Possible Duplicate:
Do you run antivirus on your Windows servers?
PRO:
CON:
Overall, I think it is not worth the effort. What is your take? Did I overlook something?
Note: I talk about Win 2008 web servers + firewall (not Win 2003, SQL, etc).
No way a virus can get on a server (unless you do web surfing there or install strange software)
Without addressing any other points of your argument, the one above is patently, provably, historically untrue.
File-level AV is needed on Servers, it's just the attack vector that's different. If that server allows users to upload any kind of data at all to it (such as all web servers doing anything except serving static pages) it needs AV software. That malware may not be infecting the server but it can infect other clients. An AV alarm on a server can be a very good indication that something bad happened that needs expert review.
Firewalls don't protect against a badly designed application that can get past the firewall.
For example, lets take a hypothetical cross-site scripting vulnerability. There is a script, http://example.com/calendar/addAttachment.asp that drops attachments in a certain directory so they can be appended to calendar events. Since the only way to drop files is to be a logged in user, the writer of the asp page decided to rely on file-level rights to permit people to upload data. Very secure, they thought. The firewall passes TCP/443 and TCP/80 because that's needed for this application.
Nefarious Person (the NP) learns that the exact ASP-page can be called from a guest context. And after a lot of poking around, has found out how to:
The NP then proceeds to upload some evil software to those locations and through Other Means direct traffic at those links (SEO hijacking, Evil Popups, other drive-by-downloaders) where http://example.com/ becomes a source of malware.
If that server had AV, it would have raised a big red flag the moment the NP tried to upload the evil software. You'd be alerted to this vulnerable application, and your site wouldn't end up on various blacklists of 'untrustworthy sites'.
There is more to Windows security than worm-resistance.
PRO: Additional security never hurts
I agree
CON:
slows down performance
No way a virus can get on a server (unless you do web surfing there or install strange software)
Cost
another potential attack vector
I disagree on almost every one of these:
Slows down performance: Who says? Do you have any study data that proves this?
No way a virus can get on a server: See jj33's answer.
Cost: True enough. you'll have to pay for any reputable anti-virus software for your server.
Another potential attack vector: Possibly, but Id argue that anti-virus software reduces the number of attack vectors more than it creates additional attack vectors.
I think this also depends on whether you mean full antivirus (on access) vs. non on access.
If its the on access part that is slowing down the server you should be able to turn off the read aspect and keep the write aspect I would think as long as you do regular scans
AV on a server. It can be fun when the AV detects the raid driver as a virus and chucks it in quarantine or even thinks the backup job is suspect and stops it.
This depends on the server functionality — some kind of servers are much more vulnerable than others:
