Re: PCI / AV / Linux DB Servers

From: Radoulov, Dimitre <>
Date: Tue, 04 Feb 2014 10:35:20 +0100
Message-ID: <>

You may also check if PCI auditors would accept command line AV' that run on a scheduled basis (not in real-time).


On 04/02/2014 10:23, Justin Mungal wrote:
> AV on a properly secured Linux DB server, that is on a secured
> network, is not something I would suggest. But, there are some
> customers that want to run it. Sophos AV has not caused any major
> problems as long as all of the Oracle data directories are excluded
> from real-time scanning. As far as benefits, they seem quite
> questionable to me.
> On Fri, Jan 31, 2014 at 11:05 AM, Uzzell, Stephan <
> <>> wrote:
> Hi all,
> We're in a bit of an uncomfortable spot here... We're basically a
> Windows shop, our DB servers have internet access, and therefore
> our DB servers have AV software installed. We have periodically
> had to disable or even remove it on some of our larger database
> clusters as we have seen slow interconnect traffic with it enabled
> (Symantec Endpoint, mostly version 12 by this point). As soon as
> we remove Endpoint, interconnect ping times go back to where they
> should be and we move on.
> We've just started a process of converting to Linux -- supposedly
> we'll have all 240+ databases on on Linux by the end of
> the year. We had somewhat assumed along the way that we would not
> be using AV software on our Linux DB servers: lower risk, fewer
> Linux viruses, &c.
> Our PCI auditor doesn't seem to agree. To satisfy his
> requirements, we need some form our AV software installed. Or some
> other form of protection...
> So -- I guess my question is: people running production Linux
> environments -- what do you do? How do you protect your servers?
> Thanks!
> *Stephan Uzzell*

Received on Tue Feb 04 2014 - 10:35:20 CET

Original text of this message