[CentOS] Antivirus for CentOS? (yuck!)

Thu Jan 22 19:42:58 UTC 2009
David G. Miller <dave at davenjudy.org>

Amos Shapira <amos.shapira at gmail.com> wrote:

> Hi All,
>
> Yes, I know, it's really really embarrassing to have to ask but I'm
> being pushed to the wall with PCI DSS Compliance procedure
> (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
> we don't need to install an anti-virus or find an anti-virus to run on
> our CentOS 5 servers.
>
> Whatever I do - it needs to be convincing enough to make the PCI
> compliance guy tick the box.
>
> So:
>
> 1. Has anyone here gone though such a procedure and got good arguments
> against the need for anti-virus?
> 2. Alternatively - what linux anti-virus (oh, the shame of typing this
> word combination :() do you use which doesn't affect our systems
> performance too much.
>
> The reviewed servers run both Internet-facing web applications and
> internal systems, mostly using proprietary protocol for internal
> communications. They are being administrated remotely via IPSec VPN
> (and possibly in the future also OpenVPN).
>
> Thanks,
>
> --Amos
After reading all of the other replies (including the ones that pointed 
out that the PCI DSS requirement had changed the terminology from 
"virus" to "malware"), why not claim you are meeting the requirement by 
doing something useful like running chkrootkit or rkhunter on a regular 
basis?  That way you would be scanning the systems for the only malware 
known to actually pose a threat to a Linux box.  It may be a low 
probability of infection (as others have pointed out) but should satisfy 
the auditor and hopefully will just be a low cost exercise in futility 
as long as reasonable security policies are followed.

Cheers,
Dave

-- 
Politics, n. Strife of interests masquerading as a contest of principles.
-- Ambrose Bierce