Tal Cohen <[email protected]> writes: > Re-read the PCI DSS 1.2 standard, it only requires the virus scans for > systems that are commonly prone to vulnerabilities.
This is requirement 5.1. In version 1.1 this had a note saying: Systems commonly affected by viruses typically do not include UNIX-based operating systems or mainframes. That note was removed for version 1.2. How you interpret that is up to you and your auditors. Mine have a different conclusion than you. seph _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
