FAQs for VirusScan Enterprise for Linux
Technical Articles ID:
KB76941
Last Modified: 5/10/2018
Last Modified: 5/10/2018
Environment
McAfee VirusScan Enterprise for Linux (VSEL) 2.0.x, 1.9.x
McAfee VSEL 1.8 (for Iomega)
NOTE: McAfee announced End of Life for VirusScan Enterprise for Linux 1.9.0, 2.0, and 2.0.1. See KB86212 for more details.
McAfee VSEL 1.8 (for Iomega)
NOTE: McAfee announced End of Life for VirusScan Enterprise for Linux 1.9.0, 2.0, and 2.0.1. See KB86212 for more details.
Summary
| General | Product information, including licensing and miscellaneous topics |
| Compatibility | Interaction between other products and software |
| Installation/upgrade | Information about installing, upgrading, migrating, and removing VSEL |
| Functionality | Product features and functions, including reporting and troubleshooting |
| McAfee Secure Amazon Linux | Information and FAQs about VSEL Secure Amazon Linux |
General
Is the Apache User Interface (UI) required if VSEL is installed and managed by ePolicy Orchestrator (ePO)?
No. Note that the Apache UI can be disabled through ePO.
Back to Contents
No. Note that the Apache UI can be disabled through ePO.
Back to Contents
What versions of Linux, kernels, and file systems does VSEL support?
Support for your environment is determined by your version of VSEL. To determine if your environment is compatible, see KB75270.
Can VSEL scan for malware (both On-Access and On-Demand) on iSCSI shares for Iomega StorCenter NAS devices?
No. VSEL does not support malware detection on an iSCSI share for Iomega StorCenter NAS device. VSEL cannot scan the share because it is not mounted on the Iomega StorCenter NAS Device.
To work around this issue, McAfee recommends that you install anti-malware protection on the workstation where the iSCSI share is mounted.
Can VSEL coexist with the command line scanner on Red Hat Enterprise Linux (RHEL) Server?
Yes.
Does VSEL 1.9 support NFS 4?
Yes. VSEL 1.9.1 (Hotfix 964170 ) and later fully support NFS 4.
Is VSEL supported on a para-virtualization environment?
VSEL 1.9.1 and later fully support para-virtualized environments.
NOTE: VSEL 1.9 for RHEL 6.x and VSEL 1.9 for Cent OS 6.x on Amazon EC2 are now supported. Contact Technical Support for download details.
Back to Contents
Support for your environment is determined by your version of VSEL. To determine if your environment is compatible, see KB75270.
Can VSEL scan for malware (both On-Access and On-Demand) on iSCSI shares for Iomega StorCenter NAS devices?
No. VSEL does not support malware detection on an iSCSI share for Iomega StorCenter NAS device. VSEL cannot scan the share because it is not mounted on the Iomega StorCenter NAS Device.
To work around this issue, McAfee recommends that you install anti-malware protection on the workstation where the iSCSI share is mounted.
Can VSEL coexist with the command line scanner on Red Hat Enterprise Linux (RHEL) Server?
Yes.
Does VSEL 1.9 support NFS 4?
Yes. VSEL 1.9.1 (Hotfix 964170 ) and later fully support NFS 4.
Is VSEL supported on a para-virtualization environment?
VSEL 1.9.1 and later fully support para-virtualized environments.
NOTE: VSEL 1.9 for RHEL 6.x and VSEL 1.9 for Cent OS 6.x on Amazon EC2 are now supported. Contact Technical Support for download details.
Back to Contents
Installation/Upgrade
What are the VSEL 2.0 installation requirements?
VSEL 2.0 supports only 64-bit platforms and requires Fanotify to be enabled. Fanotify is enabled in the kernel from kernel version 2.6.38.
NOTE: This release does not support the distribution that does not have Fanotify enabled in the kernel, such as RedHat 6.
Can I install VSEL on a symbolic link?
No. You cannot install VSEL on a symbolic link path because it can cause issues with starting and shutting down product services and components.
How do I place VSEL in unmanaged mode?
If you do not use ePolicy Orchestrator to manage VSEL, use the following steps to place it in unmanaged mode:
What kernel modules does VSEL install?
lshook and linuxshield are the two installed kernel modules that provide On-Access Scanning functionality.
Why does VSEL install its own versions of the Apache, ICU, SQLITE, OpenSSL, XML2, PAM, and NAILSD packages?
VSEL is a self-contained product and does not rely on outside packages to function. These modules provide the following functionality:
Can I install the individual packages for VSEL to the /app directory?
No. You can choose the installation directory during install, but you cannot install any of the listed components individually.
Can I install VSEL without the Kernel modules or other elements?
No. If you have a strict policy that does not allow these packages to be installed, McAfee recommends that you instead use the Command-line Scanner for Linux.
IMPORTANT: The Command-line Scanner does not perform On-Access-Scanning and you will have to rely on automation via the Linux OS (cron) to perform regular On-Demand Scans.
Is it necessary to install the included Apache Web Server?
No. It is used only for local Web UI.
Is there an official uninstall process?
Yes. Refer to the VSEL Product Guide or Release Notes. Both include steps for RPM and Debian packages. Refer to the Related Information section for how to locate product documentation.
What is the default password for the NAILS user account?
There is no default password for the NAILS user. The password must be configured locally before you can access the VSEL user interface. After deploying VSEL through ePO, you must log in using the NAILS user account. For more information, see your VSEL Installation Guide. Refer to the Related Information section for how to locate product documentation.
Why am I unable to log in to the Web UI using the NAILS/password that I set up during installation?
VSEL 1.9 requires 32-bit PAM modules to be installed before installation of VSEL. Refer to the following VSEL prerequisites:
What directories are created by VSEL during installation?
How do I verify FANOTIFY is enabled in the kernel?
Where are the McAfee Agent logs for VSEL located?
All log files are stored in /opt/McAfee/cma/scratch/etc
Back to Contents
VSEL 2.0 supports only 64-bit platforms and requires Fanotify to be enabled. Fanotify is enabled in the kernel from kernel version 2.6.38.
NOTE: This release does not support the distribution that does not have Fanotify enabled in the kernel, such as RedHat 6.
Can I install VSEL on a symbolic link?
No. You cannot install VSEL on a symbolic link path because it can cause issues with starting and shutting down product services and components.
How do I place VSEL in unmanaged mode?
If you do not use ePolicy Orchestrator to manage VSEL, use the following steps to place it in unmanaged mode:
- Open a command-line session on the VSEL client.
- Switch user to root or superuser.
- Type the following command and press ENTER:
# /opt/McAfee/cma/bin/msaconfig -u
What kernel modules does VSEL install?
lshook and linuxshield are the two installed kernel modules that provide On-Access Scanning functionality.
Why does VSEL install its own versions of the Apache, ICU, SQLITE, OpenSSL, XML2, PAM, and NAILSD packages?
VSEL is a self-contained product and does not rely on outside packages to function. These modules provide the following functionality:
- NAILSD for scanning
- PAM for authentication
- Apache for web monitoring
- ICU for localization of displayed text
- XML2 for generating events in XML format to send to an ePO server
Can I install the individual packages for VSEL to the /app directory?
No. You can choose the installation directory during install, but you cannot install any of the listed components individually.
Can I install VSEL without the Kernel modules or other elements?
No. If you have a strict policy that does not allow these packages to be installed, McAfee recommends that you instead use the Command-line Scanner for Linux.
IMPORTANT: The Command-line Scanner does not perform On-Access-Scanning and you will have to rely on automation via the Linux OS (cron) to perform regular On-Demand Scans.
Is it necessary to install the included Apache Web Server?
No. It is used only for local Web UI.
Is there an official uninstall process?
Yes. Refer to the VSEL Product Guide or Release Notes. Both include steps for RPM and Debian packages. Refer to the Related Information section for how to locate product documentation.
What is the default password for the NAILS user account?
There is no default password for the NAILS user. The password must be configured locally before you can access the VSEL user interface. After deploying VSEL through ePO, you must log in using the NAILS user account. For more information, see your VSEL Installation Guide. Refer to the Related Information section for how to locate product documentation.
Why am I unable to log in to the Web UI using the NAILS/password that I set up during installation?
VSEL 1.9 requires 32-bit PAM modules to be installed before installation of VSEL. Refer to the following VSEL prerequisites:
- KB81135 - How to install VSEL 1.x in a standalone environment
- KB75270 - Supported Platforms, Environments, and Operating Systems for VSEL
- KB72999 - VirusScan Enterprise for Linux supported kernels and platform (How to determine if a Linux server is supported)
What directories are created by VSEL during installation?
| /opt/NAI | Created if it does not already exist |
| /var/opt/NAI | Created if it does not already exist NOTE: These directories are shared with other products. |
| /opt/NAI/LinuxShield | Installed files |
| /opt/NAI/package | Extracted rpm for installation |
| /var/opt/NAI/LinuxShield | Files created or modified at runtime |
| /lib/modules/x.x.x.x-xxx/nai | Symbolic links to VSEL kernel modules |
| /etc/cmad.d/ | Shared between McAfee Agent and VSEL |
| /opt/McAfee | Created by McAfee Agent install |
How do I verify FANOTIFY is enabled in the kernel?
- Log in to the Linux system as user root, type uname -r and press ENTER. The result should be higher than kernel version 2.6.38.
- Type grep FANOT /boot/config-`uname -r and press ENTER. The result should match as follows:
CONFIG_FANOTIFY=y
CONFIG_FANOTIFY_ACCESS_PERMISSIONS=y
If the results do not match as shown, contact Technical Support.
Where are the McAfee Agent logs for VSEL located?
All log files are stored in /opt/McAfee/cma/scratch/etc
Functionality
McAfee Secure Amazon Linux
Are there any Java-based programs used in VSEL?
No. The graphical user interface is developed in HTML.
Can VSEL coexist with backup software such as ArcServe, Cava Agent, Bacula, and so on?
Yes. However, McAfee recommends that you exclude the files that have been targeted for backup and the backup files produced by the backup process.
Can I disable the SMTP notification?
Yes. When an alternate option to send email notifications exists. To disable SMTP notifications:
No. The graphical user interface is developed in HTML.
Can VSEL coexist with backup software such as ArcServe, Cava Agent, Bacula, and so on?
Yes. However, McAfee recommends that you exclude the files that have been targeted for backup and the backup files produced by the backup process.
Can I disable the SMTP notification?
Yes. When an alternate option to send email notifications exists. To disable SMTP notifications:
- VSEL 2.0: Make the change via ePO.
- VSEL 1.9: Set the IP address of the SMTP server to 0.0.0.0.
McAfee Secure Amazon Linux
What is McAfee Secure Amazon Linux?
McAfee Secure Amazon Linux (MSAL) is an Amazon Linux operating system secured by a pre-installed version of VSEL.
MSAL is a Linux operating system (Amazon Linux 12.09 at the time of publication) designed for use on Amazon Elastic Compute Cloud (Amazon EC2). EC2 is a web service that provides resizable compute capacity in the cloud and is designed to make web-scale computing easier for developers. Amazon customers can administer their MSAL environment (for example, reboots) by using standard Linux remote management tools.
MSAL is available from the list of software environments offered on the AWS Marketplace website. This is the same version of the VSEL product available on the product downloads website.
What technical support is available for MSAL users?
The MSAL web page on the AWS Marketplace website explains that are two types of technical support available to Amazon customers who buy MSAL from AWS:
McAfee Secure Amazon Linux (MSAL) is an Amazon Linux operating system secured by a pre-installed version of VSEL.
MSAL is a Linux operating system (Amazon Linux 12.09 at the time of publication) designed for use on Amazon Elastic Compute Cloud (Amazon EC2). EC2 is a web service that provides resizable compute capacity in the cloud and is designed to make web-scale computing easier for developers. Amazon customers can administer their MSAL environment (for example, reboots) by using standard Linux remote management tools.
MSAL is available from the list of software environments offered on the AWS Marketplace website. This is the same version of the VSEL product available on the product downloads website.
What technical support is available for MSAL users?
The MSAL web page on the AWS Marketplace website explains that are two types of technical support available to Amazon customers who buy MSAL from AWS:
- Free Support is available from the MSAL group in the Online Community (https://community.mcafee.com/groups/msal).
- Standard Technical Support from corporate Worldwide Support Teams (delivered via the usual Technical Support contact methods).
NOTE: Customers who want to contact Technical Support directly must purchase VSEL licenses (minimum five licenses) either online from the Small and Medium Business store (http://shop.mcafee.com/), or by ordering from your sales contact. After purchase, you receive a Grant Number, which provide you with access to Technical Support.
Related Information
For McAfee product documents, go to the Enterprise Product Documentation portal at https://docs.mcafee.com.
To contact Technical Support, log on to the ServicePortal and go to the Create a Service Request page at https://support.mcafee.com/ServicePortal/faces/serviceRequests/createSR:
- If you are a registered user, type your User Id and Password, and then click Log In.
- If you are not a registered user, click Register and complete the required fields. Your password and logon instructions will be emailed to you.
