ASTi Support : McAfee's Linux Command Line Scanner For Telestra 3 MBV

Telestra 3 App Note

McAfee's Linux Command Line Scanner For Telestra 3 MBV (#73)

Introduction

ASTi has tested and certified the McAfee VirusScan Command Line Scanner to protect its Linux-based Telestra 3 / MBV platform from viruses, and to comply with growing security requirements at DoD installation sites. This application offers advanced virus-scanning technology in a UNIX environment.

Requirements

Access to the Telestra System

This procedure requires you to log into the Telestra with a system-level user account, and gain super user (root) privileges. This means that you must:

Have a system-level user account
Know that user's password
Know the super user's password

For Telestra software versions 3.26 and prior, any user account created through the Telestra web interface qualifies as a "system-level" user. For versions 3.27 and later, however, system-level users differ from the Telestra web interface users, who do not have access to the command line. Please refer to the Telestra v3.0 User Guide for more information about the differences between these types of users.

Scanner Software

ASTi does not provide the McAfee VirusScan Command Line Scanner software and license, but recommends obtaining it from Softmart. Softmart is an authorized McAfee reseller, and provides the licensed software for download after purchase.

For more information see the following websites:

McAfee VirusScan Command Line Scanner
http://www.softmart.com/ (search for "McAfee VirusScan Command Line Scanner Standard")

Latest Virus Definitions

Virus scanning software is only as effective as its latest virus definitions allow. As such, you should download the latest virus definitions from McAfee, which can be found at:

To protect against new threats as they arise, ASTi recommends updating the virus definition (.dat) files regularly.

Software Installation

If you have already installed the McAfee VirusScan Command Line Scanner on your Telestra system, and simply wish to update your virus definitions, please skip to the Updating Virus Definitions section below, which duplicates a portion of these instructions.

Since most MBV installations do not have direct access to the Internet, ASTi recommends downloading the application and the latest virus definitions (.dat files) to a remote computer with Internet access, and then burning these files onto a CD-ROM. After burning the CD-ROM, insert it into the Telestra's optical drive, and follow the installation instructions below.

Note: Detailed installation instructions can also be found on McAfee's Web site.

Log into the Telestra system using your system-level user account. From the terminal, type and enter each of the commands shown below. If you are asked a question by the system during the installation, press the Enter key to accept its default answer.

Drop down to super user (root):
```
su
```
Create a temporary directory named "uvscan":
```
mkdir /tmp/uvscan
```
Mount the CD-ROM so the system can access its contents:
```
mount /cdrom
```
Copy the Scanner software file from the CD-ROM to the temporary directory. Replace the [xxxx] in the following command with the version number of the Scanner software:
```
cp /cdrom/vlp[xxxx].tar.Z /tmp/uvscan
```
Change your location to the temporary directory:
```
cd /tmp/uvscan
```
Now, unpack the compressed archive which contains the Scanner software installer. Replace the [xxxx] in the following command with the version number of the Scanner software:
```
zcat vlp[xxxx].tar.Z | tar -xf -
```
Install the Scanner software:
```
./install-uvscan
```
Back out of the temporary directory:
```
cd /tmp
```
Delete the temporary directory:
```
rm -r ./uvscan
```
At this point, the initial installation is complete.

Now, update the Scanner's virus definitions.
Copy the DAT file from the CD-ROM to the Scanner's directory on the Telestra system. Replace the [xxxx] in the following command with the version number of the virus definitions file:
```
cp /cdrom/dat-[xxxx].tar /usr/local/uvscan/
```
Change your location to the Scanner's directory:
```
cd /usr/local/uvscan
```
Unpack the compressed archive which contains the new virus definitions. Replace the [xxxx] in the following command with the version number of the virus definitions file.

Important: When prompted, allow these new files to overwrite and replace any files that already exist on the system.
```
tar xf dat-[xxxx].tar
```
Now the virus definitions are up-to-date. Finally, unmount the CD-ROM:
```
umount /cdrom
```
The CD-ROM can now be ejected from Telestra's optical drive.

Performing a Virus Scan

WARNING: Running the Command Line Scanner adds a significant CPU load to the Telestra system. DO NOT run a scan while running a model or during a comms exercise or live training.

Due to restrictions placed upon system-level users by way of Linux permissions, ASTi recommends that all scans be initiated by the root (super) user.

To start a scan, you will use the Linux command uvscan.

Here is an example of the command used to start a scan:

uvscan -rv --summary /usr/local/asti

In the above command:

The scan will begin with the contents of the /usr/local/asti directory, but will not scan any file(s) in a higher-level or parallel directory. E.g., the file /usr/local/foo.txt will not be scanned, nor will the /usr/local/share directory.
The -r option prompts the Scanner to perform a recursive scan, which drills down through each of /usr/local/asti's subdirectories and their contents.
The -v option prompts the Scanner to print the name(s) of the file(s) being scanned on the screen as they are checked.
The --summary option prompts the Scanner to print a summary of the scan upon completion.

Other Command Options

To view a complete list of uvscan options and how to use them, enter:

man uvscan

Use the arrow keys to navigate through the manual page; when you are finished, press "q" to exit.

These command options are also available in the PDF document included in the original TAR archive (vlp[xxxx].tar.Z); look for a file named e[xxxx]upg.pdf. Again, replace the [xxxx] with the software's version number.

Scanning a Security-Hardened Telestra

If you have applied ASTi's STIG Security package to the Telestra 3 / MBV platform, system-level users will be automatically logged out of the system after 15 minutes of idle time. Further, all that user's processes (including a scan) will be halted.

Scanning the entire Telestra file system, however, will take well over 15 minutes to complete. The following example command will allow you to initiate the scan, have it run for as long as needed, and write its output to a text file for later review.

nohup uvscan -rv --summary / > uvscan_log.txt