1.9.0 mcafee virusscan enterprise for linux mcafee virusscan enterprise for linux 1.9.0 best ... •...

Best Practices Guide

McAfee VirusScan Enterprise for Linux1.9.0

COPYRIGHTCopyright © 2013 McAfee, Inc. Do not copy without permission.

TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore, Foundstone, PolicyLab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total Protection, TrustedSource,VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Othernames and brands may be claimed as the property of others.

Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee VirusScan Enterprise for Linux 1.9.0 Best Practices Guide

http://mcafee.com

Contents

1 Introduction 5Product Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5What’s new in this release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

2 Hardware and software requirements 9

3 Pre-installation instructions 11Standalone machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Managed using ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . . . . . . . . 11

4 Post-installation instructions 13Standalone machine . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

Testing On-access scanning . . . . . . . . . . . . . . . . . . . . . . . . . . 13Testing On-demand scanning . . . . . . . . . . . . . . . . . . . . . . . . . . 14

Managed using ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . . . . . . . . 14Testing On-demand scanning . . . . . . . . . . . . . . . . . . . . . . . . . . 14Details of managed nodes . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Configuring policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14Default Queries . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15

5 Product Configurations 17Scanning policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

On-access policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17On-demand policy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18

On-demand scanning . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Anti-virus exclusions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 18Recovering quarantined items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19Third-party software coexistence . . . . . . . . . . . . . . . . . . . . . . . . . . . 20

6 Tips and Tricks 21

7 KnowledgeBase articles 23

Index 25

McAfee VirusScan Enterprise for Linux 1.9.0 Best Practices Guide 3

Contents


1 Introduction

McAfee VirusScan Enterprise for Linux delivers always on, real-time anti-virus protection for Linuxenvironments. Its unique, Linux-based on-access scanner constantly monitors the system for potentialattacks.

McAfee VirusScan Enterprise for Linux protects the Linux servers and desktops from viruses, Trojanhorses, potentially unwanted programs, and other malware.

Contents Product Features What’s new in this release

Product FeaturesThis section describes the product features for the McAfee VirusScan Enterprise for Linux software.

McAfee VirusScan Enterprise for Linux software has these features:

• Support for Amazon EC2 Linux machines (2.6.x kernels)

• Support for Novell Cluster Services

• Support for Corosync OCFS2 File System Cluster

• Runtime kernel module support (RKMS)

McAfee VirusScan Enterprise for Linux Kernel modules will be created dynamically in case of amod-version failure. To manually compile the kernel module, refer Frequently asked questions —Runtime kernel module support in the Product Guide.

• Support for 64-bit AMD64/Intel EM64T operating systems.

• The latest version (5600) of the McAfee anti-virus engine.

• Incremental Virus Signature (DAT) updates.

• Mod-versioning for automatic kernel support.

• Regular expression based exclusions for On-access scan and On-demand scan from the userinterface.

• Scanning• Comprehensive on-access anti-virus scanning and cleaning using the McAfee scanning engine.

• On-access scanning for local file systems, NFS and Samba/CIFS.

• Kernel-level scan cache for improved performance.

1


• Scheduling of on-demand scans.

• Scheduling of updates for scanning engine and virus definition files.

• Administration• Remote administration using browser-based interface.

• Secure browser interface with authentication and HTTPS (SSL) support.

• Reporting• Real-time statistics.

• Detailed database for detected items and system events.

• Ability to query the database by date range or individual field values, for example, virus name.Results of query can be exported to a CSV file.

• Configurable email notification for detected items, out-of-date virus definition files, configurationchanges, and system events.

• Diagnostic report for use when reporting a problem with the product.

What’s new in this releaseThis section describes the new enhancements in this release of VirusScan Enterprise for Linux.

These new features are available in this release, that could be used from McAfee ePolicy Orchestratorto configure McAfee VirusScan Enterprise for Linux client systems.

General policies

• Enable or disable Web GUI Apache services

• Enable or disable SMTP notifications

• Enable or disable Syslogging with different levels

• Enable logging from ePolicy Orchestrator

On-Access policy

• Specify primary and secondary actions for Programs and Jokes

On-Demand scan task

• Specify primary and secondary actions for Programs and Jokes

• Specify custom Maximum scan time for each on-demand scan task

Product deployment task

• Deploy the product successfully without PAM libraries

Password change task

• Set the McAfee VirusScan Enterprise for Linux administrator password from ePolicy Orchestrator

1 IntroductionWhat’s new in this release


System properties

• Scanning summary information on Files Scanned and Number of Infections for the selected Linux client

• Threat information is available now

Events

• On-demand scan task status events

• Password change task status events

Queries and reports

• Threat report

• Compliance report

Help Content

New ePolicy Orchestrator Help extension for McAfee VirusScan Enterprise for Linux

IntroductionWhat’s new in this release 1


1 IntroductionWhat’s new in this release


2 Hardware and software requirements

Make sure that your Linux server meets these requirements.

Supported operating systems (32-bit/64-bit)

• SuSE Linux Enterprise 10.x and 11.x (Desktop/Server)

• Red Hat Enterprise 5.x Advanced Platform, Desktop

• Red Hat Enterprise 6.0, 6.1, 6.2, and 6.3 Server, Workstation, Client

• Oracle Enterprise Linux 5.x and 6.x

• Novell Open Enterprise Server 2.x

• CentOS 5.x and 6.x

• Ubuntu 10.04, 11.10, 12.04, and 12.10 (Desktop/Server edition)

To view a complete list of supported environments, see McAfee KnowledgeBase article KB75270.

Supported kernels

• This release supports all kernels available on the supported distributions.

To view a complete list of supported distributions, see McAfee KnowledgeBase article KB72999.

Supported processors

• Intel x86 architecture-based processor

• Intel x86_64 architecture-based processor that supports Intel Extended Memory 64 Technology(Intel EM64T)

• AMD x86_64 architecture-based processor with AMD 64-bit technology

Memory

• Minimum: 2 GB

• Recommended: 4 GB

Free Disk space

• Minimum: 1 GB

2


https://kc.mcafee.com/corporate/index?page=content&id=KB75270


Supported McAfee Management software

• McAfee ePolicy Orchestrator 4.5



Supported McAfee Agent software

• McAfee Agent 4.6

• McAfee Agent 4.8

Display

Monitor screen with a recommended minimum resolution of 1024 x 768.

2 Hardware and software requirements


3 Pre-installation instructions

This chapter covers the pre-installation requirements and list of actions you must follow as a bestpractice, before installing McAfee VirusScan Enterprise for Linux.

Contents Standalone machine Managed using ePolicy Orchestrator

Standalone machineThis section provides a list of actions you must perform before installing McAfee VirusScan Enterprisefor Linux. This is applicable only when the suite is installed on a machine in unmanaged mode.

• Make sure the system meets the minimum hardware and software requirements for installingMcAfee VirusScan Enterprise for Linux. Refer to the Hardware and software requirements section.

• You must have root or sudo privileges to install McAfee VirusScan Enterprise for Linux. This accountmust be part of sudo users and so that you could authenticate the credentials during productinstallation.

• If you are installing McAfee VirusScan Enterprise for Linux on Open Enterprise server, you mustcreate a user nails and group nailsgroup in your e-directory and enable LUM (Linux User Management)for them. Provide nails user with administrative privileges on all the NSS volumes. For moreinformation, refer the McAfee VirusScan Enterprise for Linux 1.9.0 — Installation Guide.

• If you are installing VirusScan Enterprise for Linux on an Ubuntu system, make sure to run theinstaller script using bash shell.

• Make sure that there are no third-party anti-virus products installed on your machine.

Managed using ePolicy Orchestrator This section provides list of actions you must perform before deploying McAfee VirusScan Enterprisefor Linux using McAfee ePolicy Orchestrator version 4.5.x, 4.6.x or 5.0.

• Use administrator credentials for the ePolicy Orchestrator service.

• Make sure that McAfee Agent is checked-in to ePolicy Orchestrator repository.

• Make sure the McAfee Agent extensions are checked-in to ePolicy Orchestrator.

• You can directly deploy McAfee Agent from ePO 4.6.x or later by clicking on the New Systems tab andpushing the non-windows agent to the Linux client.

• Make sure the system meets the minimum hardware and software requirements for installingMcAfee VirusScan Enterprise for Linux. Refer to the Hardware and software requirements section.

3


• To deploy McAfee VirusScan Enterprise for Linux with customized settings, copy the nails.optionsfile to the /root and / directory on your Linux client system. To know how to create the nails.options file, refer the McAfee VirusScan Enterprise for Linux 1.9.0 — Installation Guide.

• If you are installing McAfee VirusScan Enterprise for Linux on Open Enterprise server, you mustcreate a user nails and group nailsgroup in your e-directory and enable LUM (Linux User Management)for them. Provide nails user with administrative privileges on all the NSS volumes. For moreinformation, refer the McAfee VirusScan Enterprise for Linux 1.9.0 — Installation Guide.

• Copy the install.sh file from ePolicy Orchestrator to your Linux clients using SCP, FTP or bydownloading the install.sh from a browser onto your Linux client. For more instructions on howto download the file, refer the McAfee VirusScan Enterprise for Linux 1.9.0 — Installation Guide.

If you are using FTP to copy install.sh file, ensure that you copy the file in binary mode.

• Make sure that there are no third-party anti-virus products installed on your machine.

3 Pre-installation instructionsManaged using ePolicy Orchestrator


4 Post-installation instructions

This chapter provides instructions on what you need to verify after installing McAfee VirusScanEnterprise for Linux. This chapter has specific post-installation instructions based on whether its astandalone installation or managed using ePolicy Orchestrator.

Contents Standalone machine Managed using ePolicy Orchestrator

Standalone machineThis section provides you information on what you need to verify after installing the software on astandalone machine.

After installing McAfee VirusScan Enterprise for Linux, you must verify if the following functionalitiesare working properly:

• On-access scanning

• On-demand scanning

To verify On-access scan and On-demand scan, we will use EICAR test file. The EICAR test file is a file,developed by the European Institute for Computer Antivirus Research, to test the response ofcomputer anti-virus programs.

Before you begin testing, make sure that McAfee VirusScan Enterprise for Linux is updated with thelatest DATs.

Testing On-access scanningUse this task to verify on-access scanning on a standalone machine.

Ensure On-Access scanning is disabled in McAfee VirusScan Enterprise for Linux On-Access settings.

Task1 From a web-browser, go to: https://<Linux client IP address>:55443

2 Log on with the user name and password provided during installation.

3 Click On-Access Settings, then Edit.

4 Deselect Enable On-Access scanning and click Apply.

5 From your browser, go to: http://eicar.org.

6 Click ANTI-MALWARE TESTFILE and follow the instructions mentioned in The Anti-Malware Testfilesection to create the test file on the desktop.

4


http://eicar.org

7 Enable On-Access scanning from On-access settings of the software.

8 Try copying the eicar file downloaded to your Linux client's desktop to /tmp.

You can see that the file is not copied to the target directory and missing from the desktop. The filegets quarantined and from the Host Summary section in the user interface, you can see one item asdetected item.

Testing On-demand scanningUse this task to verify on-demand scanning on a standalone machine.

Ensure On-access scanning is disabled in McAfee VirusScan Enterprise for Linux On-access settings byfollowing steps mentioned in above section.

Task1 From your browser, go to: http://eicar.org.

2 Click ANTI-MALWARE TESTFILE and follow the instructions mentioned in The Anti-Malware Testfilesection, to create the test file on the desktop.

3 From the VirusScan Enterprise for Linux user interface, click Schedule Tasks.

4 Create a new on-demand scan task to scan the downloaded file immediately.

5 Once the scan is complete, see the results of the scan.

You can see that the eicar test virus is detected in the scan results. You can also view these resultsfrom Detected Items and System Events page.

Managed using ePolicy OrchestratorAfter deploying McAfee VirusScan Enterprise for Linux on managed nodes, you can verify theon-demand scanning, details of managed nodes along with other tests in previous section.

You can also enforce policies to verify the reports on ePolicy Orchestrator server or the managednodes.

Testing On-demand scanningUse this task to verify on-demand scanning using ePolicy Orchestrator.

To test on-demand scanning, download an EICAR test file on the Linux client after disabling On-accessscan, then schedule an on-demand scan to run immediately. Refer the McAfee VirusScan Enterprise forLinux — Configuration Guide for instructions on scheduling on-demand scan tasks using ePolicyOrchestrator.

Details of managed nodesYou can verify the details of managed nodes in System Tree by clicking on it in ePolicy Orchestrator.

Configuring policies For instructions on configuring and enforcing policies, refer the McAfee VirusScan Enterprise for Linux1.9.0 — Configuration Guide. To verify the On-access and On-demand scanning events, you can checkin Reports for which you need to install report extensions of McAfee VirusScan Enterprise for Linux 1.9.0on ePolicy Orchestrator.

4 Post-installation instructionsManaged using ePolicy Orchestrator


http://eicar.org

Default Queries This section provides details on the default queries. McAfee ePolicy Orchestrator has its own queryingand reporting capabilities. When VirusScan Enterprise for Linux reports extension is installed intoePolicy Orchestrator, it provides a set of default queries. However, you can create a new query, edit,and manage all the queries related to McAfee VirusScan Enterprise for Linux.

By default there are two VirusScan Enterprise for Linux queries.

Table 4-1 VirusScan Enterprise for Linux — Default queries

Query Description

VSEL: VirusScan Enterprise for LinuxCompliance

Shows a graphical display of the compliant and non-compliant linuxsystems in the network. When you run this query, you should seethe VirusScan Enterprise for Linux machine showing up in thereport.

VSEL: VirusScan Enterprise for LinuxThreats

Shows a graphical display of the threat summary and action takenon all linux systems in the network.

Post-installation instructionsManaged using ePolicy Orchestrator 4


4 Post-installation instructionsManaged using ePolicy Orchestrator


5 Product Configurations

This chapter provides recommendations for configuring the On-access, On-demand scanning policies,anti-virus exclusions, recovering quarantined items, and third-party software coexistence on McAfeeVirusScan Enterprise for Linux software.

For more information on how to configure the product, please refer the McAfee VirusScan Enterprisefor Linux 1.9.0 — Product Guide.

Contents Scanning policies On-demand scanning Anti-virus exclusions Recovering quarantined items Third-party software coexistence

Scanning policiesThis section provides recommendations for on-access and on-demand scanning policies.

On-access policy Here are the best practices for configuring on-access policies. However, this can vary as per yourrequirements.

The following configuration identifies and eliminates viruses and other malicious programs from beingcopied or written to your Linux Machines in real-time.

• Disable the Scan files on network mounted volumes option. Enable this option only if you cannot installMcAfee anti-virus solution on your network servers.

• Enable the Quarantine option always as a secondary action for virus detections, so that you canretrieve the files from the quarantine folder later if required. See the Recovering quarantined itemssection on how to retrieve quarantined files.

• Set the Action if scan error occurs option to Deny access in On-access settings.

• Disable Decompress archives to increase performance.

5


On-demand policy Here are the best practices for configuring on-demand policies. However, this can vary as per yourrequirements.

The following configuration identifies and eliminates viruses and other malicious programs on yourLinux Machines when scheduled or on-demand scanning runs on the client system.

• Always enable the Decompress archives to scan inside the archives and compressed files.

• Select the Quarantine option always as secondary action for virus and spyware detections, so thatyou can retrieve the files from the quarantine folder later if required.

On-demand scanningThis section describes the best practices for scheduling on-demand scans to improve performance.

Scheduling scans• Schedule on-demand scans during non-peak hours such as weekends, during the maintenance

period or when DAT/Engine updates are not running.

• When scheduling an on-demand scan for the first time, schedule a full on-demand scan for localvolumes.

• Make sure to exclude network volumes, if you do not want to scan them explicitly.

UpdateEnsure that at least 500 MB of memory is free before a DAT Update, as DAT needs significant amountof memory.

Anti-virus exclusions This section provides recommendations for Anti-virus exclusions. McAfee suggests these for betterperformance, however you can tweak these exclusions based on your requirements.

This version supports, regular expression based exclusions for Anti-malware. You can add regularexpressions that match the required pattern to exclude multiple files and folders from being scanned.

Some of the recommended exclusions are for:

• Oracle database files

• /opt/oracle/.*.dbf (if oracle is installed under /opt)

• /opt/oracle/.*.ctl (if oracle is installed under /opt)

• /opt/oracle/.*.log (if oracle is installed under /opt)

• Evolution data files

• Thunderbird data files

• Encrypted files

• /var/log for on-access scan

• /quarantine and /proc for on-demand scan

• JAR files for on-access scan

5 Product ConfigurationsOn-demand scanning


• Archive files for on-access scan

• DTX files for on-access scan

• WAR files

• Exclusion of /media/nss/<VOLUME_NAME>/._NETWARE and /media/nss/<VOLUME_NAME>/._ADMIN incase of Open Enterprise Server

The following are few examples of regular expressions you can use for different patterns.

Table 5-1 Regular Expression Examples

To exclude... Use...

All files starting with abc available in /media/nss /media/nss/abc.*

All files starting with "." under /media/nss /media/nss/..*

All files with extensions ext and abc under /media/nss /media/nss/.*.(ext|abc)

All users mailbox folders /home/.*/mailbox/.*

All files and folders that begin with abc in the machine .*/abc.*

Files with extension mdb .*.mdb

Files with extension either mdb or odc .*.(mdb|odc)

Files with extension jar or rar or war under /opt /opt/.*..+ar

All files under /tmp starting with an alphabet and ending with a number /tmp/([A-Z]|[a-z]).*[0-9]$

All users mailbox folders recursively /home/.*/mailbox/.*

All files ending with abc, abcc, abcccc .*abc{1,}

Using regular expressions from ePolicy Orchestrator

• You should include "/" as the first character. For example, to exclude all files and folders startingwith abc in the machine use the regular expression: /.*/abc.*

• Ensure that there are no escape sequences included in the regular expression. For example: FromePolicy Orchestrator, to exclude all files starting with "." under /media/nss use the regularexpression: /media/nss/..*

Recovering quarantined itemsThis section provides information on listing and recovering quarantined items. Remember that youneed to have root privileges to run these commands. McAfee suggests recovering quarantined itemsonly after consulting McAfee Labs.

To list the quarantined items on a Linux machine

1 From the terminal, login as root.

2 Run the following command:

/opt/NAI/LinuxShield/bin/nails quarantine ‑‑list

This will list all the quarantined items on your machine. For example, if a file named file1 under /tmpdirectory is quarantined, by running above command you will see the output as:

/quarantine/QXXX.XXXXXX.XXXXX.XXX.meta: /tmp/file1 where X is a random number.

Product ConfigurationsRecovering quarantined items 5


To recover a particular quarantined item

1 From the terminal, login as root.

2 Run the following command:

/opt/NAI/LinuxShield/bin/nails quarantine ‑recover <meta‑file path> <destination‑file>

For example, if you want to recover file1 which is listed as quarantined item , you need to run thecommand as: /opt/NAI/LinuxShield/bin/nails quarantine -recover

/quarantine/QXXX.XXXXXX.XXXXX.XXX.meta /tmp/file1

This will restore file1 into/tmp directory.

Third-party software coexistence • VirusScan Enterprise for Linux does not support coexistence with backup software such as

ArcServe, Cava Agent, bacula backup software and so on. Hence McAfee recommends you toexclude directories or files associated with it.

• McAfee VirusScan Enterprise for Linux now supports bmcpatrol and McAfee Application Control.

5 Product ConfigurationsThird-party software coexistence


6 Tips and Tricks

This chapter provides you more information on the tips and tricks which can be helpful when you usethe McAfee VirusScan Enterprise for Linux software.

• You can deploy the McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator (ePO) withcustomized settings. For this you need to copy the nails.options file to /root and / directory onyour Linux client system. For more details, refer the McAfee VirusScan Enterprise for Linux 1.9.0 —Installation Guide.

• VirusScan Enterprise for Linux provides advanced logging option, which is recommended to beenabled while troubleshooting specific issues. These settings Detail logging level, Additional log to syslog,Detail syslog level, Limit age of log entries, Maximum age of log entries can be enabled from the endpoint's userinterface or using ePolicy Orchestrator.

• In a managed mode (ePO), the status of scheduled tasks is not reported back to ePO. In suchcases setting up SMTP email notifications can monitor this. Users will get the email notification if theDAT is out-of-date, malware detected on the system, and notification based on error codesincluding system events on the user's email id.

• By default, VirusScan Enterprise for Linux uses the system PAM (Pluggable Authentication Modules)configuration in the Web Manager for authentication. In some instances, the system PAM settingsmight use external authentication modules that are not compatible with VirusScan Enterprise forLinux. Refer the following KnowledgeBase article to know how to configure PAM, so that VirusScanEnterprise for Linux can authenticate in the Web Manager: https://kc.mcafee.com/corporate/index?page=content&id=KB70568

6




6 Tips and Tricks


7 KnowledgeBase articles

This chapter specifies the various KnowledgeBase articles related to the McAfee VirusScan Enterprisefor Linux software. Before you run into any issues with the software, verify if the issue is alreadyavailable in the McAfee KnowledgeBase homepage.

Accessing McAfee KnowledgeBase

1 From your web-browser, go to: https://kc.mcafee.com.

2 Under Ask a Question, specify the KB article number or the topic title.

Table 7-1 McAfee VirusScan Enterprise for Linux — KB articles

KB article# Title

KB73036 VirusScan Enterprise for Linux 1.7 DAT update fails on 64-bit Ubuntu installations

KB73043 VSEL 1.7 causes a kernel panic when Ubuntu runs as an NFS Client and Server at thesame time

KB73087 VirusScan Enterprise for Linux 1.7 authentication fails after an OS upgrade

KB73205 Unable to reboot server in a Corosync cluster environment with Virus Scan for Linuxrunning

KB73322 VirusScan for Linux 1.7 installation fails when installing via the Dash Shell in Ubuntu

KB70568 How to configure PAM for Virus Scan Enterprise for Linux manager authentication

KB70857 Can VirusScan Enterprise for Linux co-exist with Solid core products?

KB78860 After installing VSEL 1.9 on an Ubuntu 12.04 or 12.10 server, the symbolic links tosome programs change to point to the McAfee Runtime folder

KB78847 VSE for Linux 1.9 on CentOS 6.4 Minimal install requirements

KB78733 Command line options in McAfee Agent for Linux 4.6.x / 4.8.x

KB78612 Error 8009: Exclusion OAS.filter /directoryname* does not exist No such file ordirectory

KB78490 Standalone McAfee Agent 4.8/4.6 supplied with VSEL cannot use ePO Master orDistributed Repository as Update Site

KB78380 Considerations for managing VSEL 1.7.1 and 1.9 together through ePO

KB78341 Reload failed code Failed to attach to the kernel (seen in the VirusScan Enterprise forLinux interface)

KB78291 Event IDs generated by VirusScan Enterprise for Linux

KB78286 Running apt-get upgrade on Ubuntu systems with VSEL 1.7.1 and McAfee Agentinstalled causes the system to become unusable

KB78082 How to Install VirusScan Enterprise for Linux on a SUSE server Running NovelleDirectory

KB75270 Supported Environments for VirusScan Enterprise for Linux

KB75220 VirusScan Enterprise for Linux support for NFS Scanning

7


https://kc.mcafee.com




















Table 7-1 McAfee VirusScan Enterprise for Linux — KB articles (continued)

KB article# Title

KB75093 VSEL Event IDs 1202 and 1203 are not logged in the ePO database

KB73344 How to determine the file systems supported for On Access Scanning in VirusScanEnterprise for Linux 1.7.x and 1.9.x

KB73316 VirusScan for Linux commands and options

KB73298 How to quarantine infected files from remote systems with VSEL

KB72999 How to determine if a Linux server is supported by VirusScan Enterprise for Linux 1.7.xand 1.9.x (supported kernels and platform)

KB70095 How to use ePO 4.x to stop VirusScan Enterprise for Linux from sending out notificationemail from multiple servers

KB78126 VirusScan Enterprise for Linux 1.9 Known Issues

KB61079 How to verify the installed HotFixes on VSEL

KB55297 How to install EXTRA.DAT files on McAfee VirusScan for Linux

KB73299 Runtime Kernel Module Support for VirusScan Enterprise for Linux

KB79626 List of file extensions scanned by VSEL when Scan Default Files option is selected

KB79352 How to authenticate VirusScan Enterprise for Linux with a Microsoft Active Directoryuser

KB50699 How to install VirusScan Enterprise for Linux on a workstation or server for are-deployable image

KB79401 VSEL cannot quarantine files detected on a remote share

KB57868 Unable to connect to VirusScan Enterprise for Linux console using Microsoft InternetExplorer

KB70567 How to create a local user and group for use with VirusScan Enterprise for Linux

KB55326 Location of ePO agent log for VirusScan Enterprise for Linux

KB54024 How to disable or prevent VirusScan for Linux from updating to the latest postedEngine

KB77126 Files that begin with "." are accumulated in /var/opt/NAI/LinuxShield/etc/

KB54769 How to manually roll back the anti-virus scanning Engine in VirusScan Enterprise forLinux/LinuxShield

KB73198 Kernel: lshook: module not supported by Novell, setting U taint flag (VirusScanEnterprise for Linux modules are reported as tainted)

KB57736 How to update the VSEL DATs manually

KB70566 How to create an eDirectory user and group for VSEL

KB75261 Kernel Panic on RHEL 5.8 when mounting and unmounting NFS volumes

KB72997 After enabling on access scanning from the command line, no files are scanned

KB71201 moncg: failed to initialize PAM library. Unable to start the McAfeeVSEForLinux monitorgateway (the ia32-libs package is required before installing VSEL on a 64 bit Ubuntusystem)

KB78104 Nails service does not start when the Anti-Virus Scanning Engine 5600 is deployed toVSEL 1.7.1 with HF808993 installed

KB79198 The extension "LYNXSHLD1700", version 1.9.0.1621 is not compatible with this versionof ePolicy Orchestrator (issue: ePO 5.0 "Product Compatibility List" not updated withLYNXSHLD information)

7 KnowledgeBase articles






























Index

Cconfigure

on-access settings 17

on-demand settings 17

third-party software coexistence 20

configure policies 14

Ddeployment 11

open enterprise server 11

Eexclusion

scanning 18

Ffeatures

administration 5reporting 5scanning 5

Iintroduction 5

KknowledgeBase 23

Ppolicy

on-demand settings 18

quarantine options 17

scanning network mounted volumes 17

product features 5

Qqueries 15

Rrelease

what's new 6

Wwhat's new 6


1.9.0 mcafee virusscan enterprise for linux mcafee virusscan enterprise for linux 1.9.0 best ... •...

Documents