When developing an antivirus strategy, you must decide whether to implement a server-side or client-side system. Each approach has unique strengths and weaknesses, which will be outlined in this article. To explain why a double-barreled approach might be best, I’ll also describe the system my organization is currently using.

Keep those definitions up to date
Before talking about the pros and cons of server- or client-side antivirus systems, it is important to remember that these systems are only as good as their virus definitions. Too often, organizations forget to regularly update their antivirus definitions even though definitions determine which viruses an antivirus application will detect and remove. Because new viruses are released on an almost daily basis, regular updates are essential.

Most antivirus software manufacturers provide an FTP site from which their antivirus software can automatically update its definitions. Once a system is properly installed and configured, maintenance is generally low, apart from checking to ensure the definitions are being updated as they should be. Whether your organization chooses a server- or client-side virus protection system, routinely updating the virus definitions is essential.

Server-side antivirus strategy

  • Can scan all file transactions that are carried out on the server
  • Cannot be disabled by workstation users
  • Cannot be uninstalled by workstation users
  • Allows for centralized management
  • Features remote installation capabilities
  • Only requires installation on your servers


  • Will not protect file transactions carried out on individual workstations not connected to the server
  • Cannot protect workstations from a virus introduced on a floppy disk
  • May slow network traffic on some LANs or WANs

Client-side antivirus strategy

  • Can protect workstations from viruses introduced by floppy disks or other media
  • Can catch viruses before they are transmitted from the workstation to the server


  • Can be disabled by the end user
  • Can be uninstalled by the end user
  • Can be incorrectly configured by the end user
  • Must be licensed for and installed on every workstation

Two systems can be better than one
Many companies take the “belt and suspenders” approach to protecting their servers and workstations. My organization uses just such a strategy. We cover all the bases with the following measures:

  • Our Exchange 5.5 servers run Symantec AntiVirus for Exchange Server.
  • Our NT 4.0 and Novell NetWare 5.1 servers run Symantec AntiVirus 7.51 Corporate Edition.
  • All Windows 95/98, NT Workstation, and Windows 2000 Professional workstations and laptops run Symantec AntiVirus 7.51 Corporate Edition.

Nightly, our Exchange gateway server automatically checks for the latest virus definitions from Symantec’s FTP site using their product’s “Live Update” feature. All of our servers and workstations then pull the updated definitions from the gateway server.

We created a centralized quarantine area. Any suspect files found on our servers or workstations are automatically forwarded to this area, and an alert e-mail is automatically sent to the e-mail administrator. Using this antivirus strategy, I like to think we are well protected. All possible entry points, either at the server level or client level, are covered.

Antivirus software suppliers
If you’re looking for more information on antivirus software, check out these products:

In conclusion, there are strengths and weaknesses in both approaches, and it is up to the individual organizations to weigh these pros and cons and decide what works best for them. What might work in one environment may not work well in a different one. The organization I work for went for the “cover all exits and entrances” approach, as it is a health care organization, and we simply could not risk any of our data being corrupted or lost.
Tell us whether your organization uses a server-side or client-side antivirus strategy by posting a comment below or by writing us an e-mail.