DTAVSEL-014 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when a virus or Trojan is detected.

Information

Malware may have infected a file that is necessary to the user. By configuring the anti-virus software to first attempt cleaning the infected file, availability to the file is not sacrificed. If a cleaning attempt is not successful, however, deleting the file is the only safe option to ensure the malware is not introduced onto the system or network.

Solution

From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

In the VSEL WEB Monitor, under 'Configure', select 'On-Access Settings'.
Under 'Anti-virus Actions', select 'Quarantine' from the second drop-down list for 'Actions for viruses and Trojans' if first action fails.

Click 'Apply'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VSEL_1-9_2-0_Y20M04_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.2., CAT|II, CCI|CCI-001243, Rule-ID|SV-77587r2_rule, STIG-ID|DTAVSEL-014, Vuln-ID|V-63097

Plugin: Unix

Control ID: 81f1c2892a2e5a945dc64404493988236143c12086c1f67f471b354f8f44a4bc