UCF STIG Viewer Logo

The McAfee MOVE AV SVM Settings policy must be configured to scan for Multipurpose Internet Mail Extensions (MIME)-encoded files.


Overview

Finding ID Version Rule ID IA Controls Severity
V-78501 MV45-SVM-200006 SV-93207r1_rule Medium
Description
MIME-encoded files can be crafted to hide a malicious payload. When the MIME-encoded file is presented to software that decodes the MIME encoded files, such as an email client, the malware is released. Scanning these files as part of the regularly scheduled scans tasks will mitigate this risk.
STIG Date
McAfee MOVE AV Agentless 4.5 Security Technical Implementation Guide 2017-12-01

Details

Check Text ( C-78063r3_chk )
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "SVM Settings".

Select each configured SVM Settings policy.

Click "Show Advanced".

Under "Scanning Options", verify "Enabled scanning for MIME-encoded files" check box is selected.

If "Enabled scanning for MIME-encoded files" is not selected, this is a finding.
Fix Text (F-85235r1_fix)
Access the McAfee ePO console.

Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list.

From the Category list, select "SVM Settings".

Select each configured SVM Settings policy.

Click "Show Advanced".

Under "Scanning Options", select the "Enabled scanning for MIME-encoded files" check box.

Click "Save".