VirusScan Enterprise for Linux 1.7 Release Notes - McAfee

KNOWN ISSUESTo view an updated list of issues associated withthis release, see "KB73078" in the McAfee Supportonline KnowledgeBase: https://mysupport.mcafee.com.__________________________________________________________FILES INCLUDED WITH THIS RELEASEThis release consists of a package"McAfeeVSEForLinux-1.7.0-28611.ZIP", which containsthe following files:McAfeeVSEForLinux-1.7.0-28611-release.noarch.tar.gz=McAfee VirusScan Enterprise for Linuxsoftware package.README.TXT =This text file.__________________________________________________________INSTALLATION INSTRUCTIONSSYSTEM REQUIREMENTSSupported Operating Systems (32-bit/64-bit):- SuSE Linux Enterprise Server/Desktop 10.x- SuSE Linux Enterprise Server/Desktop 11.x- Red Hat Enterprise 5.x Advanced Platform, Desktop- Red Hat Enterprise 6.x Server, Workstation, Client- Novell Open Enterprise Server 2.x- CentOS 5.x- CentOS 6.x- Ubuntu 10.04, 10.10, and 11.04 (Desktop/Server edition)Supported Kernels:- McAfee VirusScan Enterprise for Linux v1.7supports all kernels available on thesupported distributions.Supported Processors:- Intel x86 architecture-based processor- Intel x86_64 architecture-based processor thatsupports Intel Extended Memory 64 Technology(Intel EM64T)- AMD x86_64 architecture-based processor withAMD 64-bit technology

Memory:- Minimum: 2 GB RAM- Recommended: 4 GB RAMFree Disk space:- Minimum: 1 GBSupported Browsers:- Microsoft Internet Explorer 5.5, 6.0, 7.0 and 8.0- Konqueror 3.5.1, 4.1.3, 4.2.x, and 4.3.x- Mozilla 0.9.9, 1.0.1, 1.2.1, 1.4, 1.6, 1.7.8,1.8.x, and 1.9.x- Firefox 1.0, 1.5, 2.0, 3.0, 3.5, 3.6, 4.0,5.0, and 6.0Supported McAfee Management software:- McAfee ePolicy Orchestrator 4.5- McAfee ePolicy Orchestrator 4.6Supported McAfee Agent software:- McAfee Agent 4.5 Patch 2- McAfee Agent 4.6PRE-REQUISITES- Ensure that there is no user named as "nails"or group named as "nailsgroup" on thecomputer.- Ensure that you have root privileges toinstall McAfee VirusScan Enterprise for Linux,version 1.7.- If you are installing VirusScan Enterprise forLinux on a 64-bit RHEL 6.x system, ensure that32-bit RHEL 6.x PAM libraries are alsoinstalled.- If you are installing VirusScan Enterprise forLinux on a 64-bit Ubuntu system, ensure that32-bit Ubuntu libraries are also installed.IMPORTANT:During installation, you are prompted to supplya password and other information. For most ofthe questions, you can accept the default valuethat is offered.

To set up email notification for alerts (ifrequired), you need the Mail Transfer Agent(MTA) configured, and the followinginformation:- Email address of the VirusScan administrator- IP Address of the SMTP host- TCP/IP port number of the SMTP host__________________________________________________________STANDARD INSTALLATION1. Download "McAfeeVSEForLinux-1.7.0-28611.ZIP" andextract the contents to a temporary directory.2. From the terminal, type the following command:tar -zxvf McAfeeVSEForLinux-1.7.0-28611-release.noarch.tar.gz3. Install McAfee Runtime by typing the followingcommand at the command prompt:rpm -ivh MFErt.i686.rpm4. Install McAfee Agent (MA)by typing the followingcommand at the command prompt:rpm -ivh MFEcma.i686.rpm5. To confirm that McAfee agent is runningcorrectly, type the following at the commandprompt:/etc/init.d/cma status6. Install McAfee VirusScan Enterprise for Linux bytyping the following command at the commandprompt:sh McAfeeVSEForLinux-1.7.0-installer7. Answer the questions when prompted, accept thedefault values or type custom values.8. When prompted to start the VirusScan services,select the default option, "Y".9. To confirm that VirusScan Enterprise for Linuxis installed and running correctly, type thefollowing at the command prompt:/etc/init.d/nails status

To install VirusScan Enterprise for Linux on NovellOpen Enterprise Server 2.x:1. From the Novell eDirectory server, use iManagerand create a user called "nails" and a groupcalled "nailsgroup".2. Add the user "nails" a member of the"nailsgroup". Enable the user and group usingthe Linux User Management.3. Provide "nails" user with administrativeprivileges on all the NSS volumes.NOTE:rights -f /media/nss/ -r s trustee nails..You need to provide administrative privileges tothe "nails" user, every time a new NSS volume iscreated.4. Download the MFErt.i686.rpm and MFEcma.i686.rpmfile.5. Install McAfee Runtime and McAfee Agent usingthe following commands:rpm -ivh MFErt.i686.rpmrpm -ivh MFEcma.i686.rpm6. Type the following at the command prompt:sh McAfeeVSEForLinux-1.7.0-installer7. Type "nailsgroup" for the Linux group forVirusScan administrator.8. Type "nails" for the VirusScan user.9. Answer the questions when prompted. Accept thedefault values, or type your own.10. When prompted to start the VirusScan services,select the default option, "Y".To install VirusScan Enterprise for Linux on Ubuntu:NOTE:If you are installing VirusScan Enterprise forLinux on a 64-bit Ubuntu system, ensure that youperform the following steps beforeinstallation:

a. Copy pam_unix.so from /lib/security of a32-bit Ubuntu (till version 10.10) system toa temporary directory (/tmp) on the 64-bitUbuntu system. From Ubuntu 11.04 onwards,pam_unix.so is available under"/lib/i386-linux-gnu/security" folder.b. In the root (/) directory, create a folder"pam32lib".c. Execute the following command to copy"pam_unix32.so" to the "pam32lib" directory:cp /tmp/pam_unix.so /pam32lib/pam_unix32.so1. Download the MFErt.i686.deb and MFEcma.i686.debfile.2. Install McAfee Runtime and McAfee Agent usingthe following commands:dpkg -i MFErt.i686.debdpkg -i MFEcma.i686.deb3. Type the following at the command prompt:sh McAfeeVSEForLinux-1.7.0-installer4. Answer the questions when prompted. Accept thedefault values, or type your own.5. When prompted to start the VirusScan services,select the default option, "Y".6. To confirm that VirusScan Enterprise for Linuxis installed and running correctly, type thefollowing at the command prompt:/etc/init.d/nails status__________________________________________________________SILENT INSTALLATIONNOTE:Before installing McAfee VirusScan Enterprisefor Linux, you must have McAfee Runtime andMcAfee Agent already installed on the computer.1. Create a file "nails.options" in the root home(/root) directory.For example:

SILENT_ACCEPTED_EULA="yes"SILENT_INSTALLDIR="/opt/NAI/LinuxShield"SILENT_RUNTIMEDIR="/var/opt/NAI/LinuxShield"SILENT_ADMIN="admin@example.com"SILENT_HTTPHOST="0.0.0.0"SILENT_HTTPPORT="55443"SILENT_MONITORPORT="65443"SILENT_SMTPHOST="0.0.0.0"SILENT_SMTPPORT="25"SILENT_NAILS_USER="nails"SILENT_NAILS_GROUP="nailsgroup"SILENT_CREATE_USER="yes"SILENT_CREATE_GROUP="yes"SILENT_RUN_WITH_MONITOR="yes"SILENT_QUARANTINEDIR="/quarantine"SILENT_START_PROCESSES="yes"SILENT_CONTINUE_INSTALL_ON_PAM_ERROR="no"NOTE:Use SILENT_CONTINUE_INSTALL_ON_PAM_ERROR onlywhen 32-bit PAM libraries are not present.If you set this flag to "Yes" and continuewithout Pluggable Authentication Module (PAM)libraries, the installation of VirusScanEnterprise for Linux monitor component isskipped, and the web interface will not beavailable. However, you can still manage theVirusScan Enterprise for Linux host usingePolicy Orchestrator.2. Type the following at the command prompt:sh McAfeeVSEForLinux-1.7.0-installer3. After performing the installation, use thecommand "passwd" to assign a password to theuser "nails".To install VirusScan Enterprise for Linux on NovellOpen Enterprise Server 2.x in Silent mode:1. From the Novell eDirectory server, use iManagerand create a user called "nails" and a groupcalled "nailsgroup".2. Add the user "nails" a member of the"nailsgroup". Enable the user and group usingthe Linux User Management.3. Provide "nails" user with administrativeprivileges on all the NSS volumes.

NOTE:rights -f /media/nss/ -r s trustee nails..You need to provide administrative privileges tothe "nails" user, every time a new NSS volume iscreated.4. In the "nails.options" file, check if thefollowing parameters are available:SILENT_NAILS_USER="nails"SILENT_NAILS_GROUP="nailsgroup"SILENT_CREATE_USER="no"SILENT_CREATE_GROUP="no"5. Type the following at the command prompt:sh McAfeeVSEForLinux-1.7.0-installer6. After performing the installation, use iManagerto assign a password to the user "nails".To install VirusScan Enterprise for Linux on Ubuntuin Silent mode:1. Check if the nails.options" file is present inthe root directory.2. Type the following at the command prompt:sh McAfeeVSEForLinux-1.7.0-installer3. After performing the installation, use thecommand "passwd" to assign a password to theuser "nails".__________________________________________________________RUNNING VIRUSSCAN ENTERPRISE FOR LINUX1. From a supported web-browser, go to:https://:Specify the hostname or IP address of thecomputer, on which VirusScan Enterprise forLinux is installed. By default, the port numberis "55443".For example:https://192.168.200.200:55443

(or)https://server1:554432. On the log on page, type the user name "nails"and type the password that you specified duringinstallation.__________________________________________________________TESTING YOUR INSTALLATIONYou can test the operation of the software byrunning the EICAR Standard AntiVirus Test File onany computer where you have installed the software.The EICAR Standard AntiVirus Test File is a combinedeffort by anti-virus vendors throughout the world toimplement one standard by which customers can verifytheir anti-virus installations.To test your installation:1. Copy the following line into its own file,making sure you do not include any spaces orline breaks. Save the file with the nameEICAR.COM.X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*The file size will be 68 or 70 bytes.2. Start your anti-virus software and allow it toscan the directory that contains EICAR.COM.When your software scans this file, it willreport finding the EICAR test file.3. Delete the file when you have finished testingyour installation to avoid alarming unsuspectingusers.IMPORTANT:Please note that this file is NOT A VIRUS.For more information on the EICAR test file, visit:http://www.eicar.org__________________________________________________________UPGRADING FROM PREVIOUS VERSIONSUse this task to upgrade your previous LinuxShieldversion 1.5.1 or McAfee VirusScan Enterprise for

Linux version 1.6 to version 1.7.1. To upgrade McAfee Agent (MA), type the followingcommand in the terminal window:rpm -Uvh MFEcma.i686.rpm2. To confirm that the McAfee Agent is runningcorrectly, type the following command in theterminal window:/etc/init.d/cma status3. To upgrade McAfee VirusScan Enterprise forLinux, type the following command in theterminal window:sh McAfeeVSEForLinux-1.7.0-installer4. To confirm that VirusScan Enterprise for Linuxis running correctly, type the following commandin the terminal window:/etc/init.d/nails status__________________________________________________________INTEGRATING USING EPOLICY ORCHESTRATOR 4.5/4.61. Extract the McAfee VirusScan Enterprise forLinux v1.7 package (tar -zxvfMcAfeeVSEForLinux-1.7.0-28611-release.noarch.tar.gz)on to a temporary directory.2. Check in the McAfee Agent(MSA-LNX_4.6.0_Package.ZIP) bundled with thispackage on to the ePolicy Orchestrator "Masterrepository".3. Check in "McAfeeVSEForLinux-1.7.0-28611-EPO.ZIP"on to the ePolicy Orchestrator "Masterrepository".4. Check in the following extensions on to theePolicy Orchestrator "Extensions":- EPOAGENTMETA.ZIP- LYNXSHLD1700.ZIP- LYNXSHLD1700PARSER.ZIPNOTE:Before installing the reports extension(LYNXSHLD1700PARSER.ZIP), ensure that you haveremoved the previous LinuxShield reports

extension module (LYNXSHLDPARSER) from ePolicyOrchestrator.5. Deploy the McAfee Agent 4.6 on client computer.6. Create a Product Deployment Task on ePolicyOrchestrator to deploy McAfee VirusScanEnterprise for Linux, version 1.7.For more detailed information on how to integrateand configure McAfee VirusScan Enterprise for Linuxusing ePolicy Orchestrator, see the "McAfeeVirusScan Enterprise for Linux, version 1.7 —Configuration Guide".__________________________________________________________UNINSTALLATION1. To uninstall VirusScan Enterprise for Linux,typethe following commands at the command prompt:rpm -e McAfeeVSEForLinuxrpm -e MFEcmarpm -e MFErtIf you want to uninstall from an Ubuntu system,type:dpkg --purge mcafeevseforlinuxdpkg --purge mfecmadpkg --purge mfert2. Reboot the computer to remove the LinuxShieldkernel modules.NOTE:You do not have to reboot the computerimmediately, because the VirusScan Enterprisefor Linux kernel modules does not interruptfunctioning of any other running service.UNINSTALLATION USING EPOLICY ORCHESTRATOR 4.5/4.6- Create a Product Deployment Task on ePolicyOrchestrator to remove McAfee VirusScanEnterprise for Linux version 1.7.For more detailed information on how to uninstallMcAfee VirusScan Enterprise for Linux using ePolicyOrchestrator, see the "McAfee VirusScan Enterprisefor Linux, version 1.7 — Configuration Guide".

__________________________________________________________MORE INFORMATIONRUNTIME KERNEL MODULE SUPPORTMcAfee VirusScan Enterprise for Linux Kernel moduleswill be created dynamically in case of a mod-versionfailure. You can manually compile, export or importthe McAfee VirusScan Enterprise for Linux kernelmodules.To compile the kernel module, execute the followingcommand:/opt/NAI/LinuxShield/bin/khm_setup –cNOTE:Ensure that the kernel sources/headers anddeveloper tools are installed on the computer.If the kernel sources/headers are installed in anon-default location, set the"KERNEL_HEADER_LOCATION" environment variablebefore compilation.To export the kernal modules, execute the followingcommand:/opt/NAI/LinuxShield/bin/khm_setup –e .tar.bz2To import the kernal modules, execute the followingcommand:/opt/NAI/LinuxShield/bin/khm_setup –i .tar.bz2The import option is useful when you do not wantto install developer tools and kernel headers inthe production environment. This feature willimport all the modules present in the archive(tar.bz2 file).To view the runtime kernel module compilation logs,go to "/opt/NAI/LinuxShield/src/log" directory.__________________________________________________________FINDING PRODUCT DOCUMENTATIONMcAfee provides the information you need during eachphase of product implementation, from installationto daily use and troubleshooting. After a product isreleased, information about the product is enteredinto the McAfee online KnowledgeBase.

1. Go to the McAfee Technical Support ServicePortalat http://mysupport.mcafee.com.2. Under Self Service, access the type ofinformation you need:For user documentation:1. Click "Product Documentation."2. Select a "Product," then select a"Version."3. Select a product document.For the KnowledgeBase:- Click "Search the KnowledgeBase" foranswers to your product questions.- Click "Browse the KnowledgeBase" forarticles listed by product and version.__________________________________________________________COPYRIGHTCopyright (C) 2011 McAfee, Inc. All Rights Reserved.No part of this publication may be reproduced,transmitted, transcribed, stored in a retrievalsystem, or translated into any language in any formor by any means without the written permission ofMcAfee, Inc., or its suppliers or affiliatecompanies.__________________________________________________________TRADEMARK ATTRIBUTIONSAVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE,GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEESECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD,PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE,SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELDare registered trademarks or trademarks of McAfee,Inc. and/or its affiliates in the US and/or othercountries. McAfee Red in connection with security isdistinctive of McAfee brand products. All otherregistered and unregistered trademarks herein arethe sole property of their respective owners.__________________________________________________________LICENSE INFORMATIONLICENSE AGREEMENT

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATELEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOUPURCHASED, WHICH SETS FORTH THE GENERAL TERMS ANDCONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IFYOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVEACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATEDLICENSE GRANT OR PURCHASE ORDER DOCUMENTS THATACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVERECEIVED SEPARATELY AS PART OF THE PURCHASE (AS ABOOKLET, A FILE ON THE PRODUCT CD, OR A FILEAVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADEDTHE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OFTHE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALLTHE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THEPRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR AFULL REFUND.V3.1.9