DTAVSEL-108 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must only be configured with exclusions that are documented and approved by the ISSO/ISSM/AO.

Information

When scanning for malware, excluding specific files will increase the risk of a malware-infected file going undetected. By configuring anti-virus software without any exclusions, the scanner has a higher success rate at detecting and eradicating malware.

NOTE: Nessus has not performed this check. Please review the benchmark to ensure target compliance.

Solution

From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

In the VSEL WEB Monitor, review tasks under 'View', 'Scheduled Tasks'.
With the System Administrator's assistance, determine which task is intended as the regularly scheduled scan task.
Click on the task, and then click 'Modify'.
Under '2. What to Scan', click 'Next'.
Under '3. Choose Scan Settings', 'Paths Excluded From Scanning', removed all unauthorized excluded paths, click 'Next, and then click 'Finish'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VSEL_1-9_2-0_Y20M04_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.1., CAT|II, CCI|CCI-001241, Rule-ID|SV-77615r1_rule, STIG-ID|DTAVSEL-108, Vuln-ID|V-63125

Plugin: Unix

Control ID: 5a728bc7efe4cb18b318744a6be6c87cb3034a16e999a5825584febc8761aff2