Antivirus

[Matt Waechter]

I know it's been said we shouldn't have antivirus on the 3CX but in this day and age shouldn't we really have it? I'm starting to get push back from customers when we say they need to remove antivirus from the server or PC that the 3CX is on. Has anybody been installing AV? If so what have you been having luck with and do you have a list of exclusions?

 

[Saqqara]

Running av on our machines, I have just excluded the following folders

C:\Program Files\3CX PhoneSystem\*
C:\ProgramData\3CX\*

 

[VoIPTools]

The prohibition of installing anything on the 3CX server is (1) to ensure no compatibility issues arise, (2) ensure no adverse impacts are caused by an anti-virus scan (especially during production hours), and (3) to simplify the environment that 3CX support engineers have to troubleshoot.

Installing anti-virus on the 3CX server expands the number of possible issues the support department has to consider when determining the cause of a 3CX issue. Since 3CX support is free to 3CX partners (with some limitations) it is reasonable that 3CX would want to limit the complexity of the environment they have to support. I used to work in 3CX support, and I understand their pain all too well.

Perhaps this is not so much an issue of whether it is technically feasible to run anti-virus on the 3CX server as it is a need to serve as many 3CX customers in a timely way as possible with a relatively small support organization. The old adage "keep it simple" also applies to ensuring your PBX is stable and high performing. So there are lots of inputs to this calculation.

All that said, in theory your 3CX server is running behind a firewall. And you shouldn't be browsing the internet from the 3CX server. And presumably the rest of your environment is protected by anti-virus, so one could argue that your exposure, if running the 3CX server without antivirus, is fairly low. But there are a few "if" statements in there...

I personally run the built-in Windows defender on my 3CX servers, and I make sure to exclude the 3CX directories (c:\program files\3CX Phone System, and c:\programdata\3CX and all sub-directories). I think that is sufficient, and won't create a headache for the 3CX support group.... for what it is worth.

 

[premier10]

I never have. All of our cloud instances are behind firewalls with ACL programmed for only the remote office IPs, with us only having RDP access into the servers/instances.

We've experimented with shared vs non-shared and I'm a proponent of installing 3CX on its own server or VM image, whether on-premise or cloud hosted. It wasn't really the anti-virus that got in the way, but more so other programs that happened to fight with 3CX.

Voiptoys is correct that you shouldn't be browsing the web with your 3CX server. At the very least, don't install 3CX on a business file server as malware/ransomware from an unprotected local workstation could spread and lock up your install.

On a side note, depending on what anti-virus software you use, other 3CX Partners can attest to certain ones messing up upgrades due to flawed heuristics.