[CentOS] Antivirus for CentOS? (yuck!)

Thu Jan 22 07:05:32 UTC 2009
Les Bell <lesbell at lesbell.com.au>

Ian Forde <ian at duckland.org> wrote:

>>
That depends upon how you define malware detection.  Antivirus software
for Linux typically scans for Windows viruses and malware.  On the other
hand, if you're talking about detection in the sense of Tripwire, or a
cron job that runs a 'rpm -V' every night, I completely agree that this
is something that should be done.
<<

Bingo. The changes made in PCI DSS v 1.2 broaden the scope of section 5
from "viruses" to "malicious software". This covers viruses, worms,
trojans, spyware, rootkits, etc. Use of AIDE or Open-Source Tripwire, with
a carefully set up policy, should meet the requirements. I would write an
"explanation of non-applicability" that states that CentOS is at low risk
of infection by viruses and only slightly higher risk of infection by
worms, and that implementation of a host filesystem integrity verification
system (or host intrusion detection system) provides an appropriate control
to alert administrators to unauthorised changes of any kind on the system.
Add appropriate verbiage about SELinux, etc. if appropriate. I'd say that
should get the job done.

Best,

--- Les Bell
[http://www.lesbell.com.au]
Tel: +61 2 9451 1144
FreeWorldDialup: 800909