One of the keys to preventing virus outbreaks within an organization is having the latest virus signatures and detection rules in place. Since spam is one of the primary means of spreading malware, this is especially true for email scanners and spam filters.
According to a FBI Crime and Security Survey, 65 percent of companies had been affected by virus attacks during the previous year. This is in spite of the fact that 97 percent of the surveyed companies were using industry-leading virus protection, and following “best practices” like enabling automatic updates. This information highlights the need for overlapping protection. Maintainers of antivirus software respond to new threats at differing rates, and while some are more responsive than others, none are always first or always best at deploying updates.
Utilizing spam filters or other email security solutions which incorporate two or more virus engines increases a company’s chance of early protection when new threats are introduced. It also eliminates the situation where single point of failure might arise, such as when one antivirus vendor’s update network has been compromised or is off-line. Adding complimentary technologies like heuristic analysis and reputation filtering offers the most comprehensive protection.
Running multiple antivirus products on corporate desktops is probably not feasible because of the competition for computing resources and incompatibilities during real-time protection. However, running multiple engines sequentially to scan incoming email at the server level can significantly reduce early exposure to malware while maintaining reasonable throughput.