DTAVSEL-103 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown macro viruses.

Information

Interpreted viruses are executed by an application. Within this subcategory, macro viruses take advantage of the capabilities of applications' macro programming language to infect application documents and document templates, while scripting viruses infect scripts that are understood by scripting languages processed by services on the OS. Many attackers use toolkits containing several different types of utilities and scripts that can be used to probe and attack hosts. Scanning for unknown macro viruses will mitigate zero-day attacks.

Solution

From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

In the VSEL WEB Monitor, review tasks under 'View', 'Scheduled Tasks'.
With the System Administrator's assistance, determine which task is intended as the regularly scheduled scan task.
Click on the task, and then click 'Modify'.
Under '2. What to Scan', click 'Next'.
Under '3. Choose Scan Settings', 'Anti-virus Scanning Options', select the 'Perform macro analysis' check box, click 'Next', and then click 'Finish'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VSEL_1-9_2-0_Y20M04_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.1., CAT|II, CCI|CCI-001241, Rule-ID|SV-77605r1_rule, STIG-ID|DTAVSEL-103, Vuln-ID|V-63115

Plugin: Unix

Control ID: d5ab012c6886b07ea32c6eac8b0a433e39cbf9335923d32754078fd48f534327