DTAVSEL-004 - The McAfee VirusScan Enterprise for Linux 1.9.x/2.0.x On-Access scanner must be configured to decompress archives when scanning.

Information

Malware can be hidden within archived files and passed from system to system undetected unless the archive is decompressed and each file scanned. By disabling the archive scanning capability, archives such as .tar and .tgz files will not be decompressed and any infected files in the archives would go undetected. Decompression can slow performance, however; any virus-infected file inside an archive cannot become active until it has been extracted. Recognizing the slow performance potential

Solution

From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

In the VSEL WEB Monitor, under 'Configure', select 'On-Access Settings'.
Under 'Anti-virus Scanning Options', select the 'Decompress archives' check box.
Click 'Apply'.

See Also

https://dl.dod.cyber.mil/wp-content/uploads/stigs/zip/U_McAfee_VSEL_1-9_2-0_Y20M04_STIG.zip

Item Details

Category: SYSTEM AND INFORMATION INTEGRITY

References: 800-53|SI-3c.2., CAT|II, CCI|CCI-001243, Rule-ID|SV-77567r1_rule, STIG-ID|DTAVSEL-004, Vuln-ID|V-63077

Plugin: Unix

Control ID: b6d54a5a27c53c25dcf338b63c220f7f5fcbedcd3b2e2ec2d61f1e64d48492b4