It's much easier to just install clamav and schedule a scan a few times a week than it is to argue about this. You're better off omitting the fact that clamav is not a real-time scanner. Chances are that the compliance people are just looking to check the box, so make it easy for them to do that.
While there may not be actual viruses that attack Unix systems, it's very likely that your Unix systems interact with Windows or OSX systems in some way. An AV scan will find any files that may have been uploaded by those clients, and help to prevent the spread to others. So there is at least something to be gained by doing it. If you truly have some very performance-dependent systems, like clusters of nodes running scientific calculations or high frequency stock trading systems, then it's worth fighting it. Otherwise, don't bother. Most of the arguments against this are perceived as "the difficult IT people are being difficult again", as opposed to any type of logic. This is a business issue, not a technical one, and business issues are not always ruled by logic. ❧ Brian Mathis On Sun, Feb 17, 2013 at 3:44 PM, [email protected] <[email protected]> wrote: > Hi. > > Would appreciate some views and comments here... > > We're being pressured by our "Risk and Compliance" group to install antivirus > on our Unix (Solaris and AIX) and Linux (Red Hat / Centos) servers. > Historically we've not installed AV software on these platforms because there > haven't been viruses to worry about. I'm not sure that has changed, but we > need a better argument than "There are no Unix/Linux viruses" apparently. > > So, I'd be interested in hearing if: > > a) you run AV software on your Unix/Linux servers > b) if not, have you had to argue it away? > c) if so, is this due to any external compliance issue? > > > We're not running servers under any external compliance (such as PCI), so > it's only internal policy we're dealing with. > > If you think I'm wrong and I should be running AV software, I'd appreciate > that feedback as well, although I'd be really interested in understanding why. > > Thanks for any comments! > Julian _______________________________________________ Discuss mailing list [email protected] https://lists.lopsa.org/cgi-bin/mailman/listinfo/discuss This list provided by the League of Professional System Administrators http://lopsa.org/
