DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - SMTP host

Information

Failure of anti-virus signature updates will eventually render the software to be useless in protecting the Linux system from malware. Administration notification for failed updates, via SMTP, will ensure timely remediation of errors causing DATs to not be updated.

Solution

From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

In the VSEL WEB Monitor, under 'Configure', 'Notifications', select the check box for 'Item Detected'.
Select check boxes for 'Viruses', 'Trojans', 'Programs', 'Jokes' and 'Include alerts for on-demand tasks'.
Select the check box for 'Out of date' and configure 'Alert for DAT files which are # days old' to '7' or less.
Select the check box for 'Configuration changes'.
Select the check box for 'System events'. Select check box for 'Type' and select 'Error' from drop-down list.
Select check box for 'Code' and configured with '3000-3999' in Code field.
Configure the SMTP Settings with valid email address(es) for System Administrators.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VSEL_1-9_2-0_Y20M04_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3b., CAT|II, CCI|CCI-001240, Rule-ID|SV-77633r2_rule, STIG-ID|DTAVSEL-205, Vuln-ID|V-63143

Plugin: Unix

Control ID: d0a14310a3ecbadcc66d1ac234344e37da0a37176677a2f58ce72517c1c093a5