[BBLISA] PCI compliance and Linux AV, was Re: Desktop policies and UNIX-ish operating systems
Paul Beltrani
spamgrinder at gmail.com
Fri Jan 29 09:59:57 EST 2010
On Fri, Jan 29, 2010 at 7:07 AM, Tal Cohen <tcohen at sitespect.com> wrote:
> That would depend on what types of compliance you are trying to meet.
>
> For example, PCI compliance requires periodic virus scans be performed on systems that are prone to virus attacks. This pretty much excludes all MAC and *NIX systems.
>
...
In my experience, PCI compliance requires periodic virus scans, full stop.
It's almost laughable that we have to run AV on some of our Linux
servers. This isn't to say Linux isn't vulnerable to viruses and
malware. It's just there are few AV products for Linux and those that
do exist appear to be designed to scan for Microsoft Windows issues.
This makes sense when you consider many windows end users are served
by Linux based file and mail systems.
- Paul Beltrani
More information about the bblisa
mailing list