breaking news

McAfee Virus Scan Enterprise for Linux

May 31st, 2016 | by Shree H. Niraula
McAfee Virus Scan  Enterprise for Linux
Information
0

Even with all the protections afforded by the network, including firewalls, edge routers, and other protective devices, it is still important that malware protection be implemented at the host level.  Virus scanning software can help detect and eliminate the threat so that the network, servers, and most importantly the data is safeguarded from maleficent activity.

Software Requirements

To meet the prerequisites of the McAfee software check that the following packages are installed or install them per standard RPM management.  For Oracle Linux (or Redhat) 6 Update 6, the following package are required to be installed, including all dependencies, if they are not already present.

# yum install unzip
# yum install httpd
# yum install ed
# yum install kernel-devel
# yum install pam
# yum install libgcc
# yum install pam.i686
# yum install libgcc.i686

To verify that the required packages are installed, use the “rpm -qa” command to validate that each is present.

 

Install Software:

Once you download and stage the McAfee software to the server, it will need to be unzipped and installed per the documentation.  This is a two stage process.  The first stage installs the McAfee Runtime and McAfee Agent.  The second installs VirusScan for Linux Enterprise.  The following tasks highlight the steps taken to perform these actions.  Once the RPM packages are installed, check the status to ensure the processes are running.

From the terminal, go to the temporary directory and execute the following commands:

# tar ‑zxvf McAfeeVSEForLinux‑1.9.0.<build number>‑release.tar.gz
# tar ‑zxvf McAfeeVSEForLinux‑1.9.0.<build number>‑others.tar.gz

Install the McAfee Runtime and Agent packages:

# rpm ‑ivh MFErt.i686.rpm
# rpm ‑ivh MFEcma.i686.rpm

The following command will validate that the McAfee Runtime and Agent are running correctly:

# /etc/init.d/cma status

Install VirusScan Enterprise for Linux software, accepting the default values or specifying your own custom values.  When prompted to start the VirusScan services, select the default option “Y”.

# bash McAfeeVSEForLinux‑1.9.0.<build number>‑installer

Confirm that VirusScan Enterprise for Linux is running correctly:

# /etc/init.d/nails status

 Configure Monitoring

Open the URL of the McAfee VSE website (https://localhost:55433) and log is using the credentials specified during the install for the “nails” user.  The following screenshots document that steps to set up an initial on-demand scan.  This can be set to run immediately or scheduled to run on some interval in the future.  The job can also be modified to make scheduling changes as well.

The following slide is the first step in setting up an On-Demand Scan of the system.  Here you select the date and time, or immediate, that the scan should run.

Shree Niraula -VSEL

Shree Niraula -VSEL

The next slide allows the administrator to select which paths are to be scanned.  Add all the volumes that are to be included by adding additional paths.

Shree Niraula host summary 02

Shree Niraula host summary 02

Shree Niraula VSEL-03

Shree Niraula VSEL-03

This slide dictates the scan options for this job.  The directory to be used to quarantine objects that cannot be cleaned is defined.  The default was utilized and will not be changed so that it remains consistent moving forward.  Any paths to be ignored while scanning are also indicated on this screen.

Shree Niraula VSEL-04

Shree Niraula VSEL-04

 

The name of the job is defined on this screen.  You can accept the default or enter a custom job name.

Shree Niraula VSEL-05

Shree Niraula VSEL-05

The final screen shows the job after it is successfully submitted.  Clicking on the job name will take you

Shree Niraula VSEL-06

Shree Niraula VSEL-06

Test Virus Detection and Handling:

To validate that the McAfee VSE software successfully detects and handles a virus on your Linux server, use a test virus file that is known to McAfee.  The goal is to prove that the VSE software detects the test file and appropriately moves it to the quarantine directory.

Shree Niraula VSEL-07

Shree Niraula VSEL-07

 

Issues Encountered:

Overall the process to install and configure McAfee VSE was straightforward with one exception.  Even though Oracle Linux 6, Update 6 is supported I have been unable to find a way to make on-access scanning work.  From the documentation Ubuntu Linux with the 3.8.xx kernel does not support on-access scanning, but the documentation does not indicate that this would be the same for Oracle Linux running this kernel.  The other issue encountered has been the configuration of email notification.  When attempting to configure the SMTP settings for Office 365, accepting the changes prompts an error code 25, unable to attach to kernel.  These two issues are being investigated and will be updated accordingly when resolved.

Conclusion:

Now that we have successfully installed, configured, and tested the McAfee Virus Scan Enterprise for Linux software, we are better prepared to handle malware attacks on our system.  This is only one part of an overall defensive posture to protect assets, but clearly is an important one.

 

Share This