UCF STIG Viewer Logo

The McAfee MOVE AV [Multi-Platform] Offload Scan Server General policy Scan Settings must be configured to scan for MIME-encoded files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-42976 AV-MOVE-OSS-009 SV-55705r1_rule Medium
Description
Multipurpose Internet Mail Extensions (MIME) encoded files can be crafted to hide a malicious payload. When the MIME encoded file is presented to software that decodes the MIME encoded files, such as an email client, the malware is released. Scanning these files as part of the regularly scheduled scans tasks will mitigate this risk.
STIG Date
McAfee MOVE 2.6/3.6.1 Multi-Platform OSS STIG 2016-04-05

Details

Check Text ( C-49152r1_chk )
From the ePO server console System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties, select Actions, select Agent, and select Modify Policies on a Single System.

From the product drop-down list, select MOVE AV [Multi-Platform] Offload Scan Server 2.x.x. Click on the MOVE AV [Multi-Platform] Offload Scan Server policy to open the properties.

On the Scan Settings tab, ensure the "Scan MIME files:" "Enable scanning for MIME-encoded files." check box is selected.

If the "Enable scanning for MIME-encoded files." check box is not selected, this is a finding.

On the system designated as the McAfee MOVE Offload Scan Server, access a cmd window, running as administrator.
Navigate to the path to which the McAfee MOVE AV Server software has been installed (default is C:\Program Files (x86)\McAfee\MOVE AV Server).

Execute the following command:
mvadm config show

From the displayed configuration, ensure the "ScanMIMEFiles" value is set to 1.
If the "ScanMIMEFiles" is set to 0, this is a finding.
Fix Text (F-48556r1_fix)
From the ePO server console System Tree, select the Systems tab, find and click on the asset representing the McAfee MOVE Offload Scan Server to open its properties, select Actions, select Agent, and select Modify Policies on a Single System.

From the product drop-down list, select MOVE AV [Multi-Platform] Offload Scan Server 2.x.x. Click on the MOVE AV [Multi-Platform] Offload Scan Server policy to open the properties.

On the Scan Settings tab, place a check in the "Scan MIME files: Enable scanning for MIME-encoded files." check box.

Click Save.