VirusScan for Linux 1.7 Best Practices Guide - Errors - McAfee

More documents

Recommendations

Info

5 Product Configurations On-demand scanning On-demand policy Here are the best practices for configuring on‑demand policies. However, this can vary as per your requirements. The following configuration identifies and eliminates viruses and other malicious programs on your Linux Machines when scheduled or on‑demand scanning runs on the client system. • Always enable the Decompress archives to scan inside the archives and compressed files. • Select the Quarantine option always as secondary action for virus and spyware detections, so that you can retrieve the files from the quarantine folder later if required. On-demand scanning This section describes the best practices for scheduling on‑demand scans to improve performance. Scheduling scans • Schedule on‑demand scans during non‑peak hours such as weekends, during the maintenance period or when DAT/Engine updates are not running. • When scheduling an on‑demand scan for the first time, schedule a full on‑demand scan for local volumes. • Make sure to exclude network volumes, if you do not want to scan them explicitly. Update Ensure that at least 500 MB of memory is free before a DAT Update, as DAT needs significant amount of memory. Anti-virus exclusions This section provides recommendations for Anti‑virus exclusions. McAfee suggests these for better performance, however you can tweak these exclusions based on your requirements. This version supports, regular expression based exclusions for Anti‑malware. You can add regular expressions that match the required pattern to exclude multiple files and folders from being scanned. Some of the recommended exclusions are for: • Oracle database files • /opt/oracle/.*.dbf (if oracle is installed under /opt) • /opt/oracle/.*.ctl (if oracle is installed under /opt) • /opt/oracle/.*.log (if oracle is installed under /opt) • Evolution data files • Thunderbird data files • Encrypted files • /var/log for on‑access scan • /quarantine and /proc for on‑demand scan • JAR files for on‑access scan 16 McAfee VirusScan Enterprise for Linux 1.7.0 Best Practices Guide
• Archive files for on‑access scan • DTX files for on‑access scan • WAR files • Exclusion of /media/nss//._NETWARE and /media/nss//._ADMIN in case of Open Enterprise Server The following are few examples of regular expressions you can use for different patterns. Table 5-1 Regular Expression Examples To exclude... Use... All files starting with abc available in /media/nss /media/nss/abc.* All files starting with "." under /media/nss /media/nss/..* All files with extensions ext and abc under /media/nss /media/nss/.*.(ext|abc) All users mailbox folders /home/.*/mailbox/.* All files and folders that begin with abc in the machine .*/abc.* Files with extension mdb .*.mdb Files with extension either mdb or odc .*.(mdb|odc) Files with extension jar or rar or war under /opt /opt/.*..+ar All files under /tmp starting with an alphabet and ending with a number /tmp/([A‑Z]|[a‑z]).*[0‑9]$ All users mailbox folders recursively /home/.*/mailbox/.* All files ending with abc, abcc, abcccc .*abc{1,} Using regular expressions from ePolicy Orchestrator • You should include "/" as the first character. For example, to exclude all files and folders starting with abc in the machine use the regular expression: /.*/abc.* • Ensure that there are no escape sequences included in the regular expression. For example: From ePolicy Orchestrator, to exclude all files starting with "." under /media/nss use the regular expression: /media/nss/..* Recovering quarantined items This section provides information on listing and recovering quarantined items. Remember that you need to have root privileges to run these commands. McAfee suggests recovering quarantined items only after consulting McAfee Labs. To list the quarantined items on a Linux machine 1 From the terminal, login as root. 2 Run the following command: /opt/NAI/LinuxShield/bin/nails quarantine ‑‑list This will list all the quarantined items on your machine. For example, if a file named file1 under /tmp directory is quarantined, by running above command you will see the output as: /quarantine/QXXX.XXXXXX.XXXXX.XXX.meta: /tmp/file1 where X is a random number. Product Configurations Recovering quarantined items 5 McAfee VirusScan Enterprise for Linux 1.7.0 Best Practices Guide 17
Page 1 and 2: Best Practices Guide McAfee VirusSc
Page 3 and 4: Contents 1 Introduction 5 Features
Page 5 and 6: 1 Introduction 1 Features McAfee Vi
Page 7 and 8: 2 Hardware and software requirement
Page 9 and 10: 3 Pre-installation instructions Thi
Page 11 and 12: 4 Post-installation instructions Th
Page 13 and 14: Default Queries This section provid
Page 15: 5 Product Configurations This chapt
Page 19 and 20: 6 Tips and Tricks This chapter prov
Page 21 and 22: 7 KnowledgeBase articles This chapt

VirusScan for Linux 1.7 Best Practices Guide - Errors - McAfee

Create successful ePaper yourself

Delete template?

Save as template?