[CentOS] Antivirus for CentOS? (yuck!)

Thu Jan 22 02:10:14 UTC 2009
Les Bell <lesbell at lesbell.com.au>

Ian Forde <ian at duckland.org> wrote:

>>
Yep - on the wikipedia page you referenced, look in the "Requirements"
section, section 5.  It says: "Use and regularly update anti-virus
software on all systems commonly affected by malware"
<<

I doubt Amos's QSA is using Wikipedia as his reference, unfortunately. The
PCI DSS Ver 1.2 standard (of Oct. 2008 - get it from
https://www.pcisecuritystandards.org/security_standards/pci_dss_download.html)
 actually states:

5.1 Deploy anti-virus software on all
systems commonly affected by
malicious software (particularly personal
computers and servers).

but then goes on, under "Testing Procedures" to state:

5.1 For a sample of system components including all
operating system types commonly affected by malicious
software, verify that anti-virus software is deployed if
applicable anti-virus technology exists.

Unfortunately, both open-source and commercial anti-virus software that
will run on Centos do exist, which gives the assessor some wiggle-room.
Even worse, the Summary of Changes from 1.1 to 1.2 says:

Requirement & Testing Procedure: Clarified
requirement applies to all operating systems types
commonly affected by malicious software, if applicable
anti-virus technology exists.
Besides use of the term "anti-virus software", changed
the term "virus" to "malicious software".
Deleted note stating "Systems commonly affected by
viruses typically do not include UNIX-based operating
systems or mainframes."

That last sentence is a killer, unfortunately - it means they have been
tightening up on *ix systems. Looks like you could be in for a battle if
the QSA is an intransigent sort. You could argue that while anti-virus
programs do exist, their purpose is to detect infected files which could
harm connected Windows systems, and are therefore not applicable in your
specific case, particularly since you are using proprietary protocols and
not running Windows file-sharing software (e.g. Samba, FTP, etc.)

It really comes down to whether your Assessor is clueful, or a box-ticking
droid.

Best,

--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144
FreeWorldDialup: 800909