DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning.

Information

For anti-virus software to be effective, it must be running at all times, beginning from the point of the system's initial startup. Otherwise, the risk is greater for viruses, Trojans, and other malware infecting the system during that startup phase.

Solution

From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

In the VSEL WEB Monitor, under 'Configure', select 'On-Access Settings'.
Under 'Anti-virus Scanning Options', select the 'Enable On-Access scanning' check box.
In the 'Quarantine directory' field, populate with '/quarantine' (or another valid location as determined by the organization).
Click 'Apply'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VSEL_1-9_2-0_Y20M04_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.2., CAT|I, CCI|CCI-001243, Rule-ID|SV-77565r1_rule, STIG-ID|DTAVSEL-003, Vuln-ID|V-63075

Plugin: Unix

Control ID: 0ca60e0bffb9d7a91d6b8ada55b38a9efea0a19a61374e0603f3b13c71be30dd