UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

SMTP email notification must be enabled to ensure administrators are notified of out of date DAT, detected malware and error codes.


Overview

Finding ID Version Rule ID IA Controls Severity
V-63143 DTAVSEL-205 SV-77633r1_rule Medium
Description
Failure of anti-virus signature updates will eventually render the software to be useless in protecting the Linux system from malware. Administration notification for failed updates, via SMTP, will ensure timely remediation of errors causing DATs to not be updated.
STIG Date
McAfee VSEL 1.9/2.0 Local Client Security Technical Implementation Guide 2015-11-30

Details

Check Text ( C-63895r1_chk )
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

In the VSEL WEB Monitor, review tasks under "Configure", "Notifications".
Review the configured Notifications.
Verify the check box for "Item Detected" is selected. Verify check boxes for "Viruses", "Trojans", "Programs", "Jokes" and "Include alerts for on-demand tasks" are selected.
Verify the check box for "Out of date" is selected and "Alert for DAT files which are # days old" is configured to "7" or less.
Verify the check box for "Configuration changes" is selected.
Verify the check box for "System events" is selected. Verify check box for "Type" is selected and "Error" is selected from drop-down list.
Verify check box for "Code" is selected and "3000-3999" is entered in Code field.
Verify SMTP Settings are configured with valid email address(es) for System Administrators.

If the SMTP settings are not configured to send notifications to System Administrators, this is a finding.

To validate without the Web interface, access the Linux system being reviewed, either at the console or by a SSH connection.
At the command line, navigate to /var/opt/NAI/LinuxShield/etc.
Enter the command "grep "notifications.virusDetected.active" nailsd.cfg"

If the response given for "notifications.virusDetected.active" is not "true", this is a finding.
Fix Text (F-69061r1_fix)
From a desktop browser window, connect to the McAfee VirusScan Enterprise for Linux (VSEL) Monitor (WEB interface) of the Linux system being reviewed and logon with the nails user account.

In the VSEL WEB Monitor, under "Configure", "Notifications", select the check box for "Item Detected".
Select check boxes for "Viruses", "Trojans", "Programs", "Jokes" and "Include alerts for on-demand tasks".
Select the check box for "Out of date" and configure "Alert for DAT files which are # days old" to "7" or less.
Select the check box for "Configuration changes".
Select the check box for "System events". Select check box for "Type" and select "Error" from drop-down list.
Select check box for "Code" and configured with "3000-3999" in Code field.
Configure the SMTP Settings with valid email address(es) for System Administrators.