Andrew Having been through a few L1 Svc Provider audits myself I can tell you that the more that you to the absolute letter of "the law" the better. We went back and forth with their QA group on a variety of things that the following year I just said "ok, you want to be silly but that's how I'll pass? Fine." Is that the best practices? No.. But the order from $work was $payment_product must be compliant...WE put Sophos on all of the Linux boxen.
-rd > From: Andrew Prowant <[email protected]> > Date: Mon, 26 Apr 2010 01:37:12 -0400 > To: "[email protected]" <[email protected]> > Subject: Re: [lopsa-tech] PCI-DSS Compliance VS Virus Scanners on Unix/Linux > > On 4/25/10 11:22 PM, Tracy Reed wrote: >> This is a small requirement of the standard but major operational pain >> in the butt. Daily updates (at least) is the standard for antivirus >> definitions these days. Can you imagine somehow ferrying virus >> definition files into your private network which has no direct >> Internet access because PCI says your AIX machine needs antivirus? Who >> is going to sell you antivirus for AIX anyway? >> > While PCI may not specifically say that it requires anti-virus on > platform X, Y, or Z it is up to the QSA to make the final decision. The > QSA used at my previous company required without question that all > in-scope servers be running some form of anti-virus. Using a weekly > ClamAV scan was acceptable in this case. One server was configured to > download the updates and all in-scope servers downloaded updates from it. > > At my new $WORK, we are preparing for a Level 1 Service Provider audit > and thus have decided to install ClamAV everywhere in-scope. While most > know it is a complete waste of time, it should be one less thing that > needs done during remediation. > > F-Prot sells antivirus for AIX, FreeBSD, Linux, Solaris, etc. I'm not > sure how good it is but that was not your question. :-) > http://www.f-prot.com/products/corporate_users/ > > > _______________________________________________ > Tech mailing list > [email protected] > http://lopsa.org/cgi-bin/mailman/listinfo/tech > This list provided by the League of Professional System Administrators > http://lopsa.org/ This email and any attachments may contain confidential and proprietary information of Blackboard that is for the sole use of the intended recipient. If you are not the intended recipient, disclosure, copying, re-distribution or other use of any of this information is strictly prohibited. Please immediately notify the sender and delete this transmission if you received this email in error. _______________________________________________ Tech mailing list [email protected] http://lopsa.org/cgi-bin/mailman/listinfo/tech This list provided by the League of Professional System Administrators http://lopsa.org/
