The system must update the virus scan program every seven days or more frequently.
From Red Hat Enterprise Linux 7 Security Technical Implementation Guide
Part of SRG-OS-000480-GPOS-00227
Associated with:
CCI-001668
SV-86839r2_rule
The system must update the virus scan program every seven days or more frequently.
Vulnerability discussion
Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems. The virus scanning software should be configured to check for software and virus definition updates with a frequency no longer than seven days. If a manual process is required to update the virus scan software or definitions, it must be documented with the Information System Security Officer (ISSO).
Check content
Verify the system is using a virus scan program and the virus definition file is less than seven days old.
Check for the presence of "McAfee VirusScan Enterprise for Linux" with the following command:
# systemctl status nails
nails - service for McAfee VirusScan Enterprise for Linux
> Loaded: loaded /opt/NAI/package/McAfeeVSEForLinux/McAfeeVSEForLinux-2.0.2.; enabled)
> Active: active (running) since Mon 2015-09-27 04:11:22 UTC;21 min ago
If the "nails" service is not active, check for the presence of "clamav" on the system with the following command:
# systemctl status clamav-daemon.socket
systemctl status clamav-daemon.socket
clamav-daemon.socket - Socket for Clam AntiVirus userspace daemon
Loaded: loaded (/lib/systemd/system/clamav-daemon.socket; enabled)
Active: active (running) since Mon 2015-01-12 09:32:59 UTC; 7min ago
If "McAfee VirusScan Enterprise for Linux" is active on the system, check the dates of the virus definition files with the following command:
# ls -al /opt/NAI/LinuxShield/engine/dat/*.dat
If the virus definition files have dates older than seven days from the current date, this is a finding.
If "clamav" is active on the system, check the dates of the virus database with the following commands:
# grep -I databasedirectory /etc/clamav.conf
DatabaseDirectory /var/lib/clamav
# ls -al /var/lib/clamav/*.cvd
-rwxr-xr-x 1 root root 149156 Mar 5 2011 daily.cvd
If the database file has a date older than seven days from the current date, this is a finding.
Fix text
Update the virus scan software and virus definition files.
Pro Tips
Lavender hyperlinks in small type off to the right (of CSS
class id
, if you view the page source) point to
globally unique URIs for each document and item. Copy the
link location and paste anywhere you need to talk
unambiguously about these things.
You can obtain data about documents and items in other
formats. Simply provide an HTTP header Accept:
text/turtle
or
Accept: application/rdf+xml
.
Powered by sagemincer