DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - default.scanMaxTmo

Information

When anti-virus software is not configured to limit the amount of time spent trying to scan a file, the total effectiveness of the anti-virus software, and performance on the system being scanned, will be degraded. By limiting the amount of time the anti-virus software uses when scanning a file, the scan will be able to complete in a timely manner.

Although the description of this requirement indicates a 'maximum scan time', the intent of this requirement is to explicitly set a maximum scan time without impacting the effectiveness of the scan. Left unconfigured, the scan could run indefinitely on one file. If configured with a value of less than 45 seconds, the scanning of some files will be skipped. If configured with 45 or more seconds, the success rate of files being completely scanned is higher.

Solution

From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

In the VSEL WEB Monitor, under 'Configure', select 'On-Access Settings'.
Under 'Anti-virus Scanning Options', configure the 'Maximum scan time (seconds)' with at least '45' or more seconds.

Click 'Apply'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VSEL_1-9_2-0_Y20M04_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.2., CAT|II, CCI|CCI-001243, Rule-ID|SV-77581r1_rule, STIG-ID|DTAVSEL-011, Vuln-ID|V-63091

Plugin: Unix

Control ID: 30f3aef2edb311306249c755d48a8d294a789307bfb3f44888f46f465a90fb1f