[BBLISA] PCI compliance and Linux AV, was Re: Desktop policies and UNIX-ish operating systems
Tal Cohen
tcohen at sitespect.com
Fri Jan 29 11:59:23 EST 2010
Re-read the PCI DSS 1.2 standard, it only requires the virus scans for systems that are commonly prone to vulnerabilities.
:)
Tal
-----Original Message-----
From: bblisa-bounces at bblisa.org [mailto:bblisa-bounces at bblisa.org] On Behalf Of Paul Beltrani
Sent: Friday, January 29, 2010 10:00 AM
To: Tal Cohen
Cc: bblisa at bblisa.org
Subject: [BBLISA] PCI compliance and Linux AV, was Re: Desktop policies and UNIX-ish operating systems
On Fri, Jan 29, 2010 at 7:07 AM, Tal Cohen <tcohen at sitespect.com> wrote:
> That would depend on what types of compliance you are trying to meet.
>
> For example, PCI compliance requires periodic virus scans be performed on systems that are prone to virus attacks. This pretty much excludes all MAC and *NIX systems.
>
...
In my experience, PCI compliance requires periodic virus scans, full stop.
It's almost laughable that we have to run AV on some of our Linux
servers. This isn't to say Linux isn't vulnerable to viruses and
malware. It's just there are few AV products for Linux and those that
do exist appear to be designed to scan for Microsoft Windows issues.
This makes sense when you consider many windows end users are served
by Linux based file and mail systems.
- Paul Beltrani
_______________________________________________
bblisa mailing list
bblisa at bblisa.org
http://www.bblisa.org/mailman/listinfo/bblisa
More information about the bblisa
mailing list