Navigate

Check: DTAM039

McAfee VirusScan 8.8 Local Client STIG: DTAM039 (in versions v6 r1 through v5 r12)

Title

McAfee VirusScan On Delivery Email Scanner Properties must be configured to clean attachments as the first action for When an unwanted program is found. (Cat II impact)

Discussion

Email has become one of the most frequently used methods of spreading malware, through embedded HTML code and attachments. User awareness and training, warning users to not open suspicious emails or email attachments and not clicking on hyperlinks, etc., from unknown or known senders, will not fully protect from email-borne malware. Mass mailing worms are similar to an email-borne virus but is self-contained rather than infecting an existing file. Protecting from email-borne viruses and mass mailing worms by scanning email upon delivery mitigates the risk of infection via email.

Check Content

Note: If an email client is not running on this system, this check can be marked as Not Applicable. Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console. Under the Task column, select the On-Delivery Email Scanner Option, right-click, and select Properties. Under the Actions tab, locate the "When an unwanted attachment is found:" label. Ensure for the "Perform this action first:" pull down menu, "Clean attachments" is selected. Criteria: If "Clean attachments" is selected for "Perform this action first", this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\Email Scanner\Outlook\OnDelivery\ActionOptions Criteria: If the value for uAction_Program is not 5, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console. Under the Task column, select the On-Delivery Email Scanner Option, right-click, and select Properties. Under the Actions tab, locate the "When an unwanted attachment is found:" label. From the "Perform this action first:" pull down menu, select "Clean attachments". Click OK to Save.

Additional Identifiers

Rule ID: SV-243374r722461_rule

Vulnerability ID: V-243374

Group Title: SRG-APP-000279

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.

Number	Definition
CCI-001243	The organization configures malicious code protection mechanisms to perform organization-defined action(s) in response to malicious code detection.

Controls

Controls tied to check. These are derived from the CCIs shown above.

Number	Title
SI-3	Malicious Code Protection