McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6

Audit Details

Name: McAfee Virus Scan Enterprise for Linux 1.9x/2.0x Local Client v1r6

Updated: 4/25/2022

Authority: DISA STIG

Plugin: Unix

Revision: 1.4

Estimated Item Count: 50

File Details

Filename: DISA_STIG_McAfee_VSEL_1.9.x_2.0.x_Local_Client_v1r6.audit

Size: 107 kB

MD5: a3704b458d5aa16111624a5f41b7fb90
SHA256: c9120a4fa188c66ebd4f2ffad03d2c525d8587398cea2c70a6bf02ab868cb602

Audit Items

DescriptionCategories
DTAVSEL-000 - The McAfee VirusScan Enterprise for Linux Web interface must be disabled unless the system is on a segregated network.

CONFIGURATION MANAGEMENT

DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvclean.dat

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvnames.dat

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-001 - The anti-virus signature file age must not exceed 7 days - avvscan.dat

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-002 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to receive automatic updates.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-003 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to enable On-Access scanning.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-004 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to decompress archives when scanning.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-005 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown program viruses.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-006 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find unknown macro viruses.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-007 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to find potentially unwanted programs.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-008 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being written to disk.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-009 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan files when being read from disk.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-010 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to scan all file types.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - default.scanMaxTmo

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-011 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner maximum scan time must not be less than 45 seconds - scanMaxTmo

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-012 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must only be configured with exclusions that are documented and approved by the ISSO/ISSM/AO.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-013 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when a virus or Trojan is detected.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-014 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when a virus or Trojan is detected.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-015 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Clean as first action when programs and jokes are found.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-016 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to Quarantine if first action fails when programs and jokes are found.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-017 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to deny access to the file if an error occurs during scanning.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-018 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to allow access to files if scanning times out.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-019 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be enabled to scan mounted volumes when mounted volumes point to a network server without an anti-virus solution installed.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-100 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must be configured to run a scheduled On-Demand scan at least once a week.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-101 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decompress archives when scanning.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-102 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown program viruses.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-103 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find unknown macro viruses.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-104 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to find potentially unwanted programs.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-105 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to scan all file types.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-106 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Clean infected files automatically as first action when a virus or Trojan is detected.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-107 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Move infected files to the quarantine directory if first action fails when a virus or Trojan is detected.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-108 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must only be configured with exclusions that are documented and approved by the ISSO/ISSM/AO.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-110 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Clean infected files automatically as first action when programs and jokes are found.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-111 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to Move infected files to the quarantine directory if first action fails when programs and jokes are found.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-112 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to decode MIME encoded files.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-113 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Demand scanner must be configured to include all local drives and their sub-directories.

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-200 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x must scan all media used for system maintenance prior to use.

MAINTENANCE

DTAVSEL-201 - The McAfee VirusScan Enterprise must be configured to receive all patches, service packs and updates from a DoD-managed source.

CONFIGURATION MANAGEMENT

DTAVSEL-202 - The nails user and nailsgroup group must be restricted to the least privilege access required for the intended role - group

ACCESS CONTROL

DTAVSEL-202 - The nails user and nailsgroup group must be restricted to the least privilege access required for the intended role - user

ACCESS CONTROL

DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - includeOdsTasks

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - jokesAlert

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - programsAlert

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - SMTP host

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - SMTP port

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - SMTP recipients

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - SMTP sender

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - trojansAlert

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-205 - A notification mechanism or process must be in place to notify Administrators of out of date DAT, detected malware and error codes - VirusDetected

SYSTEM AND INFORMATION INTEGRITY

DTAVSEL-301 - Access to the McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x Web UI must be enforced by firewall rules.

CONFIGURATION MANAGEMENT