The Cisco errors are only seen in the Cisco application. The MDS error is for communication between a special link between the Data center sites. The errors stopped after the definitions updates were stopped.
I don’t see a wide enough account list to have a good picture of what virus software is most common on UCCE servers. I show these three supported\tested:
McAfee Virus Scan Enterprise 8.7i / 8.8i
Symantec Endpoint Protection 11.0 / 12.1
Trend Micro ServerProtect version 5.7 / 5.8
I do see a lot of guidelines for what you should scan for and when you should do it. I included the link and some general info. Dave
http://www.cisco.com/en/US/docs/voice_ip_comm/cust_contact/contact_center/ipcc_enterprise/ipccenterprise8_0_1/reference/guide/icm80securty.pdf
The following list highlights some general best practices:
• Upgrade to the latest supported version of the third-party antivirus application. Newer versions improve scanning speed over previous versions, resulting in lower overhead on servers.
• Avoid scanning of any files accessed from remote drives (such as network mappings or UNC connections). Where possible, each of these remote machines must have its own antivirus software installed, thus keeping all scanning local. With a multitiered antivirus strategy, scanning across the network and adding to the network load might not be required.
• Due to the higher scanning overhead of heuristics scanning over traditional antivirus scanning, use this advanced scanning option only at key points of data entry from untrusted networks (such as email and Internet gateways).
• Real-time or on-access scanning can be enabled, but only on incoming files (when writing to disk). This is the default setting for most antivirus applications. Implementing on-access scanning on file reads will yield a higher impact on system resources than necessary in a high-performance application environment.
• While on-demand and real-time scanning of all files gives optimum protection, this configuration does have the overhead of scanning those files that cannot support malicious code (for example, ASCII text files). Exclude files or directories of files in all scanning modes that are known to present no risk to the system. Also, follow the guidelines for which specific Unified CCE files to exclude in Unified CCE implementation, as provided in the Security Best Practices Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted, Release 8.x(y).
• Schedule regular disk scans only during low usage times and at times when application activity is lowest. To determine when application purge activity is scheduled, see the Security Best Practices Guide for Cisco Unified ICM/Contact Center Enterprise & Hosted, Release 8.x(y) listed in the previous item.