What's the difference, from anti-virus/malware/... viewpoint, between a file server, with multiple clients accessing files via NFS/SMB/... and a workstation with a single user accessing local files and network resources? Is there a difference in attack vectors? In prevention, detection, ... I think every write should be processed. After virus updates, the reads should be monitored?