On Thu, 22 Jan 2009 15:55:11 -0500, Adam Tauno Williams wrote: > Yes, you gain the ability to detect a compromised server. Absolutely not, you don't gain that ability at all. Again we're talking *viruses* not all malware. An antivirus will never detect a good rootkit; modern rootkit employ sophisticated stealth techniques and hide themselves and their files from all other processes. They typically insert an invisible kernel module. An antivirus can't do squat about that ... because that's not a virus anyway. On the other hand an antivirus is yet another piece of useless garbage running on your server, and one more opportunity for an attacker to pwn you.