Rey Bango wrote: > > Virus protection on web servers, though, is a grey area because the > subject is mentioned in broad terms and doesn't specifically say web > servers. > > The PCI standard can be read here: > > https://sdp.mastercardintl.com/pdf/pcd_manual.pdf
The relevant quote from page 8: Maintain a Vulnerability Management Program Many vulnerabilities and malicious viruses enter the network via employeesâ e-mail activities. Anti-virus software must be used on all e-mail systems and desktops to protect systems from malicious software. 5. Use and regularly update anti-virus software or programs 5.1 Deploy anti-virus mechanisms on all systems commonly affected by viruses (for example PCâs and servers). 5.2 Ensure that all anti-virus mechanisms are current, actively running, and capable of generating audit logs. I see this as supporting my original point that AV is for email servers and possibly file servers. A webserver simply isn't a system commonly affected by viruses: there is no clueless user sitting at the console double-clicking anything he can lay his hands on. Jochem ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~| Logware (www.logware.us): a new and convenient web-based time tracking application. Start tracking and documenting hours spent on a project or with a client with Logware today. Try it for free with a 15 day trial account. http://www.houseoffusion.com/banners/view.cfm?bannerid=67 Message: http://www.houseoffusion.com/lists.cfm/link=i:4:216012 Archives: http://www.houseoffusion.com/cf_lists/threads.cfm/4 Subscription: http://www.houseoffusion.com/lists.cfm/link=s:4 Unsubscribe: http://www.houseoffusion.com/cf_lists/unsubscribe.cfm?user=11502.10531.4 Donations & Support: http://www.houseoffusion.com/tiny.cfm/54
