[CentOS] Antivirus for CentOS? (yuck!)

Thu Jan 22 05:55:58 UTC 2009
Ian Forde <ian at duckland.org>

On Wed, 2009-01-21 at 21:06 -0500, Adam Tauno Williams wrote:
> > Yes, I know, it's really really embarrassing to have to ask but I'm
> > being pushed to the wall with PCI DSS Compliance procedure
> > (http://en.wikipedia.org/wiki/PCI_DSS) and have to either justify why
> > we don't need to install an anti-virus or find an anti-virus to run on
> > our CentOS 5 servers.
> > Whatever I do - it needs to be convincing enough to make the PCI
> > compliance guy tick the box.
> > 1. Has anyone here gone though such a procedure and got good arguments
> > against the need for anti-virus?
> There is no good argument against running malware detection on any
> sever.

That depends upon how you define malware detection.  Antivirus software
for Linux typically scans for Windows viruses and malware.  On the other
hand, if you're talking about detection in the sense of Tripwire, or a
cron job that runs a 'rpm -V' every night, I completely agree that this
is something that should be done.

> CLAMAV works well.

For detecting Windows malware, which isn't really the point...