This is a good first step, but you should also have a/v protection at the gateway. Look at amavisd and vexira if you're allowed to use open source. If you have to use commercial products, Sophos has a good gateway product. Trend is popular but not as good.
Do not use "traditional" AV at all (as that would never protect you from the latest virus). Rather, set up your email gateway to "defang" all suspicious emails (e.g. containing EXE or SCR or PIF, or ZIP, attachments); it is a matter to debate whether to reject (bounce), drop, or somehow encode such things so as to render harmless. - Probably you will want your email gateway to run UNIX/Linux, so you can set this up.
This is horrible advice. You *must* have traditional a/v on your desktops or some equivalent replacement. The desktop is you last line of defense and often the only one that will "catch" things. Gateway a/v scanners such as trend will do *nothing* to protect you against worms such as Blaster and Slammer. There are just too many avenues for attack to leave the desktops unprotected; removeable media (CDs, floppies, DVDs, Zip disks), IRC, ICQ, P2P, IM, web, etc., etc.Once your email gateway is "safe", any AV on desktops becomes much less important, but you may still want some "traditional" AV on your desktops; any reasonably well supported product should do.
Paul Schmehl (pauls@utdallas.edu) Adjunct Information Security Officer The University of Texas at Dallas AVIEN Founding Member http://www.utdallas.edu
_______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.netsys.com/full-disclosure-charter.html