> Yes, I know, it's really really embarrassing to have to ask but I'm > being pushed to the wall with PCI DSS Compliance procedure > (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why > we don't need to install an anti-virus or find an anti-virus to run on > our CentOS 5 servers. > Whatever I do - it needs to be convincing enough to make the PCI > compliance guy tick the box. > 1. Has anyone here gone though such a procedure and got good arguments > against the need for anti-virus? There is no good argument against running malware detection on any sever. > 2. Alternatively - what linux anti-virus (oh, the shame of typing this > word combination :() do you use which doesn't affect our systems > performance too much. CLAMAV works well. > The reviewed servers run both Internet-facing web applications and > internal systems, mostly using proprietary protocol for internal > communications. They are being administrated remotely via IPSec VPN > (and possibly in the future also OpenVPN).