An error occurred:

Check: GEN006640

SUSE Linux Enterprise Server v11 for System z STIG: GEN006640 (in versions v1 r10 through v1 r9)

Title

The system must use and update a DoD-approved virus scan program. (Cat II impact)

Discussion

Virus scanning software can be used to protect a system from penetration from computer viruses and to limit their spread through intermediate systems. The virus scanning software should be configured to perform scans dynamically on accessed files. If this capability is not available, the system must be configured to scan, at a minimum, all altered files on the system on a daily basis. If the system processes inbound SMTP mail, the virus scanner must be configured to scan all received mail.

Check Content

Check for the existence of a cron job to execute the McAfee command line scan tool (uvscan) daily. Other tools may be available but will have to be manually reviewed if they are installed. In addition, the definitions files should not be older than 7 days. Check if uvscan scheduled to run: # grep uvscan /var/spool/cron/* # grep uvscan /etc/cron.d/* # grep uvscan /etc/cron.daily/* # grep uvscan /etc/cron.hourly/* # grep uvscan /etc/cron.monthly/* # grep uvscan /etc/cron.weekly/* If a virus scanner is not being run daily and an exception has not been documented with the IAO, this is a finding. Perform the following command to ensure the virus definition signature files are not older than 7 days. The default uvscan install directory is /usr/local/uvscan. # cd <uvscan install directory> # ls -la avvscan.dat avvnames.dat avvclean.dat If the virus definitions are older than 7 days, this is a finding.

Fix Text

Install McAfee command line virus scan tool, or an appropriate alternative. Ensure the virus signature definition files are no older than 7 days. Configure the system to run a virus scan on altered files dynamically or daily. If daily scans impede operations, justify, document, and obtain IAO approval for alternate scheduling.

Additional Identifiers

Rule ID: SV-45967r2_rule

Vulnerability ID: V-12765

Group Title:

Expert Comments

Expert comments are only available to logged-in users.

CCIs

CCIs tied to check.
Number Definition
CCI-001668

The organization employs malicious code protection mechanisms at workstations, servers, or mobile computing devices on the network to detect and eradicate malicious code transported by electronic mail, electronic mail attachments, web accesses, removable media, or other common means or inserted through the exploitation of information system vulnerabilities.

Controls

Controls tied to check. These are derived from the CCIs shown above.
Number Title
No controls are assigned to this check