There was a discussion in our IT Security department about how to install McAfee on CoreOS servers. (For the uninitiated, CoreOS is a Linux distribution that comes without a package manager. It's intended as a base to run containers on, so you would deploy all software via container images.)

I remember someone suggesting to put McAfee into a fully isolated container that only exposes the port where it reports compliance, allowing it to scan itself to death all day long.

There are legitimate use cases for anti virus on Linux, for instance when running mail or file servers.

Aren't those scanning for Windows Viruses?

Some can be cross-platform JS exploits.