UCF STIG Viewer Logo

The system must update the virus scan program every seven days or more frequently.


Overview

Finding ID Version Rule ID IA Controls Severity
V-72215 RHEL-07-032010 SV-86839r2_rule Medium
Description
Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems. The virus scanning software should be configured to check for software and virus definition updates with a frequency no longer than seven days. If a manual process is required to update the virus scan software or definitions, it must be documented with the Information System Security Officer (ISSO).
STIG Date
Red Hat Enterprise Linux 7 Security Technical Implementation Guide 2017-12-14

Details

Check Text ( C-72449r2_chk )
Verify the system is using a virus scan program and the virus definition file is less than seven days old.

Check for the presence of "McAfee VirusScan Enterprise for Linux" with the following command:

# systemctl status nails
nails - service for McAfee VirusScan Enterprise for Linux
> Loaded: loaded /opt/NAI/package/McAfeeVSEForLinux/McAfeeVSEForLinux-2.0.2.; enabled)
> Active: active (running) since Mon 2015-09-27 04:11:22 UTC;21 min ago

If the "nails" service is not active, check for the presence of "clamav" on the system with the following command:

# systemctl status clamav-daemon.socket
systemctl status clamav-daemon.socket
clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.socket; enabled)
Active: active (running) since Mon 2015-01-12 09:32:59 UTC; 7min ago

If "McAfee VirusScan Enterprise for Linux" is active on the system, check the dates of the virus definition files with the following command:

# ls -al /opt/NAI/LinuxShield/engine/dat/*.dat


If the virus definition files have dates older than seven days from the current date, this is a finding.

If "clamav" is active on the system, check the dates of the virus database with the following commands:

# grep -I databasedirectory /etc/clamav.conf
DatabaseDirectory /var/lib/clamav

# ls -al /var/lib/clamav/*.cvd
-rwxr-xr-x 1 root root 149156 Mar 5 2011 daily.cvd

If the database file has a date older than seven days from the current date, this is a finding.
Fix Text (F-78569r2_fix)
Update the virus scan software and virus definition files.