Linux Security 64 more documentation?

Donovan
Donovan W/ Alumni Posts: 9 Security Scout

We want to switch to Linux Security 64 on rhel 7.

But please provide some extended documentation.

Wich service is responsbile for what?

How to invoke manual configuration update?

How to check proper functioning of the antivirus?

Eicar test file is not working with full real time scanning on / enable, /opt/f-secure/linuxsecurity/bin/fsanalyze  EICAR_Test_File_Not_A_Virus is working ok.

Do we need only to configure "Linux security 64" or is the "Real-time scanning" also involved.

 

Comments

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 498 Moderator

    Hi Donovan,

     

    Can you please share what is the output for the EICAR test file that did not work ? 

     

    Regarding your other inquiries, I will check with the relevant team, and update you accordingly.

  • _MLE
    _MLE W/ Alumni Posts: 2 Security Scout

    Hello,

     

    Indeed, the current state of the Linux Security 64 documentation does not really allow anyone to understand how does it work, and master its deployment/use.

     

    We encounter the same issue (on CentOS), a manual scanning detects our EICAR test file, whereas the real-time scanning does not detect anything, and therefore does not prevent a user/a process to access this "malicious" file.

     

    Even if it is documented, we are still waiting for the fix of "CSLP-3319: Manual scanning cannot be invoked from Policy Manager Console.". It is not OK, not to be able to launch a global scan of our machines from the Policy Manager.

     

    M.

     

  • Donovan
    Donovan W/ Alumni Posts: 9 Security Scout

    @jamesch wrote:

    Hi Donovan,

     

    Can you please share what is the output for the EICAR test file that did not work ? 

     

    Regarding your other inquiries, I will check with the relevant team, and update you accordingly.


    #wget https://secure.eicar.org/eicar.com.txt

    #cat eicar.com.txt

     

    real time scanner does not nothing

     

     

     

  • Donovan
    Donovan W/ Alumni Posts: 9 Security Scout

    Thanks for the additional info, this is very usefull.

    4.Eicar test file is not working with full real time scanning on / enable, /opt/f-secure

    /linuxsecurity/bin/fsanalyze  , but EICAR_Test_File_Not_A_Virus is working ok.

      - The root directory ('/') was provided by default, after remove -> distrubute and adding back the root directory and distributing the policy, it worked!

     

     

     

  • JamesC
    JamesC W/ Partner, W/ Staff, W/ Moderator Posts: 498 Moderator

    Hi M


    Can you please advise if Step 4) from my latest post helped with the EICAR scanning ?

     

    Regarding CSLP-3319, I have checked with the relevant team. They advised global scan can already be launched using the scheduled scan feature, and estimates the feature will be dealt with during September, 2019.

This discussion has been closed.