The system must use and update a DoD-approved virus scan program.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-12765	GEN006640	SV-37760r2_rule		Medium

Description
Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems. The virus scanning software should be configured to perform scans dynamically on accessed files. If this capability is not available, the system must be configured to scan, at a minimum, all altered files on the system on a daily basis. If the system processes inbound SMTP mail, the virus scanner must be configured to scan all received mail.

Description

Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems. The virus scanning software should be configured to perform scans dynamically on accessed files. If this capability is not available, the system must be configured to scan, at a minimum, all altered files on the system on a daily basis. If the system processes inbound SMTP mail, the virus scanner must be configured to scan all received mail.

STIG	Date
Red Hat Enterprise Linux 5 Security Technical Implementation Guide	2017-03-01

Details

Check Text ( C-36956r2_chk )
Check for the existence of a cron job to execute a DoD-approved command-line scan tool daily. Other tools may be available but will have to be manually reviewed if they are installed. In addition, the definitions files should not be older than 7 days. Check if DoD-approved command-line scan tool is scheduled to run: # grep [scan tool] /var/spool/cron/* /etc/cron.d/* /etc/cron.daily/* /etc/cron.hourly/* /etc/cron.monthly/* /etc/cron.weekly/* If a virus scanner is not being run daily and an exception has not been documented with the IAO, this is a finding. Perform the following command to ensure the virus definition signature files are not older than 7 days. # cd # ls -la *.dat If the virus definitions are older than 7 days, this is a finding.

Check Text ( C-36956r2_chk )

Check for the existence of a cron job to execute a DoD-approved command-line scan tool daily. Other tools may be available but will have to be manually reviewed if they are installed. In addition, the definitions files should not be older than 7 days.

Check if DoD-approved command-line scan tool is scheduled to run:
# grep [scan tool] /var/spool/cron/* /etc/cron.d/* /etc/cron.daily/* /etc/cron.hourly/* /etc/cron.monthly/* /etc/cron.weekly/*

If a virus scanner is not being run daily and an exception has not been documented with the IAO, this is a finding.

Perform the following command to ensure the virus definition signature files are not older than 7 days.

# cd
# ls -la *.dat

If the virus definitions are older than 7 days, this is a finding.

Fix Text (F-32221r2_fix)
Install a DoD-approved command-line virus scan tool, or an appropriate alternative. Ensure the virus signature definition files are no older than 7 days. Configure the system to run a virus scan on altered files dynamically or daily. If daily scans impede operations, justify, document, and obtain IAO approval for alternate scheduling.