Re-read the PCI DSS 1.2 standard, it only requires the virus scans for systems that are commonly prone to vulnerabilities.
:) Tal -----Original Message----- From: [email protected] [mailto:[email protected]] On Behalf Of Paul Beltrani Sent: Friday, January 29, 2010 10:00 AM To: Tal Cohen Cc: [email protected] Subject: [BBLISA] PCI compliance and Linux AV, was Re: Desktop policies and UNIX-ish operating systems On Fri, Jan 29, 2010 at 7:07 AM, Tal Cohen <[email protected]> wrote: > That would depend on what types of compliance you are trying to meet. > > For example, PCI compliance requires periodic virus scans be performed on > systems that are prone to virus attacks. This pretty much excludes all MAC > and *NIX systems. > ... In my experience, PCI compliance requires periodic virus scans, full stop. It's almost laughable that we have to run AV on some of our Linux servers. This isn't to say Linux isn't vulnerable to viruses and malware. It's just there are few AV products for Linux and those that do exist appear to be designed to scan for Microsoft Windows issues. This makes sense when you consider many windows end users are served by Linux based file and mail systems. - Paul Beltrani _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
