1.9.0 McAfee VirusScan Enterprise for Linux · McAfee VirusScan Enterprise for Linux detects and removes viruses and other potentially unwanted software on Linux‑based systems

Configuration Guide

McAfee VirusScan Enterprise for Linux1.9.0For use with ePolicy Orchestrator 4.5, 4.6 and 5.0 Software

COPYRIGHTCopyright © 2013 McAfee, Inc. Do not copy without permission.

TRADEMARK ATTRIBUTIONSMcAfee, the McAfee logo, McAfee Active Protection, McAfee AppPrism, McAfee Artemis, McAfee CleanBoot, McAfee DeepSAFE, ePolicy Orchestrator,McAfee ePO, McAfee EMM, McAfee Enterprise Mobility Management, Foundscore, Foundstone, McAfee NetPrism, McAfee Policy Enforcer, Policy Lab,McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, SmartFilter, McAfee Stinger, McAfee Total Protection,TrustedSource, VirusScan, WaveSecure, WormTraq are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States andother countries. Other names and brands may be claimed as the property of others.

LICENSE INFORMATION

License AgreementNOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETSFORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOUHAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOURSOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR AFILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SETFORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OFPURCHASE FOR A FULL REFUND.

2 McAfee VirusScan Enterprise for Linux 1.9.0 Configuration Guide

Contents

Preface 5About this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5

Audience . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5Conventions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5What's in this guide . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

Find product documentation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6

1 Introduction 7Product Features . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7What’s new in this release . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8

2 Integrating with ePolicy Orchestrator 11Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator . . . . . . . . . . 12Upgrading your client systems using ePolicy Orchestrator . . . . . . . . . . . . . . . . . 14Sending an agent wake-up call . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15Setting policies within ePolicy Orchestrator . . . . . . . . . . . . . . . . . . . . . . . 16

Creating or editing policies . . . . . . . . . . . . . . . . . . . . . . . . . . . 16Enforcing policies . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17

Scheduling tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17Creating a Product Update task . . . . . . . . . . . . . . . . . . . . . . . . . 17Creating an on-demand scan task . . . . . . . . . . . . . . . . . . . . . . . . 18Setting the VirusScan Enterprise for Linux admin password . . . . . . . . . . . . . . 19

Configuring reports . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20Uninstallation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21

Removing McAfee VirusScan Enterprise for Linux from the client computer . . . . . . . 21Removing McAfee VirusScan Enterprise for Linux from ePolicy Orchestrator . . . . . . . 22

Index 23

McAfee VirusScan Enterprise for Linux 1.9.0 Configuration Guide 3

Contents


Preface

This guide provides the information you need to configure, use and maintain McAfee VirusScanEnterprise for Linux using McAfee ePolicy Orchestrator software. This guide provides detailedinformation on how you can deploy VirusScan Enterprise for Linux on client computers and managethe product using ePolicy Orchestrator.

For instructions on how to install McAfee VirusScan Enterprise for Linux software on a stand‑alonecomputer, see the McAfee VirusScan Enterprise for Linux — Installation Guide for your productversion. For detailed information all phases of product use from configuration to troubleshooting on astandalone Linux server, see the McAfee VirusScan Enterprise for Linux — Product Guide for yourproduct version.

Contents About this guide Find product documentation

About this guideThis information describes the guide's target audience, the typographical conventions and icons usedin this guide, and how the guide is organized.

AudienceMcAfee documentation is carefully researched and written for the target audience.

The information in this guide is intended primarily for:

• Administrators — People who implement and enforce the company's security program.

• Users — People who use the computer where the software is running and can access some or all ofits features.

ConventionsThis guide uses these typographical conventions and icons.

Book title, term,emphasis

Title of a book, chapter, or topic; a new term; emphasis.

Bold Text that is strongly emphasized.

User input, code,message

Commands and other text that the user types; a code sample; a displayedmessage.

Interface text Words from the product interface like options, menus, buttons, and dialogboxes.

Hypertext blue A link to a topic or to an external website.


Note: Additional information, like an alternate method of accessing anoption.

Tip: Suggestions and recommendations.

Important/Caution: Valuable advice to protect your computer system,software installation, network, business, or data.

Warning: Critical advice to prevent bodily harm when using a hardwareproduct.

What's in this guide This guide is organized to help you find the information you need.

This guide provides you with an introduction to McAfee VirusScan Enterprise for Linux and how tointegrate it with ePolicy Orchestrator.

Topics include:

• Deploying McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator

• Settings policies within ePolicy Orchestrator

• Scheduling tasks such as product update and on‑demand scan

• Configuring reports

• Removing the software

Find product documentationMcAfee provides the information you need during each phase of product implementation, frominstallation to daily use and troubleshooting. After a product is released, information about the productis entered into the McAfee online KnowledgeBase.

Task1 Go to the McAfee Technical Support ServicePortal at http://mysupport.mcafee.com.

2 Under Self Service, access the type of information you need:

To access... Do this...

User documentation 1 Click Product Documentation.

2 Select a product, then select a version.

3 Select a product document.

KnowledgeBase • Click Search the KnowledgeBase for answers to your product questions.

• Click Browse the KnowledgeBase for articles listed by product and version.

PrefaceFind product documentation


http://mysupport.mcafee.com

1 Introduction

McAfee VirusScan Enterprise for Linux detects and removes viruses and other potentially unwantedsoftware on Linux‑based systems.

This information is intended for network administrators who are responsible for their company’santi‑virus and security program.

Contents Product Features What’s new in this release

Product FeaturesThis section describes the product features for the McAfee VirusScan Enterprise for Linux software.

McAfee VirusScan Enterprise for Linux software has these features:

• Support for Amazon EC2 Linux machines (2.6.x kernels)

• Support for Novell Cluster Services

• Support for Corosync OCFS2 File System Cluster

• Runtime kernel module support (RKMS)

McAfee VirusScan Enterprise for Linux Kernel modules will be created dynamically in case of amod‑version failure. To manually compile the kernel module, refer Frequently asked questions —Runtime kernel module support in the Product Guide.

• Support for 64‑bit AMD64/Intel EM64T operating systems.

• The latest version (5600) of the McAfee anti‑virus engine.

• Incremental Virus Signature (DAT) updates.

• Mod‑versioning for automatic kernel support.

• Regular expression based exclusions for On‑access scan and On‑demand scan from the userinterface.

• Scanning• Comprehensive on‑access anti‑virus scanning and cleaning using the McAfee scanning engine.

• On‑access scanning for local file systems, NFS and Samba/CIFS.

• Kernel‑level scan cache for improved performance.

1


• Scheduling of on‑demand scans.

• Scheduling of updates for scanning engine and virus definition files.

• Administration• Remote administration using browser‑based interface.

• Secure browser interface with authentication and HTTPS (SSL) support.

• Reporting• Real‑time statistics.

• Detailed database for detected items and system events.

• Ability to query the database by date range or individual field values, for example, virus name.Results of query can be exported to a CSV file.

• Configurable email notification for detected items, out‑of‑date virus definition files, configurationchanges, and system events.

• Diagnostic report for use when reporting a problem with the product.

What’s new in this releaseThis section describes the new enhancements in this release of VirusScan Enterprise for Linux.

These new features are available in this release, that could be used from McAfee ePolicy Orchestratorto configure McAfee VirusScan Enterprise for Linux client systems.

General policies

• Enable or disable Web GUI Apache services

• Enable or disable SMTP notifications

• Enable or disable Syslogging with different levels

• Enable logging from ePolicy Orchestrator

On‑Access policy

• Specify primary and secondary actions for Programs and Jokes

On‑Demand scan task

• Specify primary and secondary actions for Programs and Jokes

• Specify custom Maximum scan time for each on‑demand scan task

Product deployment task

• Deploy the product successfully without PAM libraries

Password change task

• Set the McAfee VirusScan Enterprise for Linux administrator password from ePolicy Orchestrator

1 IntroductionWhat’s new in this release


System properties

• Scanning summary information on Files Scanned and Number of Infections for the selected Linux client

• Threat information is available now

Events

• On‑demand scan task status events

• Password change task status events

Queries and reports

• Threat report

• Compliance report

Help Content

New ePolicy Orchestrator Help extension for McAfee VirusScan Enterprise for Linux

IntroductionWhat’s new in this release 1


1 IntroductionWhat’s new in this release


2 Integrating with ePolicy Orchestrator

Configure McAfee VirusScan Enterprise for Linux using McAfee ePolicy Orchestrator managementsoftware.

To use this chapter effectively, you need to be familiar with ePolicy Orchestrator 4.5, 4.6 or 5.0software.

McAfee ePolicy Orchestrator provides a scalable platform for centralized policy management andenforcement on your McAfee security products and systems on which they reside. It also providescomprehensive reporting and product deployment capabilities; all through a single point of control.

This guide does not provide detailed information about installing or using ePolicy Orchestrator software.See the McAfee ePolicy Orchestrator — Product Documentation.

Contents Prerequisites Installing McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator Upgrading your client systems using ePolicy Orchestrator Sending an agent wake-up call Setting policies within ePolicy Orchestrator Scheduling tasks Configuring reports Uninstallation

PrerequisitesBefore deploying McAfee VirusScan Enterprise for Linux on Novel Open Enterprise Server 2.x:

1 From the Novell eDirectory server, use iManager and create a user called "nails" and a group called"nailsgroup".

2 Add the user "nails" a member of the "nailsgroup". Enable the user and group using the Linux UserManagement.

3 Provide "nails" user with administrative privileges on all the NSS volumes. For example: rights‑f /media/nss/<VOL‑name> ‑r s trustee nails.<context>.<tree>

You need to provide administrative privileges to the "nails" user, every time a new NSS volume iscreated.

2


Installing McAfee VirusScan Enterprise for Linux using ePolicyOrchestrator

Deploy McAfee VirusScan Enterprise for Linux on client computers using the ePolicy Orchestratorsoftware.

Before you beginIf you have any McAfee VirusScan Enterprise for Linux 1.7.0 or 1.7.1 hotfix checked in tothe Master Repository's Current branch, move the hotfix to previous branch or delete it.

Task1 Log on to the ePolicy Orchestrator server as an administrator.

2 Create a temporary directory on your local drive.

3 Download the archive McAfeeVSEForLinux‑1.9.0.<build number>‑release‑full.noarch.tar.gzand extract the files to the temporary directory.

4 Click Menu | Software | Master Repository. The Packages in Master Repository page appears.

5 Click Actions | Check In Package. The Check In Package page appears.

6 Select the Package type as Product or Update (.ZIP) and browse in File path to locate the McAfee Agent forLinux package MSA‑LNX_4.8.0_Package.ZIP extracted in the temporary directory.

7 Click Next. The Package Options page appears with the package information.

8 Select a Branch.

9 In Options, select the required option(s), then click Save.



12 Select the Package type as Product or Update (.ZIP) and browse in File path to locate McAfee VirusScanEnterprise for Linux product deployment package McAfeeVSEForLinux‑1.9.0.<build number>‑EPO.ZIP extracted in the temporary directory.


14 Select a Branch.


16 Click Menu | Software | Extensions. The Extensions page appears.

17 Click Install Extension to install the McAfee Agent policy extension. The Install Extension dialog boxappears.

18 Click Browse, select the extension file EPOAGENTMETA.ZIP, then click OK on the Install Extension page.


20 Click Install Extension to install the McAfee VirusScan Enterprise for Linux policy extension. The InstallExtension dialog box appears.

21 Click Browse, select the extension file LYNXSHLD1900.ZIP, then click OK on the Install Extension page.


2 Integrating with ePolicy OrchestratorInstalling McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator


23 Click Install Extension to install the McAfee VirusScan Enterprise for Linux reports extension. The InstallExtension dialog box appears.

24 Click Browse, select the extension file LYNXSHLD1900PARSER.ZIP, then click OK on the Install Extensionpage.

To install the McAfee VirusScan Enterprise for Linux Help extension, browse for the file help_vsel_190.zip and check in the extension. You will find the Help extension under Extensions | McAfee | HelpContent.

25 Create and download the agent installation package by performing these steps:

a From System Tree, click System Tree Actions | New Systems. The New Systems page appears.

b Under How to add systems select Create and download agent installation package, click Non‑Windows, then selectMcAfee Agent for Linux 4.8.0 (Current) and click OK.

c From Download file, right‑click install and select Save Target As... to download the file on to your localsystem.

If you are deploying the product on a Ubuntu client system, download the installdeb.sh file on toyour local system. In case of ePolicy Orchestrator 4.5, this file is not available for download,hence copy this file from C:\Program Files\McAfee\ePolicy Orchestrator\DB\Software\Current\EPOAGENT3700LYNX\Install\0409.

26 From the Linux terminal, execute the following command:

sh install.sh –i

This will establish a connection between ePolicy Orchestrator and the Linux client computer.

27 Click Menu | Systems | System Tree. The System Tree page appears.

28 To install McAfee VirusScan Enterprise for Linux on the client Linux computer:

• On ePolicy Orchestrator 4.5 — Click Client Tasks | New Task. The Client Task Builder page appears.

• On ePolicy Orchestrator 4.6 or 5.0 — Click Assisgned Client Tasks | Actions | New Client Task Assignment.The Client Task Assignment Builder page appears.

29 To schedule a client task:

• On ePolicy Orchestrator 4.5 — Under Description, type a Name, Notes for the task and select the Typeas Product Deployment and click Next.

• On ePolicy Orchestrator 4.6 or 5.0 — Under Task to schedule, select McAfee Agent as Product, selectthe Task Type as Product Deployment, then click Create New Task under Task Name.

30 To configure the client task:

• On ePolicy Orchestrator 4.5 — Under Configuration, select the Target platforms as Linux and in Productsand components, select VirusScan Enterprise for Linux 1.9.0.<build number> from the drop‑down list, thenselect the Action as Install.

• On ePolicy Orchestrator 4.6 or 5.0 — Under Client Task Catalog, select Linux as Target Platforms,VirusScan Enterprise for Linux 1.9.0.<build number> as Products and components, Install as Action and theappropriate Language, then click Save.

If you want to deploy McAfee VirusScan Enterprise for Linux with customized settings, then copy thenails.options file to the /root and / directory on your Linux client system. For more informationon how to create the nails.options file, refer to the Silent installation section in the McAfeeVirusScan Enterprise for Linux — Installation Guide.

31 Click Next to schedule this task immediately or as required.

Integrating with ePolicy OrchestratorInstalling McAfee VirusScan Enterprise for Linux using ePolicy Orchestrator 2


32 Click Next to view a summary of the task.

33 Click Save and send an agent wake‑up call. Wait for the deployment task to complete.

Upgrading your client systems using ePolicy OrchestratorUpgrade your existing Linux client systems running on McAfee VirusScan Enterprise for Linux version1.6, 1.7 or 1.7.1 to version 1.9.0, using the ePolicy Orchestrator software.

Before you beginIf you have any McAfee VirusScan Enterprise for Linux 1.7.0 or 1.7.1 hotfix checked in tothe Master Repository's Current branch, move the hotfix to previous branch or delete it.


2 Create a temporary directory on your local drive.

3 Download the archive McAfeeVSEForLinux‑1.9.0.<build number>‑release‑full.noarch.tar.gzand extract the files to the temporary directory.



6 Select the Package type as Product or Update (.ZIP) and browse in File path to locate the McAfee Agent forLinux package MSA‑LNX_4.8.0_Package.ZIP extracted in the temporary directory.


8 Select a Branch.




12 Select the Package type as Product or Update (.ZIP) and browse in File path to locate McAfee VirusScanEnterprise for Linux product deployment package McAfeeVSEForLinux‑1.9.0.<build number>‑EPO.ZIP extracted in the temporary directory.


14 Select a Branch.



17 Click Install Extension to install the McAfee Agent policy extension. The Install Extension dialog boxappears.

18 Click Browse, select the extension file EPOAGENTMETA.ZIP, then click OK on the Install Extension page.


20 Click Install Extension to install the McAfee VirusScan Enterprise for Linux policy extension. The InstallExtension dialog box appears.

2 Integrating with ePolicy OrchestratorUpgrading your client systems using ePolicy Orchestrator


21 Click Browse, select the extension file LYNXSHLD1900.ZIP, then click OK on the Install Extension page.


23 Click Install Extension to install the McAfee VirusScan Enterprise for Linux reports extension. The InstallExtension dialog box appears.

24 Click Browse, select the extension file LYNXSHLD1900PARSER.ZIP, then click OK on the Install Extensionpage.

To install the McAfee VirusScan Enterprise for Linux Help extension, browse for the file help_vsel_190.zip and check in the extension. You will find the Help extension under Extensions | McAfee | HelpContent.


26 To install McAfee VirusScan Enterprise for Linux on the client Linux computer:







• On ePolicy Orchestrator 4.5 — Under Configuration, select the Target platforms as Linux and in Productsand components, select VirusScan Enterprise for Linux 1.9.0.<build number> from the drop‑down list, thenselect the Action as Install.

• On ePolicy Orchestrator 4.6 or 5.0 — Under Client Task Catalog, select Linux as Target Platforms,VirusScan Enterprise for Linux 1.9.0.<build number> as Products and components, Install as Action and theappropriate Language, then click Save.

If you want to upgrade the McAfee Agent on the Linux client system to McAfee Agent 4.8, first addMcAfee Agent for Linux 4.8.0.x, then click the + button to add VirusScan Enterprise for Linux 1.9.0.<build number> toupgrade both McAfee Agent and the product.

29 Click Next to schedule this task immediately or as required.


31 Click Save and send an agent wake‑up call. Wait for the deployment task to complete.

32 Restart the client computer using the command:

reboot

Sending an agent wake-up callUse this task to send an agent wake‑up call to the client computer using ePolicy Orchestrator.

All systems in the network are managed in the Systems tab. The System Tree contains all systems that aremanaged by the ePolicy Orchestrator server. It is the primary interface for managing policies and taskson these systems. You can organize or sort these systems into logical groups in the System Tree.

Integrating with ePolicy OrchestratorSending an agent wake-up call 2


My Organization is the root of the System Tree. It includes a Lost&Found group that stores systems whoselocations cannot be determined by the server. Depending on the methods you use to create andmaintain the System Tree segments (systems), the server uses different characteristics to place thesystems in the System Tree.

For information on adding a new system, refer to the McAfee ePolicy Orchestrator — Product Guide.


2 Click Menu | Systems | System Tree.

3 Select a group in the System Tree.

4 Select the Computer Name(s) of that group.

5 Click Actions | Agent | Wake Up Agents. The Wake Up McAfee Agent page appears.

6 Select the Wake‑up call type as Agent Wake‑Up Call and a Randomization period (0‑60 minutes) by which thesystem(s) respond to the wake‑up call sent by the ePolicy Orchestrator server.

7 Select Get full product properties for the agent(s) to send complete properties instead of sending onlythose that have changed since the last agent‑to‑server communication.

8 Click OK.

To see the status of the agent wake‑up call, click Menu | Automation | Server Task Log.

Setting policies within ePolicy OrchestratorThe ePolicy Orchestrator console allows you to enforce policies across groups of computers or on asingle computer.

These policies override configurations set on individual computers. For information regarding policiesand how they are enforced, see the McAfee ePolicy Orchestrator — Product Guide for your productversion.

Before configuring any policies, select the group of computers for which you want to modify McAfeeVirusScan Enterprise for Linux policies. You can modify McAfee VirusScan Enterprise for Linux policiesfrom the pages and tabs that are available in the details pane of the ePolicy Orchestrator console.These pages are nearly identical to those you can access directly from the McAfee VirusScanEnterprise for Linux user interface.

After you have modified the appropriate policies and saved the changes for the intended computer orgroup of computers, you are ready to deploy new settings via the McAfee Agent.

Creating or editing policiesYou can create, edit, delete, or assign a policy to a specific group in the System Tree.



3 Click Assigned Policies.

2 Integrating with ePolicy OrchestratorSetting policies within ePolicy Orchestrator


4 Select Product as VirusScan Enterprise for Linux 1.9.0. A list of policies managed by McAfee VirusScanEnterprise for Linux appears in the lower pane.

5 Locate the required policy, and click Edit Assignment next to the policy. The policy assignment for thechosen group page appears.

6 Click Edit Policy or New Policy as required.

If you click New Policy, the Create a new policy dialog box appears. Select the policy you want to duplicatefrom the Create a policy based on this existing policy drop‑down list, type a name then click OK. The newpolicy wizard appears.

7 Edit the policy setting as required, then click Save.

Enforcing policiesYou can enforce a policy to multiple managed systems within a group.


2 Click Menu | Systems | System Tree and select a required group or system(s).

3 Click Assigned Policies and from the Product drop‑down menu, select VirusScan Enterprise for Linux 1.9.0.

4 Select the Category and click Edit Assignment.

5 Select the policy from the Assigned policy drop‑down menu and click Save.

6 Select the systems again.

7 Send an agent wake‑up call. For instructions on sending an agent wake‑up call, please refer toSending an agent wake‑up call section.

You can create and enforce McAfee VirusScan Enterprise for Linux policies and view reports onlyafter adding the McAfee VirusScan Enterprise for Linux extension files.

Scheduling tasksThe ePolicy Orchestrator software allows you to create, schedule, and maintain client tasks that run onthe managed systems. You can define client tasks for the entire System Tree, a specific group, or anindividual system.

Creating a Product Update taskSchedule autoupdates on the Linux server using ePolicy Orchestrator.

Your software can only provide full protection if you keep it up‑to‑date with the latest anti‑virusdefinitions (DATs), spam engine, and anti‑virus scanning engine.

We recommend that you update DAT files daily and regularly check the McAfee Labs website for newDAT files.

Integrating with ePolicy OrchestratorScheduling tasks 2


TaskFor option definitions, click ? in the interface.

1 Log on to the ePolicy Orchestrator server as an administrator.

2 Click Menu | Systems | System Tree and select a required group or system(s) for which you want tocreate the Product Update task.

3 To create a client task:



4 To select the product update task:

• On ePolicy Orchestrator 4.5 — Under Description, type a Name, Notes for the task and select the Typeas Product Update and click Next.

• On ePolicy Orchestrator 4.6 or 5.0 — Under Task to schedule, select McAfee Agent as Product, selectthe Task Type as Product Update, then click Create New Task under Task Name.

5 Click Next.

6 Schedule the task as desired and click Next to select the DAT, ExtraDAT and Linux Engine.

7 Schedule the task immediately or as required, then click Next to view the Summary of the productupdate task.

8 Click Save.

9 Send an agent wake‑up call.

Click Edit to change the description or schedule of a product update task or Delete to remove it.

Creating an on-demand scan taskSchedule an on‑demand scan on the Linux client computer using ePolicy Orchestrator.

On‑demand scan task involves a scheduled scanning of your Linux server(s) to find a threat,vulnerability, or other potentially unwanted code. It can take place immediately, at a scheduled time inthe future, or at regularly‑scheduled intervals.



2 Click Menu | Systems | System Tree and select a required group or system(s) for which you want tocreate the on‑demand scan task.




2 Integrating with ePolicy OrchestratorScheduling tasks


4 To create the on‑demand scan task:

• On ePolicy Orchestrator 4.5 — Under Description, type a Name, Notes for the on‑demand scan taskand select the Type as On Demand Scan (VirusScan Enterprise for Linux 1.9.0) and click Next.

• On ePolicy Orchestrator 4.6 or 5.0 — Under Task to schedule, select VirusScan Enterprise for Linux 1.9.0 asProduct, select the Task Type as On Demand Scan, then click Create New Task under Task Name.

5 In Configuration, specify what you want this task to do, then click Next.

6 Schedule the task immediately or as required, then click Next to view the Summary of the on‑demandscan task.

7 Click Save.


Click Edit to change the description or schedule of an on‑demand scan task or Delete to remove it.

Setting the VirusScan Enterprise for Linux admin passwordSet the VirusScan Enterprise for Linux administrator password on Linux client systems using ePolicyOrchestrator.



2 Click Menu | Systems | System Tree and select a required group or system(s) for which you want tocreate the change password task.




4 To create the change password task:

• On ePolicy Orchestrator 4.5 — Under Description, type a Name, Notes for the change password taskand select the Type as Change VSEL Administrator's Password (VirusScan Enterprise for Linux 1.9.0) and clickNext.

• On ePolicy Orchestrator 4.6 or 5.0 — Under Task to schedule, select VirusScan Enterprise for Linux 1.9.0 asProduct, select the Task Type as Change VSEL Administrator's Password, then click Create New Task underTask Name.

5 In Configuration, specify what you want this task to do, then click Next.

6 Schedule the task immediately or as required, then click Next to view the Summary of the changepassword task.

7 Click Save.


Click Edit to change the description or schedule of this task or Delete to remove it.

Integrating with ePolicy OrchestratorScheduling tasks 2


Configuring reportsReports are pre‑defined queries which query the ePolicy Orchestrator database and generate agraphical output.

McAfee ePolicy Orchestrator has its own querying and reporting capabilities. McAfee includes a set ofdefault queries on the left pane. However, you can create a new query, edit, and manage all thequeries related to McAfee VirusScan Enterprise for Linux.


If the pre‑defined queries on the left side does not serve your purpose, ePolicy Orchestrator enablesyou to create your own queries.

2 To view reports:

• On ePolicy Orchestrator 4.5 — Click Menu | Reporting | Queries. The Queries page appears.

• On ePolicy Orchestrator 4.6 or 5.0 — Click Menu | Reporting | Queries & Reports. The Queries & Reportspage appears.

3 To create a new query:

• On ePolicy Orchestrator 4.5 — Click Actions | New Query. The Query Wizard page appears.

• On ePolicy Orchestrator 4.6 or 5.0 — Click Actions | New. The Query Builder page appears.

4 On the left pane, select a Feature Group that the query should retrieve.

5 Select a Result Type and click Next. The Chart page appears.

6 Select and accordingly configure a display chart/table and click Next. The Columns page appearsallowing you to select columns for the chart/table.

7 Select column(s) from the Available Columns pane and click Next.

8 The Filter page appears. Specify criteria by selecting properties and operators to limit the dataretrieved by the query.

9 Click Run, then Save. The Save Query page appears.

10 Type a Name and Notes (if required) for the query, then click Save.

Table 2-1 Option definitions

Option Definition

Delete Deletes a selected query.

Edit Launches the Query Builder page loaded with the details of the selected query,where you can edit the details of a selected query.

Duplicate Creates and saves a copy of the selected query.

Export Data Exports the selected query to an XML file that can be imported to anyePolicy Orchestrator server.

Run Runs the selected query and displays its result.

Actions | View QuerySQL

Takes you to the View Query SQL page, where you can view and copy the SQLscript of the selected query.

Import Query Launches a dialog box that allows you to browse to an exported query file.When you import a query file, the server adds it to My Queries list.

2 Integrating with ePolicy OrchestratorConfiguring reports


Running a default query


2 Click Menu | Reporting | Queries. A list of queries appear on the left pane.

3 Select VirusScan Enterprise for Linux under Shared Groups.

4 By default there are two VirusScan Enterprise for Linux queries:

Query Description

VSEL: VirusScan Enterprise for LinuxCompliance

Shows a graphical display of the compliant and non‑compliantlinux systems in the network.

VSEL: VirusScan Enterprise for LinuxThreats

Shows a graphical display of the threat summary and actiontaken on all linux systems in the network.

5 Click Run. The graphical output is displayed.

UninstallationThis section provides instructions to uninstall McAfee VirusScan Enterprise for Linux from the clientcomputers and remove the extensions from the ePolicy Orchestrator server.

Removing McAfee VirusScan Enterprise for Linux from theclient computerRemove McAfee VirusScan Enterprise for Linux from the client computer using ePolicy Orchestrator.










• On ePolicy Orchestrator 4.5 — Under Configuration, select the Target platforms as Linux and in Productsand components, select VirusScan Enterprise for Linux 1.9.0.<build number> from the drop‑down list, thenselect the Action as Remove.

• On ePolicy Orchestrator 4.6 or 5.0 — Under Client Task Catalog, select Linux as Target Platforms,VirusScan Enterprise for Linux 1.9.0.<build number> as Products and components, Remove as Action and theappropriate Language, then click Save.

6 Click Next to schedule the task immediately or as required.

Integrating with ePolicy OrchestratorUninstallation 2



8 Click Save and send an agent wake‑up call.

Removing McAfee VirusScan Enterprise for Linux from ePolicyOrchestratorRemove McAfee VirusScan Enterprise for Linux from the ePolicy Orchestrator repository.



3 Click the Delete link of VirusScan Enterprise for Linux with Version as 1.9.0.

4 To remove the product and reports extension, click Menu | Software | Extensions. The Extensions pageappears.

5 From the left pane, select VirusScan Enterprise for Linux.

6 For the report extension file McAfee VirusScan Enterprise for Linux Reports, then click Remove.

7 Select the option Force removal, bypassing any checks or errors, then click OK.

8 For the product extension file VirusScan Enterprise for Linux 1.9.0 and click Remove.

9 Select the option Force removal, bypassing any checks or errors, then click OK.

2 Integrating with ePolicy OrchestratorUninstallation


Index

Aabout 7about this guide 5audience 7

Cconventions and icons used in this guide 5

Ddocumentation

audience for this guide 5product-specific, finding 6typographical conventions and icons 5

Ffeatures

administration 7reporting 7scanning 7

Iintroduction 7

LLinuxshield

previously known as 7

MMcAfee ServicePortal, accessing 6

Pproduct features 7

Rrelease

what's new 8

SServicePortal, finding product documentation 6

TTechnical Support, finding product information 6

Wwhat's in this guide 6what's new 8


00

Documents

1.9.0 McAfee VirusScan Enterprise for Linux · McAfee VirusScan Enterprise for Linux detects and removes viruses and other potentially unwanted software on Linux‑based systems