I am working with Rackspace (but this applies to any good host provider) to configure a Red Hat Linux web and database server. Both machines are dedicated to us and managed by Rackspace. Rackspace asked if we wanted Sophos antivirus on our machines for a small monthly fee.
Would you install and pay for antivirus on a web and database server? Why would I want antivirus on these machines? What are the pros/cons?
Most of the times when anti-virus software is deployed on a Linux server it's to protect the computers that are accessing files off the server and not to protect the server itself. It's most common to find anti-virus on email and file servers running Linux for this reason.
So if your web server has files on it that others are accessing or are using it to send/receive email it may not be a bad idea to have some sort of anti-virus running.
I would not use a virus killer on a linux webserver. It just does not make any sense in doing so. But you should make sure the system has a firewall, and only opens up services to the world that need to be open.
Would you keep an AntiVirus package on a server in your own building? If so, why wouldn't you want something on another server that happens to be off-premise?
Obviously the same pros/cons apply to a dedicated server as it would any other host. There will be a slight reduction in performance for the peace-of-mind of protection.
Edit: Just noticed this is a Linux system. In any case, my same thought process applies, but I thought you were dealing with a Windows-based server.
What is driving your need for antivirus? Is it security or PCI compliance or just peace of mind? When working with Rackspace, they offered Sophos as an antivirus solution as well. Did they mention ClamAV as an open source alternative to Sophos? We opted to install it on our web and application servers for PCI compliance. The impact on your system is minimal, as long as you have disabled on-access scanning. ClamAV automatically updates the definition files daily and can run as a cronjob for regular scans.
In general, though, the nature of Unix makes antivirus almost irrelevant (though some do disagree).
I would ask them if they had any sort of performance benchmarks between having Sophos installed or not. As well as asking if there would be any way that you might be able to try it for a month or a week or some length of time so you could do your own load testing. At work we keep AV on all of our servers (Linux included) the performance loss was negatable but the piece of mind is worth it.
Use antivirus if your server is passing information to other systems (for example, if it is running an email server).
I don't know if Rackspace will support it, but there are free alternatives (Clam Antivirus) If they do not support Clam, and the fee for Sophos is minimal, I might be convinced to use it.
Otherwise, you can use clamav to scan emails passing through the server for viruses.
You would not need it if this isn't the case, as Rackspace is managing the server and in my opinion would be responsible for any A/V, tripwire, md5 file sums on system files.
I'd be finding out what exactly Rackspace will warranty with the service/software.
Anti-virus software does not prevent someone from breaking into your machine. It prevents someone from "infecting" your machine with a bit of software. Secure passwords, good firewall rules, secure web code, and keeping up on security patches and bug fixes will do you FAR more good than an 'anti-virus' software on a *nix machine.
Tips I've found useful:
Servers: if you must allow access to the machine for configuration, use SSH. Change the port from 22 to something else. (Takes care of the majority of script kiddies). DO NOT ALLOW ROOT LOGIN FROM SSH. Make users use sudo. Request that the db server only have a private IP address. Make sure you can access that db server from your web server. Secure the db server in the same way. WRITE SECURE CODE. Keep an eye on your logs.
Firewall: There are plenty of firewall guides out there. Rule of thumb: deny everything, then open up only what's needed.
Always assume that the hosting company will not be responsible for ANYTHING, unless it's written down in a signed contract agreement. Make backups. Install (and properly configure) things like Tripwire, Snort, Nessus.. These will help with notifying you about a possible break-in on your machine. Make backups. Make backups. Make BACKUPS.