Finding ID | Version | Rule ID | IA Controls | Severity |
---|---|---|---|---|
V-12765 | GEN006640 | SV-28461r1_rule | ECVP-1 | Medium |
Description |
---|
Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems. Virus scanning software is available to DoD on the JTF-GNO web site. The virus scanning software should be configured to perform scans dynamically on accessed files. If this capability is not available, the system must be configured to scan, at a minimum, all altered files on the system on a daily basis. If the system processes inbound SMTP mail, the virus scanner must be configured to scan all received mail. |
STIG | Date |
---|---|
Solaris 10 SPARC Security Technical Implementation Guide | 2014-07-09 |
Check Text ( C-28787r1_chk ) |
---|
Check for the existence of the McAfee command line scan tool to be executed daily in the cron file. Additional tools specific for each operating system are also available and will have to be manually reviewed if installed. In addition, the definitions file should not be older than 14 days. Check if uvscan is scheduled to run. # grep uvscan /var/spool/cron/crontabs/* Perform the following command to ensure the virus definition signature files are not older than 14 days. # ls -la clean.dat names.dat scan.dat If a virus scanner is not being run daily or the virus definitions are older than 14 days, this is a finding. |
Fix Text (F-12286r2_fix) |
---|
Install McAfee command line virus scan tool, or an appropriate alternative from https://www.jtfgno.mil. Ensure the virus signature definition files are no older than 14 days. Updates are also available from https://www.jtfgno.mil. Ensure the command line virus scan tool is run on a regular basis using a utility, such as cron. |