What should be protected with anti-virus software?

Long time reader, but  first time poster, so please be gentle ;-). 

I am in the middle of a risk assessment of our current anti-virus
practice and need a little help.

I am finding servers without any anti-virus software installed and
others that are only configured as on-access detection. I am not sure if
the reasoning for not having anti-virus installed or only running
on-access holds water or is sufficient for today's needs.

The operations manager believes that not all servers need anti-virus
software. He believes his application servers are safe because they
don't receive e-mails and they don't have files that would become
infected. He also feels his Novell file and print servers are
sufficiently protect by using on-access detection only.

Can anyone give me a "best business practice" recommendation or point me
to documentation on what should be protected with anti-virus software
and why?

Any help will be greatly appreciated!

Thanks....

Larry

 
 


This message contains information that may be confidential and privileged.  
Unless you are the addressee (or authorized to receive for the addressee), you 
may not use, copy or disclose to anyone the message or any information 
contained in the message.  If you have received the message in error, please 
advise the sender by reply e-mail and delete the message.