Wrong term. Not vulnerabilities by viruses.
Tal -----Original Message----- From: David Allan [mailto:[email protected]] Sent: Friday, January 29, 2010 12:14 PM To: Tal Cohen Cc: Paul Beltrani; [email protected] Subject: Re: [BBLISA] PCI compliance and Linux AV, was Re: Desktop policies and UNIX-ish operating systems I'm not sure there's ever been a system in wide use wasn't commonly prone to vulnerabilities. I wouldn't try to use that language to avoid scanning if you really need to be compliant. That doesn't mean I think the commercial scanners for *nix are useful, but I'd still run one of them if I was worried about an audit. Dave On Fri, 29 Jan 2010, Tal Cohen wrote: > Re-read the PCI DSS 1.2 standard, it only requires the virus scans for > systems that are commonly prone to vulnerabilities. > > :) > > Tal > > -----Original Message----- > From: [email protected] [mailto:[email protected]] On Behalf > Of Paul Beltrani > Sent: Friday, January 29, 2010 10:00 AM > To: Tal Cohen > Cc: [email protected] > Subject: [BBLISA] PCI compliance and Linux AV, was Re: Desktop policies and > UNIX-ish operating systems > > On Fri, Jan 29, 2010 at 7:07 AM, Tal Cohen <[email protected]> wrote: >> That would depend on what types of compliance you are trying to meet. >> >> For example, PCI compliance requires periodic virus scans be performed on >> systems that are prone to virus attacks. This pretty much excludes all MAC >> and *NIX systems. >> > ... > > In my experience, PCI compliance requires periodic virus scans, full stop. > > It's almost laughable that we have to run AV on some of our Linux > servers. This isn't to say Linux isn't vulnerable to viruses and > malware. It's just there are few AV products for Linux and those that > do exist appear to be designed to scan for Microsoft Windows issues. > This makes sense when you consider many windows end users are served > by Linux based file and mail systems. > > - Paul Beltrani > > _______________________________________________ > bblisa mailing list > [email protected] > http://www.bblisa.org/mailman/listinfo/bblisa > > _______________________________________________ > bblisa mailing list > [email protected] > http://www.bblisa.org/mailman/listinfo/bblisa > _______________________________________________ bblisa mailing list [email protected] http://www.bblisa.org/mailman/listinfo/bblisa
