The system must use a DoD-approved virus scan program.

Overview

Finding ID	Version	Rule ID	IA Controls	Severity
V-72213	RHEL-07-032000	SV-86837r1_rule		High

Description
Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems. The virus scanning software should be configured to perform scans dynamically on accessed files. If this capability is not available, the system must be configured to scan, at a minimum, all altered files on the system on a daily basis. If the system processes inbound SMTP mail, the virus scanner must be configured to scan all received mail.

Description

Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems. The virus scanning software should be configured to perform scans dynamically on accessed files. If this capability is not available, the system must be configured to scan, at a minimum, all altered files on the system on a daily basis. If the system processes inbound SMTP mail, the virus scanner must be configured to scan all received mail.

STIG	Date
Red Hat Enterprise Linux 7 Security Technical Implementation Guide	2017-07-08

Details

Check Text ( C-72447r1_chk )
Verify the system is using a DoD-approved virus scan program. Check for the presence of "McAfee VirusScan Enterprise for Linux" with the following command: # systemctl status nails nails - service for McAfee VirusScan Enterprise for Linux > Loaded: loaded /opt/NAI/package/McAfeeVSEForLinux/McAfeeVSEForLinux-2.0.2.; enabled) > Active: active (running) since Mon 2015-09-27 04:11:22 UTC;21 min ago If the "nails" service is not active, check for the presence of "clamav" on the system with the following command: # systemctl status clamav-daemon.socket systemctl status clamav-daemon.socket clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon Loaded: loaded (/lib/systemd/system/clamav-daemon.socket; enabled) Active: active (running) since Mon 2015-01-12 09:32:59 UTC; 7min ago If neither of these applications are loaded and active, ask the System Administrator if there is an antivirus package installed and active on the system. If no antivirus scan program is active on the system, this is a finding.

Check Text ( C-72447r1_chk )

Verify the system is using a DoD-approved virus scan program.

Check for the presence of "McAfee VirusScan Enterprise for Linux" with the following command:

# systemctl status nails
nails - service for McAfee VirusScan Enterprise for Linux
> Loaded: loaded /opt/NAI/package/McAfeeVSEForLinux/McAfeeVSEForLinux-2.0.2.; enabled)
> Active: active (running) since Mon 2015-09-27 04:11:22 UTC;21 min ago

If the "nails" service is not active, check for the presence of "clamav" on the system with the following command:

# systemctl status clamav-daemon.socket
systemctl status clamav-daemon.socket
clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.socket; enabled)
Active: active (running) since Mon 2015-01-12 09:32:59 UTC; 7min ago

If neither of these applications are loaded and active, ask the System Administrator if there is an antivirus package installed and active on the system.

If no antivirus scan program is active on the system, this is a finding.

Fix Text (F-78567r1_fix)
Install an approved DoD antivirus solution on the system.