McAfee VirusScan Enterprise For Linux (VSEL) provides On-Access Scanning for Linux systems. When VSEL starts, it initializes the scanners with the current DATs and Engine. Scanning starts only after the scanners are correctly initialized.
To verify that the scanners are properly initialized:
- Open a Terminal session on the server.
- Log in as Root.
- Type the command below and press ENTER:
# ps -ef | grep scanner
The output will be similar to:
root 3741 3738 0 Oct21 ? 00:00:33 /opt/NAI/LinuxShield/libexec/scanner -e /opt/NAI/LinuxShield/engine/lib/liblnxfv.so -D /opt/NAI/LinuxShield/engine/dat -L /opt/NAI/LinuxShield/engine/lib -p 9 -i 18022 -I 0
nails 17059 3741 0 Oct24 ? 00:00:59 /opt/NAI/LinuxShield/libexec/scanner -e /opt/NAI/LinuxShield/engine/lib/liblnxfv.so -D /opt/NAI/LinuxShield/engine/dat -L /opt/NAI/LinuxShield/engine/lib -p 9 -i 18022 -I 0
nails 17902 3741 0 Oct25 ? 00:00:42 /opt/NAI/LinuxShield/libexec/scanner -e /opt/NAI/LinuxShield/engine/lib/liblnxfv.so -D /opt/NAI/LinuxShield/engine/dat -L /opt/NAI/LinuxShield/engine/lib -p 9 -i 18022 -I 0
nails 17903 3741 0 Oct25 ? 00:00:42 /opt/NAI/LinuxShield/libexec/scanner -e /opt/NAI/LinuxShield/engine/lib/liblnxfv.so -D /opt/NAI/LinuxShield/engine/dat -L /opt/NAI/LinuxShield/engine/lib -p 9 -i 18022 -I 0
One scanner process runs as root, all others run as the user nails. This is an expected behavior under normal circumstances.
Issues to remember while analyzing the output:
- If the output shows only a single scanner process running as root, then the scanners are not yet initialized. Scanning will not occur until the other scanner processes are running.
- If the output shows multiple scanner processes running as root, then one or more scanner processes has failed to initialize properly. If left unattended, this can consume increasing amounts of resources and cause the system to become unresponsive.
To stop all scanner processes and restart VSEL:
- Open a Terminal session and log in as root.
- Type the commands below and press ENTER after each:
killall -KILL scanner
/etc/init.d/nails restart
