UCF STIG Viewer Logo

The system must use a DoD-approved virus scan program.


Overview

Finding ID Version Rule ID IA Controls Severity
V-78005 UBTU-16-030900 SV-92701r1_rule High
Description
Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems. The virus scanning software should be configured to perform scans dynamically on accessed files. If this capability is not available, the system must be configured to scan, at a minimum, all altered files on the system on a daily basis. If the system processes inbound SMTP mail, the virus scanner must be configured to scan all received mail.
STIG Date
Canonical Ubuntu 16.04 Security Technical Implementation Guide 2020-05-29

Details

Check Text ( C-77597r1_chk )
Verify the system is using a DoD-approved virus scan program.


Check for the presence of "McAfee VirusScan Enterprise for Linux" with the following command:


# systemctl status nails

nails - service for McAfee VirusScan Enterprise for Linux

> Loaded: loaded /opt/NAI/package/McAfeeVSEForLinux/McAfeeVSEForLinux-2.0.2.; enabled)

> Active: active (running) since Mon 2015-09-27 04:11:22 UTC;21 min ago


If the "nails" service is not active, check for the presence of "clamav" on the system with the following command:


# systemctl status clamav-daemon.socket

systemctl status clamav-daemon.socket

clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon

Loaded: loaded (/lib/systemd/system/clamav-daemon.socket; enabled)

Active: active (running) since Mon 2015-01-12 09:32:59 UTC; 7min ago


If neither of these applications are loaded and active, ask the System Administrator if there is an antivirus package installed and active on the system.


If no antivirus scan program is active on the system, this is a finding.
Fix Text (F-84715r1_fix)
Install an approved DoD antivirus solution on the system.