If a third party were to do a full security audit on the box, that only says what is true now, not over the entire time the server was running.
About the only useful thing that could come out of this is that same security audit could check for malware -- we wouldn't know when it was injected, but at least it could confirm or bust Clinton's claim about whether the server was compromised or not.
SUMMARY: too little too late.
And Gowdy knew about it six months ago. That’s being generous because it was buzz in Washington since the Guccifier two years ago.
They are also after a half dozen/ dozen OTHER people’s emails, etc.
Shrillary sent the emails, so they will subpoena/demand those from the recipients.