Fairly obviously, one of the first items required by a SAS 70 audit was anti-virus software. Their requirements weren’t that strict. In our case, since our production environment for our SaaS application is in a completely separate network (this year’s audit is focusing solely on that network, we will likely extend the audit to our entire network next year), we just need to have anti-virus software running on all of the production servers that is configured to automatically update and scan files at predetermined intervals. The anti-virus software also needed alert someone in case a virus was found. However, the auditor suggested that we interpret that as using virus software that supported central reporting.
We had been using AVG for years because it had worked well enough for us and had a very reasonable price. It did support central management and it did have a version for linux (our environment is a mix of Linux and Windows machines). So we thought we were set on that. However, when we went to actually get the anti-virus running on the servers it was not already running on, we discovered that the centrally managed component of their software only worked for the Windows clients. The Linux clients would not talk to the central server at all. So off we went in search of a new anti-virus solution at a reasonable price.
We looked at several alternatives including Sophos. Sophos claimed to have all of this functionality but we had issues getting the Linux version to even work, let alone talk to the central server. They conveniently only supported very limited distributions with specific kernel versions and we were on more recent versions than that. After similar results from several other vendors, I finally stumbled across ESET. They have a very nice product. The Linux version is not TOTALLY tied into the central server, but it does at least send scan results and regular checks to the central server which is really all the audit was wanting. It also runs nice and fast and you can control just about every aspect of the application through the central server and have the controls on the client side nearly completely locked down. It was also very reasonably priced, which was definitely a bonus.