UCF STIG Viewer Logo
Changes are coming to https://stigviewer.com. Take our survey to help us understand your usage and how we can better serve you in the future.
Take Survey

The system must use and update a DoD-approved virus scan program.


Overview

Finding ID Version Rule ID IA Controls Severity
V-50873 OL6-00-000284 SV-65079r1_rule High
Description
Virus scanning software can be used to detect if a system has been compromised by computer viruses, as well as to limit their spread to other systems.
STIG Date
Oracle Linux 6 Security Technical Implementation Guide 2014-06-12

Details

Check Text ( C-53345r1_chk )
Inspect the system for a cron job or system service which executes a virus scanning tool regularly.
To verify the McAfee command line scan tool (uvscan) is scheduled for regular execution, run the following command to check for a cron job:

# grep uvscan /etc/cron* /var/spool/cron/*

This will reveal if and when the uvscan program will be run.
To check on the age of uvscan virus definition files, run the following command:

# cd /usr/local/uvscan
# ls -la avvscan.dat avvnames.dat avvclean.dat

The uvscan virus definitions should not be older than seven days.

If virus scanning software does not run daily, or has signatures that are out of date, this is a finding.
Fix Text (F-55667r1_fix)
Install virus scanning software, which uses signatures to search for the presence of viruses on the filesystem. The McAfee uvscan virus scanning tool is provided for DoD systems. Ensure virus definition files are no older than 7 days, or their last release. Configure the virus scanning software to perform scans dynamically on all accessed files. If this is not possible, configure the system to scan all altered files on the system on a daily basis. If the system processes inbound SMTP mail, configure the virus scanner to scan all received mail.