This can be a problem if that overlooked virus or worm is something like Blaster. Particularly so if it's on our email server (say one like Lotus Notes), which already has a heavy load on it's hands; it doesn't need the added burden of dealing with a nasty infection.
Making matters worse, some worms/viruses are geographic-specific. If your AV software's developer is located in a different geographic area, updated signatures may arrive too late. So how can this be best dealt with?
The answer: An interesting and well-thought-out product called Antigen from Sybari. Antigen is specifically designed to ensure a secure messaging environment for the enterprise, whether email or instant messaging, by embracing an unorthodox approach.
And what surprises me the most is that few other AV companies (in fact, I don't know a single other one) have implemented this idea. I mean, why not? It makes logical sense that no matter how good your product, there will be a hole. This approach, on the other hand, results in more ''eyes'' on the lookout for nasty worms and a way to tighten the noose around them.
You probably think that means visiting a lot of sites to download, eh? Not in this case. Sybari obviously thought this out and provides downloads directly from their site. Even when you update and/or patch, you're never down. Your server will continue to function 24/7. In fact, there is only one time that Antigen is taken offline: when you reboot the server.
But they don't just stop there. Relying on signatures always means spending a little time behind the 8-ball. That's just not a viable solution for today's embattled enterprise IT departments. We certainly don't want a repeat of events like those with the old 'I Love You' worm. So, in addition to the signature-based anti-virus engines, there also is a heuristic scanner that detects for things that ''just ain't right'', so to speak. All of these factors combined should reduce that ''window of vulnerability'', also known as the time until the next signature is released.