange Server Resource Site: http://www.msexchange.org Windows Security Resource Site: http://www.windowsecurity.com/ Network Security Library: http://www.secinf.net/ Windows 2000/NT Fax Solutions: http://www.ntfaxfaq.com ------------------------------------------------------ You are currently subscribed to this ISAserver.org Discussion List as: jim@xxxxxxxxxxxx To unsubscribe visit http://www.webelists.com/cgi/lyris.pl?enter=isalist Report abuse to listadmin@xxxxxxxxxxxxx All mail to and from this domain is GFI-scanned.