VirusScan for Linux 1.7 Best Practices Guide - Errors - McAfee

More documents

Recommendations

Info

5 Product Configurations Run-time kernel modules To recover a particular quarantined item 1 From the terminal, login as root. 2 Run the following command: /opt/NAI/LinuxShield/bin/nails quarantine ‑recover For example, if you want to recover file1 which is listed as quarantined item , you need to run the command as: /opt/NAI/LinuxShield/bin/nails quarantine ‑recover /quarantine/QXXX.XXXXXX.XXXXX.XXX.meta /tmp/file1 This will restore file1 into/tmp directory. Run-time kernel modules Automatic support for new kernels released from the distribution vendors without any downtime in On‑access scanning. McAfee VirusScan Enterprise for Linux Kernel modules will be created dynamically in case of a mod‑version failure. • You must have developer utilities such as make or gcc installed on your machine along with kernel headers package of the current kernel. If mod‑versioning fails during nails service start, the kernel modules gets compiled dynamically and on‑access scanner gets enabled. • If developer utilities are not installed in your production server, you can compile the kernel modules on a staging server and run the export command to archive the kernel modules. Import the kernel modules on to your production server by running the import command. For more information, please refer the McAfee VirusScan Enterprise for Linux 1.7 — Product Guide. • · Ensure that the kernel sources/headers and developer tools are installed on the computer. If the kernel sources/headers are installed in a non‑default location, set the KERNEL_HEADER_LOCATION environment variable before compilation. • You can check if the compiled or imported kernel modules are working properly by executing the command: /opt/NAI/LinuxShield/bin/khm_setup ‑t To view the logs, go to: /opt/NAI/LinuxShield/src/log Third-party software coexistence • VirusScan Enterprise for Linux does not support coexistence with backup software such as ArcServe, Cava Agent, bacula backup software and so on. Hence McAfee recommends you to exclude directories or files associated with it. • There are few compatibility issues between McAfee VirusScan Enterprise for Linux and McAfee Solidcore. Please refer the following KnowledgeBase articles for the resolution of these issues. • https://kc.mcafee.com/corporate/index?page=content&id=KB70194 • https://kc.mcafee.com/corporate/index?page=content&id=KB70857 You can also log on to https://kc.mcafee.com and search using the KB article number. 18 McAfee VirusScan Enterprise for Linux 1.7.0 Best Practices Guide
6 Tips and Tricks This chapter provides you more information on the tips and tricks which can be helpful when you use the McAfee VirusScan Enterprise for Linux software. • You can deploy the McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator (ePO) with customized settings. For this you need to copy the nails.options file to /root and / directory on your Linux client system. For more details, refer the McAfee VirusScan Enterprise for Linux 1.7 — Installation Guide. • VirusScan Enterprise for Linux provides advanced logging option, which is recommended to be enabled while troubleshooting specific issues. These settings however can only be enabled from the endpoint's user interface. The settings are Detail logging level, Additional log to syslog, Detail syslog level, Limit age of log entries, Maximum age of log entries which can be tweaked from product's user interface. • In a managed mode (ePO), the status of scheduled tasks is not reported back to ePO. In such cases setting up SMTP email notifications can monitor this. Users will get the email notification if the DAT is out‑of‑date, malware detected on the system, and notification based on error codes including system events on the user's email id. • By default, VirusScan Enterprise for Linux uses the system PAM (Pluggable Authentication Modules) configuration in the Web Manager for authentication. In some instances, the system PAM settings might use external authentication modules that are not compatible with VirusScan Enterprise for Linux. Refer the following KnowledgeBase article to know how to configure PAM, so that VirusScan Enterprise for Linux can authenticate in the Web Manager: https://kc.mcafee.com/corporate/index? page=content&id=KB70568 McAfee VirusScan Enterprise for Linux 1.7.0 Best Practices Guide 19
Page 1 and 2: Best Practices Guide McAfee VirusSc
Page 3 and 4: Contents 1 Introduction 5 Features
Page 5 and 6: 1 Introduction 1 Features McAfee Vi
Page 7 and 8: 2 Hardware and software requirement
Page 9 and 10: 3 Pre-installation instructions Thi
Page 11 and 12: 4 Post-installation instructions Th
Page 13 and 14: Default Queries This section provid
Page 15 and 16: 5 Product Configurations This chapt
Page 17: • Archive files for on‑access s
Page 21 and 22: 7 KnowledgeBase articles This chapt

VirusScan for Linux 1.7 Best Practices Guide - Errors - McAfee

Create successful ePaper yourself

Delete template?

Save as template?