5.2 - "actively running"

[FunPolice]

Hello,

I was just wondering if anyone had any thoughts on requirement 5.2 and AV being "actively running." Do people take this as meaning that on-load protection has been enabled? I'm looking at web servers in particular, and issues around performance. While I'm also looking at a Fortinet network AV solution, I was wondering if people always insisted on on-load functionality being enabled for items like web servers.

Speaking of which, if anyone has any comments on the Fortinet AV capabilities, I'm all ears.

Cheers,
fp

[jbhall56]

Active scanning means that files are scanned for viruses whenever they are processed, i.e., opened/closed, read/written, etc.

As for Fortinet, I'm not fully versed on it. However, my understanding is that it is an appliance solution that monitors email, FTP and similar traffic and looks for viruses in the payloads of these protocols. It does not provide protection for systems that could be infected from a CD/DVD or other methods outside its purview. That is why it is only part of the solution in my book. You still need anti-virus on your servers and workstations for full protection.

[mckafka99]

Quote:

Originally Posted by FunPolice

While I'm also looking at a Fortinet network AV solution, I was wondering if people always insisted on on-load functionality being enabled for items like web servers.

Speaking of which, if anyone has any comments on the Fortinet AV capabilities, I'm all ears.

Cheers,
fp

Fortinet produces a line of Unified Threat Management devices that provide inline Network based protection of a number of things such as AV, IPS/IDS, Web Filtering, Spam Filtering, content filtering, etc. These come as a subscription service. We use a Fortigate 300A as our perimeter device and I have found good success with it

From a host based perspective, Fortinet also offers the "FortiClient". However, I do not have any experience with that product.