Antivirus software on DNS Linux servers for PCI compliance

1146240 pts.
Tags:
Antivirus
DNS
Linux
PCI compliance
In a recent PCI DSS audit, we need to install antivirus software on our DNS servers that are running Linux. The servers weren't compromised but this was recommended. Should we go ahead and do this? If we should, which antivirus should we go with?
1

Answer Wiki

Thanks. We'll let you know when a new response is added.

If your DNS servers fall into PCI DSS scope, you may be forced to run AV on them.

Take look at following discussion thread:
http://serverfault.com/questions/643099/run-antivirus-software-on-linux-dns-servers-does-it-make-sense

Discuss This Question: 2  Replies

 
There was an error processing your information. Please try again later.
Thanks. We'll let you know when a new response is added.
Send me notifications when members answer or reply to this question.
  • Kevin Beaver
    Although many people claim that Linux is immune from viruses (in the same ways that Mac OS X is), it still needs to be protected in most situations. Some vendors that I have recommended in the past for Linux-based malware protection include AVG, Comodo, ESET, and Bitdefender.
    27,515 pointsBadges:
    report
  • TheRealRaven
    A Linux server used only for DNS is unlikely to have many virus problems, but any server should kept clean and AV software is one good defense. I run ClamAV on my Linux systems. You might prefer (or need) Sophos, ESET, Kaspersky, Avast or something else. It's difficult to say much without knowing more about everything you do with your server(s), how your network is used, your staff expertise, etc.

    Regardless, don't be misled by discussions claiming (relative) immunity of Linux to viruses. First, it's only 'relative' immunity, not absolute. Numerous threats bring trouble for Linux. Also, even if not for Linux per se, many apps that run on Linux have vulnerabilities that can be exploited, e.g., Apache web server, PHP, etc. Also, Linux servers can act as carriers for viruses that affect other systems in your network.

    In short, though the risks are significantly reduced, you can't let your Linux servers go unattended. Keep them clean.
    35,650 pointsBadges:
    report

Forgot Password

No problem! Submit your e-mail address below. We'll send you an e-mail containing your password.

Your password has been sent to:

To follow this tag...

There was an error processing your information. Please try again later.

Thanks! We'll email you when relevant content is added and updated.

Following

Share this item with your network: