Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-63115 | DTAVSEL-103 | SV-77605r1_rule | Medium |
Description |
---|
Interpreted viruses are executed by an application. Within this subcategory, macro viruses take advantage of the capabilities of applications' macro programming language to infect application documents and document templates, while scripting viruses infect scripts that are understood by scripting languages processed by services on the OS. Many attackers use toolkits containing several different types of utilities and scripts that can be used to probe and attack hosts. Scanning for unknown macro viruses will mitigate zero-day attacks. |
STIG | Date |
---|---|
McAfee VSEL 1.9/2.0 Local Client Security Technical Implementation Guide | 2015-11-30 |
Check Text ( C-63867r1_chk ) |
---|
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account. In the VSEL WEB Monitor, review tasks under "View", "Scheduled Tasks". With the System Administrator's assistance, determine which task is intended as the regularly scheduled scan task. Click on the task, and then click "Modify". Under "2. What to Scan", click "Next". Under "3. Choose Scan Settings", "Anti-virus Scanning Options", verify the "Perform macro analysis" check box has been selected. If the "Perform macro analysis" check box has not been selected, this is a finding. To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection. At the command line, navigate to /var/opt/NAI/LinuxShield/etc. Enter the command "grep "ODS.macroAnalysis" ods.cfg" If the response given for "nailsd.profile.ODS.macroAnalysis" is not "true", this is a finding. |
Fix Text (F-69033r1_fix) |
---|
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account. In the VSEL WEB Monitor, review tasks under "View", "Scheduled Tasks". With the System Administrator's assistance, determine which task is intended as the regularly scheduled scan task. Click on the task, and then click "Modify". Under "2. What to Scan", click "Next". Under "3. Choose Scan Settings", "Anti-virus Scanning Options", select the "Perform macro analysis" check box, click "Next", and then click "Finish". |