Check: DTAM027
McAfee VirusScan 8.8 Local Client STIG:
DTAM027
(in versions v6 r1 through v5 r12)
Title
McAfee VirusScan On Delivery Email Scanner Properties must be configured to decode MIME encoded files. (Cat II impact)
Discussion
Email has become one of the most frequently used methods of spreading malware, through embedded HTML code and attachments. User awareness and training, warning users to not open suspicious emails or email attachments and not clicking on hyperlinks, etc. from unknown or known senders, will not fully protect from email-borne malware. Mass mailing worms are similar to an email-borne virus but is self-contained rather than infecting an existing file. Protecting from email-borne viruses and mass mailing worms by scanning email upon delivery mitigates the risk of infection via email.
Check Content
Note: If an email client is not running on this system, this check can be marked as Not Applicable. Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console. Under the Task column, select the On-Delivery Email Scanner Option, right-click, and select Properties. Under the Scan Items tab, locate the "Compressed files:" label. Ensure the "Decode MIME encoded files" option is selected. Criteria: If the "Decode MIME encoded files" option is selected, this is not a finding. On the client machine, use the Windows Registry Editor to navigate to the following key: HKLM\Software\McAfee\ (32-bit) HKLM\Software\Wow6432Node\McAfee\ (64-bit) SystemCore\VSCore\Email Scanner\Outlook\OnDelivery\DetectionOptions Criteria: If the value ScanMime is 1, this is not a finding. If the value is 0, this is a finding.
Fix Text
Access the local VirusScan console by clicking Start >> All Programs >> McAfee >> VirusScan Console. Under the Task column, select the On-Delivery Email Scanner Option, right-click, and select Properties. Under the Scan Items tab, locate the "Compressed files:" label. Select the "Decode MIME encoded files" option. Click OK to Save.
Additional Identifiers
Rule ID: SV-243369r722446_rule
Vulnerability ID: V-243369
Group Title: SRG-APP-000210
Expert Comments
CCIs
Number | Definition |
---|---|
CCI-001170 |
The information system prevents the automatic execution of mobile code in organization-defined software applications. |
Controls
Number | Title |
---|---|
SC-18 (4) |
Prevent Automatic Execution |