Product Guide. McAfee VirusScan Enterprise for Linux 2.0.1

Size: px
Start display at page:

Download "Product Guide. McAfee VirusScan Enterprise for Linux 2.0.1"

Transcription

1 Product Guide McAfee VirusScan Enterprise for Linux 2.0.1

2 COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, epolicy Orchestrator, McAfee epo, McAfee EMM, Foundscore, Foundstone, Policy Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total Protection, TrustedSource, VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other names and brands may be claimed as the property of others. Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features. LICENSE INFORMATION License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. 2 McAfee VirusScan Enterprise for Linux Product Guide

3 Contents Preface 7 About this guide Audience Conventions Find product documentation Introduction 9 What is VirusScan Enterprise for Linux How the software works Components How scanning works What and when to scan Types of scanning Product features Installation and deployment 15 System requirements Install the software on a standalone system Install the software with the command line Install the software in silent mode Install and deploy the software on managed systems Prerequisites Check in the package manually Install the extensions Deploy the software Send an agent wake-up call Upgrade the software Upgrade the software from previous versions on RPM and Debian systems Upgrade the managed systems using epolicy Orchestrator Test the installation Test the on-access scan feature on a standalone system Test the on-demand scan feature on a standalone system Test the on-demand scan on managed system Uninstall the software Uninstall the software from a standalone system Remove the software from managed systems Remove the software from epolicy Orchestrator Using the interface 29 Launch the interface VirusScan Enterprise for Linux interface Navigation pane Console Help pane Links bar McAfee VirusScan Enterprise for Linux Product Guide 3

4 Contents Working with the interface Expanding and collapsing tables Sorting table columns Navigating through long tables Modify page settings Automatically refresh information on pages Using wizards Error messages Date and time expression Viewing information 35 Host summary Scanning summary Scan statistics Recently detected items Recently scanned items Generate a diagnostic report Detected items Analyze the detected items Viewing the results Export the results for analysis Viewing system events Analyze the system events Export the results for analysis Scheduled tasks Run a scheduled task immediately Modify an existing scheduled task Delete an existing scheduled task Stop a running task ExtraDAT file details Setting up schedules 45 Using a wizard Product update schedule Create a product update schedule On-demand scan preferences Schedule an on-demand scan Configuring VirusScan Enterprise for Linux 53 General settings Browser interface Log levels Statistics reset Clearing statistics Configure general settings Restoration of default configuration settings On-access settings configuration Anti-virus scanning options Exclude paths from scanning Extension-based scanning Anti-virus actions Configure on-access scan settings On-demand settings Configure on-demand scan settings Notifications SMTP notifications McAfee VirusScan Enterprise for Linux Product Guide

5 Contents Configure SMTP settings Repositories Configure the repository list Configure the local repository Configure the proxy settings Managing the software with epolicy Orchestrator 71 Setting policies within epolicy Orchestrator Define policies in epolicy Orchestrator Create or modify policies Configure general policy settings Configure on-access scan policy settings Enforce policies Scheduling tasks Create a product update task Create an on-demand scanning task Configure the administrator password Configure reports Run a default query Advanced features 79 Lightweight Directory Access Protocol (LDAP) Authentication Substituting variables in notification templates How the quarantine action works Recover the quarantined items Troubleshooting 85 Frequently asked questions Installation Scanning Viruses and detection General information Error messages Contact information Index 91 McAfee VirusScan Enterprise for Linux Product Guide 5

6 Contents 6 McAfee VirusScan Enterprise for Linux Product Guide

7 Preface This guide provides the information you need to work with your McAfee product. Contents About this guide Find product documentation About this guide This information describes the guide's target audience, the typographical conventions and icons used in this guide, and how the guide is organized. Audience McAfee documentation is carefully researched and written for the target audience. The information in this guide is intended primarily for: Administrators People who implement and enforce the company's security program. Users People who use the computer where the software is running and can access some or all of its features. Conventions This guide uses these typographical conventions and icons. Book title, term, emphasis Bold User input, code, message Interface text Hypertext blue Title of a book, chapter, or topic; a new term; emphasis. Text that is strongly emphasized. Commands and other text that the user types; a code sample; a displayed message. Words from the product interface like options, menus, buttons, and dialog boxes. A link to a topic or to an external website. Note: Additional information, like an alternate method of accessing an option. Tip: Suggestions and recommendations. Important/Caution: Valuable advice to protect your computer system, software installation, network, business, or data. Warning: Critical advice to prevent bodily harm when using a hardware product. McAfee VirusScan Enterprise for Linux Product Guide 7

8 Preface Find product documentation Find product documentation After a product is released, information about the product is entered into the McAfee online Knowledge Center. 1 Go to the McAfee ServicePortal at and click Knowledge Center. 2 Enter a product name, select a version, then click Search to display a list of documents. 8 McAfee VirusScan Enterprise for Linux Product Guide

9 1 Introduction 1 McAfee VirusScan Enterprise for Linux protects your Linux systems from malware threats and other potentially unwanted software. Contents What is VirusScan Enterprise for Linux How the software works Components How scanning works What and when to scan Types of scanning Product features What is VirusScan Enterprise for Linux VirusScan Enterprise for Linux is a security software that protects your Linux systems from malware threats, such as viruses, trojan horses, spyware, keyloggers, joke programs, and other potentially unwanted software. Although the Linux operating system is considered a secure environment, the recent trend shows an increase in threat codes written to attack or exploit security weaknesses in Linux-based systems. Increasingly, Linux-based systems interact with Windows-based computers. The malware threats designed to target Windows-based systems do not attack Linux systems directly. However, a Linux server can harbor the malware, ready to infect any client that connects to it. The software scans files in two scenarios: On-access scan Scans files for malware threats when you access a file to open or write. On-demand scan Scans files and directories for malware threats in your host system immediately or as scheduled. How the software works VirusScan Enterprise for Linux runs as a daemon, which is similar to a service in Microsoft Windows. It also provides an HTTPS-based interface that you can use to configure, manage, and monitor the software. VirusScan Enterprise for Linux uses Fanotify technology to perform on-access scanning, instead of using kernel hooking modules, the technology used in earlier versions. The software does not contain any kernel hooking modules in this version. McAfee VirusScan Enterprise for Linux Product Guide 9

10 1 Introduction Components Fanotify is a Linux operating system API that sends notification for file system operations. It also gives the capability to intercept the file. The software relies on Fanotify to intercept file IO (Input/Output) operations. The software receives notification on the file writing and reading, then scans files for threats and takes necessary actions according to the scan settings. To check the supported operating system for VirusScan Enterprise for Linux 2.0.1, see the Supported Linux Kernels (operating system) section in the McAfee Knowledgebase article KB For the Action on timeout option configuration, the default action is Allow Access, and for the Action if an error occurs during scanning options configuration, the default action is Block Access. If the action is set to Block, the software blocks the file only in read scanning operation. It does not block the file in write scanning operation. The software activities can be monitored and configured through an HTTPS interface. For example, you can configure what type of files are scanned, and define actions to take for infected files, such as cleaning, deleting, or quarantining. Using the simple and secure web-browser interface, you can monitor and control malware detection. The software also maintains a record of files that it recently scanned to avoid repeated scanning. The software begins to scan files on these events: File open When a file is opened. File release When a file is closed. If a process has multiple references to a file, for example, using dup or a memory mapping, release refers to when the last reference is released. Components The software uses a management interface that runs on HTTPS to monitor and control scanning on a host. The diagram shows a web browser, connected through a secure HTTPS link to a web monitor service, as a component of the software. This table explains how the components operate in this simple setup. Component Function Scanner nailsd mon nailswebd Provides anti-malware protection and scans files as instructed by nailsd. Communicates between the web monitoring service and the scanner, passing information about the anti-virus scans and configuration details. Examines the software activity on the host, and can configure the anti-virus activity. Communicates with a web browser such as Konqueror, using a secure HTTPS link. A name and password is required for user authentication. 10 McAfee VirusScan Enterprise for Linux Product Guide

11 Introduction How scanning works 1 How scanning works VirusScan Enterprise for Linux software contains the McAfee scanning engine and the malware definition DAT files. The scanning engine is a complex data analyzer. The DAT files contain a great deal of information, including thousands of different drivers, each contains detailed instructions on how to identify malware. VirusScan Enterprise for Linux depends on the scanning engine and the threat information in the DAT files to identify malware threats. The scanning engine analyzes files for malware threats, then verifies files with the known threat information stored in the DAT files. McAfee Labs regularly identifies the new known threat information (signature) and adds it to the DAT files. That is the reason McAfee recommends you to download the most recent version of DAT file. For more information on DAT files, see McAfee KnowledgeBase article KB Once the engine has confirmed the identity of malware, it cleans the object. For example, the anti-malware software can remove an infected macro from a document or delete the malware code in an executable file. If the malware had destroyed data and the file cannot be cleaned or recovered, VirusScan Enterprise for Linux isolates the file so that it cannot be accessed, activated, or infect other files. What and when to scan The malware threat can come from infected macros, shared program files, files shared across a network, , disks, or files downloaded from the Internet. Each McAfee anti-malware software product targets a specific area of vulnerability. McAfee recommends a multi-tiered approach to provide the full range of malware detection, security, and cleaning capability. Configure the software according to your environmental needs. Configuring the protection options defines how the software deals with different file types and what it does with infected or suspicious items. Types of scanning The software scans files in two ways such as on-access scanning and on-demand scanning. Both these scanning detect the same malware, but they work at different points on the network and on the Linux systems. The types of scanning can take place at different times, and at different stages in the handling of objects. On-access scanning On-access scanning is a real-time scanning that examines objects when the user or system accesses files. For example, an on-access scanner examines a file when the user opens it. When you first install the software, on-access scanning defaults are set but you can configure the settings as needed. You can set global options that determine how scanning is carried out. The global options include how the scanner deals with different types of object, specifying the actions for infected items, and how quarantine and notification are handled. On-demand scanning You can run on-demand scan in two ways: McAfee VirusScan Enterprise for Linux Product Guide 11

12 1 Introduction Product features Standard on-demand scan The user instructs the software to perform a scan. You can run a standard on-demand scan manually. Scheduled on-demand scan The scheduled scan runs automatically at predetermined intervals as defined. You can choose to schedule a scan of this type to run after the regular DAT update. You can run an on-demand scan for many reasons, for example: To check a file that has been downloaded from the Internet or obtained from an external source. To check if your system is clean, following the DAT update, in case new viruses can be detected. To check if your system is clean, following a recent single detection. Product features The main features of the software are listed here. General Native 64-bit platform support Supports only 64-bit platforms. All binaries shipped with the product are 64-bit. This product cannot be used on 32-bit platforms. Fanotify technology Uses Fanotify technology to perform on-access scanning instead of kernel hooking modules, the technology used in earlier versions. Therefore, this version does not have any kernel hooks. Fanotify is enabled in the kernel from the kernel version This release does not support the distribution that does not have Fanotify enabled in the kernel, such as RedHat Engine support Pre-packaged with the latest 5700 engine that provides enhanced detection capabilities. Anti-malware scanning Protects your system from viruses, trojan horses, spyware, and potentially unwanted programs. Supports Novell Storage Services (NSS) and Novell Cluster Services (NCS) Supports on-access scanning for local file systems and network volumes. Provides an option to include or exclude network-mounted volumes from on-access scanning and on-demand scanning. Provides an option to include or exclude archived files from on-access scanning and on-demand scanning. Supports regular expression-based exclusions for on-access scanning and on-demand scanning from the interface. Auto and scheduled updates for scanning engine and detection definition (DAT) files. Software update and scanning schedule Allows you to schedule on-demand scans at your convenient timings. Allows you to schedule the scanning engine and detection definition (DAT) files update. 12 McAfee VirusScan Enterprise for Linux Product Guide

13 Introduction Product features 1 Administration Manages and controls systems centrally from a single management console using epolicy Orchestrator. Remote administration using a browser-based interface. Secure browser interface with authentication and HTTPS (SSL) support. Reporting Displays real-time statistics for recently scanned items and recently detected threats. Creates detailed database for detected items and system events. Provides options to query the database by date range or individual field values, for example, virus name. You can export the results to a CSV file. Sends notification for detected items, out of date DAT files, configuration changes, and system events. Generates diagnostic report for analysis when reporting a problem with the product. McAfee VirusScan Enterprise for Linux Product Guide 13

14 1 Introduction Product features 14 McAfee VirusScan Enterprise for Linux Product Guide

15 2 Installation and deployment Install the software on a standalone system, or deploy the software from epolicy Orchestrator to managed Linux systems. Contents System requirements Install the software on a standalone system Install and deploy the software on managed systems Upgrade the software Test the installation Uninstall the software System requirements Make sure that your system meets these minimum requirements, and you have administrator rights. Component Processors Memory Free Disk space Requirements Intel x86_64 architecture-based processor that supports Intel Extended Memory 64 technology. (Intel EM64T) AMD x86_64 architecture-based processor with AMD 64-bit technology Minimum: 2 GB RAM Recommended: 4 GB RAM Minimum: 1 GB McAfee VirusScan Enterprise for Linux Product Guide 15

16 2 Installation and deployment Install the software on a standalone system Component Operating Systems (64-bit) Requirements Operating system 64-bit SUSE Linux Enterprise Server 11 SP2 64-bit SUSE Linux Enterprise Server 11 SP3 64-bit Red Hat Enterprise Linux 7.x Ubuntu 12.04, 12.10, 13.04, bit, and bit. Amazon Linux AMI bit SUSE and Ubuntu on Amazon Elastic Compute Cloud (Amazon EC2) Red Hat Enterprise Linux 7 on Amazon Elastic Compute Cloud (Amazon EC2) Novell Open Enterprise Server 11 SP1 CentOS 7.x Oracle Enterprise Linux 7.x This product cannot be used on 32-bit platforms. Virtual platforms VMware Citrix Xen Xen KVM Virtual box Paravirtual environment Guest operating system on Xen Hypervisor McAfee Management software McAfee epolicy Orchestrator 4.6 McAfee epolicy Orchestrator 5.0 McAfee epolicy Orchestrator 5.1 McAfee Agent McAfee Agent 4.8 Patch 2 Install the software on a standalone system Install the software on a standalone system manually or in silent mode. Before you begin Verify that Fanotify is enabled in the kernel: 16 McAfee VirusScan Enterprise for Linux Product Guide

17 Installation and deployment Install the software on a standalone system 2 1 Login to the Linux system as user root, type uname -r then press Enter. The result should be above kernel version Type grep FANOT /boot/config-`uname -r then press Enter. The output should match as follows: CONFIG_FANOTIFY=y CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y s Install the software with the command line on page 17 The command-line installation prompts you to provide input during the installation. Install the software in silent mode on page 19 Silent installation installs the software on your Linux systems with the default values. Install the software with the command line The command-line installation prompts you to provide input during the installation. s Install the software on RPM based systems on page 17 Download the McAfeeVSEForLinux <build_number>.ZIP file from McAfee download site, to install the software on RPM based systems. Install the software on Debian based systems on page 18 Download the McAfeeVSEForLinux <build_number>.ZIP file from the McAfee download site, to install the software on debian based systems. Install the software on Novell Open Enterprise Server on page 19 Install the software on Novell Open Enterprise Server. Install the software on RPM based systems Download the McAfeeVSEForLinux <build_number>.ZIP file from McAfee download site, to install the software on RPM based systems. 1 Download McAfeeVSEForLinux <build_number>.ZIP to a temporary directory and execute these commands in the given sequence: # unzip McAfeeVSEForLinux <build_number>.ZIP # cd McAfeeVSEForLinux <build_number> # tar -zxvf McAfeeVSEForLinux <build_number>-release-full.x86_64.tar.gz # tar -zxvf McAfeeVSEForLinux <build_number>-release.tar.gz # tar -zxvf McAfeeVSEForLinux <build_number>-others.tar.gz 2 Install McAfee Runtime: rpm -ivh MFErt.i686.rpm 3 Install McAfee Agent: rpm -ivh MFEcma.i686.rpm 4 Confirm that McAfee Agent is running correctly: /etc/init.d/cma status McAfee VirusScan Enterprise for Linux Product Guide 17

18 2 Installation and deployment Install the software on a standalone system 5 Install VirusScan Enterprise for Linux: bash McAfeeVSEForLinux <build_number>-installer 6 Answer the questions when prompted. Accept the default values, or type custom values. 7 When prompted to start the VirusScan services, type the default option Y. 8 Confirm that VirusScan Enterprise for Linux is installed and running correctly: /etc/init.d/nails status The message The McAfeeVSEForLinux daemon is running: process information follows appears. Install the software on Debian based systems Download the McAfeeVSEForLinux <build_number>.ZIP file from the McAfee download site, to install the software on debian based systems. 1 Download McAfeeVSEForLinux <build_number>.ZIP to a temporary directory and execute these commands in the given sequence: # unzip McAfeeVSEForLinux <build_number>.ZIP # cd McAfeeVSEForLinux <build_number> # tar -zxvf McAfeeVSEForLinux <build_number>-release-full.x86_64.tar.gz # tar -zxvf McAfeeVSEForLinux <build_number>-release.tar.gz # tar -zxvf McAfeeVSEForLinux <build_number>-others.tar.gz 2 Install McAfee Runtime: dpkg -i MFErt.i686.deb 3 Install McAfee Agent: dpkg -i MFEcma.i686.deb 4 Confirm that McAfee Agent is running correctly: /etc/init.d/cma status 5 Install VirusScan Enterprise for Linux: bash McAfeeVSEForLinux <build_number>-installer 6 Answer the questions when prompted. Accept the default values, or type custom values. 7 When prompted to start the VirusScan services, type the default option Y. 8 Confirm that VirusScan Enterprise for Linux is installed and running correctly: /etc/init.d/nails status The message The McAfeeVSEForLinux daemon is running: process information follows appears. 18 McAfee VirusScan Enterprise for Linux Product Guide

19 Installation and deployment Install the software on a standalone system 2 Install the software on Novell Open Enterprise Server Install the software on Novell Open Enterprise Server. 1 From the Novell edirectory server, use imanager to create a user, nails, and a group, nailsgroup. 2 Add the user nails to the group nailsgroup. Enable the user and group using the Linux User Management. 3 Provide nails the user with administrator rights on all NSS volumes. rights -f /media/nss/<vol-name> -r s trustee nails.<context>.<tree> You must provide administrator privileges to the nails user, every time a new NSS volume is created. 4 Download the MFErt.i686.rpm and MFEcma.i686.rpm file. 5 Install McAfee Runtime and McAfee Agent: rpm -ivh MFErt.i686.rpm rpm -ivh MFEcma.i686.rpm 6 Install VirusScan Enterprise for Linux: bash McAfeeVSEForLinux <build_number>-installer 7 Type nailsgroup for the Linux group for the VirusScan administrator. 8 Type nails for the VirusScan user. 9 Answer the questions when prompted. Accept the default values, or specify your own. 10 When prompted to start the VirusScan services, type the default option Y. Install the software in silent mode Silent installation installs the software on your Linux systems with the default values. s Install the software on RPM and Debian based systems in silent mode on page 19 Install VirusScan Enterprise for Linux on RPM and Debian systems in silent mode. Install the software on Novell Open Enterprise Server in silent mode on page 20 Install the software on Novell Open Enterprise server in silent mode. Install the software on RPM and Debian based systems in silent mode Install VirusScan Enterprise for Linux on RPM and Debian systems in silent mode. Before you begin Before installing the software, you must have McAfee Runtime and McAfee Agent already installed on the computer. McAfee VirusScan Enterprise for Linux Product Guide 19

20 2 Installation and deployment Install and deploy the software on managed systems 1 Create a file, nails.options, with the following settings in the root home directory. SILENT_ACCEPTED_EULA= yes SILENT_INSTALLDIR= /opt/nai/linuxshield SILENT_RUNTIMEDIR= /var/opt/nai/linuxshield SILENT_ADMIN= admin@example.com SILENT_HTTPHOST= SILENT_HTTPPORT= SILENT_MONITORPORT= SILENT_SMTPHOST= SILENT_SMTPPORT= 25 SILENT_NAILS_USER= nails SILENT_NAILS_GROUP= nailsgroup SILENT_CREATE_USER= yes SILENT_CREATE_GROUP= yes SILENT_RUN_WITH_MONITOR= yes SILENT_QUARANTINEDIR= /quarantine SILENT_START_PROCESSES= yes 2 At the command prompt, type the following command: bash McAfeeVSEForLinux <build_number>-installer 3 After installation is completed, use the command passwd to assign a password to the user nails. Install the software on Novell Open Enterprise Server in silent mode Install the software on Novell Open Enterprise server in silent mode. 1 From the Novell edirectory server, use imanager to create a user, nails and a group, nailsgroup. 2 Add the user nails to the nailsgroup. Enable the user and group using the Linux User Management. 3 Provide nails the user with administrator rights on all NSS volumes. rights -f /media/nss/<vol-name> -r s trustee nails.<context>.<tree> You must provide administrator privileges to the nails user, every time a new NSS volume is created. 4 In the nails.options file, make sure that the following parameters are available: SILENT_NAILS_USER="nails" SILENT_NAILS_GROUP="nailsgroup" SILENT_CREATE_USER= no SILENT_CREATE_GROUP= no 5 From the terminal window, type bash McAfeeVSEForLinux <build number>-installer 6 After performing the installation, use imanager to assign a password to the user nails. Install and deploy the software on managed systems Install and manage the software using McAfee epolicy Orchestrator for centralized policy implementation. Contents Prerequisites Check in the package manually 20 McAfee VirusScan Enterprise for Linux Product Guide

21 Installation and deployment Install and deploy the software on managed systems 2 Install the extensions Deploy the software Send an agent wake-up call Prerequisites Before deploying VirusScan Enterprise for Linux on Novell Open Enterprise Server 2.x systems: 1 From the Novell edirectory server, use imanager to create a user, nails, and a group, nailsgroup. 2 Add the user nails to the group nailsgroup. Enable the user and group using the Linux User Management. 3 Provide nails the user with administrator rights on all NSS volumes. For example: rights -f / media/nss/<vol-name> -r s trustee nails.<context>.<tree> You must provide administrative privileges to the nails user, every time a new NSS volume is created. 4 Verify that Fanotify is enabled in the kernel: a Login to the Linux system as user root, type uname -r then press Enter. The result should be above kernel version b Type grep FANOT /boot/config-`uname -r then press Enter. The output should match as follows: CONFIG_FANOTIFY=y CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y If the output does not match as shown, contact McAfee Technical Support. Check in the package manually Check in the VirusScan Enterprise for Linux deployment package to the epolicy Orchestrator Master Repository. Before you begin Make sure that the McAfeeVSEForLinux <build_number> release EPO.zip file is extracted from the package to a temporary location on the epolicy Orchestrator server. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Click Menu Software Master Repository, then click Action Check In Package. 3 On the Check In Package page, for Package type, select Product or Update (.ZIP). 4 Click Browse in File Path, select the file from the temporary location, then click Next. Select McAfeeVSEForLinux <build_number>-release-EPO.zip to install the software. Select MSA-LNX_4.8.0_Package.zip to install McAfee Agent. 5 On the Package Options page, select a Branch, select the required options, then click Save. McAfee VirusScan Enterprise for Linux Product Guide 21

22 2 Installation and deployment Install and deploy the software on managed systems Install the extensions Install VirusScan Enterprise for Linux extensions using epolicy Orchestrator. Install these extensions to enable the features of the product: EPOAGENTMETA.ZIP LYNXSHLDMETA.ZIP LYNXSHLDMETAPARSER.ZIP For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Click Menu Software Extensions. 3 On the Extensions page, click Install Extension. 4 Click Browse, select the extension file, then click OK. To install the software Help extension, browse for the file help_vsel _201.zip and check in the extension. You will find the Help extension under Extensions McAfee Help Content. Deploy the software Deploy VirusScan Enterprise for Linux on client computers using the epolicy Orchestrator software. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Create and download the agent installation package: a From System Tree, click System Tree Actions New Systems. b c On How to add systems, select Create and download agent installation package, click Non-Windows in Agent version, select McAfee Agent for Linux (Current), then click OK. From Download file, right-click install, then select Save target as to download the file to your local system. If you are deploying the product on an Ubuntu client system, download the installdeb.sh file to your local system. 3 From the Linux terminal, execute the following command, to establish a connection between epolicy Orchestrator and the Linux client computer: sh install.sh i 4 Navigate to System Tree page, then on the Assigned Client s tab, click Actions New Client Assignment. 5 On to schedule, select McAfee Agent as the product, select Product Deployment as the task type, then click Create New under the task name. 22 McAfee VirusScan Enterprise for Linux Product Guide

23 Installation and deployment Upgrade the software 2 6 To configure the client task, under Client Catalog, select Linux 64bit as the target platform, VirusScan Enterprise for Linux <build number> as the Products and components, Install as the action, a language, then click Save. To deploy the software with customized settings, copy the nails.options file to the /root and / directory on your Linux client system. For more information on creating the nails.options file, see Silent installation. 7 Click Next to schedule this task immediately or as needed, Click Next to view the task summary, then click a summary, then click Save and send an agent wake-up call. Wait for the deployment task to complete. Send an agent wake-up call Send an agent wake-up call to enforce the policies from epolicy Orchestrator. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Navigate to System Tree, select a group or systems, then select the Computer Names of that group. 3 Click Actions Agent Wake Up Agents. 4 For Wake-up call type select Agent Wake-Up Call, then for Randomization select a number of minutes that the systems must respond by. 5 Select Get full product properties for the agents to send complete properties instead of only properties that have changed since the last agent-server communication. 6 Click OK. To see the status of the agent wake-up call, click Menu Automation Server Log. Upgrade the software VirusScan Enterprise for Linux supports upgrading the software and migrating the configuration from the previous versions of the software. s Upgrade the software from previous versions on RPM and Debian systems on page 24 Upgrade the software from versions or or 2.0 to version Upgrade the managed systems using epolicy Orchestrator on page 24 Upgrade your existing Linux client systems running versions or 1.9 or 2.0 to version 2.0.1, using the epolicy Orchestrator software. McAfee VirusScan Enterprise for Linux Product Guide 23

24 2 Installation and deployment Upgrade the software Upgrade the software from previous versions on RPM and Debian systems Upgrade the software from versions or or 2.0 to version Upgrade McAfee Agent: For RPM based systems: rpm -Uvh MFEcma.i686.rpm For Debian based systems: dpkg -i MFEcma.i686.deb 2 Confirm that McAfee Agent is running correctly: /etc/init.d/cma status 3 Upgrade VirusScan Enterprise for Linux: bash McAfeeVSEForLinux <build number>-installer 4 Confirm that VirusScan Enterprise for Linux is running correctly: /etc/init.d/nails status 5 Restart the computer: reboot Reboot is required only if you upgrade from versions or 1.9 to version When you upgrade the software, the existing on-access scan settings, on-demand scan settings, and the exclusions list are migrated. Upgrade the managed systems using epolicy Orchestrator Upgrade your existing Linux client systems running versions or 1.9 or 2.0 to version 2.0.1, using the epolicy Orchestrator software. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Check in the packages manually. For more information, see Check in the package manually. 3 Install the extensions. For more information, see Install the software extensions. 4 Navigate to the System Tree page. On the Assigned Client s tab, click Actions New Client Assignment. 5 On to schedule, select McAfee Agent as the product, select Product Deployment as the task type, then click Create New under Name. 6 To configure the client task, under Client Catalog, select Linux 64bit as the target platform, VirusScan Enterprise for Linux <build number> as the product and component, Install as the action, a language, then click Save. To upgrade the McAfee Agent on the Linux client system to McAfee Agent 4.8, first add McAfee Agent for Linux x, then click the + button to add VirusScan Enterprise for Linux <build_number> to upgrade both McAfee Agent and the product. 24 McAfee VirusScan Enterprise for Linux Product Guide

25 Installation and deployment Test the installation 2 7 Click Next to schedule this task immediately or as needed, click Next to view the task summary, click Save, then send an agent wake-up call. Wait for the deployment task to complete. 8 Restart the client computer: reboot Reboot is required only if you upgrade from versions or 1.9 to version Test the installation McAfee recommends that you test your installation to make sure that the software is installed properly and can protect your systems. s Test the on-access scan feature on a standalone system on page 25 You can test on-access scanning by accessing the European Institute of Computer Anti-Virus Research (EICAR) standard anti-virus test file. Test the on-demand scan feature on a standalone system on page 25 Verify the on-demand scanning by accessing the European Institute of Computer Anti-Virus Research (EICAR) standard anti-virus test file. Test the on-demand scan on managed system on page 26 Verify that the on-demand scan feature is working on a managed system. Test the on-access scan feature on a standalone system You can test on-access scanning by accessing the European Institute of Computer Anti-Virus Research (EICAR) standard anti-virus test file. Make sure that on-access scanning is disabled in VirusScan Enterprise for Linux On-Access settings. For option definitions, click? in the interface. 1 From a web-browser, go to: client IP address>: Log on with the user name and password provided during installation. 3 On the On-Access Settings page, click Edit, deselect Enable On-Access scanning, then click Apply. 4 From your browser, go to 5 Click ANTI-MALWARE TESTFILE, then click DOWNLOAD. 6 Click an anti-malware test file. For example, eicar.com.txt. 7 From the On-Access Settings page, enable On-Access scanning. 8 Try copying the eicar.com.txt file downloaded to your Linux client's desktop /tmp directory. You can see that the file is not copied to the target directory and is missing from the desktop. The file is quarantined and you can see one detected item appears on the Host Summary page. Test the on-demand scan feature on a standalone system Verify the on-demand scanning by accessing the European Institute of Computer Anti-Virus Research (EICAR) standard anti-virus test file. Make sure that On-Access scanning is disabled in VirusScan Enterprise for Linux On-Access settings. McAfee VirusScan Enterprise for Linux Product Guide 25

26 2 Installation and deployment Uninstall the software 1 From your browser, go to 2 Click ANTI-MALWARE TESTFILE, click DOWNLOAD, then right-click eicar.com.txt and save the file to your /tmp directory. 3 From the interface, click Schedule s. 4 Create a new on-demand scan schedule using the option Immediately. 5 Once the scan is complete, see the results of the scan. You can see that the EICAR test malware is detected in the scan results. You can also view these results from Detected Items and System Events page. Test the on-demand scan on managed system Verify that the on-demand scan feature is working on a managed system. Before you begin Make sure that On-Access scanning feature is disabled on your system. For option definitions, click? in the interface. 1 From your managed system, using the browser, go to 2 Click ANTI-MALWARE TESTFILE, click DOWNLOAD, then right-click eicar.com.txt and save the file to your /tmp directory. 3 From the epolicy Orchestrator, run an on-demand scan using the option Immediately on the managed system. 4 Once the scan is complete, see the results of the scan. You can see that the EICAR test malware is detected in the scan results. You can also view these results from Detected Items and System Events page. Uninstall the software Remove the software from standalone Linux systems and remove the software and its related extensions from managed Linux systems. s Uninstall the software from a standalone system on page 27 You can uninstall the software from your Linux system using the command line. Remove the software from managed systems on page 27 Create a client task to remove VirusScan Enterprise for Linux from managed systems. Remove the software from epolicy Orchestrator on page 27 Remove the software from the epolicy Orchestrator repository. 26 McAfee VirusScan Enterprise for Linux Product Guide

27 Installation and deployment Uninstall the software 2 Uninstall the software from a standalone system You can uninstall the software from your Linux system using the command line. Before you begin You must have administrator rights to uninstall the software. 1 Type the following at the command prompt, then press Enter. For RPM based systems: 1 rpm -e McAfeeVSEForLinux 2 rpm -e MFEcma 3 rpm -e MFErt For Debian based systems: 1 dpkg --purge mcafeevseforlinux 2 dpkg --purge mfecma 3 dpkg --purge mfert 2 Restart the system. Remove the software from managed systems Create a client task to remove VirusScan Enterprise for Linux from managed systems. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Click Menu Systems System Tree. 3 Create a client task in epolicy Orchestrator. Click Assigned Client s Actions New Client Assignment. 4 Schedule a client task in epolicy Orchestrator. Under to schedule, select McAfee Agent as the product, select Product Deployment as the task type, then click Create New under the task name. 5 Configure the client task in epolicy Orchestrator. Under Client Catalog, select Linux as the target platform, VirusScan Enterprise for Linux <build number> as the product and component, Remove as the action, select a language, then click Save. 6 Click Next to schedule the task immediately or as needed, click Next to view task summary, click Save, then send an agent wake-up call. Remove the software from epolicy Orchestrator Remove the software from the epolicy Orchestrator repository. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Click Menu Software Master Repository to open the Packages in Master Repository page. McAfee VirusScan Enterprise for Linux Product Guide 27

28 2 Installation and deployment Uninstall the software 3 In the Actions column, click the Delete link for VirusScan Enterprise for Linux as the name and as the version. 4 Remove the product and reports extensions. a Click Menu Software Extensions, then from the left pane, select VirusScan Enterprise for Linux b For each extension file, click Remove, select Force removal, bypassing any checks or errors, then click OK. 28 McAfee VirusScan Enterprise for Linux Product Guide

29 3 Using the interface Access the interface to define or modify the software configuration, or view information about the software. Contents Launch the interface VirusScan Enterprise for Linux interface Working with the interface Launch the interface View the interface by specifying the IP address and port number in a supported web browser. 1 Open a supported web browser, such as Internet Explorer, Mozilla, or Konqueror, then type the IP address and port number in this format: For example: or VirusScan Enterprise for Linux regards server1 and SERVER1 as similar. The browser tries to connect to the port on the Linux host where the VirusScan Enterprise for Linux web-monitoring service runs, and displays the logon page. If your browser or its version is not supported, you see a warning message. You can continue to log on, but you might experience problems later with the screen and operation of features of the interface. 2 Type the default user name nails and the password that you specified during installation, then click Log on to open the homepage. The user name and password is case-sensitive. On Konqueror browsers, the following message appears: Server certificate failed the authenticity test... This message appears because the certificate is self-signed. You can ignore this message and click Continue. The Host Summary page displays information such as IP address, DAT and engine version, product version, files scanned, status, and detected items for the Linux systems. To return to this page at any time, click Home from the navigation pane on the left side. McAfee VirusScan Enterprise for Linux Product Guide 29

30 3 Using the interface VirusScan Enterprise for Linux interface VirusScan Enterprise for Linux interface VirusScan Enterprise for Linux user interface has three areas such as, navigation pane, console, and the quickhelp pane. When you launch the software interface, you can see these main areas: Left The navigation pane allows you to visit each page setting. Middle The console displays the available settings for each page you select from the navigation pane. Right The QuickHelp pane displays the Help content. Navigation pane The navigation pane appears on left side of the interface. It provides links to view summary reports, schedule scans, update the product, and configure scan settings and notifications. Similar links are grouped. The name of the currently selected Linux host appears above the navigation pane as a host name and port number, for example: server1: The groups of items in the navigation pane menu (View, Schedule, and Configure) refer to this host. View Displays Host Summary, Scanning Summary, Detected Items, System Events, and Scheduled s information about the selected host. Schedule Displays Product Update and On-Demand Scan information, where you can set up schedules for running on-demand scans and updating the DAT files. Configure Displays General Settings, On-Access Settings, On-Demand Settings, and Notifications information, where you can configure scanning, notification, and repository settings on the selected host. The navigation pane also includes: Home Displays summary information about the host that is being monitored. Show/Hide Quick Help Displays or hides the Help system which is displayed on the right pane of the interface. Console The console in the middle of the interface displays each page that is selected from the navigation pane. Help pane The help pane on the right side of the interface displays basic information about each page displayed the console area. You can configure to display or hide the Help, using the Show Quick Help or Hide Quick Help menu options in the navigation pane. Links bar The links bar at the top of the interface provides quick access to information or often-used functions. This bar contains the following links: Log off Closes the current session and navigates to the software logon page. Technical Support Navigates to the McAfee Technical Support page. 30 McAfee VirusScan Enterprise for Linux Product Guide

31 Using the interface Working with the interface 3 Submit a Sample Displays Instructions for submitting malware samples to McAfee labs. Virus Information Library Links to the malware information library, which provides full information about every malware and other potentially unwanted software that VirusScan Enterprise for Linux can detect and clean. About McAfee VirusScan Enterprise for Linux Displays product version and license information. Resources Displays contact information. Help Topics Navigates to online Help. For the web addresses of the links, see Contact information. Depending on the configuration that your organization requires, some of these links might not be available or they can redirect to other locations. For more information, see Advanced features. Working with the interface You can expand tables, sort details, and modify the page settings. Expanding and collapsing tables The interface contains several tables of information. For convenience, you can expand or collapse some tables. The software displays information and the available configuration options in tables. Click (Collapse) To hide the information. Click (Expand) To display the information. You can collapse and expand tables as needed for better readability, when the interface displays information with more rows. For example, on the Notifications page, the SMTP Notification and SMTP Settings tables contain many options. You might not be able to view the options in both the tables on a single page. In such cases, you can collapse the table information that you are not using. Sorting table columns The interface contains several tables. For convenience, you can sort the information using the column title. For example, to sort rows into time order, click the column heading Time. An arrow appears on the right side of a column heading and indicates the order of the sorting. ^ The information is displayed in ascending ordering (0 9, A Z). v The information is displayed in descending ordering (9 0, Z A). To reverse the order of sorting, click the column heading again. This action does not refresh or update the contents of a table. The action does not sort all information; it changes the order of the currently displayed rows of information only. McAfee VirusScan Enterprise for Linux Product Guide 31

32 3 Using the interface Working with the interface Navigating through long tables If VirusScan Enterprise for Linux has too much information to display within a page, the interface displays first few rows at a time. You can use the navigation arrows and numbers that appear at the bottom of the table to display the rest of the information. For example: << >> To increase the number of rows of information that you can view on one page, see General settings. VirusScan Enterprise for Linux applies a limit to the amount of information that can be viewed over several pages. For example, on the Detected Items page and the System Events page, you can view up to 20 pages each containing up to 50 rows. You can effectively view more results by using a query to filter the information. Modify page settings You can change the page settings for several pages in the interface. These pages have an Edit button at the top right of the page. For option definitions, click? in the interface. 1 On the navigation pane, under Configure area, click the page you want to modify the settings, then click Edit. The Edit button is replaced by other buttons Apply and Cancel, and in some cases, Defaults, or Reset. 2 Update the fields as needed, then click Apply. 3 While making the changes, if you decide not to proceed, click Cancel. 4 To reset the settings to the defaults, click Reset. When you click Cancel or Defaults, you are prompted to confirm that you want to do this. Automatically refresh information on pages The information on some pages is automatically refreshed every 10 seconds by default. For option definitions, click? in the interface. 1 On the navigation pane, under Configure area, click General Settings, then click Edit. 2 In the Browser Interface table, type the value for Refresh interval (seconds), then click Apply. To manually refresh these pages at any time, click Refresh at the top of the page. Using wizards The interface uses wizards for completing complex tasks. Using the Next and Back buttons in the top right corner enables you to move from pane to pane. You can also move to any pane by clicking the respective tabs. To close the wizard and complete the task, click Finish. 32 McAfee VirusScan Enterprise for Linux Product Guide

33 Using the interface Working with the interface 3 Error messages When a fault occurs with the interface, a message appears on the current page. The message typically has the format: Error code Description 25 Connection failed to host For more information about error messages, see View system events. Date and time expression Date and time in the interface are expressed as the local time on the host where the software is running. The time is displayed in 24-hour format, and includes a UTC (Universal Time Co-ordinates) offset. For example: May 02, :35:00 (-8:00 UTC). McAfee VirusScan Enterprise for Linux Product Guide 33

34 3 Using the interface Working with the interface 34 McAfee VirusScan Enterprise for Linux Product Guide

35 4 Viewing information From the View area of the navigation pane, you can view the host summary, scanning summary, detected items, system events, and scheduled tasks information. Contents Host summary Scanning summary Detected items Viewing system events Scheduled tasks ExtraDAT file details Host summary The Host Summary page shows the information collected from the server running VirusScan Enterprise for Linux. The information includes the number of files scanned and the detections. To view this page, click Host Summary under View in the navigation pane. For more information about the scanning activity on the host, click the host name in the Host column. The Scanning Summary page contains these details. Option Host Status Files Scanned Detected Items DAT Version DAT Date Definition Displays the name of host that is being monitored. Click the address to view the Scanning Summary page for that host. Displays the host status: active The host is being monitored. connecting, disconnecting Brief changes of state. disconnected Typically the host has been switched off, or its services are not running. on-access disabled On-access scanning has been disabled on the host. on-access enabled On-access scanning has been enabled on the host. Displays the number of items scanned since the software was installed, or since the statistics counters were last reset. Displays the number of detected items since the software was installed or since the statistics counters were reset. Click the number to navigate to the Detected Items page for that host. Displays the 8-digit (XXXX.YYYY) version number for the DAT files. Displays the date when the DAT files were created. McAfee regularly provides updated DAT files. If the date is more than a day ago, your DAT files are not up to date. McAfee VirusScan Enterprise for Linux Product Guide 35

36 4 Viewing information Scanning summary Option ExtraDAT Engine Version Product Version Definition McAfee provides an ExtraDAT file to counter specific threats whenever needed. If an ExtraDAT file is available, click Yes to navigate to the ExtraDAT page. Displays the scanning engine version. Engines are updated less often than DAT files. Displays the product version. Scanning summary The Scanning Summary page shows details of on-access scanning activity on the host that you selected from the Host Summary page. Statistics about malware detected during on-access and on-demand scans are available from the Detected Items page, and the rest is available from System Events. You can view the Scanning Summary page by navigating to Scanning Summary under View. The Scanning Summary page displays the scanning statistics and scanned items details. The Scanning Statistics table displays the on-access scan status, number of files scanned, number of files detected, actions taken, excluded files, average scan time, and host local time details. The Recently Detected table displays the details of the detected items such as detection time, file name, detection type, and file path. The Recently Scanned table displays the details of the scanned items such as detection time, file name, detection type, and file path. Scan statistics The statistics are collected from the time when the software was installed, or since the statistics counters were last reset on the General Settings page. This table explains the information in each column. Option On-Access status Files scanned Detected items Actions performed Files not scanned Average scan time (ms) Scanning uptime Host local time Definition Indicates whether on-access scanning is enabled. Displays the number of files scanned since the host started or the counters were reset. Displays the number of items detected by on-access scanning since installation or the count was last restarted. Indicates actions that have been performed on files, in accordance with the settings on the On-Access Settings page. For on-access scans, Access denied means that all actions taken against the infection failed, or the action was set to deny access. Displays the number of files that were not scanned for any reasons. For example, some items are excluded because they are on specified excluded paths, or because of the file name extension. Displays the average time in milliseconds taken to scan an item. Indicates the time since the software was last started. Statistics about average scanning time are based on this period. Time is expressed in 24-hour format as local time on the host, and with a UTC offset. 36 McAfee VirusScan Enterprise for Linux Product Guide

37 Viewing information Scanning summary 4 Recently detected items View the items that are detected recently. This page is continuously updated as files are accessed, then scanned and any malware is detected. Although a file name appears in the list, the file itself might no longer exist if the software has deleted the infected file. The following information is displayed under Recently Detected. Option Time File Name Detected As Detected Type Description Time when the detection occurred. Name of the file, excluding its path. Name of any virus or other potentially unwanted software. For more information, click the name to visit the Virus Information Library. Type of the detected item, such as: Program A program (application) such as spyware, remote-access software, or password cracker. Joke A joke program. Test A test virus such as EICAR. Trojan A trojan horse program. Virus Malware and other types of infection. User Process Path Name of the user who accessed the file. Process that accessed the file. Name of the file, including its full path. For an archive or other file types that act as a container, the path can include the name of an item within the archive. Recently scanned items This information is continuously updated as files are accessed and scanned. The following information is displayed under Recently Scanned. Option Time File Name Detected As Detected Type User Description Time when the scanning occurred. Name of the file, excluding its path. Name of any virus or other potentially unwanted software. For more information, click the name to visit the Virus Information Library. This column appears only if a recently scanned file was infected. Type of the detected item, such as: Program A program (application) such as spyware, remote-access software, or password cracker. Joke A joke program. Test A test virus such as EICAR. Trojan A trojan horse program. Virus Malware and other types of infection. This column appears only if a recently scanned file was infected. Name of the user who accessed the file. McAfee VirusScan Enterprise for Linux Product Guide 37

38 4 Viewing information Detected items Option Process Path Description Process that accessed the file. Name of the file, including its full path. For an archive or other file types that act as a container, the path can include the name of an item within the archive. If the path name is long, move the horizontal scroll bar to see it all clearly. Generate a diagnostic report A diagnostic report contains detailed information that is useful to McAfee support when you contact them for troubleshooting. For option definitions, click? in the interface. 1 In the Scanning Summary page, click Diagnostic Report. The console displays a list of system events, configuration details, and other information. 2 Using the browser, you can copy the information for later analysis. Typically, you select Select All from a right-click menu (or Ctrl+A), copy then paste the text as needed. Detected items The Detected Items page shows a list of items that contained malware or other potentially unwanted software. The range of items that you see can vary because the list depends on how you navigated to this page. If you navigate directly to this page from the navigation pane or you select the count of Detected Items in the Scanning Summary page, you see items detected today by on-access scanning. If you navigate to this page from a task in the Scheduled s page for an on-demand task, you see items detected during the last run of the task. To view this page, click Detected Items under View in the navigation pane. From this page, you can modify the view to show information about items detected by on-access scanning or detected by an on-demand scan. The Detected Items page has two areas: Query Allows you to define criteria to run a query. Results Displays the results of the query you run. If none of the criteria matches, you get a message No results found. Analyze the detected items Under Query, you can refine the information that is displayed under Results. You can examine entries made between, before or after specified dates and times, and you can filter the information. For example, you can find all occurrences of a particular virus. This feature is useful if the software has detected many viruses, and it enables you to analyze trends. After a short time, VirusScan Enterprise for Linux updates the information under Results. 38 McAfee VirusScan Enterprise for Linux Product Guide

39 Viewing information Detected items 4 1 On the navigation pane, click Detected Items, then select the scan option: Click On Access to view information about detections during on-access scanning. Click On Demand to view information about detections during on-access scanning. 2 To examine information after a specified date, select from. To examine information before a specified date, select to. Select the date and time. 3 To examine information between two dates, select both from and to, select the dates and times, then click Find Results. 4 At the where area, select the check boxes to select items such as Path, Results, and User. The path names are case sensitive. 5 Click Find Results. After a short time, the software displays the updated information in the Results page. Viewing the results The Results table contains several rows and columns. The number of rows is typically is 10. The Results table contains the following information. Option Time File Name Result Definition Time when the detection occurred. Name of the file, excluding its path. Result of the scan: Quarantined Quarantine Failed Deleted Delete Failed Cleaned Clean Failed Renamed Renamed Failed Detected Continue Blocked No cleaning occurs but the software denies further access to the file. This option applies to on-access scans only. Detected As Detected Type User Name of the malware or other potentially unwanted software. For more information, click its name to view its details in our Virus Information Library. Type of infection, such as joke, spyware, or trojan. Name of the user who accessed the file. This option is not available in the results of on-demand scans. McAfee VirusScan Enterprise for Linux Product Guide 39

40 4 Viewing information Viewing system events Option Process Path Definition Process that accessed the file. This field is not available in the results of on-demand scans. Name of the file, including its full path. This option is not available in the results of on-demand scans. To view more rows of information, use the navigation arrows and numbers below the table. You can refine the information using the Query filter. For more information, see Analyze the detected items. If the page shows on-access scanning, or if a scheduled scan is still running, click Refresh to see the latest detections. Export the results for analysis You can save all information under Results as a CSV (comma-separated values) file. Later, you can import the information into a spreadsheet program, such as Microsoft Excel or Lotus 123, for analysis. For option definitions, click? in the interface. 1 Click Export to CSV. 2 Save the file. The default file name is detitems.csv. Viewing system events The System Events page shows details of events for system errors, updates to DAT files, and configuration changes for the host that you selected from the Host Summary page. To view this page, click System Events under View in the navigation pane. The page has two areas Query and Results. The table under Results has several rows and columns. The number of rows is typically limited to 10. To see the latest events, click Refresh. The columns contain the following information: Option Time Code Type Description Definition Time at which the event occurred. Event code (a number relating to the error or information event). Type of event Error or information. Details of the event or error. Analyze the system events Under Query, you can refine the information that is displayed under Results. You can examine entries made between, before, or after a specified date and time, and you can filter the information further. For example, you can find all occurrences of a particular error code. This feature is useful if the software has generated many events, and enables you to analyze trends. Ranges categorize events to different parts of the product. For example, all engine-related errors are in the range between 3000 and At Code, you can specify a single code or a range of codes, for example: 40 McAfee VirusScan Enterprise for Linux Product Guide

41 Viewing information Scheduled tasks 4 Error Code Description 3000 Only the 3000 code event Only the 3001 code event All events above and including code event All events up to and including code All events between 1000 and 3000, including 1000 and For option definitions, click? in the interface. 1 Specify a date and time for information you want to examine. Using any combination of from and to options, specify a date and time for the information you want to examine 2 Click Find Results. After a short time, updated information appears under Results. Export the results for analysis You can save all information under Results as a CSV (comma-separated values) file, then import the information into a spreadsheet program such as Microsoft Excel or Lotus 123, for analysis. The System Events page shows only a few rows of information, typically 10 at a time. However, the export includes all events that match the query specification. The title line of the Results table shows the full number, for example: (101 to 110 of 2359). The more rows included, the longer the export takes. For option definitions, click? in the interface. 1 Under Query, specify the information you want to view, then click Find Results. 2 Click Export to CSV. 3 Save the file. The default name is sysevents.csv. Scheduled tasks Update the scanning engine and DAT files, or run on-demand scans using schedules. You can choose these tasks to run immediately, to run once, or to run on a schedule. You can view this page by clicking Scheduled s under View in the navigation pane. The Scheduled s page has two areas: Summaries shows all tasks that you have scheduled. Details shows the status and other details for the selected task. The Summaries table has the following information: Option Name Type Definition Name of the task. To view the details for any task, click its name. Type of task: Update or On-Demand scan. McAfee VirusScan Enterprise for Linux Product Guide 41

42 4 Viewing information Scheduled tasks Option Status Results Definition Status of the task: Idle, Completed, In Progress, or Failed. Result of each task. To see any more rows of information, use the navigation arrows and numbers below the table. To see extra information about any task, click its name under Summaries. The Details table has the following information: Option Definition Status Next Run Last Run Progress Status of the task: Idle (not started), Completed, Failed, In Progress, or Stopped (by the user). Schedule for the task. This option applies to regular tasks only. Date and time when the task was last run. Progress of the task. During an on-demand scan, this field shows the number of files scanned, and other information such as the number of files that were excluded from scanning. During an update, this field shows text messages about each stage. Click any blue link to see messages about this task in the System Events page. Duration Results The time taken for the last task, or the elapsed time on the current task. A completed on-demand scan shows as the number of detected items. For more information, click the number to open the Detected Items page. If an update has completed, click to open the System Events page and find more information. If a failure occurred, click to open the System Events page and find the reason. The buttons under Details enable you to run, stop, modify, or delete the task as needed. To see the latest status of the tasks, click the Refresh button. Run a scheduled task immediately Execute a scheduled task immediately. For option definitions, click? in the interface. 1 On the Scheduled s page, click the task name in Summaries to display its details under Details. 2 Under Details, click Run Now. The task runs immediately. The results appear in Results under Details. Modify an existing scheduled task Modify an existing scheduled task. If you no longer need a task but you want to set up a similar task, you can modify the existing task. For option definitions, click? in the interface. 1 On the Scheduled s page, select the existing task in the Summaries table. 2 Under Details, click Modify. 3 Make the changes in the When to Scan, What to Scan, and Choose Scan Settings pages, then click Finish. 42 McAfee VirusScan Enterprise for Linux Product Guide

43 Viewing information ExtraDAT file details 4 Delete an existing scheduled task Use this task to delete an existing scheduled task. If you no longer need a scheduled task, you can delete it. 1 Under Summaries, select the task name. 2 Under Details, click Delete. Stop a running task You can stop a scheduled task which is running using this option. 1 Select the task that you want to stop, then click Stop. 2 This action sets the status to Stopping. 3 Click Stop again. This action sets the status to Stopped. You can now run or delete the task. ExtraDAT file details An ExtraDAT is a supplemental malware definition file. McAfee releases the ExtraDAT file in response to an outbreak of potentially unwanted software, a new malware, or a new variant of an existing malware. The Extra DAT page shows information about any ExtraDAT file that is in use on the selected host. The information includes the malware name, and other potentially unwanted software that the ExtraDAT file can detect. To view this page, click the text for example Yes(5) under the ExtraDAT column on the Host Summary page. If the column contains No, no ExtraDAT file is available for the host, and VirusScan Enterprise for Linux does not display the page. For information about any malware in the list, click its name to link to our Virus Information Library. McAfee VirusScan Enterprise for Linux Product Guide 43

44 4 Viewing information ExtraDAT file details 44 McAfee VirusScan Enterprise for Linux Product Guide

45 5 Setting 5 up schedules Set up schedules to update the product or to schedule an on-demand scan. From the Schedule area of the navigation pane, you can protect your Linux hosts by running the following tasks regularly: Update the product. At least once per day, update the DAT files to ensure that the software can recognize new viruses and other potentially unwanted software. Run an on-demand scan. The software examines files as they are accessed when on-access scan is enabled. For complete security, scan other files that are stored in the system but accessed occasionally, using the on-demand scan. McAfee recommends that you schedule the product update and on-demand scan at regular intervals. The product update task keeps the scan engine and DAT file up to date, and periodic on-demand scan ensures that all files are scanned for malware threats. The software enables you to create multiple schedules for running these tasks at regular intervals. You can also create a schedule for immediate scan or product update in response to a suspected malware attack. Using the latest DAT files you can make sure that your hosts are free from the new malware threats. Understanding time differences It is important to understand how to set up times for scans and updates. Suppose that you are in Los Angeles, using a browser to control a host that is running the software in New York. When you schedule the time and date, it is the local time in New York. The time difference between these two locations is typically three hours. If you set an on-demand scan to run at midnight, the scan runs at midnight in New York, and you see the scan results from 9 p.m. in Los Angeles. Contents Using a wizard Product update schedule On-demand scan preferences Using a wizard Each type of schedule works in a similar way, using a wizard-like process to make the task easier. The process leads you through a few pages where you enter the following information: When the scan or update will take place What to scan or update The name of the task McAfee VirusScan Enterprise for Linux Product Guide 45

46 5 Setting up schedules Product update schedule Product update schedule VirusScan Enterprise for Linux depends on information in the DAT files to identify malware. Without updated information in the DAT file, the software cannot detect new threats or respond to them effectively. The software that is not using the latest DAT files can compromise your malware protection program. More numbers of malware appear every month. To meet this challenge, McAfee release new DAT files every day, incorporating the results of the ongoing research into the characteristics of new malware and their variants. The update task that is provided with the software makes it easy to take advantage of this service. This feature allows you to download the latest DAT files or a new scanning engine, using an immediate update or a scheduled update. You can also create an unscheduled update. Here, you provide information about an update but do not attach a schedule to it. You can then run the update at any time, or run it from a command line. Within your network, you need at least one computer that can download the files from our FTP site. The software can then access the FTP site directly or it can copy files from that computer. For more details of the download site, see Contact information. You can also create an unscheduled update. Here, you provide information about an update but do not attach a schedule to it. You can then run the update at any time. Within your network, you need at least one system that can download the files from our FTP site. For more details of the download site, see Contact information. The software can then access the FTP site directly or it can copy files from that system. Create a product update schedule VirusScan Enterprise for Linux depends on information in the DAT files to identify malware to protect your Linux systems from latest threats. Without updated information in the DAT file, the software cannot detect new threats or respond to them effectively. The software that is not using the latest DAT files can compromise your malware protection program. To create a schedule to update the virus definition files or the scanning engine, click Product Update under Schedule in the navigation pane. For option definitions, click? in the interface. 1 Launch the interface. 2 In the Schedule area, click Product Update. 46 McAfee VirusScan Enterprise for Linux Product Guide

47 Setting up schedules Product update schedule 5 3 On the When to update page, define these settings as needed: Option Unscheduled Immediately Once Definition Starts the update immediately. Starts the update immediately. Updates the product on a defined date. When you select this option, specify the time in the At row. Hourly Updates the product for every hours as you define. For example, If you type 2 in the hours field, the product update happens for every 2 hours. Daily Updates the product for every day. When you select this option, specify the time in the At row. Weekly Updates the product for every week for the defined number of weeks. For example, Type 1 in every week on box, select, Monday and Friday, then, specify the time in the At row. The product update happens every week on Monday and Friday at the specified time. Monthly Updates the product on the specified day of the selected month. For example, Select First, and Monday, select all months, then, specify the time in the At row. The product update happens on the first Monday of every month. At Provides option to define the time of update when you configure the product update for Once, Daily, Weekly, and Monthly. This option is not available if you schedule an Unscheduled, Immediately, or Hourly product update. 4 On the Choose what to update page, define these settings: Virus definition files (also known as DAT files) To update the detection definition files with the latest information. By default, this option is enabled. Virus scanning engine To update the scan engine. McAfee recommends that you schedule the DAT files update once every day. In this way, the software can use the latest DAT files and protect your systems from the latest threats. 5 On the Enter a task name page, type a unique name for the update schedule, then click Finish. The Scheduled s page appears, and the update runs at the time you defined in the schedule. McAfee VirusScan Enterprise for Linux Product Guide 47

48 5 Setting up schedules On-demand scan preferences On-demand scan preferences On-demand scanning examines the configured directories of your host at convenient times or at regular intervals. Use on-demand scans to supplement the continuous protection that the on-access scanner offers, or to schedule regular scans. The software scans files as they are written to or read from disk. During these scans, the installed DAT files check for any malware or potentially unwanted software within the files. You can perform a one-time on-demand scan when you want to scan a file or location that you suspect of containing malware. You can perform scheduled scanning activities at convenient times or at regular intervals. You can also create an unscheduled scan. Here, you provide information about a scan but do not attach a schedule to it. You can then choose to run the scan at any time, or run it from the command line. To use this feature, click On-Demand Scan under Schedule in the navigation pane. Schedule an on-demand scan Create a schedule to run an on-demand scan on the configured drives of your host system. 1 Launch the interface. 2 On the Schedule area, click On-Demand Scan. 3 On When to scan, select the frequency of scan. Option Unscheduled Immediately Once Hourly Definition Starts the scan immediately. Starts the scan immediately. Runs the on-demand scan at the defined date. When you select this option, specify the time in the At row. Runs the on-demand scan for every hour as defined. For example, If you type 2 in the hours field, the scanning happens for every 2 hours. Daily Weekly Monthly At Runs the on-demand scan for every day. When you select this option, specify the time in the At row. Runs the on-demand scan for every week for the defined number of weeks. For example, Type 1 in every week on box, select Monday and Friday, then specify the time in the At row. The scanning happens on every week Monday and Friday in the specified time. Runs the on-demand scan on the specified day of the selected month. For example, Select First, and Monday, select all months, then, specify the time in the At row. The on-demand scan runs on the first Monday of every month. Allows you to define the time to run on-demand scanning for Once, Daily, Weekly, and Monthly. 48 McAfee VirusScan Enterprise for Linux Product Guide

49 Setting up schedules On-demand scan preferences 5 4 On the What to scan page, define these settings. Path Type the path you want to scan. Scan Sub-Directories Select the box to include the subdirectories of the defined path. Add To add another path for scanning. You can remove the path from the on-demand scan by clicking Remove button. If you selected the option to scan the subdirectories and remove the path from on-demand scanning, the software does not perform on-demand scan for either the path or the subdirectories. McAfee VirusScan Enterprise for Linux Product Guide 49

50 5 Setting up schedules On-demand scan preferences 5 On the Choose scan settings page, define the scan settings, then click Next. Option Decompress archives Definition Scans archived file such as.tar or.tgz files. The decompression might slow the system performance. The malware-infected file in an archived file cannot become active until it is extracted. Perform heuristic virus analysis Perform macro analysis Decode MIME encoded files Find potentially unwanted programs Find joke programs Uses heuristic analysis to identify any potential new macro threats in files created by Microsoft Office products. Scans for potential macro threats in files are added. Decodes messages that are typically encoded in Multipurpose Internet Mail Extensions MIME format. Using this option can affect system performance. If your network has other anti-malware software for handling threats, you can unselect this option. By default, this option is deselected. Scans for threat programs such as spyware, remote-access utilities, and password crackers. Joke programs are not harmful. They play tricks such as displaying a hoax message. This feature only becomes available if you have selected Find potentially unwanted programs. Scan files on network mounted volumes (NFS, CIFS/SMBFS only Scans NFS, CIFS, or SMBFS volumes for threats. VirusScan Enterprise for Linux treats only NFS, CIFS, or SMBFS volumes as network file systems. When you select this option, the software scans these network-mounted volume directories and its subdirectories for malware threats. If you unselect this option, the software does not scan these network-mounted volumes. If the network-mounted volumes are added to the Paths Excluded from Scanning list, the software excludes those volumes from scanning, even if scan on network-mounted volumes is selected. Extension-based scanning Maximum scan time (seconds) Quarantine directory Indicates how VirusScan Enterprise for Linux handles files that have extension names (for example,.txt and.exe). By default, VirusScan Enterprise for Linux scans all files regardless of the file name extension. For more information, see Extension based scanning. Stops scanning the file after the number of seconds is reached. This feature prevents large files reducing overall performance, and protects against corrupted files and denial-of-service attacks. By default, the value is 45 seconds but you can set the value between 10 and 300 seconds. On computers with low-specification hardware, VirusScan Enterprise for Linux might abandon scanning of some large files because of the time taken. In such cases, we recommend that you increase this number. Allows you to specify the directory to store the infected files. 50 McAfee VirusScan Enterprise for Linux Product Guide

51 Setting up schedules On-demand scan preferences 5 6 On the Paths Excluded From Scanning table, define these settings, then click Add. Path Exclude All Sub-Directories For more information on excluding the path, see Exclude paths from scanning. 7 On the Extension Based Scanning table, define the required settings: Scan all files Default + specified Specified For more information on excluding the path, see Extension based scanning. 8 On the Anti-virus Actions table, define the required settings, then click Apply. Option Action for viruses and Trojan horses Action for applications and joke programs Definition Actions to take when a virus or trojan horse program is detected. Your second choice of action is limited by your first choice. You cannot choose both actions to be the same. Actions to take when a potentially unwanted application or joke program is detected. Your second choice of action is limited by your first choice. You cannot choose both actions to be the same. If any action fails to work, the software uses the secondary action. If the secondary action fails, the software uses its fallback action that is block access to the infected file. 9 On the Enter a task name field, type a unique name for the on-demand scan, then click Finish. The unique name helps you to locate the task later in the list of scheduled tasks. The software displays the Scheduled s page, and the scan runs at the times you defined in the schedule. McAfee VirusScan Enterprise for Linux Product Guide 51

52 5 Setting up schedules On-demand scan preferences 52 McAfee VirusScan Enterprise for Linux Product Guide

53 6 Configuring 6 VirusScan Enterprise for Linux On installation, VirusScan Enterprise for Linux starts protecting your Linux systems from malware and other potentially unwanted software with the default settings. However, you can modify these settings as needed. From the Configure area of the navigation pane, you can configure the following settings for the software: Use General Settings to configure browser interface options and log information to reset the configuration settings to those at installation time, and to clear the statistics from the software database. Use On-Access Settings and On-Demand Settings page to specify the scanning options, paths to exclude from scanning, and actions to take on infected items. Use Notifications page to configure SMTP settings. Use Repositories page to configure the local repository list, and proxy settings. Contents General settings On-access settings configuration On-demand settings Notifications Repositories General settings From the General Settings page, you can change the appearance of pages in the browser interface, the behavior of logging, and the collection of statistics. To view the settings, click General Settings under Configure in the navigation pane. To make any changes to the settings, click Edit. To apply the new settings, click Apply. For more information, see Configure general settings. The page has two main areas: Browser Interface Logging This page has two important buttons: McAfee VirusScan Enterprise for Linux Product Guide 53

54 6 Configuring VirusScan Enterprise for Linux General settings Clear Statistics Reset Defaults Browser interface Under Browser interface, you can view and change settings such as the refresh interval. This table explains the available options in each column. Option Refresh interval (seconds) Results per page Display time UTC offset Show Quick Help on startup Definition The browser automatically updates the contents of pages such as the Scanning Summary page. By default, the page is refreshed every 10 seconds, but you can change the interval between 5 and 600 seconds. The number of rows to display information in certain pages under Results, namely in the Detected Items, Scheduled s, and System Events pages can be configured. By default, 10 rows are displayed in a page, but you can set the number between 1 and 50 rows. Wherever time values are displayed as in scheduled tasks and detections an offset value is displayed in UTC form to help you understand any time-zone differences. Displays the web help on the right side area. Log levels Use Logging, to view, and change settings such as the level of detail that you require. The next table explains the information in each column. 54 McAfee VirusScan Enterprise for Linux Product Guide

55 Configuring VirusScan Enterprise for Linux General settings 6 Table 6-1 Option definitions Option Detail level Definition Indicates the level of logging information that the software records in its database. Setting the level as High can affect performance and the size the database. The default level is Normal. The available options are Low Logs only critical errors and system service start up and shut down messages. Normal Logs critical errors, system service start up and shut down messages, internal errors such as OAS enable and disable, and crontab actions failed messages. High Logs additional details such as, events for created quarantiner child, created cleaner child, and configured with engine and DAT. It also logs critical errors, system service start up and shut down messages, internal errors such as OAS enable and disable, and crontab actions failed messages. McAfee recommends setting the level as Low. Only when you troubleshoot issues, you can set the level to High to extract complete details. Additionally log to SYSLOG Detail level for SYSLOG Limit age of log entries Maximum age of log entries Statistics last cleared Indicates if information logged to the VirusScan Enterprise for Linux database is also logged to SYSLOG. By default, this option is deselected. VirusScan Enterprise for Linux logs information in two channels. Logs information in the software database Logs information in SYSLOG To store the log information in SYSLOG additionally, you can select this option. This field is only available if Additionally log to SYSLOG is selected. By default, the level is Low. The available options are Low, Normal, and High. Indicates information in the log is automatically removed later, based on the age of the log entries. By default, this option is selected. This field is only available if Limit age of log entries is selected. Limits to the age of entries in the software database to the specified days. After the specified number of days, old entries are automatically removed to limit the database size. Maximum age of log entries (days) - By default, the limit is 28 days, but you can adjust the limit between 1 and 999 days. Indicates when statistics were removed by clicking Clear statistics. Statistics reset You can reset the scanning statistics for certain pages. To reset the statistics, on the General Settings page, click Clear statistics. The values for Files scanned and Detected items in the Scanning Summary page are reset to zero. The information in the Recently scanned and Recently detected table are reset. Clearing statistics You can clear the scanning statistics for certain pages. To clear the statistics, click Clear statistics. McAfee VirusScan Enterprise for Linux Product Guide 55

56 6 Configuring VirusScan Enterprise for Linux On-access settings configuration The values for Files scanned and Detected items in the Scanning Summary page are reset to zero. The information in the Recently scanned and Recently detected areas are cleared. Configure general settings Configure the General Settings page for the generic options such as refresh time interval, levels for log details, and to clear the statistics. 1 Launch the interface. 2 On the Configure area, click General Settings. 3 On the General Settings page, click Edit. 4 On the Browser Interface table, define these settings: Refresh Interval (seconds) Results per page 5 On the Logging table, define these settings: Detail level Limit age of log entries Additionally log to SYSLOG Maximum age of log entries Detail level for SYSLOG 6 Click the Apply button to save the changes. You can revoke the changes that you have made to this page by clicking the Reset button. Restoration of default configuration settings You can reset all configuration settings to the default settings by clicking Reset Defaults under General Settings. The general settings restore the default values for these pages: On-access settings On-demand settings Notification settings Settings for the browser interface and logging On-access settings configuration The On-Access Settings page displays the available configuration to protect your Linux systems whenever an infected file or other potentially unwanted program is detected. To view this page, click On-Access Settings under Configure in the navigation pane. To make any changes to the settings, click Edit. To apply the new settings, click Apply. For more information, see Configure on-access scan settings. The On-Access Settings page has these main areas: 56 McAfee VirusScan Enterprise for Linux Product Guide

57 Configuring VirusScan Enterprise for Linux On-access settings configuration 6 Anti-virus Scanning Options Paths Excluded From Scanning Extension-based Scanning Anti-virus Actions Anti-virus scanning options The scanning options determine which types of file the software scans. By default, all these scanning options are available, unless stated. The next table explains the options. Option Enable On-Access Scanning Decompress archives Definition Scans files for malware and other potentially unwanted software, whenever a file is accessed. Scans inside file archives such as.tar or.tgz files. The decompression can slow the system performance. The malware-infected file inside an archive cannot become active until it is extracted. Find unknown program viruses Find unknown macro viruses Decode MIME encoded files Find potentially unwanted programs Find joke programs Scan files when writing to disk Scan files when reading from disk Scan files on network mounted volumes (NFS, CIFS/SMBFS only) Uses heuristic analysis to identify potential new file viruses. Uses heuristic analysis to identify any potential new macro viruses in files created by Microsoft Office products. messages are typically encoded in MIME format. Using this option can affect system performance. If your network has other anti-virus software for handling , you might not require this option. These programs might be dangerous but they are not malware. It includes programs such as spyware, remote-access utilities, and password crackers. Joke programs are not harmful. They play tricks such as displaying a hoax message. This feature only becomes available if you have selected Find potentially unwanted programs. Scans the contents of each file when it is closed. Scans the contents of each file when it is opened. Scans NFS, CIFS, or SMBFS volumes for threats. VirusScan Enterprise for Linux treats only NFS, CIFS, or SMBFS volumes as network file systems. When you select this option, the software scans these network-mounted volume directories and its subdirectories for malware threats. If you unselect this option, the software does not scan these network-mounted volumes. If the network-mounted volumes are added to the Paths Excluded from Scanning list, the software excludes those volumes from scanning, even if scan on network-mounted volumes is selected. McAfee VirusScan Enterprise for Linux Product Guide 57

58 6 Configuring VirusScan Enterprise for Linux On-access settings configuration Option Extension-based Scanning Maximum scan time (seconds) Definition Indicates how the software handles files that have extension names (for example,.txt and.exe). By default, the software scans all files regardless of the file name extension. For more information, see Extension based scanning. Stops scanning the file after the number of seconds is reached. This feature prevents large files reducing overall performance, and protects against corrupted files and denial-of-service attacks. By default, this is 45 seconds but may be between 10 and 300 seconds. On computers with low-specification hardware, the software might abandon scanning of some large files because of the length of time taken. In such cases, we recommend that you increase this number. Exclude paths from scanning VirusScan Enterprise for Linux supports excluding specific paths or files (either path or regular expression format) from being scanned. You can add exclusions for on-access scans and on-demand scans from the interface. Some shares or paths might not require scanning, or you might prefer not to scan them frequently. For example: Directories that contain only plain text files or other file types that are not prone to infection. Directories that contain executable files that have file permissions that prevent them being modified. Directories that contain large archive files and compressed files. Directories that contain files already known to be infected (quarantined). 1 On the On-Access Settings page under Configure area, click Edit. 2 Under Paths Excluded From Scanning, add the absolute path or regular expression for the file/folder you want to exclude and click Apply. For example: directory1 or directory1/subdirectory2 Enter path names in the correct case. Do not use symbolic links. For bind mounts (which appear in more than one place in the directory), add each path that you want to exclude. You can use regular expressions to represent the pattern matching within directory names or file names. See Examples for Regular expression-based exclusions. 3 Under Paths Excluded From Scanning, add the path or regular expression for the file/folder you want to exclude and click Apply. For example: directory1 or directory1/subdirectory2 Enter path names in the correct case. You can use regular expressions to represent the pattern matching for directory names or file names. 4 To exclude the subdirectories from scanning, select the Exclude All Sub-Directories checkbox of that row. 5 From Choose a share from the list below category, select a share. 58 McAfee VirusScan Enterprise for Linux Product Guide

59 Configuring VirusScan Enterprise for Linux On-access settings configuration 6 6 Type the regular expression under Specify sub-directories (optional) text box. For specific examples, see Exclude paths from scanning. 7 Click Add in that row. An extra row is added to the table. To remove any exclusion, click Remove in its row. Examples for regular expression-based exclusions Regular expression To exclude all files starting with abc available in Documents /xyz folder To exclude all files with extensions.jar and.vob under Backups/demo share To exclude all files with extension.mp3 and.mp4 under Music share Regular expression To exclude all files starting with abc available in / media/nss To exclude all files starting with "." under /media/nss To exclude all files with extensions ext and abc under /media/nss To exclude all users mailboxes folders To exclude all files and folders starts with abc in the machine Example xyz/abc.* demo/.*\.(jar VOB)$.*\.(mp3 mp4)$ Example /media/nss/abc.* /media/nss/\..* /media/nss/.*\.(ext abc) /home/.*/mailbox/.*.*/abc.* To use the regular expressions from epolicy Orchestrator: You should include "/" as the first character. For example: From epolicy Orchestrator, to exclude all files and folders starting with abc in the machine use the regular expression: /.*/abc.* Ensure that there are no escape sequences included in the regular expression. For example: From epolicy Orchestrator, to exclude all files starting with "." under /media/nss use the regular expression: /media/nss/..* Extension-based scanning You can specify extension names that you want to scan. You can specify extension to scan at the same time as the software scans the extensions in the default list and the specified list. This table only becomes visible when you click Edit. However, you can see the chosen setting at Extension Based Scanning in the first table. If the software is running on a Samba file server that Microsoft Windows users can access, you might specify the types of files to scan according to their file extension. However, McAfee recommends scanning all files wherever possible. You can specify extension names that you want to scan. Otherwise, you can specify extension names to scan at the same time as the software scans those in the default list. You cannot remove extension names from the default list. But you can build your own list of extension names based on extensions in the current default list. The choices available in this area are: McAfee VirusScan Enterprise for Linux Product Guide 59

60 6 Configuring VirusScan Enterprise for Linux On-access settings configuration Scanning all files Default + specified Specified For the list of default files that are scanned when Default + specified option is enabled, see McAfee KnowledgeBase article KB Scan all files You can scan all files from the configured directories regardless of the file name extension. For option definitions, click? in the interface. To scan all files regardless of file name extension, under Extension Based Scanning, select Scan all files Scan all files is the default settings for On-Access Settings. Scan default files and specific files You can configure the VirusScan Enterprise for Linux to scan the default files and specific type of files. 1 Under Extension Based Scanning, select Default + specified. 2 At New, type the file name extension. For example AAA or aaa. 3 Click Add to move the name to the Specified list. To remove names from the Specified list, select each name, then click Remove: To select one name, click the name. To select a range of names, click the first, then use Shift+Click to select the last. To select several names, use Ctrl+Click. If a new file name extension is included in the later DAT files, files with that file name extension are also scanned. For the list of default file extensions that VirusScan Enterprise for Linux scans when Default + specified option is selected, see McAfee KnowledgeBase article KB Scan specific files You can scan only specific files based on file name extension. 1 Under Extension Based Scanning, select Specified. 2 At New, type the file name extension, for example AAA or aaa. 3 Click Add to move the name to the Specified list. 60 McAfee VirusScan Enterprise for Linux Product Guide

61 Configuring VirusScan Enterprise for Linux On-access settings configuration 6 4 To build a list quickly, click Set Defaults to copy all names from the malware definition files into the Specified list. You can then modify the Specified list. The file name extensions in the Specified list do not change automatically. Therefore, if a new file name extension is included in later malware definition files, files with that file name extension will not be scanned. To remove names from the Specified list, select each name, then click Remove: To select one name, click the name. To select a range of names, click the first, then use Shift+Click to select the last. To select several names, use Ctrl+Click. Anti-virus actions Configure the software to take various actions when it detects malware or other potentially unwanted software. The actions are: clean Cleans the infected file by removing the virus code. VirusScan Enterprise for Linux cannot repair any damage that has occurred to the file. For example, some viruses can modify or erase data in spreadsheets. continue Reports the detection and continues scanning. This action is only available for on-demand scanning. delete Deletes the infected file. deny access Prevents further access to the infected file. This action is only available for on-access scanning. quarantine Moves the infected file to the area specified in Quarantine directory. To prevent the spread of infected files, VirusScan Enterprise for Linux prevents moving a file from a remote file system into this area. rename Renames the extension of the infected file, to prevent its accidental use. Renaming is useful where the file extension such as.exe or.txt determines the application and opens the file. If the infected file does not contain an extension, the file is renamed with the extension.vir. For example, if the original malware file name is EICAR, it is renamed to EICAR.vir If the infected file contains an extension name other than vir, the first letter of the extension is renamed with v. For example, the file EICAR.COM is renamed to EICAR.VOM. If EICAR.VOM exists, the file is renamed to EICAR.VIR. The default primary action for infected files is Clean and the secondary option is Quarantine. However, you can change the settings as needed. For more information on configuring Anti-virus actions, see Configure on-access scan settings. Configure on-access scan settings Verify the on-access scanning default configurations and make necessary changes in the settings as needed. 1 Launch the interface. 2 On the Configure area, click On-Access Settings. McAfee VirusScan Enterprise for Linux Product Guide 61

62 6 Configuring VirusScan Enterprise for Linux On-access settings configuration 3 On the On-Access Settings page, click Edit. 4 On the Anti-virus Scanning Options table, define these settings: Enable On-Access Scanning Decompress archives Find unknown program viruses Find unknown macro viruses Decode MIME encoded files Find potentially unwanted programs Find joke programs Scan files when writing to disk Scan files when reading from disk Scan files on network mounted volumes (NFS, CIFS/SMBFS only) Extension-based Scanning Maximum scan time (seconds) Quarantine directory For details about these options, see anti-virus scanning options. 5 On the Paths Excluded From Scanning table, define the required settings. For more information on excluding the path, see Exclude path from scanning. 6 On the Extension Based Scanning table, define the required settings: Path Exclude All Sub-Directories Action For more information on excluding the path, see Extension based scanning. 7 On the Anti-virus Actions table, define the required settings, then click Apply. Action for viruses and Trojan horses Action if an error occurs during scanning Action for applications and joke programs Quarantine directory Action on time out For more information about these options, see Anti-virus actions. If any action fails to work, the software uses the secondary action. If the secondary action fails, the software uses its fallback action that is block access to the infected file. 62 McAfee VirusScan Enterprise for Linux Product Guide

63 Configuring VirusScan Enterprise for Linux On-demand settings 6 On-demand settings The On-Demand Settings page shows how the software responds when malware or other potentially unwanted software is detected during an on-demand scan. Settings for on-access scans and on-demand scans are similar. This page shows the settings that are applied to all new tasks. To change the settings of an existing on-demand scanning task, see Modify an existing scheduled task. To view this page, click On-Demand Settings under Configure in the navigation pane. To change any settings, click Edit. To apply the new settings, click Apply. Any on-demand scanning tasks that you previously configured retain their own settings. If you change the settings in the On-demand Settings page, the changes do not affect the existing on-demand scanning task that you have already scheduled. The task that you create after changing the On-demand Settings runs with these settings. Configure on-demand scan settings Configure the on-demand scan preferences before you schedule the scan on your Linux systems. 1 Launch the interface. 2 On the Configure area, click On-Demand Settings. 3 On the On-Demand Settings page, click Edit. McAfee VirusScan Enterprise for Linux Product Guide 63

64 6 Configuring VirusScan Enterprise for Linux On-demand settings 4 On the Anti-virus Scanning Options table, define these settings: Option Decompress archives Definition Scans archived file such as.tar or.tgz files. The decompression might slow the system performance. The malware-infected file in an archived file cannot become active until it is extracted. Find unknown program viruses Find unknown macro viruses Decode MIME encoded files Find potentially unwanted programs Find joke programs Uses heuristic analysis to identify potential new file viruses. Uses heuristic analysis to identify any potential new macro threats in files created by Microsoft Office products. Decodes messages that are typically encoded in Multipurpose Internet Mail Extensions MIME format. Using this option can affect system performance. If your network has other anti-malware software for handling threats, you can unselect this option. Scans for threat programs such as spyware, remote-access utilities, and password crackers. Joke programs are not harmful. They play tricks such as displaying a hoax message. This feature only becomes available if you have selected Find potentially unwanted programs. Scan files on network mounted volumes (NFS, CIFS/SMBFS only) Scans NFS, CIFS, or SMBFS volumes for threats. VirusScan Enterprise for Linux treats only NFS, CIFS, or SMBFS volumes as network file systems. When you select this option, the software scans these network-mounted volume directories and its subdirectories for malware threats. If you unselect this option, the software does not scan these network-mounted volumes. If the network-mounted volumes are added to the Paths Excluded from Scanning list, the software excludes those volumes from scanning, even if scan on network-mounted volumes is selected. Extension based scanning Maximum scan time (seconds) Quarantine directory Indicates how the software handles files that have extension names (for example,.txt and.exe). By default, the software scans all files regardless of the file name extension. For more information, see Extension-based scanning. Stops scanning the file after the number of seconds is reached. This feature prevents large files reducing overall performance, and protects against corrupted files and denial-of-service attacks. By default, the value is 45 seconds but you can set the value between 10 and 300 seconds. On computers with low-specification hardware, the software might abandon scanning of some large files because of the time taken. In such cases, we recommend that you increase this number. Type the quarantine directory name, as defined during the installation. 5 On the Paths Excluded From Scanning table, define path and subdirectories you want to exclude. For more information on excluding the path, see Exclude path from scanning. 64 McAfee VirusScan Enterprise for Linux Product Guide

65 Configuring VirusScan Enterprise for Linux Notifications 6 6 On the Extension Based Scanning table, select one of these options as needed: Scan all files Default + specified Specified For more information on excluding the path, see Extension based scanning. 7 On the Anti-virus Actions table, define the required settings, then click Apply. Option Action for viruses and Trojan horses Action for applications and joke programs Quarantine directory Definition Actions to take when a virus or Trojan-horse program is detected. Your second choice of action is limited by your first choice. You cannot choose both actions to be the same. Actions to take when a potentially unwanted application or joke program is detected. Your second choice of action is limited by your first choice. You cannot choose both actions to be the same. Name of the quarantine file, as set up at installation time. If any action fails to work, the software uses the secondary action. If the secondary action fails, the software uses its fallback action that is block access to the infected file. 8 After defining these configurations, schedule the on-demand scanning as needed. For more information, see Schedule an on-demand scan. Notifications From the Notifications page, you can specify who receives notification of events such as virus detection and changes to the scanning options. The software sends the messages using the SMTP protocol. To view this page, click Notifications under Configure in the navigation pane. To change the settings, click Edit. After making the changes, to apply the new settings, click Apply. SMTP notifications You can define the events for which users get alert notifications. This table explains the available settings. Table 6-2 Option definitions Option Item detected Out of date Definition Details of a detection of a virus or other potentially unwanted software. Here, for example, you can decide whether to issue a notification if any joke programs are detected. Details of out-of-date DAT files. Here, for example, you can decide whether to notify if DAT files are more than 10 days old. McAfee VirusScan Enterprise for Linux Product Guide 65

66 6 Configuring VirusScan Enterprise for Linux Notifications Table 6-2 Option definitions (continued) Option Configuration change Definition Details of changes to the settings for on-access scanning, notifications, and general settings. Changes to the settings for on-demand scans are not notified. Here, for example, you can decide whether to notify if changes are made to the settings for on-access scanning. System events Details of any important events. Here, for example, you can specify the range of system events or event types for which SMTP sends notification. To enable any notification feature, select its checkbox in the left column under SMTP Notification. For each type of notification, the software provides a default subject and a message. You can change these messages to suit your organization. Messages can include substitution variables, such as %hostname% to indicate the host name. To include variables in any message, see Substituting variables in notification templates. To restore the default message, click Reset. Configure SMTP settings You can define the list of users who receives notifications about the events specified in SMTP Notifications. The SMTP Settings table provides options to configure the server, the sender, and the recipient details.. Server From Name and port of the server that sends the message. This is set up during installation. Name of the sender. By default, this is the address that was given during installation. 1 On the SMTP Settings table, define the Server details. This is set up during installation. Name Name of the server Port Port of the server From Name of the sender. By default, this is the address that was given during installation. To Names of the recipient. For example: user1@example.com. 2 On the field in the From row, type the name of the sender. By default, this is the address that was given during installation. 3 On the To row, you can add or remove the list of recipients. Table 6-3 To Add recipients 1 Type the address in New. For example: user1@example.com 2 Click Add, to move the name to the Recipient list. To remove recipients 1 Select each name, then click Remove To select one name, click the name. To select a range of names, click the first, then use Shift+Click to select the last. To select several names, use Ctrl+Click. 66 McAfee VirusScan Enterprise for Linux Product Guide

67 Configuring VirusScan Enterprise for Linux Repositories 6 Repositories A software repository is a storage location where software packages or updates can be retrieved and installed on systems. To deliver products and updates throughout your network, McAfee offers several types of repositories to create a robust update infrastructure. The repository options provide flexibility to develop an updating strategy to ensure that your systems stay up to date. To view this page, click Repositories under Configure in the navigation pane. To change or modify the repository settings, click Edit and to save the new settings, click Apply. Configure the repository list The repository list contains the names of all repositories you are managing with the software. The Repository List has details like repository name, type, URL, port, user name and password of the available repositories. The repository list includes the location and network credential information that managed systems use to select the repository and retrieve updates. The epolicy Orchestrator server sends the repository list to the agent during agent-server communication. 1 To add, delete or modify the Repository List, click Edit. 2 Type the repository name, type, URL, port number, user name, and password. You can use the following options: Add To add a repository to the list. Delete To remove the repository from the repository list. Move up To shift up the selected repository one level in the repository list. Move down To shift the selected repository one level down in the repository list. 3 Click Apply To save the changes, or Cancel to discard the changes. Configure the local repository Create a local repository and configure it to retrieve software and updates to install on your computer. You can use the local repository to access software and updates if your system can t connect to the epolicy Orchestrator server or to the Internet. Before you begin Before configuring the local repository, you must mirror the McAfee FTP download site to the local repository directory. To mirror the McAfee FTP download site using the wget command, follow steps 1 to 6. The following steps are illustrated with the assumption that the connection is available for wget to mirror the McAfee FTP download site. Other methods of mirroring the site works only if directories and files are renamed as illustrated. 1 Create a local repository directory where you want to mirror the McAfee FTP download site. For example: /root/localrepo 2 At the /root/localrepo directory, type the following command: wget - mirror ftp://ftp.nai.com/commonupdater McAfee VirusScan Enterprise for Linux Product Guide 67

68 6 Configuring VirusScan Enterprise for Linux Repositories 3 From the commonupdater directory, rename the folder current to Current. 4 Rename these files in the commonupdater folder as defined: sitestat.xml to SiteStat.xml v2datdet.mcs to V2datdet.mcs v2datinstall.mcs to V2datinstall.mcs 5 From the Current folder, rename the folder vscandat1000 to VSCANDAT1000. a From the VSCANDAT1000 folder, rename the folder dat to DAT. 6 Rename these files in the DAT/0000 folder as defined: v2datdet.mcs to V2datdet.mcs v2datinstall.mcs to V2datinstall.mcs pkgcatalog.z to PkgCatalog.z 7 Log on to the local user interface. 8 From the Configure section in the navigation pane, click Repositories. 9 Click Add to include a local repository and define these settings: Repository type Local Repository URL Type the absolute path of the directory. For the given example: /root/localrepo/commonupdater The Port, Username, and Password details are not required for local repository. 10 Using the Move Up button, move the local repository item to the top of the list. 11 Click Apply. 12 Run the DAT update task to verify. Configure the proxy settings To access an Internet repository, such as the McAfee update sites, the repository uses proxy settings to retrieve packages. If your organization uses proxy servers for connecting to the Internet, you can use the proxy settings. 1 To configure the Proxy Settings, click Manually configure the proxy. 2 Type the IP address and Port number of the HTTP or FTP server. You can use the following options: Use these settings for all proxy types Specifies the same IP address and port number for all proxy types. Use authentication for HTTP Specifies the user name and password of the HTTP server for authentication. 68 McAfee VirusScan Enterprise for Linux Product Guide

69 Configuring VirusScan Enterprise for Linux Repositories 6 Use authentication for FTP Specifies the user name and password of the FTP server for authentication. Specify exceptions Bypasses a proxy server for specific domains. 3 Click Apply to save the changes or Cancel to discard the changes. McAfee VirusScan Enterprise for Linux Product Guide 69

70 6 Configuring VirusScan Enterprise for Linux Repositories 70 McAfee VirusScan Enterprise for Linux Product Guide

71 7 Managing 7 the software with epolicy Orchestrator Integrate and manage VirusScan Enterprise for Linux using epolicy Orchestrator management software. McAfee epolicy Orchestrator provides a scalable platform for centralized policy management and enforcement on your McAfee security products and the systems where they are installed. It also provides comprehensive reporting and product deployment capabilities through a single point of control. For instructions about setting up and using epolicy Orchestrator and McAfee Agent, see the product guide for your version of each product. Contents Setting policies within epolicy Orchestrator Define policies in epolicy Orchestrator Scheduling tasks Configure reports Run a default query Setting policies within epolicy Orchestrator The epolicy Orchestrator console allows you to enforce policies across groups of computers or on a single computer. These policies override configurations set on individual computers. For information regarding policies and how they are enforced, see the McAfee epolicy Orchestrator Product Guide for your product version. Before configuring any policies, select the group of computers for which you want to modify the policies. You can modify the software policies from the pages and tabs that are available in the details pane of the epolicy Orchestrator console. These pages are nearly identical to those you can access directly from the software interface. After you have modified the appropriate policies and saved the changes for the intended computer or group of computers, you are ready to deploy new settings using the McAfee Agent. Define policies in epolicy Orchestrator VirusScan Enterprise for Linux policies allow you to configure the features, feature administration, and to log event details. You can find these policies on the Policy Catalog page for VirusScan Enterprise for Linux under Product: McAfee VirusScan Enterprise for Linux Product Guide 71

72 7 Managing the software with epolicy Orchestrator Define policies in epolicy Orchestrator General Policies On-Access Scanning Policy These policies override configurations set on individual systems. Configure these policies with your preferences, then assign it to groups of the managed systems. Before configuring any policies, select the group of computers for which you want to modify the policies. You can modify the policies from the pages and tabs that are available in the details pane of the epolicy Orchestrator console. For more information about policies and how they are enforced on managed systems, see the product guide of your version of epolicy Orchestrator. s Create or modify policies on page 72 Create a new policy or modify existing policies for a specific group in the System Tree. Configure general policy settings on page 72 With general policies settings, you can define the log files settings, SMTP notifications, disable the client user interface. Configure on-access scan policy settings on page 73 With on-access Scanning policy, you can enable scans, define the directory to store the quarantined files, set maximum scanning time for files, items to scan, type of files to scan, and actions on detected malware. Enforce policies on page 74 When you have created or modified policies, enforce them to multiple systems that are managed by epolicy Orchestrator. Create or modify policies Create a new policy or modify existing policies for a specific group in the System Tree. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 From the Policy Catalog, select a Product and Category. 3 Create or modify a policy. To create a policy 1 Click New Policy. 2 Type the Policy Name. To modify a policy 1 Click the policy you want to modify. 2 Modify the settings. 3 Click OK. 4 Configure the settings. 4 Click Save. Configure general policy settings With general policies settings, you can define the log files settings, SMTP notifications, disable the client user interface. You can also create or modify these policies from the System Tree, while assigning policies to selected systems. See the product guide for your version of epolicy Orchestrator for more information. 72 McAfee VirusScan Enterprise for Linux Product Guide

73 Managing the software with epolicy Orchestrator Define policies in epolicy Orchestrator 7 For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 From the Policy Catalog, select VirusScan Enterprise for Linux as the product, then select General Policies as the category. 3 Click New Policy, type a name for the policy, then click OK. 4 On the Troubleshooting tab, define these settings: In... Logging detail level Define... Low Logs only critical errors and system service start up and shut down messages. Normal Logs critical errors, system service start up and shut down messages, internal errors such as OAS enable and disable, and crontab actions failed messages. High Logs additional details such as, events for created quarantiner child, created cleaner child, and configured with engine and DAT. It also logs critical errors, system service start up and shut down messages, internal errors such as OAS enable and disable, and crontab actions failed messages. McAfee recommends setting the level as Low. Only when you troubleshoot issues, you can set the level to High to extract complete details. Additionally log to SYSLOG Indicates if information logged to the software database is also logged to SYSLOG. If you enable this option, define the log detail level for SYSLOG. Limit age of log entries Maximum age of log entries (days) Allows the software database to store the log information for the specified days, and removes the old entries automatically after the specified days. Sets the default limit to 28 days. You can set the limit between 1 and 999 days. 5 On the Advance tab, define these settings: In... Disable client Web UI Turn off SMTP Notifications Define... Disables the client interface that prevents the local user to modify the scan configuration settings. Disables the SMTP notification on client systems. 6 Click Save. Configure on-access scan policy settings With on-access Scanning policy, you can enable scans, define the directory to store the quarantined files, set maximum scanning time for files, items to scan, type of files to scan, and actions on detected malware. You can also create or modify these policies from the System Tree, while assigning policies to selected systems. See the product guide for your version of epolicy Orchestrator for more information. McAfee VirusScan Enterprise for Linux Product Guide 73

74 7 Managing the software with epolicy Orchestrator Define policies in epolicy Orchestrator For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 From the Policy Catalog, select VirusScan Enterprise for Linux as the product, then select On-Access Scanning Policy as the category. 3 Click New Policy, type a name for the policy, then click OK. 4 On the General tab, define these settings, then click Save. On-access scan Quarantine directory Maximum Scan Time 5 On the Detections tab, then define these settings, then click Save. Scan files What to scan What not to scan 6 On the Advanced tab, then define these settings, then click Save. Heuristics Non-viruses Compressed files 7 On the Actions tab, then define these settings, then click Save. When Viruses and Trojans are found If the above action fails If the above action fails If scanning fails When Programs and Jokes are found If scanning times out Enforce policies When you have created or modified policies, enforce them to multiple systems that are managed by epolicy Orchestrator. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Navigate to System Tree, select a required group or systems, then click the Assigned Policies tab. 3 From the Product drop-down menu, select VirusScan Enterprise for Linux 2.0.1, select the Category, then click Edit Assignment. 4 Select the policy from the Assigned policy drop-down menu with the appropriate inheritance options, then click Save. 5 Select the systems, then send an agent wake-up call. For instructions on sending an agent wake-up call, see Send an agent wake-up call. You can create and enforce policies and view reports only after adding the VirusScan Enterprise for Linux extension files. 74 McAfee VirusScan Enterprise for Linux Product Guide

75 Managing the software with epolicy Orchestrator Scheduling tasks 7 Scheduling tasks The epolicy Orchestrator software allows you to create, schedule, and maintain client tasks that run on the managed systems. You can define client tasks for the entire System Tree, a specific group, or an individual system. s Create a product update task on page 75 Schedule automatic updates on the Linux systems. Create an on-demand scanning task on page 76 Schedule an on-demand scan on the Linux client system using epolicy Orchestrator. Configure the administrator password on page 77 Set the VirusScan Enterprise for Linux administrator password on client systems using epolicy Orchestrator. Create a product update task Schedule automatic updates on the Linux systems. Your software can only provide full protection if you keep it up to date with the latest anti-virus definitions DAT files, spam engine, and anti-malware scanning engine. We recommend that you update DAT files daily, and regularly check the McAfee Labs website for new DAT files. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Navigate to System Tree, then select a required group or systems for which you want to create the product update task. 3 Click the Assigned Client s tab, click Actions New Client Assignment. 4 In to schedule, define these settings, then click Create New. Select McAfee Agent for Product. Select Product Update for Type. 5 On the Client Catalog: New McAfee Agent: Product Update page, define these settings, then click Save to open the Client Assignment Builder. Name Description Package Selection Package Type For package type, select Linux Engine and DAT. The task that you created is listed under Name. 6 Schedule the task that you created, then click Next. McAfee VirusScan Enterprise for Linux Product Guide 75

76 7 Managing the software with epolicy Orchestrator Scheduling tasks 7 On the Schedule page, define these settings, then click Next. Schedule Status Start time Schedule Type run according to Effective Period Options 8 On the Summary page, verify the configurations you have set. To make changes in the configurations that you have set, click Back or Schedule. 9 Send an agent wake-up call. Create an on-demand scanning task Schedule an on-demand scan on the Linux client system using epolicy Orchestrator. Schedule an on-demand scan for your Linux systems to find malware threats, vulnerability, or other potentially unwanted code. It can take place immediately, at a scheduled time, or at regular intervals. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Navigate to System Tree, then select a required group or systems for which you want to schedule on-demand scanning. 3 Click the Assigned Client s tab, then select Actions New Client Assignment. 4 In to schedule, define these settings, then click Create New. 1 Select VirusScan Enterprise for Linux for Product. 2 Select On Demand Scan for Type. 5 On the Client Catalog : New : VirusScan Enterprise for Linux 2.0.1: On-Demand Scan page, type the Name and Description, then click Save. Name Description 6 Click the Where tab, on the VirusScan Enterprise for Linux area, define these settings, then click Save. Where Detection Advanced Actions The task that you created is listed under Name. 7 Schedule the task immediately or as needed, then click Next to view the Summary of the schedule. 8 Click Save. 9 Send an agent wake-up call. 76 McAfee VirusScan Enterprise for Linux Product Guide

77 Managing the software with epolicy Orchestrator Configure reports 7 Configure the administrator password Set the VirusScan Enterprise for Linux administrator password on client systems using epolicy Orchestrator. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Click Menu Systems System Tree, then select a required group or systems for which you want to create the change password task. 3 On the Assigned Client s tab, click Actions New Client Assignment 4 Under to schedule, select VirusScan Enterprise for Linux as the product, select Change VSEL Administrator's Password as the task type, then click Create New under the task name. 5 On the Client Catalog: New - VirusScan Enterprise for Linux 2.0.1: Change VSEL Administrator's Password page, define these settings, then click Save. Name Description 6 From the Change VSEL Administrator's Password* area, define these settings, then click Save. Enter old password Enter new password Re-enter new password 7 Schedule the task immediately or as needed, click Next to view the Summary page, then click Save. 8 Send an agent wake-up call. Click Edit to change the description or schedule of this task or Delete to remove it. Configure reports Reports are pre defined values, that query the epolicy Orchestrator database and generate a graphical output. McAfee epolicy Orchestrator contains comprehensive querying and reporting capabilities. McAfee includes a set of default queries on the left pane. You can create a new query, edit, and manage existing queries related to the software. 1 Log on to the epolicy Orchestrator server as an administrator. If the predefined queries on the left side do not serve your purpose, epolicy Orchestrator enables you to create your own queries. 2 To view reports, click Menu Reporting Queries & Reports. 3 To create a new query, Click Actions New. 4 On the left pane, select a Feature Group that the query should retrieve. 5 Select a Result Type, then click Next to open the Chart page. McAfee VirusScan Enterprise for Linux Product Guide 77

78 7 Managing the software with epolicy Orchestrator Run a default query 6 Select and accordingly configure a display chart/table and click Next to open the Columns page. 7 Select columns from the Available Columns pane, then click Next to open the Filter page. 8 Specify the criteria by selecting properties and operators to limit the data retrieved by the query. 9 Click Run, then Save to open the Save Query page. 10 Type a Name and Notes (if needed) for the query, then click Save. Run a default query You can run the default query to view the graph with the default data settings. For option definitions, click? in the interface. 1 Log on to the epolicy Orchestrator server as an administrator. 2 Click Menu Reporting Queries. A list of queries appears on the left pane. 3 Select VirusScan Enterprise for Linux under Shared Groups. 4 By default there are two queries: Query VSEL: VirusScan Enterprise for Linux Compliance VSEL: VirusScan Enterprise for Linux Threats Description Shows a graphical display of the compliant and non-compliant Linux systems in the network. Shows a graphical display of the threat summary and action taken on all Linux systems in the network. Click Run. The graphical output is displayed. 78 McAfee VirusScan Enterprise for Linux Product Guide

79 8 8 Advanced features The advanced features of VirusScan Enterprise for Linux help you to use the features effectively. Contents Lightweight Directory Access Protocol (LDAP) Authentication Substituting variables in notification templates How the quarantine action works Recover the quarantined items Lightweight Directory Access Protocol (LDAP) Authentication VirusScan Enterprise for Linux requires an authenticated user name to access the interface and to configure the software. The user can be authenticated from the local system, Active Directory, or from an external database and locations. The software uses the Pluggable Authentication Module (PAM) subsystem for user authentication. The software requests the PAM subsystem to authenticate the user by providing the user credential. The PAM subsystem verifies the credentials and confirms results whether the user credential is authenticated or not. Before sending the user credential to the PAM subsystem for authentication, the software ensures that the user name matches with the name provided during the installation. When installing the software, the installer prompts you to select the user as an administrator user. The default user is nails and the default group is nailsgroup. When you provide the user and group name, the installer checks whether the user exists in the system. If the user name does not exist, it creates the user and group in the local system. When using LDAP authentication, make sure that the user name and user group does not exist in the local system. If exists, delete the user name and user group before proceeding. Authentication from Active Directory You can authenticate the user and group from the Active Directory. McAfee VirusScan Enterprise for Linux Product Guide 79

80 8 Advanced features Substituting variables in notification templates Before installing the software, make sure that: The user account is created in the Active Directory or the location from where you want to authenticate before installing the software. The user name and group does not exist in the local system. You can verify it using these commands: grep [username] /etc/passwd To verify the user name. A blank reply confirms that the user name does not exist. grep [groupname] /etc/group To verify the user group. A blank reply confirms that the user group does not exist. The operating system is able to resolve the user and group authentication. You can verify it using these commands: getent passwd [username] To verify the user name. A blank reply confirms that the user name does not exist. getent [groupname] To verify the user group. A blank reply confirms that the user group does not exist. userdel [username] To delete the user name, execute this command. groupdel [groupname] To delete the user group, execute this command. Substituting variables in notification templates You can use variable to substitute in a notification. The notification messages described in Notifications section can use variables that the software substitutes when sending a message. For example, the template message: File, %filename% is infected on %hostname%. becomes File, example.exe is infected on computer1. The following table lists all the available variables. Some variables are valid only in particular instances. Table 8-1 Substitution variables Valid for Variable Equivalent field in the interface Description All alerts %hostname% <none> Name of the host on which VirusScan Enterprise for Linux is installed. All alerts %hostip% <none> IP address of host on which VirusScan Enterprise for Linux is installed. All alerts %productversion% Host Summary page Product Version Item detected %detectedas% Detected Items page Detected As Version of the product. Name of the virus. 80 McAfee VirusScan Enterprise for Linux Product Guide

81 Advanced features Substituting variables in notification templates 8 Table 8-1 Substitution variables (continued) Valid for Variable Equivalent field in the interface Item detected %detectedby% Detected Items page Item detected %detectedtime% Detected Items page Time Item detected %detectedtype% Detected Items page Detected Type Item detected %detectedutc% Detected Items page Time Item detected %engineversion% Host Summary page Engine Version Item detected %extradatcount% Host Summary page Extra DAT Item detected %extradatflag% Host Summary page Extra DAT Item detected %filename% Detected Items page File Name Item detected %path% Detected Items page Path Item detected %process% Detected Items page Process Item detected %result% Detected Items page Result Item detected %user% Detected Items page User Out of date, and Item detected Out of date, and Item detected Out of date, and Item detected Configuration change Description "On-Access" if detected by the on-access process, or name of the On-Demand task which detected the infection. Date and time on the local host for detected item. Type of the virus. Date and time on the local host, with UTC offset in brackets. For example: May :30:12 (+5:30 UTC). Version number of the scanning engine. Number of signatures in the ExtraDAT file. Yes or No to indicate if an ExtraDAT file is present. Name of the file which was scanned (excluding path). Name of the file which was scanned (including path). Name of process resulting in the scan. Result of any action taken for the detected infection. Name of user who caused the scan. %datage% <none> Age of the DAT files in days, from the VirusScan Enterprise for Linux host date and time. %datdate% Host Summary page DAT Date %datversion% Host Summary page DAT Version Date when the current DAT files were created. Version of the DAT files. %configchange% <none> Configuration changes made modified, on-access detection enabled, or on-access detection disabled. System events %eventcode% System Events page Code System events %eventdescription% System Events page Description System events %eventtime% System Events page Time Error code for the event. Error description for the event. Date and time on the local host for event. McAfee VirusScan Enterprise for Linux Product Guide 81

82 8 Advanced features How the quarantine action works Table 8-1 Substitution variables (continued) Valid for Variable Equivalent field in the interface System events %eventtype% System Events page Type System events %eventutc% System Events page Time Description Error type for the event. Date and time for the event on the local host, with UTC offset in brackets. For example: May :30:12 (-5:00 UTC). How the quarantine action works VirusScan Enterprise for Linux isolates infected files into a quarantine directory. The processes that the software uses depend on the relative locations of the infected file and the quarantine directory, and on the features of the file system. In some cases, moving the infected file by copying then deleting is not suitable. In every case, the software works to prevent loss of security and the further spread of malware and other potentially unwanted software. The software uses the following techniques to quarantine infected files: If the file system supports hard links and the infected file is on the same file system, the software creates a hard link to the quarantine directory, then unlinks the infected file. If the unlink fails, the software unlinks the copy in the quarantine directory, so that only the original infected file remains. If the infected file is on a remote file system, the software copies the infected file into the quarantine directory only if the quarantine directory is also on that remote file system. This method prevents the spread of infection between hosts. The software verifies that it can copy the infected file into quarantine directory and that it can delete the file from the quarantine directory. This method prevents creation of a copy of an infected file that cannot be deleted. If the software cannot delete the original infected file, it deletes the copy of the file in the quarantine directory so that only the original infected file remains. If the quarantine action fails, the software uses the secondary action. If that action fails, the software uses its fallback action. For on-access scanning, the software blocks access to the infected file. For on-demand scanning, the software reports that the file is infected. Recover the quarantined items You can recover the quarantined items, only when you are sure that the file is not malware. You can submit the quarantined files to McAfee Labs to make sure that the files are not malware. Before you begin You must have the root permission to run these commands. 82 McAfee VirusScan Enterprise for Linux Product Guide

83 Advanced features Recover the quarantined items 8 1 Log on from the terminal as root user. 2 List the quarantined files: /opt/nai/linuxshield/bin/nails quarantine --list For example, if the file malware_sample from the /test directory is quarantined, you get the output as: /quarantine/qxxxxx.xxxx.xxxxx.xxxx.meta: /test/malware_sample, where each X represents a numeric value. 3 Recover the file: /opt/nai/linuxshield/bin/nails quarantine --recover <meta-file path> <destination-file> The destination file is optional. If you do not specify the destination file, VirusScan Enterprise for Linux restores the file to the directory from where it quarantined. For example, to recover the QXXXXX.XXXX.XXXXX.XXXX.meta file, execute this command: /opt/nai/linuxshield/bin/nails quarantine --recover /test/ Qxxxxx.xxxx.xxxxx.xxxx.meta /home/recover/tested_recovered_file This command recovers the QXXXXX.XXXX.XXXXX.XXXX.meta file and stores as tested_recovered_file in the /home/recover directory. After recovering the file, if you access the file and the current DAT detects this file as an infected file, it might be moved to the quarantined directory. To avoid quarantining, exclude the file or directory from the scanning before accessing the recovered file. McAfee VirusScan Enterprise for Linux Product Guide 83

Installation Guide. McAfee VirusScan Enterprise for Linux 1.9.0 Software

Installation Guide. McAfee VirusScan Enterprise for Linux 1.9.0 Software Installation Guide McAfee VirusScan Enterprise for Linux 1.9.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

Installation Guide. McAfee VirusScan Enterprise for Linux 1.7.0 Software

Installation Guide. McAfee VirusScan Enterprise for Linux 1.7.0 Software Installation Guide McAfee VirusScan Enterprise for Linux 1.7.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee VirusScan Enterprise for Linux 1.7.0 Software

McAfee VirusScan Enterprise for Linux 1.7.0 Software Configuration Guide McAfee VirusScan Enterprise for Linux 1.7.0 Software For use with epolicy Orchestrator 4.5.0 and 4.6.0 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication

More information

Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version 1.9.0 Copyright (C) 2014 McAfee, Inc. All Rights Reserved.

Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version 1.9.0 Copyright (C) 2014 McAfee, Inc. All Rights Reserved. Release Notes for McAfee(R) VirusScan(R) Enterprise for Linux Version 1.9.0 Copyright (C) 2014 McAfee, Inc. All Rights Reserved. Release date: August 28, 2014 This build was developed and tested on: -

More information

McAfee SiteAdvisor Enterprise 3.5 Patch 2

McAfee SiteAdvisor Enterprise 3.5 Patch 2 Installation Guide McAfee SiteAdvisor Enterprise 3.5 Patch 2 For use with epolicy Orchestrator 4.5, 4.6 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Product Guide. McAfee Endpoint Protection for Mac 2.1.0

Product Guide. McAfee Endpoint Protection for Mac 2.1.0 Product Guide McAfee Endpoint Protection for Mac 2.1.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

McAfee Public Cloud Server Security Suite

McAfee Public Cloud Server Security Suite Installation Guide McAfee Public Cloud Server Security Suite For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

McAfee Endpoint Security 10.0.0 Software

McAfee Endpoint Security 10.0.0 Software Installation Guide McAfee Endpoint Security 10.0.0 Software For use with epolicy Orchestrator 5.1.1 5.2.0 software and the McAfee SecurityCenter COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without

More information

Data Center Connector for vsphere 3.0.0

Data Center Connector for vsphere 3.0.0 Product Guide Data Center Connector for vsphere 3.0.0 For use with epolicy Orchestrator 4.6.0, 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

McAfee MOVE AntiVirus Multi-Platform 3.5.0

McAfee MOVE AntiVirus Multi-Platform 3.5.0 Product Guide McAfee MOVE AntiVirus Multi-Platform 3.5.0 For use with epolicy Orchestrator 4.6.7, 4.6.8, 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Product Guide. McAfee Endpoint Security for Mac Threat Prevention 10.1.0

Product Guide. McAfee Endpoint Security for Mac Threat Prevention 10.1.0 Product Guide McAfee Endpoint Security for Mac Threat Prevention 10.1.0 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

Product Guide. McAfee VirusScan for Mac 9.8.0

Product Guide. McAfee VirusScan for Mac 9.8.0 Product Guide McAfee VirusScan for Mac 9.8.0 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK ATTRIBUTIONS Intel

More information

========================================================== ==========================================================

========================================================== ========================================================== Release Notes for McAfee(R) VirusScan(TM) Enterprise for Linux (previously known as LinuxShield) Version 1.6 Copyright (C) 2010 McAfee, Inc. All Rights Reserved ==========================================================

More information

Data Center Connector 3.0.0 for OpenStack

Data Center Connector 3.0.0 for OpenStack Product Guide Data Center Connector 3.0.0 for OpenStack For use with epolicy Orchestrator 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

McAfee Endpoint Encryption for PC 7.0

McAfee Endpoint Encryption for PC 7.0 Migration Guide McAfee Endpoint Encryption for PC 7.0 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

McAfee Content Security Reporter 1.0.0 Software

McAfee Content Security Reporter 1.0.0 Software Product Guide Revision A McAfee Content Security Reporter 1.0.0 Software For use with epolicy Orchestrator 4.6.2 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK

More information

McAfee Asset Manager Console

McAfee Asset Manager Console Installation Guide McAfee Asset Manager Console Version 6.5 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Product Guide. McAfee Endpoint Security 10

Product Guide. McAfee Endpoint Security 10 Product Guide McAfee Endpoint Security 10 COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE,

More information

Installation Guide. McAfee Security for Microsoft Exchange 7.6.0 Software

Installation Guide. McAfee Security for Microsoft Exchange 7.6.0 Software Installation Guide McAfee Security for Microsoft Exchange 7.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Product Guide Revision A. McAfee Web Reporter 5.2.1

Product Guide Revision A. McAfee Web Reporter 5.2.1 Product Guide Revision A McAfee Web Reporter 5.2.1 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2

Upgrade Guide. McAfee Vulnerability Manager Microsoft Windows Server 2008 R2 Upgrade Guide McAfee Vulnerability Manager Microsoft Windows Server 2008 R2 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Directory Services Connector extension

McAfee Directory Services Connector extension Getting Started Guide Revision A McAfee Directory Services Connector extension For use with epolicy Orchestrator 4.6.1 through 5.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission.

More information

Setup Guide Revision B. McAfee SaaS Email Archiving for Microsoft Exchange Server 2010

Setup Guide Revision B. McAfee SaaS Email Archiving for Microsoft Exchange Server 2010 Setup Guide Revision B McAfee SaaS Email Archiving for Microsoft Exchange Server 2010 COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide

McAfee Optimized Virtual Environments - Antivirus for VDI. Installation Guide McAfee Optimized Virtual Environments - Antivirus for VDI Installation Guide COPYRIGHT Copyright 2010-2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

McAfee MOVE AntiVirus (Agentless) 3.6.0

McAfee MOVE AntiVirus (Agentless) 3.6.0 Product Guide McAfee MOVE AntiVirus (Agentless) 3.6.0 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766,

More information

McAfee Client Proxy 1.0.0 Software

McAfee Client Proxy 1.0.0 Software Product Guide McAfee Client Proxy 1.0.0 Software For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the

More information

Product Guide. McAfee SaaS Endpoint Protection (October, 2012 release)

Product Guide. McAfee SaaS Endpoint Protection (October, 2012 release) Product Guide McAfee SaaS Endpoint Protection (October, 2012 release) COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

Setup Guide. Email Archiving for Microsoft Exchange Server 2003

Setup Guide. Email Archiving for Microsoft Exchange Server 2003 Setup Guide Email Archiving for Microsoft Exchange Server 2003 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee SaaS Email Archiving

McAfee SaaS Email Archiving User Guide McAfee SaaS Email Archiving COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee

More information

McAfee Firewall for Linux 8.0.0

McAfee Firewall for Linux 8.0.0 Release Notes McAfee Firewall for Linux 8.0.0 Contents About this release Features Installation Known issues Find product documentation About this release This document contains important information about

More information

McAfee Client Proxy 2.0

McAfee Client Proxy 2.0 Product Guide Revision B McAfee Client Proxy 2.0 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

McAfee VirusScan Enterprise for Storage 1.1.0

McAfee VirusScan Enterprise for Storage 1.1.0 Product Guide McAfee VirusScan Enterprise for Storage 1.1.0 For use with epolicy Orchestrator 4.5.7, 4.6.x, 5.0.x Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK

More information

McAfee Content Security Reporter 2.0.0

McAfee Content Security Reporter 2.0.0 Product Guide Revision A McAfee Content Security Reporter 2.0.0 For use with epolicy Orchestrator 4.6.5 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Anti-Spyware Enterprise Module software

Anti-Spyware Enterprise Module software Anti-Spyware Enterprise Module software version 8.0 Guide What is the Anti-Spyware Enterprise Module? The McAfee Anti-Spyware Enterprise Module is an add-on to the VirusScan Enterprise 8.0i product that

More information

McAfee Policy Auditor 6.2.0 software Installation Guide

McAfee Policy Auditor 6.2.0 software Installation Guide McAfee Policy Auditor 6.2.0 software Installation Guide COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Integration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6

Integration Guide. McAfee Asset Manager. for use with epolicy Orchestrator 4.6 Integration Guide Manager for use with epolicy Orchestrator 4.6 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Installation Guide. McAfee SaaS Endpoint Protection

Installation Guide. McAfee SaaS Endpoint Protection Installation Guide McAfee SaaS Endpoint Protection COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

How To Encrypt Files And Folders With A Password Protected By A Password Encrypted By A Safesafe (Mafee) 4.2.2 (Eeff) 4

How To Encrypt Files And Folders With A Password Protected By A Password Encrypted By A Safesafe (Mafee) 4.2.2 (Eeff) 4 Product Guide McAfee Endpoint Encryption for Files and Folders 4.2 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Best Practices Guide. McAfee epolicy Orchestrator 5.0.0 Software

Best Practices Guide. McAfee epolicy Orchestrator 5.0.0 Software Best Practices Guide McAfee epolicy Orchestrator 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Desktop Release Notes. Desktop Release Notes 5.2.1

Desktop Release Notes. Desktop Release Notes 5.2.1 Desktop Release Notes Desktop Release Notes 5.2.1 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

Installation Guide. McAfee SaaS Endpoint Protection 6.0

Installation Guide. McAfee SaaS Endpoint Protection 6.0 Installation Guide McAfee SaaS Endpoint Protection 6.0 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Setup Guide. Email Archiving for Microsoft Exchange Server 2010

Setup Guide. Email Archiving for Microsoft Exchange Server 2010 Setup Guide Email Archiving for Microsoft Exchange Server 2010 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee VirusScan and epolicy Orchestrator Administration Course

McAfee VirusScan and epolicy Orchestrator Administration Course McAfee VirusScan and epolicy Orchestrator Administration Course Intel Security Education Services Administration Course Training The McAfee VirusScan and epolicy Orchestrator Administration course from

More information

Sophos for Microsoft SharePoint startup guide

Sophos for Microsoft SharePoint startup guide Sophos for Microsoft SharePoint startup guide Product version: 2.0 Document date: March 2011 Contents 1 About this guide...3 2 About Sophos for Microsoft SharePoint...3 3 System requirements...3 4 Planning

More information

Product Guide. McAfee Security for Microsoft SharePoint 3.0.0

Product Guide. McAfee Security for Microsoft SharePoint 3.0.0 Product Guide McAfee Security for Microsoft SharePoint 3.0.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee Database Activity Monitoring 5.0.0

McAfee Database Activity Monitoring 5.0.0 Product Guide McAfee Database Activity Monitoring 5.0.0 For use with epolicy Orchestrator 4.6.3-5.0.1 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Total Protection Service

Total Protection Service User Guide McAfee Total Protection Service for Microsoft Windows Home Server COPYRIGHT Copyright 2008 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Installation Guide Revision B. McAfee epolicy Orchestrator 5.1.0 Software

Installation Guide Revision B. McAfee epolicy Orchestrator 5.1.0 Software Installation Guide Revision B McAfee epolicy Orchestrator 5.1.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

Installation Guide. McAfee epolicy Orchestrator 5.0.0 Software

Installation Guide. McAfee epolicy Orchestrator 5.0.0 Software Installation Guide McAfee epolicy Orchestrator 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Best Practices Guide Revision B. McAfee epolicy Orchestrator 5.1.0 Software

Best Practices Guide Revision B. McAfee epolicy Orchestrator 5.1.0 Software Best Practices Guide Revision B McAfee epolicy Orchestrator 5.1.0 Software COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

McAfee Enterprise Mobility Management 11.0 Software

McAfee Enterprise Mobility Management 11.0 Software Product Guide McAfee Enterprise Mobility Management 11.0 Software For use with epolicy Orchestrator 4.6.5-5.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

McAfee Security for Microsoft SharePoint 2.5.0 User Guide

McAfee Security for Microsoft SharePoint 2.5.0 User Guide McAfee Security for Microsoft SharePoint 2.5.0 User Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a

More information

Product Guide. McAfee epolicy Orchestrator 5.3.0 Software

Product Guide. McAfee epolicy Orchestrator 5.3.0 Software Product Guide McAfee epolicy Orchestrator 5.3.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Setup Guide. Email Archiving for Microsoft Exchange Server 2007

Setup Guide. Email Archiving for Microsoft Exchange Server 2007 Setup Guide Email Archiving for Microsoft Exchange Server 2007 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Kaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE

Kaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE Kaspersky Endpoint Security 8 for Linux INSTALLATION GUIDE A P P L I C A T I O N V E R S I O N : 8. 0 Dear User! Thank you for choosing our product. We hope that this documentation will help you in your

More information

McAfee Total Protection Service Installation Guide

McAfee Total Protection Service Installation Guide McAfee Total Protection Service Installation Guide COPYRIGHT Copyright 2009 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

McAfee Cloud Single Sign On

McAfee Cloud Single Sign On Setup Guide Revision B McAfee Cloud Single Sign On COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

Installation Guide. McAfee SaaS Endpoint Protection 5.2.0

Installation Guide. McAfee SaaS Endpoint Protection 5.2.0 Installation Guide McAfee SaaS Endpoint Protection 5.2.0 COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a

More information

Product Guide. McAfee epolicy Orchestrator 5.0.0 Software

Product Guide. McAfee epolicy Orchestrator 5.0.0 Software Product Guide McAfee epolicy Orchestrator 5.0.0 Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Migration Guide Revision A. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x

Migration Guide Revision A. McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x Migration Guide Revision A McAfee Email and Web Security 5.6 - McAfee Web Gateway 7.x COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo,

More information

Total Protection Service

Total Protection Service User Help McAfee Total Protection Service for Microsoft Windows Home Server COPYRIGHT Copyright 2008 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

McAfee Risk Advisor 2.7

McAfee Risk Advisor 2.7 Getting Started Guide McAfee Risk Advisor 2.7 For use with epolicy Orchestrator 4.5 and 4.6 1 McAfee Risk Advisor 2.7 Getting Started Guide About this guide COPYRIGHT Copyright 2012 McAfee, Inc. All Rights

More information

Best Practices Guide. McAfee Endpoint Protection for Mac 1.1.0

Best Practices Guide. McAfee Endpoint Protection for Mac 1.1.0 Best Practices Guide McAfee Endpoint Protection for Mac 1.1.0 COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored

More information

Installation Guide. McAfee epolicy Orchestrator 5.3.0 Software

Installation Guide. McAfee epolicy Orchestrator 5.3.0 Software Installation Guide McAfee epolicy Orchestrator 5.3.0 Software COPYRIGHT Copyright 2014 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com TRADEMARK

More information

User Guide. FIPS Mode. For use with epolicy Orchestrator 4.6.x Software

User Guide. FIPS Mode. For use with epolicy Orchestrator 4.6.x Software User Guide FIPS Mode For use with epolicy Orchestrator 4.6.x Software COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

epolicy Orchestrator Log Files

epolicy Orchestrator Log Files Reference Guide epolicy Orchestrator Log Files For use with epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced,

More information

McAfee MOVE AntiVirus 2.6.0

McAfee MOVE AntiVirus 2.6.0 Deployment Guide McAfee MOVE AntiVirus 2.6.0 For use with epolicy Orchestrator 4.5.0, 4.6.0 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee,

More information

Installation Guide Revision B. McAfee Email Gateway 7.x Virtual Appliances

Installation Guide Revision B. McAfee Email Gateway 7.x Virtual Appliances Installation Guide Revision B McAfee Email Gateway 7.x Virtual Appliances COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

Administrators Guide Revision A. McAfee Email Gateway 7.5.0 Appliances

Administrators Guide Revision A. McAfee Email Gateway 7.5.0 Appliances Administrators Guide Revision A McAfee Email Gateway 7.5.0 Appliances COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active

More information

Installation Guide. McAfee epolicy Orchestrator 4.6.0 Software

Installation Guide. McAfee epolicy Orchestrator 4.6.0 Software Installation Guide McAfee epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored

More information

Hardware Sizing and Bandwidth Usage Guide. McAfee epolicy Orchestrator 4.6.0 Software

Hardware Sizing and Bandwidth Usage Guide. McAfee epolicy Orchestrator 4.6.0 Software Hardware Sizing and Bandwidth Usage Guide McAfee epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted,

More information

Best Practices Revision A. McAfee Email Gateway 7.x Appliances

Best Practices Revision A. McAfee Email Gateway 7.x Appliances Best Practices Revision A McAfee Email Gateway 7.x Appliances COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

McAfee VirusScan Enterprise 8.8 software Product Guide

McAfee VirusScan Enterprise 8.8 software Product Guide McAfee VirusScan Enterprise 8.8 software Product Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

More information

Product Guide. McAfee Agent 4.8.0

Product Guide. McAfee Agent 4.8.0 Product Guide McAfee Agent 4.8.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee

More information

Release Notes for McAfee epolicy Orchestrator 4.5

Release Notes for McAfee epolicy Orchestrator 4.5 Release Notes for McAfee epolicy Orchestrator 4.5 About this document New features Known Issues Installation, upgrade, and migration considerations Considerations when uninstalling epolicy Orchestrator

More information

McAfee Optimized Virtual Environments for Servers. Installation Guide

McAfee Optimized Virtual Environments for Servers. Installation Guide McAfee Optimized Virtual Environments for Servers Installation Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Product Guide. McAfee epolicy Orchestrator 4.6.0 Software

Product Guide. McAfee epolicy Orchestrator 4.6.0 Software Product Guide McAfee epolicy Orchestrator 4.6.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a

More information

Attix5 Pro Server Edition

Attix5 Pro Server Edition Attix5 Pro Server Edition V7.0.3 User Manual for Linux and Unix operating systems Your guide to protecting data with Attix5 Pro Server Edition. Copyright notice and proprietary information All rights reserved.

More information

Product Guide. McAfee Security for Microsoft Exchange 8.0.0

Product Guide. McAfee Security for Microsoft Exchange 8.0.0 Product Guide McAfee Security for Microsoft Exchange 8.0.0 COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

DocuShare Installation Guide

DocuShare Installation Guide DocuShare Installation Guide Publication date: May 2009 This document supports DocuShare Release 6.5/DocuShare CPX Release 6.5 Prepared by: Xerox Corporation DocuShare Business Unit 3400 Hillview Avenue

More information

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started

Getting Started. Symantec Client Security. About Symantec Client Security. How to get started Getting Started Symantec Client Security About Security Security provides scalable, cross-platform firewall, intrusion prevention, and antivirus protection for workstations and antivirus protection for

More information

Core Protection for Virtual Machines 1

Core Protection for Virtual Machines 1 Core Protection for Virtual Machines 1 Comprehensive Threat Protection for Virtual Environments. Installation Guide e Endpoint Security Trend Micro Incorporated reserves the right to make changes to this

More information

Product Guide Revision A. McAfee Secure Web Mail Client 7.0.0 Software

Product Guide Revision A. McAfee Secure Web Mail Client 7.0.0 Software Product Guide Revision A McAfee Secure Web Mail Client 7.0.0 Software COPYRIGHT Copyright 2011 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed,

More information

Kaspersky Anti-Virus 8.0 for Linux File Server Installation Guide

Kaspersky Anti-Virus 8.0 for Linux File Server Installation Guide Kaspersky Anti-Virus 8.0 for Linux File Server Installation Guide A P P L I C A T I O N V E R S I O N : 8. 0 M P 2 C F 2 Dear User! Thank you for choosing our product. We hope that this documentation will

More information

Setup Guide Revision A. WDS Connector

Setup Guide Revision A. WDS Connector Setup Guide Revision A WDS Connector COPYRIGHT Copyright 2013 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection, McAfee CleanBoot, McAfee

More information

McAfee Data Loss Prevention 9.3.0

McAfee Data Loss Prevention 9.3.0 Product Guide Revision E McAfee Data Loss Prevention 9.3.0 For use with epolicy Orchestrator 4.5, 4.6, 5.0 Software COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS

More information

Virtualization Guide. McAfee Vulnerability Manager Virtualization

Virtualization Guide. McAfee Vulnerability Manager Virtualization Virtualization Guide McAfee Vulnerability Manager Virtualization COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection, McAfee

More information

ESET NOD32 Antivirus 4 for Linux Desktop. Quick Start Guide

ESET NOD32 Antivirus 4 for Linux Desktop. Quick Start Guide ESET NOD32 Antivirus 4 for Linux Desktop Quick Start Guide ESET NOD32 Antivirus 4 provides state-of-the-art protection for your computer against malicious code. Based on the ThreatSense scanning engine

More information

Reconfiguring VMware vsphere Update Manager

Reconfiguring VMware vsphere Update Manager Reconfiguring VMware vsphere Update Manager vsphere Update Manager 5.5 This document supports the version of each product listed and supports all subsequent versions until the document is replaced by a

More information

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course

McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course McAfee Application Control / Change Control Administration Intel Security Education Services Administration Course The McAfee University Application Control / Change Control Administration course enables

More information

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice.

Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Trend Micro Incorporated reserves the right to make changes to this document and to the products described herein without notice. Before installing and using the software, please review the readme files,

More information

McAfee Endpoint Encryption 7.0

McAfee Endpoint Encryption 7.0 Product Guide McAfee Endpoint Encryption 7.0 For use with epolicy Orchestrator 4.6 Software COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee

More information

Contents. McAfee Internet Security 3

Contents. McAfee Internet Security 3 User Guide i Contents McAfee Internet Security 3 McAfee SecurityCenter... 5 SecurityCenter features... 6 Using SecurityCenter... 7 Fixing or ignoring protection problems... 16 Working with alerts... 21

More information

Installation Guide. McAfee Vulnerability Manager 7.5

Installation Guide. McAfee Vulnerability Manager 7.5 Installation Guide McAfee Vulnerability Manager 7.5 COPYRIGHT Copyright 2012 McAfee, Inc. Do not copy without permission. TRADEMARKS McAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism,

More information

McAfee MOVE / VMware Collaboration Best Practices

McAfee MOVE / VMware Collaboration Best Practices McAfee MOVE / VMware Collaboration Best Practices Christie J. Karrels Sales Engineer Federal DoD January 11, 2013 1 P a g e Contents Introduction... 3 Traditional Anti-Malware vs. Optimized Anti-Malware...

More information

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012

Sophos Enterprise Console Help. Product version: 5.1 Document date: June 2012 Sophos Enterprise Console Help Product version: 5.1 Document date: June 2012 Contents 1 About Enterprise Console...3 2 Guide to the Enterprise Console interface...4 3 Getting started with Sophos Enterprise

More information

Net Protector Admin Console

Net Protector Admin Console Net Protector Admin Console USER MANUAL www.indiaantivirus.com -1. Introduction Admin Console is a Centralized Anti-Virus Control and Management. It helps the administrators of small and large office networks

More information

Product Guide. McAfee Security for Microsoft Exchange 8.5.0

Product Guide. McAfee Security for Microsoft Exchange 8.5.0 Product Guide McAfee Security for Microsoft Exchange 8.5.0 COPYRIGHT Copyright 2014 McAfee, Inc. Do not copy without permission. TRADEMARK ATTRIBUTIONS McAfee, the McAfee logo, McAfee Active Protection,

More information

Product Guide. McAfee Agent 5.0.1. For use with McAfee epolicy Orchestrator

Product Guide. McAfee Agent 5.0.1. For use with McAfee epolicy Orchestrator Product Guide McAfee Agent 5.0.1 For use with McAfee epolicy Orchestrator COPYRIGHT Copyright 2015 McAfee, Inc., 2821 Mission College Boulevard, Santa Clara, CA 95054, 1.888.847.8766, www.intelsecurity.com

More information

McAfee GTI Proxy 1.0.0 Administration Guide

McAfee GTI Proxy 1.0.0 Administration Guide McAfee GTI Proxy 1.0.0 Administration Guide COPYRIGHT Copyright 2010 McAfee, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system,

More information