+ 4 Votes A lot of 'it depends' robo_dev 3 years ago If a UNIX or Linux server is web server or is Internet-facing, than some sort of IDS and/or integrity verification would be a prudent measure. But if the server is adequately patched and hardened, and is behind a properly configured firewall, the last thing on earth it could get is a virus.But the PCI DSS 1,2 guidance does not exclude UNIX and even mainframes, so you do need to do what they say. The practical matter is that there simply is not a wide choice of AV for some platforms, like for Solaris, there's only one (CLAM).From a risk standpoint, does it need actual Linux AV software? If it is used to surf the Internet, maybe. But simple measures, such as not logging in as Root to do everything are just as effective. Malware is really just unapproved software, and it needs an entry point. In most cases, the only reason people use AV on Linux/UNIX systems so that they do not share or host infected Windows files, not to protect the server itself. So if my NFS server has a couple of gigabytes of user stuff on it, then you want to catch any bad stuff before it goes anywhere. But should ANY device used as part of the PCI process be used to surf the Internet? Heck No.