On Mon, Mar 01, 2010 at 05:09:06PM -0600, Justin Ellison spake thusly: > We were recently informed that even though it's borderline impossible for > our Solaris and Linux servers to become infected with a virus (trojan maybe, > but not many "virus" scanners look for those anyway), in order to satisfy > PCI-DSS we have to do it.
Nonononono..... PCI-DSS https://www.pcisecuritystandards.org/security_standards/download.html?id=pci_dss_v1-2.pdf says: 5.1 Deploy anti-virus software on all systems commonly affected by malicious software (particularly personal computers and servers). "commonly affected". As you point out, Linux/Solaris isn't. Check with your QSA but we aren't required to run antivirus on Linux/Solaris. -- Tracy Reed http://tracyreed.org
pgpzFeKyF6Eur.pgp
Description: PGP signature
_______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
