PCI Compliance Step 5 – Adding Automated Virus Scanning to Your Ubuntu Server

By Calvin Froedge | Published: November 1, 2011

Number 5 of the 12 PCI compliance steps in the SAQ D is to “Use and regularly update anti-virus software or programs.” We all know that this *really* isn’t needed – but it’s in the PCI compliance requirements – so here’s an easy way to do it.

Install ClamAV:

sudo apt-get install clamav

And then create a simple bash script that will run clam and send you an email with a summary of the scan:

#! /bin/bash
sudo clamscan -i -r / | sendmail calvinfroedge@gmail.com

The -i flag tells clam you only want to know which files are infected (if any), the -r is to recurse into directories. The pipe then sendmail is to put the output from the clamscan into an email and send it to you.

I’m using SendGrid as my email provider, and it’s easy as hell to integrate with Postfix. Here’s how:

http://docs.sendgrid.com/documentation/get-started/integrate/examples/postfix/

Finally, schedule this to happen each day (or whatever). Put this in your contab (sudo crontab -e):

01 04 * * * /bin/viruscheck

And that’s it! You’ve just fulfilled step 5 of PCI compliance = )

This entry was posted in PCI Compliance, Programming. Bookmark the permalink. Post a comment or leave a trackback: Trackback URL.

2 Comments

  1. Dan
    Posted December 7, 2011 at 2:43 am | Permalink

    Don’t forget to run freshclam every once in a while as well…

    Reply
    • Calvin Froedge
      Posted December 11, 2011 at 4:10 pm | Permalink

      Good point! I suppose this should be set up with it’s own task to ensure clam stays updated. Thanks!

      Reply

Post a Comment

Your email is never published nor shared. Required fields are marked *

*
*

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>