An error occurred:

Check: DTAM029

McAfee VirusScan 8.8 Local Client STIG: DTAM029 (in versions v6 r1 through v5 r12)

Title

McAfee VirusScan On Delivery Email Scanner Properties, When a threat is found, must be configured to clean attachments as the first action. (Cat II impact)

Discussion

Email has become one of the most frequently used methods of spreading malware, through embedded HTML code and attachments. User awareness and training, warning users to not open suspicious emails or email attachments and not clicking on hyperlinks, etc., from unknown or known senders, will not fully protect from email-borne malware. Mass mailing worms are similar to an email-borne virus but is self-contained rather than infecting an existing file. Protecting from email-borne viruses and mass mailing worms by scanning email upon delivery mitigates the risk of infection via email.

Check Content

Note: If an email client is not running on this system, this check can be marked as Not Applicable. Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console. Under the Task column, select the On-Delivery Email Scanner Option, right-click, and select Properties. Under the Actions tab, locate the "When a threat is found:" label. Ensure the "Perform this action first:" pull down menu has "Clean attachments" selected. Criteria: If "Clean attachments" is selected for "Perform this action first", this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\Email Scanner\Outlook\OnDelivery\ActionOptions Criteria: If the value for uAction is not 5, this is a finding.

Fix Text

Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console. Under the Task column, select the On-Delivery Email Scanner Option, right-click, and select Properties. Under the Actions tab, locate the "When a threat is found:" label. From the "Perform this action first:" pull down menu, select "Clean attachments". Click OK to Save.

Additional Identifiers

Rule ID: SV-243371r722452_rule

Vulnerability ID: V-243371

Group Title: SRG-APP-000279

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001243

The organization configures malicious code protection mechanisms to perform organization-defined action(s) in response to malicious code detection.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
SI-3

Malicious Code Protection