Was this supposed to be moderated Funny?
If you focus on the high-level requirements, it is certainly easy to take them out of context.
Quoted from the PCI document , "Malicious software, commonly referred to as âoemalwareââ"including viruses, worms, and Trojansâ"enters the network during many business approved activities including employeesâ(TM) e-mail and use of the Internet, mobile computers, and storage devices, resulting in the exploitation of system vulnerabilities. Anti-virus software must be used on all systems commonly affected by malware to protect systems from current and evolving malicious software threats."
Is Linux commonly affected by malware? No auditor is going to expect UNIX servers to have anti-virus software installed.
Item 6, "Ha!"
PCI is fantastic. It allows IT departments leverage to implement sometimes costly best practices that companies prefer to consider cost centers.
I'm still hoping you're just trying to be funny.
If you can't get your work done in the first 24 hours, work nights.