Professional Documents
Culture Documents
COPYRIGHT
Copyright 2014 McAfee, Inc. Do not copy without permission.
TRADEMARK ATTRIBUTIONS
McAfee, the McAfee logo, McAfee Active Protection, McAfee DeepSAFE, ePolicy Orchestrator, McAfee ePO, McAfee EMM, Foundscore, Foundstone, Policy
Lab, McAfee QuickClean, Safe Eyes, McAfee SECURE, SecureOS, McAfee Shredder, SiteAdvisor, McAfee Stinger, McAfee Total Protection, TrustedSource,
VirusScan, WaveSecure are trademarks or registered trademarks of McAfee, Inc. or its subsidiaries in the United States and other countries. Other
names and brands may be claimed as the property of others.
Product and feature names and descriptions are subject to change without notice. Please visit mcafee.com for the most current products and features.
LICENSE INFORMATION
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS
FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU
HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR
SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A
FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET
FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
Product Guide
Contents
Preface
7
7
7
8
Introduction
15
System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Install the software on a standalone system . . . . . . . . . . . . . . . . . . . . . . .
Install the software with the command line . . . . . . . . . . . . . . . . . . . .
Install the software in silent mode . . . . . . . . . . . . . . . . . . . . . . . .
Install and deploy the software on managed systems . . . . . . . . . . . . . . . . . . .
Prerequisites . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Check in the package manually . . . . . . . . . . . . . . . . . . . . . . . . .
Install the extensions . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Deploy the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Send an agent wake-up call . . . . . . . . . . . . . . . . . . . . . . . . . .
Upgrade the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Upgrade the software from previous versions on RPM and Debian systems . . . . . . . .
Upgrade the managed systems using ePolicy Orchestrator . . . . . . . . . . . . . .
Test the installation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Test the on-access scan feature on a standalone system . . . . . . . . . . . . . . .
Test the on-demand scan feature on a standalone system . . . . . . . . . . . . . .
Test the on-demand scan on managed system . . . . . . . . . . . . . . . . . . .
Uninstall the software . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Uninstall the software from a standalone system . . . . . . . . . . . . . . . . . .
Remove the software from managed systems . . . . . . . . . . . . . . . . . . .
Remove the software from ePolicy Orchestrator . . . . . . . . . . . . . . . . . .
29
15
16
16
19
20
20
20
21
21
22
22
23
23
24
24
24
25
25
26
26
26
29
30
30
30
30
30
Product Guide
Contents
Viewing information
35
Host summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Scanning summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Scan statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Recently detected items . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Recently scanned items . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Generate a diagnostic report . . . . . . . . . . . . . . . . . . . . . . . . . .
Detected items . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Analyze the detected items . . . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing the results . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Export the results for analysis . . . . . . . . . . . . . . . . . . . . . . . . .
Viewing system events . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Analyze the system events . . . . . . . . . . . . . . . . . . . . . . . . . . .
Export the results for analysis . . . . . . . . . . . . . . . . . . . . . . . . .
Scheduled tasks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Run a scheduled task immediately . . . . . . . . . . . . . . . . . . . . . . . .
Modify an existing scheduled task . . . . . . . . . . . . . . . . . . . . . . . .
Delete an existing scheduled task . . . . . . . . . . . . . . . . . . . . . . . .
Stop a running task . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
ExtraDAT file details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Setting up schedules
Using a wizard . . . . . . .
Product update schedule . . .
Create a product update
On-demand scan preferences .
Schedule an on-demand
35
36
36
37
37
38
38
38
39
40
40
40
41
41
42
42
43
43
43
45
. . . .
. . . .
schedule
. . . .
scan . .
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
.
45
46
46
48
48
53
General settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Browser interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Log levels . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Statistics reset . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Clearing statistics . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure general settings . . . . . . . . . . . . . . . . . . . . . . . . . . .
Restoration of default configuration settings . . . . . . . . . . . . . . . . . . . .
On-access settings configuration . . . . . . . . . . . . . . . . . . . . . . . . . . .
Anti-virus scanning options . . . . . . . . . . . . . . . . . . . . . . . . . . .
Exclude paths from scanning . . . . . . . . . . . . . . . . . . . . . . . . . .
Extension-based scanning . . . . . . . . . . . . . . . . . . . . . . . . . . .
Anti-virus actions . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure on-access scan settings . . . . . . . . . . . . . . . . . . . . . . . .
On-demand settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
Configure on-demand scan settings . . . . . . . . . . . . . . . . . . . . . . .
Notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
SMTP notifications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
31
31
31
32
32
32
32
33
33
53
54
54
55
55
56
56
56
57
58
59
61
61
63
63
65
65
Product Guide
Contents
Configure
Repositories . .
Configure
Configure
Configure
SMTP settings . . . . . . . . . . . . . . . . . . . . . . . . . . . .
. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .
the repository list . . . . . . . . . . . . . . . . . . . . . . . . . .
the local repository . . . . . . . . . . . . . . . . . . . . . . . . . .
the proxy settings . . . . . . . . . . . . . . . . . . . . . . . . . .
71
Advanced features
Troubleshooting
79
80
82
82
85
Index
71
71
72
72
73
74
75
75
76
77
77
78
79
66
67
67
67
68
85
85
85
86
87
88
88
91
Product Guide
Contents
Product Guide
Preface
This guide provides the information you need to work with your McAfee product.
Contents
About this guide
Find product documentation
Audience
McAfee documentation is carefully researched and written for the target audience.
The information in this guide is intended primarily for:
Administrators People who implement and enforce the company's security program.
Users People who use the computer where the software is running and can access some or all of
its features.
Conventions
This guide uses these typographical conventions and icons.
Book title, term,
emphasis
Bold
Commands and other text that the user types; a code sample; a displayed
message.
Interface text
Words from the product interface like options, menus, buttons, and dialog
boxes.
Hypertext blue
Product Guide
Preface
Find product documentation
Do this...
User documentation
KnowledgeBase
Product Guide
Introduction
McAfee VirusScan Enterprise for Linux protects your Linux systems from malware threats and other
potentially unwanted software.
Contents
What is VirusScan Enterprise for Linux
How the software works
Components
How scanning works
What and when to scan
Types of scanning
Product features
On-access scan Scans files for malware threats when you access a file to open or write.
On-demand scan Scans files and directories for malware threats in your host system
immediately or as scheduled.
Product Guide
Introduction
Components
Fanotify is a Linux operating system API that sends notification for file system operations. It also gives
the capability to intercept the file. The software relies on Fanotify to intercept file IO (Input/Output)
operations.
The software receives notification on the file writing and reading, then scans files for threats and takes
necessary actions according to the scan settings.
To check the supported operating system for VirusScan Enterprise for Linux 2.0, see the Supported
Linux Kernels (operating system) section in the McAfee Knowledgebase article KB75270.
For the Action on timeout option configuration, the default action is Allow Access, and for the Action if an error
occurs during scanning options configuration, the default action is Block Access. If the action is set to Block, the
software blocks the file only in read scanning operation. It does not block the file in write scanning
operation.
The software activities can be monitored and configured through an HTTPS interface. For example, you
can configure what type of files are scanned, and define actions to take for infected files, such as
cleaning, deleting, or quarantining. Using the simple and secure web-browser interface, you can
monitor and control malware detection.
The software also maintains a record of files that it recently scanned to avoid repeated scanning.
The software begins to scan files on these events:
File release When a file is closed. If a process has multiple references to a file, for example,
using dup or a memory mapping, release refers to when the last reference is released.
Components
The software uses a management interface that runs on HTTPS to monitor and control scanning on a
host.
The diagram shows a web browser, connected through a secure HTTPS link to a web monitor service,
as a component of the software.
This table explains how the components operate in this simple setup.
Component Function
10
Scanner
nailsd
Communicates between the web monitoring service and the scanner, passing
information about the anti-virus scans and configuration details.
mon
Examines the software activity on the host, and can configure the anti-virus activity.
nailswebd
Communicates with a web browser such as Konqueror, using a secure HTTPS link. A
name and password is required for user authentication.
Product Guide
Introduction
How scanning works
Once the engine has confirmed the identity of malware, it cleans the object. For example, the
anti-malware software can remove an infected macro from a document or delete the malware code in
an executable file. If the malware had destroyed data and the file cannot be cleaned or recovered,
VirusScan Enterprise for Linux isolates the file so that it cannot be accessed, activated, or infect other
files.
Types of scanning
The software scans files in two ways such as on-access scanning and on-demand scanning.
Both these scanning detect the same malware, but they work at different points on the network and
on the Linux systems. The types of scanning can take place at different times, and at different stages
in the handling of objects.
On-access scanning
On-access scanning is a real-time scanning that examines objects when the user or system accesses
files. For example, an on-access scanner examines a file when the user opens it.
When you first install the software, on-access scanning defaults are set but you can configure the
settings as needed. You can set global options that determine how scanning is carried out. The global
options include how the scanner deals with different types of object, specifying the actions for infected
items, and how quarantine and notification are handled.
On-demand scanning
You can run on-demand scan in two ways:
Product Guide
11
Introduction
Product features
Standard on-demand scan The user instructs the software to perform a scan. You can run a
standard on-demand scan manually.
Scheduled on-demand scan The scheduled scan runs automatically at predetermined intervals as
defined.
You can choose to schedule a scan of this type to run after the regular DAT update.
You can run an on-demand scan for many reasons, for example:
To check a file that has been downloaded from the Internet or obtained from an external source.
To check if your system is clean, following the DAT update, in case new viruses can be detected.
Product features
The main features of the software are listed here.
General
Native 64-bit platform support Supports only 64-bit platforms. All binaries shipped with the
product are 64-bit. This product cannot be used on 32-bit platforms.
Fanotify technology Uses Fanotify technology to perform on-access scanning instead of kernel
hooking modules, the technology used in earlier versions. Therefore, this version does not have
any kernel hooks.
Fanotify is enabled in the kernel from the kernel version 2.6.38. This release does not support the
distribution that does not have Fanotify enabled in the kernel, such as RedHat 6.
Anti-malware scanning
Protects your system from viruses, trojan horses, spyware, and potentially unwanted programs.
Supports Novell Storage Services (NSS) and Novell Cluster Services (NCS)
Supports on-access scanning for local file systems and network volumes.
Provides an option to include or exclude network-mounted volumes from on-access scanning and
on-demand scanning.
Provides an option to include or exclude archived files from on-access scanning and on-demand
scanning.
Supports regular expression-based exclusions for on-access scanning and on-demand scanning
from the interface.
Auto and scheduled updates for scanning engine and detection definition (DAT) files.
12
Allows you to schedule the scanning engine and detection definition (DAT) files update.
Product Guide
Introduction
Product features
Administration
Manages and controls systems centrally from a single management console using ePolicy
Orchestrator.
Reporting
Displays real-time statistics for recently scanned items and recently detected threats.
Provides options to query the database by date range or individual field values, for example, virus
name. You can export the results to a CSV file.
Sends email notification for detected items, out of date DAT files, configuration changes, and
system events.
Generates diagnostic report for analysis when reporting a problem with the product.
Product Guide
13
Introduction
Product features
14
Product Guide
Install the software on a standalone system, or deploy the software from ePolicy Orchestrator to
managed Linux systems.
Contents
System requirements
Install the software on a standalone system
Install and deploy the software on managed systems
Upgrade the software
Test the installation
Uninstall the software
System requirements
Make sure that your system meets these minimum requirements, and you have administrator rights.
Component
Requirements
Processors
Memory
Minimum: 2 GB RAM
Recommended: 4 GB RAM
Minimum: 1 GB
Product Guide
15
Component
Requirements
Operating Systems
(64-bit)
Virtual platforms
VMware
KVM
Citrix Xen
Virtual box
Xen
Paravirtual environment
Guest operating system on Xen Hypervisor
McAfee
Management
software
McAfee Agent
16
Product Guide
Answer the questions when prompted. Accept the default values, or type custom values.
When prompted to start the VirusScan services, type the default option Y.
Confirm that VirusScan Enterprise for Linux is installed and running correctly:
/etc/init.d/nails status
The message The McAfeeVSEForLinux daemon is running: process information follows appears.
Product Guide
17
Answer the questions when prompted. Accept the default values, or type custom values.
When prompted to start the VirusScan services, type the default option Y.
Confirm that VirusScan Enterprise for Linux is installed and running correctly:
/etc/init.d/nails status
The message The McAfeeVSEForLinux daemon is running: process information follows appears.
From the Novell eDirectory server, use iManager to create a user, nails, and a group, nailsgroup.
Add the user nails to the group nailsgroup. Enable the user and group using the Linux User Management.
Provide nails the user with administrator rights on all NSS volumes.
rights -f /media/nss/<VOL-name> -r s trustee nails.<context>.<tree>
You must provide administrator privileges to the nails user, every time a new NSS volume is created.
Type nailsgroup for the Linux group for the VirusScan administrator.
Answer the questions when prompted. Accept the default values, or specify your own.
10 When prompted to start the VirusScan services, type the default option Y.
18
Product Guide
Install the software on RPM and Debian based systems in silent mode on page 19
Install VirusScan Enterprise for Linux on RPM and Debian systems in silent mode.
Install the software on Novell Open Enterprise Server in silent mode on page 19
Install the software on Novell Open Enterprise server in silent mode.
Install the software on RPM and Debian based systems in silent mode
Install VirusScan Enterprise for Linux on RPM and Debian systems in silent mode.
Before you begin
Before installing the software, you must have McAfee Runtime and McAfee Agent already
installed on the computer.
Task
1
Create a file, nails.options, with the following settings in the root home directory.
SILENT_ACCEPTED_EULA=yes
SILENT_INSTALLDIR=/opt/NAI/LinuxShield
SILENT_RUNTIMEDIR=/var/opt/NAI/LinuxShield
SILENT_ADMIN=admin@example.com
SILENT_HTTPHOST=0.0.0.0
SILENT_HTTPPORT=55443
SILENT_MONITORPORT=65443
SILENT_SMTPHOST=0.0.0.0
SILENT_SMTPPORT=25
SILENT_NAILS_USER=nails
SILENT_NAILS_GROUP=nailsgroup
SILENT_CREATE_USER=yes
SILENT_CREATE_GROUP=yes
SILENT_RUN_WITH_MONITOR=yes
SILENT_QUARANTINEDIR=/quarantine
SILENT_START_PROCESSES=yes
After installation is completed, use the command passwd to assign a password to the user nails.
From the Novell eDirectory server, use iManager to create a user, nails and a group, nailsgroup.
Add the user nails to the nailsgroup. Enable the user and group using the Linux User Management.
Provide nails the user with administrator rights on all NSS volumes.
rights -f /media/nss/<VOL-name> -r s trustee nails.<context>.<tree>
You must provide administrator privileges to the nails user, every time a new NSS volume is created.
Product Guide
19
In the nails.options file, make sure that the following parameters are available:
SILENT_NAILS_USER="nails"
SILENT_NAILS_GROUP="nailsgroup"
SILENT_CREATE_USER=no
SILENT_CREATE_GROUP=no
After performing the installation, use iManager to assign a password to the user nails.
Prerequisites
Before deploying VirusScan Enterprise for Linux on Novell Open Enterprise Server 2.x systems:
1
From the Novell eDirectory server, use iManager to create a user, nails, and a group, nailsgroup.
Add the user nails to the group nailsgroup. Enable the user and group using the Linux User Management.
Provide nails the user with administrator rights on all NSS volumes. For example: rights -f /
media/nss/<VOL-name> -r s trustee nails.<context>.<tree>
You must provide administrative privileges to the nails user, every time a new NSS volume is
created.
Task
For option definitions, click ? in the interface.
20
Click Menu | Software | Master Repository, then click Action | Check In Package.
On the Check In Package page, for Package type, select Product or Update (.ZIP).
Product Guide
Click Browse in File Path, select the file from the temporary location, then click Next.
Select McAfeeVSEForLinux-2.0.0.<build_number>-release-EPO.zip to install the software. Select
MSA-LNX_4.8.0_Package.zip to install McAfee Agent.
On the Package Options page, select a Branch, select the required options, then click Save.
EPOAGENTMETA.ZIP
LYNXSHLDMETA.ZIP
LYNXSHLDMETAPARSER.ZIP
Task
For option definitions, click ? in the interface.
1
On How to add systems, select Create and download agent installation package, click Non-Windows in Agent version,
select McAfee Agent for Linux 4.8.0 (Current), then click OK.
From Download file, right-click install, then select Save target as to download the file to your local
system.
If you are deploying the product on an Ubuntu client system, download the installdeb.sh file to
your local system.
From the Linux terminal, execute the following command, to establish a connection between
ePolicy Orchestrator and the Linux client computer:
sh install.sh i
Navigate to System Tree page, then on the Assigned Client Tasks tab, click Actions | New Client Task Assignment.
Product Guide
21
On Task to schedule, select McAfee Agent as the product, select Product Deployment as the task type, then
click Create New Task under the task name.
To configure the client task, under Client Task Catalog, select Linux 64bit as the target platform, VirusScan
Enterprise for Linux 2.0.0.<build number> as the Products and components, Install as the action, a language,
then click Save.
To deploy the software with customized settings, copy the nails.options file to the /root and /
directory on your Linux client system. For more information on creating the nails.options file, see
Silent installation.
Click Next to schedule this task immediately or as needed, Click Next to view the task summary, then
click a summary, then click Save and send an agent wake-up call. Wait for the deployment task to
complete.
Navigate to System Tree, select a group or systems, then select the Computer Names of that group.
For Wake-up call type select Agent Wake-Up Call, then for Randomization select a number of minutes that
the systems must respond by.
Select Get full product properties for the agents to send complete properties instead of only properties
that have changed since the last agent-server communication.
Click OK.
To see the status of the agent wake-up call, click Menu | Automation | Server Task Log.
22
Upgrade the software from previous versions on RPM and Debian systems on page 23
Upgrade the software from versions 1.7.1 or 1.9.0 to version 2.0.
Product Guide
Navigate to the System Tree page. On the Assigned Client Tasks tab, click Actions | New Client Task Assignment.
On Task to schedule, select McAfee Agent as the product, select Product Deployment as the task type, then
click Create New Task under Task Name.
To configure the client task, under Client Task Catalog, select Linux 64bit as the target platform, VirusScan
Enterprise for Linux 2.0.0.<build number> as the product and component, Install as the action, a language,
then click Save.
To upgrade the McAfee Agent on the Linux client system to McAfee Agent 4.8, first add McAfee Agent for
Linux 4.8.0.x, then click the + button to add VirusScan Enterprise for Linux 2.0.0.<build_number>
to upgrade both McAfee Agent and the product.
Product Guide
23
Click Next to schedule this task immediately or as needed, click Next to view the task summary, click
Save, then send an agent wake-up call. Wait for the deployment task to complete.
Log on with the user name and password provided during installation.
On the On-Access Settings page, click Edit, deselect Enable On-Access scanning, then click Apply.
Try copying the eicar.com.txt file downloaded to your Linux client's desktop /tmp directory.
You can see that the file is not copied to the target directory and is missing from the desktop. The file
is quarantined and you can see one detected item appears on the Host Summary page.
24
Product Guide
Task
1
Click ANTI-MALWARE TESTFILE, click DOWNLOAD, then right-click eicar.com.txt and save the file to
your /tmp directory.
You can see that the EICAR test malware is detected in the scan results. You can also view these
results from Detected Items and System Events page.
Task
For option definitions, click ? in the interface.
1
Click ANTI-MALWARE TESTFILE, click DOWNLOAD, then right-click eicar.com.txt and save the file to
your /tmp directory.
From the ePolicy Orchestrator, run an on-demand scan using the option Immediately on the managed
system.
You can see that the EICAR test malware is detected in the scan results. You can also view these
results from Detected Items and System Events page.
Product Guide
25
rpm -e McAfeeVSEForLinux
rpm -e MFEcma
rpm -e MFErt
Create a client task in ePolicy Orchestrator. Click Assigned Client Tasks | Actions | New Client Task
Assignment.
Schedule a client task in ePolicy Orchestrator. Under Task to schedule, select McAfee Agent as the
product, select Product Deployment as the task type, then click Create New Task under the task name.
Configure the client task in ePolicy Orchestrator. Under Client Task Catalog, select Linux as the target
platform, VirusScan Enterprise for Linux 2.0.0.<build number> as the product and component, Remove as the
action, select a language, then click Save.
Click Next to schedule the task immediately or as needed, click Next to view task summary, click Save,
then send an agent wake-up call.
26
Click Menu | Software | Master Repository to open the Packages in Master Repository page.
Product Guide
In the Actions column, click the Delete link for VirusScan Enterprise for Linux as the name and 2.0.0 as the
version.
Click Menu | Software | Extensions, then from the left pane, select VirusScan Enterprise for Linux
For each extension file, click Remove, select Force removal, bypassing any checks or errors, then click OK.
Product Guide
27
28
Product Guide
Access the interface to define or modify the software configuration, or view information about the
software.
Contents
Launch the interface
VirusScan Enterprise for Linux interface
Working with the interface
Open a supported web browser, such as Internet Explorer, Mozilla, or Konqueror, then type the IP
address and port number in this format:
For example: https://server1:55443 or https://192.168.200.200:55443
VirusScan Enterprise for Linux regards server1 and SERVER1 as similar. The browser tries to connect
to the port on the Linux host where the VirusScan Enterprise for Linux web-monitoring service runs,
and displays the logon page. If your browser or its version is not supported, you see a warning
message. You can continue to log on, but you might experience problems later with the screen and
operation of features of the interface.
Type the default user name nails and the password that you specified during installation, then click
Log on to open the homepage.
The user name and password is case-sensitive.
On Konqueror browsers, the following message appears: Server certificate failed the authenticity test...
This message appears because the certificate is self-signed. You can ignore this message and click
Continue.
The Host Summary page displays information such as IP address, DAT and engine version, product
version, files scanned, status, and detected items for the Linux systems.
To return to this page at any time, click Home from the navigation pane on the left side.
Product Guide
29
Left The navigation pane allows you to visit each page setting.
Middle The console displays the available settings for each page you select from the navigation
pane.
Navigation pane
The navigation pane appears on left side of the interface. It provides links to view summary reports,
schedule scans, update the product, and configure scan settings and notifications. Similar links are
grouped.
The name of the currently selected Linux host appears above the navigation pane as a host name and
port number, for example: server1:55443.
The groups of items in the navigation pane menu (View, Schedule, and Configure) refer to this host.
View Displays Host Summary, Scanning Summary, Detected Items, System Events, and Scheduled Tasks
information about the selected host.
Schedule Displays Product Update and On-Demand Scan information, where you can set up schedules for
running on-demand scans and updating the DAT files.
Configure Displays General Settings, On-Access Settings, On-Demand Settings, and Notifications information,
where you can configure scanning, notification, and repository settings on the selected host.
Home Displays summary information about the host that is being monitored.
Show/Hide Quick Help Displays or hides the Help system which is displayed on the right pane of the
interface.
Console
The console in the middle of the interface displays each page that is selected from the navigation
pane.
Help pane
The help pane on the right side of the interface displays basic information about each page displayed
the console area.
You can configure to display or hide the Help, using the Show Quick Help or Hide Quick Help menu options in
the navigation pane.
Links bar
The links bar at the top of the interface provides quick access to information or often-used functions.
This bar contains the following links:
30
Log off Closes the current session and navigates to the software logon page.
Product Guide
Submit a Sample Displays Instructions for submitting malware samples to McAfee labs.
Virus Information Library Links to the malware information library, which provides full information
about every malware and other potentially unwanted software that VirusScan Enterprise for Linux
can detect and clean.
About McAfee VirusScan Enterprise for Linux Displays product version and license information.
Click
Click
You can collapse and expand tables as needed for better readability, when the interface displays
information with more rows.
For example, on the Notifications page, the SMTP Notification and SMTP Settings tables contain many options.
You might not be able to view the options in both the tables on a single page. In such cases, you can
collapse the table information that you are not using.
Product Guide
31
On the navigation pane, under Configure area, click the page you want to modify the settings, then
click Edit.
The Edit button is replaced by other buttons Apply and Cancel, and in some cases, Defaults, or Reset.
While making the changes, if you decide not to proceed, click Cancel.
To reset the settings to the defaults, click Reset. When you click Cancel or Defaults, you are prompted
to confirm that you want to do this.
On the navigation pane, under Configure area, click General Settings, then click Edit.
In the Browser Interface table, type the value for Refresh interval (seconds), then click Apply.
To manually refresh these pages at any time, click Refresh at the top of the page.
Using wizards
The interface uses wizards for completing complex tasks.
Using the Next and Back buttons in the top right corner enables you to move from pane to pane. You
can also move to any pane by clicking the respective tabs.
To close the wizard and complete the task, click Finish.
32
Product Guide
Error messages
When a fault occurs with the interface, a message appears on the current page.
The message typically has the format:
Error code
Description
25
For more information about error messages, see View system events.
Product Guide
33
34
Product Guide
Viewing information
From the View area of the navigation pane, you can view the host summary, scanning summary,
detected items, system events, and scheduled tasks information.
Contents
Host summary
Scanning summary
Detected items
Viewing system events
Scheduled tasks
ExtraDAT file details
Host summary
The Host Summary page shows the information collected from the server running VirusScan Enterprise
for Linux. The information includes the number of files scanned and the detections.
To view this page, click Host Summary under View in the navigation pane.
For more information about the scanning activity on the host, click the host name in the Host column.
The Scanning Summary page contains these details.
Option
Definition
Host
Displays the name of host that is being monitored. Click the address to view the
Scanning Summary page for that host.
Status
Files Scanned
Displays the number of items scanned since the software was installed, or since the
statistics counters were last reset.
Detected Items
Displays the number of detected items since the software was installed or since the
statistics counters were reset. Click the number to navigate to the Detected Items page for
that host.
DAT Version
Displays the 8-digit (XXXX.YYYY) version number for the DAT files.
DAT Date
Product Guide
35
Viewing information
Scanning summary
Option
Definition
ExtraDAT
Engine Version
Displays the scanning engine version. Engines are updated less often than DAT files.
Scanning summary
The Scanning Summary page shows details of on-access scanning activity on the host that you selected
from the Host Summary page.
Statistics about malware detected during on-access and on-demand scans are available from the
Detected Items page, and the rest is available from System Events.
You can view the Scanning Summary page by navigating to Scanning Summary under View.
The Scanning Summary page displays the scanning statistics and scanned items details.
The Scanning Statistics table displays the on-access scan status, number of files scanned, number of
files detected, actions taken, excluded files, average scan time, and host local time details.
The Recently Detected table displays the details of the detected items such as detection time, file
name, detection type, and file path.
The Recently Scanned table displays the details of the scanned items such as detection time, file name,
detection type, and file path.
Scan statistics
The statistics are collected from the time when the software was installed, or since the statistics
counters were last reset on the General Settings page.
This table explains the information in each column.
Option
Definition
On-Access status
Files scanned
Displays the number of files scanned since the host started or the counters were
reset.
Detected items
Actions performed
Indicates actions that have been performed on files, in accordance with the
settings on the On-Access Settings page. For on-access scans, Access denied means
that all actions taken against the infection failed, or the action was set to deny
access.
Displays the number of files that were not scanned for any reasons. For example,
some items are excluded because they are on specified excluded paths, or
because of the file name extension.
Average scan time (ms) Displays the average time in milliseconds taken to scan an item.
36
Scanning uptime
Indicates the time since the software was last started. Statistics about average
scanning time are based on this period.
Time is expressed in 24-hour format as local time on the host, and with a UTC
offset.
Product Guide
Viewing information
Scanning summary
Description
Time
File Name
Detected As
Name of any virus or other potentially unwanted software. For more information, click
the name to visit the Virus Information Library.
Process
Path
Name of the file, including its full path. For an archive or other file types that act as a
container, the path can include the name of an item within the archive.
Description
Time
File Name
Detected As
Name of any virus or other potentially unwanted software. For more information, click
the name to visit the Virus Information Library.
This column appears only if a recently scanned file was infected.
Product Guide
37
Viewing information
Detected items
Option
Description
Process
Path
Name of the file, including its full path. For an archive or other file types that act as a
container, the path can include the name of an item within the archive.
If the path name is long, move the horizontal scroll bar to see it all clearly.
In the Scanning Summary page, click Diagnostic Report. The console displays a list of system events,
configuration details, and other information.
Using the browser, you can copy the information for later analysis. Typically, you select Select All
from a right-click menu (or Ctrl+A), copy then paste the text as needed.
Detected items
The Detected Items page shows a list of items that contained malware or other potentially unwanted
software. The range of items that you see can vary because the list depends on how you navigated to
this page.
If you navigate directly to this page from the navigation pane or you select the count of Detected Items in
the Scanning Summary page, you see items detected today by on-access scanning.
If you navigate to this page from a task in the Scheduled Tasks page for an on-demand task, you see
items detected during the last run of the task.
To view this page, click Detected Items under View in the navigation pane. From this page, you can modify
the view to show information about items detected by on-access scanning or detected by an
on-demand scan.
The Detected Items page has two areas:
Results Displays the results of the query you run. If none of the criteria matches, you get a
message No results found.
38
After a short time, VirusScan Enterprise for Linux updates the information under Results.
Product Guide
Viewing information
Detected items
Task
1
On the navigation pane, click Detected Items, then select the scan option:
To examine information after a specified date, select from. To examine information before a
specified date, select to. Select the date and time.
To examine information between two dates, select both from and to, select the dates and times,
then click Find Results.
At the where area, select the check boxes to select items such as Path, Results, and User.
The path names are case sensitive.
Click Find Results. After a short time, the software displays the updated information in the Results
page.
Definition
Time
File Name
Result
Detected As
Name of the malware or other potentially unwanted software. For more information, click
its name to view its details in our Virus Information Library.
Name of the user who accessed the file. This option is not available in the results of
on-demand scans.
Product Guide
39
Viewing information
Viewing system events
Option
Definition
Process
Process that accessed the file. This field is not available in the results of on-demand
scans.
Path
Name of the file, including its full path. This option is not available in the results of
on-demand scans.
To view more rows of information, use the navigation arrows and numbers below the table. You can
refine the information using the Query filter. For more information, see Analyze the detected items.
If the page shows on-access scanning, or if a scheduled scan is still running, click Refresh to see the
latest detections.
Definition
Time
Code
Type
Description
40
Product Guide
Viewing information
Scheduled tasks
Error Code
Description
3000
3001
3000
3000
10003000
All events between 1000 and 3000, including 1000 and 3000.
Click Find Results. After a short time, updated information appears under Results.
Under Query, specify the information you want to view, then click Find Results.
Scheduled tasks
Update the scanning engine and DAT files, or run on-demand scans using schedules.
You can choose these tasks to run immediately, to run once, or to run on a schedule.
You can view this page by clicking Scheduled Tasks under View in the navigation pane.
The Scheduled Tasks page has two areas:
Task Details shows the status and other details for the selected task.
Definition
Name
Name of the task. To view the details for any task, click its name.
Type
Product Guide
41
Viewing information
Scheduled tasks
Option
Definition
Status
Results
To see any more rows of information, use the navigation arrows and numbers below the table.
To see extra information about any task, click its name under Task Summaries.
The Task Details table has the following information:
Option Definition
Status
Status of the task: Idle (not started), Completed, Failed, In Progress, or Stopped (by the user).
Next Run Schedule for the task. This option applies to regular tasks only.
Last Run Date and time when the task was last run.
Progress Progress of the task. During an on-demand scan, this field shows the number of files
scanned, and other information such as the number of files that were excluded from
scanning.
During an update, this field shows text messages about each stage. Click any blue link to
see messages about this task in the System Events page.
Duration
The time taken for the last task, or the elapsed time on the current task.
Results
A completed on-demand scan shows as the number of detected items. For more
information, click the number to open the Detected Items page.
If an update has completed, click to open the System Events page and find more information.
If a failure occurred, click to open the System Events page and find the reason.
The buttons under Task Details enable you to run, stop, modify, or delete the task as needed. To see the
latest status of the tasks, click the Refresh button.
On the Scheduled Tasks page, click the task name in Task Summaries to display its details under Task
Details.
42
On the Scheduled Tasks page, select the existing task in the Task Summaries table.
Make the changes in the When to Scan, What to Scan, and Choose Scan Settings pages, then click Finish.
Product Guide
Viewing information
ExtraDAT file details
Select the task that you want to stop, then click Stop.
Product Guide
43
Viewing information
ExtraDAT file details
44
Product Guide
Setting up schedules
Update the product. At least once per day, update the DAT files to ensure that the software can
recognize new viruses and other potentially unwanted software.
Run an on-demand scan. The software examines files as they are accessed when on-access scan is
enabled. For complete security, scan other files that are stored in the system but accessed
occasionally, using the on-demand scan.
McAfee recommends that you schedule the product update and on-demand scan at regular intervals.
The product update task keeps the scan engine and DAT file up to date, and periodic on-demand scan
ensures that all files are scanned for malware threats.
The software enables you to create multiple schedules for running these tasks at regular intervals. You
can also create a schedule for immediate scan or product update in response to a suspected malware
attack. Using the latest DAT files you can make sure that your hosts are free from the new malware
threats.
Using a wizard
Each type of schedule works in a similar way, using a wizard-like process to make the task easier.
The process leads you through a few pages where you enter the following information:
Product Guide
45
Setting up schedules
Product update schedule
To create a schedule to update the virus definition files or the scanning engine, click Product Update
under Schedule in the navigation pane.
For option definitions, click ? in the interface.
Task
46
Product Guide
Setting up schedules
Product update schedule
Definition
Once
Hourly
Daily
Weekly
Updates the product for every week for the defined number of weeks.
For example, Type 1 in every week on box, select, Monday and Friday, then, specify the time
in the At row. The product update happens every week on Monday and Friday at the
specified time.
Monthly
At
Provides option to define the time of update when you configure the product update
for Once, Daily, Weekly, and Monthly.
This option is not available if you schedule an Unscheduled, Immediately, or Hourly product
update.
Virus definition files (also known as DAT files) To update the detection definition files with the latest
information.
By default, this option is enabled.
On the Enter a task name page, type a unique name for the update schedule, then click Finish.
The Scheduled Tasks page appears, and the update runs at the time you defined in the schedule.
Product Guide
47
Setting up schedules
On-demand scan preferences
Definition
Once
Runs the on-demand scan at the defined date. When you select this option, specify
the time in the At row.
Hourly
Daily
Weekly
Runs the on-demand scan for every week for the defined number of weeks.
For example, Type 1 in every week on box, select Monday and Friday, then specify the time
in the At row. The scanning happens on every week Monday and Friday in the specified
time.
Monthly
Runs the on-demand scan on the specified day of the selected month.
For example, Select First, and Monday, select all months, then, specify the time in the At
row. The on-demand scan runs on the first Monday of every month.
At
48
Allows you to define the time to run on-demand scanning for Once, Daily, Weekly, and
Monthly.
Product Guide
Setting up schedules
On-demand scan preferences
Scan Sub-Directories Select the box to include the subdirectories of the defined path.
If you selected the option to scan the subdirectories and remove the path from on-demand
scanning, the software does not perform on-demand scan for either the path or the subdirectories.
Product Guide
49
Setting up schedules
On-demand scan preferences
On the Choose scan settings page, define the scan settings, then click Next.
Option
Definition
Decompress archives
Uses heuristic analysis to identify any potential new macro threats in files
created by Microsoft Office products.
Find potentially unwanted Scans for threat programs such as spyware, remote-access utilities, and
programs
password crackers.
Find joke programs
Joke programs are not harmful. They play tricks such as displaying a hoax
message.
This feature only becomes available if you have selected Find potentially unwanted
programs.
Scans NFS, CIFS, or SMBFS volumes for threats. VirusScan Enterprise for
Linux treats only NFS, CIFS, or SMBFS volumes as network file systems.
When you select this option, the software scans these network-mounted
volume directories and its subdirectories for malware threats. If you unselect
this option, the software does not scan these network-mounted volumes.
If the network-mounted volumes are added to the Paths Excluded from Scanning
list, the software excludes those volumes from scanning, even if scan on
network-mounted volumes is selected.
Extension-based
scanning
Indicates how VirusScan Enterprise for Linux handles files that have
extension names (for example, .txt and .exe). By default, VirusScan Enterprise
for Linux scans all files regardless of the file name extension.
For more information, see Extension based scanning.
Quarantine directory
50
Product Guide
Setting up schedules
On-demand scan preferences
On the Paths Excluded From Scanning table, define these settings, then click Add.
Path
Default + specified
Specified
For more information on excluding the path, see Extension based scanning.
On the Anti-virus Actions table, define the required settings, then click Apply.
Option
Definition
Action for viruses and Trojan Actions to take when a virus or trojan horse program is detected.
horses
Your second choice of action is limited by your first choice. You cannot
choose both actions to be the same.
Action for applications and
joke programs
If any action fails to work, the software uses the secondary action. If the secondary action fails, the
software uses its fallback action that is block access to the infected file.
9
On the Enter a task name field, type a unique name for the on-demand scan, then click Finish.
The unique name helps you to locate the task later in the list of scheduled tasks.
The software displays the Scheduled Tasks page, and the scan runs at the times you defined in the
schedule.
Product Guide
51
Setting up schedules
On-demand scan preferences
52
Product Guide
On installation, VirusScan Enterprise for Linux starts protecting your Linux systems from malware and
other potentially unwanted software with the default settings. However, you can modify these settings
as needed.
From the Configure area of the navigation pane, you can configure the following settings for the
software:
Use General Settings to configure browser interface options and log information to reset the
configuration settings to those at installation time, and to clear the statistics from the software
database.
Use On-Access Settings and On-Demand Settings page to specify the scanning options, paths to exclude
from scanning, and actions to take on infected items.
Use Repositories page to configure the local repository list, and proxy settings.
Contents
General settings
On-access settings configuration
On-demand settings
Notifications
Repositories
General settings
From the General Settings page, you can change the appearance of pages in the browser interface, the
behavior of logging, and the collection of statistics.
To view the settings, click General Settings under Configure in the navigation pane.
To make any changes to the settings, click Edit. To apply the new settings, click Apply. For more
information, see Configure general settings.
The page has two main areas:
Browser Interface
Logging
Product Guide
53
Clear Statistics
Reset Defaults
Browser interface
Under Browser interface, you can view and change settings such as the refresh interval.
This table explains the available options in each column.
Option
Definition
Refresh interval
(seconds)
The browser automatically updates the contents of pages such as the Scanning
Summary page. By default, the page is refreshed every 10 seconds, but you can
change the interval between 5 and 600 seconds.
The number of rows to display information in certain pages under Results, namely
in the Detected Items, Scheduled Tasks, and System Events pages can be configured.
By default, 10 rows are displayed in a page, but you can set the number between
1 and 50 rows.
Display time UTC offset Wherever time values are displayed as in scheduled tasks and detections an
offset value is displayed in UTC form to help you understand any time-zone
differences.
Show Quick Help on
startup
Log levels
Use Logging, to view, and change settings such as the level of detail that you require.
The next table explains the information in each column.
54
Product Guide
Definition
Detail level
Indicates the level of logging information that the software records in its database.
Setting the level as High can affect performance and the size the database. The
default level is Normal. The available options are
Low Logs only critical errors and system service start up and shut down
messages.
Normal Logs critical errors, system service start up and shut down messages,
internal errors such as OAS enable and disable, and crontab actions failed
messages.
High
Logs additional details such as, events for created quarantiner child, created
cleaner child, and configured with engine and DAT. It also logs critical errors,
system service start up and shut down messages, internal errors such as OAS
enable and disable, and crontab actions failed messages.
McAfee recommends setting the level as Low. Only when you troubleshoot issues, you
can set the level to High to extract complete details.
Additionally log to
SYSLOG
Indicates if information logged to the VirusScan Enterprise for Linux database is also
logged to SYSLOG. By default, this option is deselected.
VirusScan Enterprise for Linux logs information in two channels.
Logs information in the software database
Logs information in SYSLOG
To store the log information in SYSLOG additionally, you can select this option.
Indicates information in the log is automatically removed later, based on the age of
the log entries. By default, this option is selected.
By default, the level is Low. The available options are Low, Normal, and High.
Maximum age of log This field is only available if Limit age of log entries is selected.
entries
Limits to the age of entries in the software database to the specified days.
After the specified number of days, old entries are automatically removed to limit
the database size. Maximum age of log entries (days) - By default, the limit is 28
days, but you can adjust the limit between 1 and 999 days.
Statistics last
cleared
Statistics reset
You can reset the scanning statistics for certain pages.
To reset the statistics, on the General Settings page, click Clear statistics.
The values for Files scanned and Detected items in the Scanning Summary page are reset to zero. The
information in the Recently scanned and Recently detected table are reset.
Clearing statistics
You can clear the scanning statistics for certain pages.
To clear the statistics, click Clear statistics.
Product Guide
55
The values for Files scanned and Detected items in the Scanning Summary page are reset to zero. The
information in the Recently scanned and Recently detected areas are cleared.
Detail level
On-access settings
On-demand settings
Notification settings
56
Product Guide
Extension-based Scanning
Anti-virus Actions
Definition
Enable On-Access Scanning Scans files for malware and other potentially unwanted software, whenever a
file is accessed.
Decompress archives
Uses heuristic analysis to identify any potential new macro viruses in files
created by Microsoft Office products.
These programs might be dangerous but they are not malware. It includes
programs such as spyware, remote-access utilities, and password crackers.
Joke programs are not harmful. They play tricks such as displaying a hoax
message. This feature only becomes available if you have selected Find
potentially unwanted programs.
Scans NFS, CIFS, or SMBFS volumes for threats. VirusScan Enterprise for
Linux treats only NFS, CIFS, or SMBFS volumes as network file systems.
When you select this option, the software scans these network-mounted
volume directories and its subdirectories for malware threats. If you unselect
this option, the software does not scan these network-mounted volumes.
If the network-mounted volumes are added to the Paths Excluded from Scanning
list, the software excludes those volumes from scanning, even if scan on
network-mounted volumes is selected.
Product Guide
57
Option
Definition
Extension-based Scanning
Indicates how the software handles files that have extension names (for
example, .txt and .exe). By default, the software scans all files regardless of
the file name extension.
For more information, see Extension based scanning.
Directories that contain only plain text files or other file types that are not prone to infection.
Directories that contain executable files that have file permissions that prevent them being
modified.
Task
1
Under Paths Excluded From Scanning, add the absolute path or regular expression for the file/folder you
want to exclude and click Apply.
For example: directory1 or directory1/subdirectory2
Enter path names in the correct case. Do not use symbolic links. For bind mounts (which appear in
more than one place in the directory), add each path that you want to exclude.
You can use regular expressions to represent the pattern matching within directory names or file
names. See Examples for Regular expression-based exclusions.
Under Paths Excluded From Scanning, add the path or regular expression for the file/folder you want to
exclude and click Apply.
For example: directory1 or directory1/subdirectory2
Enter path names in the correct case.
You can use regular expressions to represent the pattern matching for directory names or file
names.
58
To exclude the subdirectories from scanning, select the Exclude All Sub-Directories checkbox of that row.
From Choose a share from the list below category, select a share.
Product Guide
Type the regular expression under Specify sub-directories (optional) text box. For specific examples, see
Exclude paths from scanning.
Example
xyz/abc.*
demo/.*\.(jar|VOB)$
.*\.(mp3|mp4)$
Regular expression
Example
/media/nss/abc.*
/media/nss/\..*
/media/nss/.*\.(ext|abc)
/home/.*/mailbox/.*
.*/abc.*
You should include "/" as the first character. For example: From ePolicy
Orchestrator, to exclude all files and folders starting with abc in the machine use
the regular expression: /.*/abc.*
Ensure that there are no escape sequences included in the regular expression.
For example: From ePolicy Orchestrator, to exclude all files starting with "."
under /media/nss use the regular expression: /media/nss/..*
Extension-based scanning
You can specify extension names that you want to scan. You can specify extension to scan at the same
time as the software scans the extensions in the default list and the specified list.
This table only becomes visible when you click Edit. However, you can see the chosen setting at
Extension Based Scanning in the first table.
If the software is running on a Samba file server that Microsoft Windows users can access, you might
specify the types of files to scan according to their file extension. However, McAfee recommends
scanning all files wherever possible.
You can specify extension names that you want to scan. Otherwise, you can specify extension names
to scan at the same time as the software scans those in the default list. You cannot remove extension
names from the default list. But you can build your own list of extension names based on extensions
in the current default list.
The choices available in this area are:
Product Guide
59
Default + specified
Specified
For the list of default files that are scanned when Default + specified option is enabled, see McAfee
KnowledgeBase article KB79626.
To scan all files regardless of file name extension, under Extension Based Scanning, select Scan all files
Scan all files is the default settings for On-Access Settings.
At New, type the file name extension. For example AAA or aaa.
To select a range of names, click the first, then use Shift+Click to select the last.
If a new file name extension is included in the later DAT files, files with that file name extension are
also scanned.
For the list of default file extensions that VirusScan Enterprise for Linux scans when Default + specified
option is selected, see McAfee KnowledgeBase article KB79626.
60
At New, type the file name extension, for example AAA or aaa.
Product Guide
To build a list quickly, click Set Defaults to copy all names from the malware definition files into the
Specified list. You can then modify the Specified list.
The file name extensions in the Specified list do not change automatically. Therefore, if a new file
name extension is included in later malware definition files, files with that file name extension will
not be scanned.
To remove names from the Specified list, select each name, then click Remove:
To select a range of names, click the first, then use Shift+Click to select the last.
Anti-virus actions
Configure the software to take various actions when it detects malware or other potentially unwanted
software.
The actions are:
clean Cleans the infected file by removing the virus code. VirusScan Enterprise for Linux cannot
repair any damage that has occurred to the file. For example, some viruses can modify or erase
data in spreadsheets.
continue Reports the detection and continues scanning. This action is only available for
on-demand scanning.
deny access Prevents further access to the infected file. This action is only available for on-access
scanning.
quarantine Moves the infected file to the area specified in Quarantine directory. To prevent the spread
of infected files, VirusScan Enterprise for Linux prevents moving a file from a remote file system
into this area.
rename Renames the extension of the infected file, to prevent its accidental use. Renaming is
useful where the file extension such as .exe or .txt determines the application and opens the file.
If the infected file does not contain an extension, the file is renamed with the extension.vir. For
example, if the original malware file name is EICAR, it is renamed to EICAR.vir
If the infected file contains an extension name other than vir, the first letter of the extension is
renamed with v. For example, the file EICAR.COM is renamed to EICAR.VOM. If EICAR.VOM exists,
the file is renamed to EICAR.VIR.
The default primary action for infected files is Clean and the secondary option is Quarantine. However, you
can change the settings as needed.
For more information on configuring Anti-virus actions, see Configure on-access scan settings.
Product Guide
61
Decompress archives
Extension-based Scanning
Quarantine directory
For details about these options, see anti-virus scanning options.
On the Paths Excluded From Scanning table, define the required settings.
For more information on excluding the path, see Exclude path from scanning.
Path
Action
For more information on excluding the path, see Extension based scanning.
On the Anti-virus Actions table, define the required settings, then click Apply.
Quarantine directory
If any action fails to work, the software uses the secondary action. If the secondary action fails, the
software uses its fallback action that is block access to the infected file.
62
Product Guide
On-demand settings
The On-Demand Settings page shows how the software responds when malware or other potentially
unwanted software is detected during an on-demand scan.
Settings for on-access scans and on-demand scans are similar.
This page shows the settings that are applied to all new tasks. To change the settings of an existing
on-demand scanning task, see Modify an existing scheduled task.
To view this page, click On-Demand Settings under Configure in the navigation pane. To change any settings,
click Edit. To apply the new settings, click Apply.
Any on-demand scanning tasks that you previously configured retain their own settings. If you change
the settings in the On-demand Settings page, the changes do not affect the existing on-demand scanning
task that you have already scheduled. The task that you create after changing the On-demand Settings runs
with these settings.
Product Guide
63
Definition
Decompress archives
Find unknown
program viruses
Uses heuristic analysis to identify any potential new macro threats in files
created by Microsoft Office products.
Decode MIME encoded Decodes email messages that are typically encoded in Multipurpose Internet
files
Mail Extensions MIME format.
Using this option can affect system performance. If your network has other
anti-malware software for handling email threats, you can unselect this option.
Find potentially
unwanted programs
Joke programs are not harmful. They play tricks such as displaying a hoax
message.
This feature only becomes available if you have selected Find potentially unwanted
programs.
Scans NFS, CIFS, or SMBFS volumes for threats. VirusScan Enterprise for
Linux treats only NFS, CIFS, or SMBFS volumes as network file systems. When
you select this option, the software scans these network-mounted volume
directories and its subdirectories for malware threats. If you unselect this
option, the software does not scan these network-mounted volumes.
If the network-mounted volumes are added to the Paths Excluded from Scanning list,
the software excludes those volumes from scanning, even if scan on
network-mounted volumes is selected.
Extension based
scanning
Indicates how the software handles files that have extension names (for
example, .txt and .exe). By default, the software scans all files regardless of the
file name extension.
For more information, see Extension-based scanning.
Quarantine directory
5
On the Paths Excluded From Scanning table, define path and subdirectories you want to exclude.
For more information on excluding the path, see Exclude path from scanning.
64
Product Guide
On the Extension Based Scanning table, select one of these options as needed:
Default + specified
Specified
For more information on excluding the path, see Extension based scanning.
On the Anti-virus Actions table, define the required settings, then click Apply.
Option
Definition
Action for viruses and Trojan Actions to take when a virus or Trojan-horse program is detected.
horses
Your second choice of action is limited by your first choice. You cannot
choose both actions to be the same.
Action for applications and
joke programs
Quarantine directory
If any action fails to work, the software uses the secondary action. If the secondary action fails, the
software uses its fallback action that is block access to the infected file.
8
Notifications
From the Notifications page, you can specify who receives email notification of events such as virus
detection and changes to the scanning options.
The software sends the email messages using the SMTP email protocol. To view this page, click
Notifications under Configure in the navigation pane. To change the settings, click Edit. After making the
changes, to apply the new settings, click Apply.
SMTP notifications
You can define the events for which users get alert notifications.
This table explains the available settings.
Table 6-2 Option definitions
Option
Definition
Item detected
Out of date
Product Guide
65
Definition
Configuration change Details of changes to the settings for on-access scanning, notifications, and general
settings. Changes to the settings for on-demand scans are not notified.
Here, for example, you can decide whether to notify if changes are made to the
settings for on-access scanning.
System events
To enable any notification feature, select its checkbox in the left column under SMTP Notification.
For each type of notification, the software provides a default subject and a message. You can change
these messages to suit your organization. Messages can include substitution variables, such as
%hostname% to indicate the host name. To include variables in any message, see Substituting variables
in notification templates.
To restore the default message, click Reset.
Name of the sender. By default, this is the address that was given during installation.
Task
1
On the SMTP Settings table, define the Server details. This is set up during installation.
From Name of the sender. By default, this is the address that was given during installation.
On the Email field in the From row, type the name of the sender. By default, this is the address that
was given during installation.
To remove recipients
list.
66
Product Guide
Repositories
A software repository is a storage location where software packages or updates can be retrieved and
installed on systems.
To deliver products and updates throughout your network, McAfee offers several types of repositories
to create a robust update infrastructure. The repository options provide flexibility to develop an
updating strategy to ensure that your systems stay up to date.
To view this page, click Repositories under Configure in the navigation pane. To change or modify the
repository settings, click Edit and to save the new settings, click Apply.
Type the repository name, type, URL, port number, user name, and password.
You can use the following options:
Move up To shift up the selected repository one level in the repository list.
Move down To shift the selected repository one level down in the repository list.
Task
1
Create a local repository directory where you want to mirror the McAfee FTP download site.
For example: /root/LocalRepo
Product Guide
67
sitestat.xml to SiteStat.xml
v2datdet.mcs to V2datdet.mcs
v2datinstall.mcs to V2datinstall.mcs
v2datdet.mcs to V2datdet.mcs
v2datinstall.mcs to V2datinstall.mcs
pkgcatalog.z to PkgCatalog.z
Repository URL Type the absolute path of the directory. For the given example:
/root/LocalRepo/commonupdater
The Port, Username, and Password details are not required for local repository.
10 Using the Move Up button, move the local repository item to the top of the list.
11 Click Apply.
12 Run the DAT update task to verify.
Type the IP address and Port number of the HTTP or FTP server.
You can use the following options:
68
Use these settings for all proxy types Specifies the same IP address and port number for all proxy
types.
Use authentication for HTTP Specifies the user name and password of the HTTP server for
authentication.
Product Guide
Use authentication for FTP Specifies the user name and password of the FTP server for
authentication.
Product Guide
69
70
Product Guide
Integrate and manage VirusScan Enterprise for Linux using ePolicy Orchestrator management
software.
McAfee ePolicy Orchestrator provides a scalable platform for centralized policy management and
enforcement on your McAfee security products and the systems where they are installed. It also
provides comprehensive reporting and product deployment capabilities through a single point of
control.
For instructions about setting up and using ePolicy Orchestrator and McAfee Agent, see the product
guide for your version of each product.
Contents
Setting policies within ePolicy Orchestrator
Define policies in ePolicy Orchestrator
Scheduling tasks
Configure reports
Run a default query
Product Guide
71
General Policies
These policies override configurations set on individual systems. Configure these policies with your
preferences, then assign it to groups of the managed systems.
Before configuring any policies, select the group of computers for which you want to modify the
policies. You can modify the policies from the pages and tabs that are available in the details pane of
the ePolicy Orchestrator console.
For more information about policies and how they are enforced on managed systems, see the product
guide of your version of ePolicy Orchestrator.
Tasks
To modify a policy
3 Click OK.
4 Configure the settings.
4
Click Save.
72
Product Guide
Task
For option definitions, click ? in the interface.
1
From the Policy Catalog, select VirusScan Enterprise for Linux 2.0.0 as the product, then select General Policies
as the category.
Click New Policy, type a name for the policy, then click OK.
Define...
Low Logs only critical errors and system service start up and shut down
messages.
Normal Logs critical errors, system service start up and shut down
messages, internal errors such as OAS enable and disable, and crontab
actions failed messages.
High
Logs additional details such as, events for created quarantiner child, created
cleaner child, and configured with engine and DAT. It also logs critical errors,
system service start up and shut down messages, internal errors such as OAS
enable and disable, and crontab actions failed messages.
McAfee recommends setting the level as Low. Only when you troubleshoot
issues, you can set the level to High to extract complete details.
Additionally log to
SYSLOG
Allows the software database to store the log information for the specified days,
and removes the old entries automatically after the specified days.
Sets the default limit to 28 days. You can set the limit between 1 and 999 days.
Define...
Disables the client interface that prevents the local user to modify the scan
configuration settings.
Turn off SMTP Notifications Disables the SMTP notification on client systems.
6
Click Save.
Product Guide
73
Task
For option definitions, click ? in the interface.
1
From the Policy Catalog, select VirusScan Enterprise for Linux 2.0.0 as the product, then select On-Access
Scanning Policy as the category.
Click New Policy, type a name for the policy, then click OK.
On-access scan
Quarantine directory
On the Detections tab, then define these settings, then click Save.
Scan files
What to scan
On the Advanced tab, then define these settings, then click Save.
Heuristics
Non-viruses
Compressed files
On the Actions tab, then define these settings, then click Save.
If scanning fails
Enforce policies
When you have created or modified policies, enforce them to multiple systems that are managed by
ePolicy Orchestrator.
Task
1
Navigate to System Tree, select a required group or systems, then click the Assigned Policies tab.
From the Product drop-down menu, select VirusScan Enterprise for Linux 2.0.0, select the Category, then click
Edit Assignment.
Select the policy from the Assigned policy drop-down menu with the appropriate inheritance options,
then click Save.
Select the systems, then send an agent wake-up call. For instructions on sending an agent
wake-up call, see Send an agent wake-up call.
You can create and enforce policies and view reports only after adding the VirusScan Enterprise for
Linux extension files.
74
Product Guide
Scheduling tasks
The ePolicy Orchestrator software allows you to create, schedule, and maintain client tasks that run on
the managed systems. You can define client tasks for the entire System Tree, a specific group, or an
individual system.
Tasks
Navigate to System Tree, then select a required group or systems for which you want to create the
product update task.
Click the Assigned Client Tasks tab, click Actions | New Client Task Assignment.
In Task to schedule, define these settings, then click Create New Task.
On the Client Task Catalog: New Task McAfee Agent: Product Update page, define these settings, then click Save
to open the Client Task Assignment Builder.
Task Name
Description
Package Selection
Package Type
For package type, select Linux Engine and DAT.
Product Guide
75
Schedule Status
Start time
Schedule Type
Effective Period
Options
Navigate to System Tree, then select a required group or systems for which you want to schedule
on-demand scanning.
Click the Assigned Client Tasks tab, then select Actions | New Client Task Assignment.
In Task to schedule, define these settings, then click Create New Task.
On the Client Task Catalog : New Task: VirusScan Enterprise for Linux 2.0.0: On-Demand Scan page, type the Task Name
and Description, then click Save.
Task Name
Description
Click the Where tab, on the VirusScan Enterprise for Linux area, define these settings, then click Save.
Where
Detection
Advanced
Actions
76
Schedule the task immediately or as needed, then click Next to view the Summary of the schedule.
Click Save.
Product Guide
Click Menu | Systems | System Tree, then select a required group or systems for which you want to
create the change password task.
On the Assigned Client Tasks tab, click Actions | New Client Task Assignment
Under Task to schedule, select VirusScan Enterprise for Linux 2.0.0 as the product, select Change VSEL
Administrator's Password as the task type, then click Create New Task under the task name.
On the Client Task Catalog: New Task - VirusScan Enterprise for Linux 2.0.0: Change VSEL Administrator's Password page,
define these settings, then click Save.
Task Name
Description
From the Change VSEL Administrator's Password* area, define these settings, then click Save.
Schedule the task immediately or as needed, click Next to view the Summary page, then click Save.
Configure reports
Reports are pre defined values, that query the ePolicy Orchestrator database and generate a graphical
output.
McAfee ePolicy Orchestrator contains comprehensive querying and reporting capabilities. McAfee
includes a set of default queries on the left pane. You can create a new query, edit, and manage
existing queries related to the software.
Task
1
On the left pane, select a Feature Group that the query should retrieve.
Select a Result Type, then click Next to open the Chart page.
Product Guide
77
Select and accordingly configure a display chart/table and click Next to open the Columns page.
Select columns from the Available Columns pane, then click Next to open the Filter page.
Specify the criteria by selecting properties and operators to limit the data retrieved by the query.
10 Type a Name and Notes (if needed) for the query, then click Save.
Click Menu | Reporting | Queries. A list of queries appears on the left pane.
Description
78
Product Guide
Advanced features
The advanced features of VirusScan Enterprise for Linux help you to use the features effectively.
Contents
Lightweight Directory Access Protocol (LDAP) Authentication
Substituting variables in notification templates
How the quarantine action works
Recover the quarantined items
Product Guide
79
Advanced features
Substituting variables in notification templates
The user account is created in the Active Directory or the location from where you want to
authenticate before installing the software.
The user name and group does not exist in the local system. You can verify it using these
commands:
grep [username] /etc/passwd To verify the user name. A blank reply confirms that the user
name does not exist.
grep [groupname] /etc/group To verify the user group. A blank reply confirms that the user
group does not exist.
The operating system is able to resolve the user and group authentication. You can verify it using
these commands:
getent passwd [username] To verify the user name. A blank reply confirms that the user
name does not exist.
getent [groupname] To verify the user group. A blank reply confirms that the user group does
not exist.
80
Valid for
Variable
Equivalent field in
the interface
Description
All alerts
%hostname%
<none>
All alerts
%hostip%
<none>
All alerts
%productversion%
Item detected
%detectedas%
Item detected
%detectedby%
Product Guide
Advanced features
Substituting variables in notification templates
Variable
Equivalent field in
the interface
Description
Item detected
%detectedtime%
Item detected
%detectedtype%
Item detected
%detectedutc%
Item detected
%engineversion%
Item detected
%extradatcount%
Item detected
%extradatflag%
Yes or No to indicate if an
ExtraDAT file is present.
Item detected
%filename%
Item detected
%path%
Item detected
%process%
Item detected
%result%
Item detected
%user%
%datage%
<none>
%datdate%
%datversion%
Configuration
change
%configchange%
<none>
System events
%eventcode%
System events
System events
%eventtime%
System events
%eventtype%
System events
%eventutc%
Product Guide
81
Advanced features
How the quarantine action works
If the file system supports hard links and the infected file is on the same file system, the software
creates a hard link to the quarantine directory, then unlinks the infected file. If the unlink fails, the
software unlinks the copy in the quarantine directory, so that only the original infected file remains.
If the infected file is on a remote file system, the software copies the infected file into the
quarantine directory only if the quarantine directory is also on that remote file system. This method
prevents the spread of infection between hosts.
The software verifies that it can copy the infected file into quarantine directory and that it can
delete the file from the quarantine directory. This method prevents creation of a copy of an infected
file that cannot be deleted.
If the software cannot delete the original infected file, it deletes the copy of the file in the
quarantine directory so that only the original infected file remains.
If the quarantine action fails, the software uses the secondary action. If that action fails, the software
uses its fallback action. For on-access scanning, the software blocks access to the infected file. For
on-demand scanning, the software reports that the file is infected.
82
Product Guide
Advanced features
Recover the quarantined items
Task
1
Product Guide
83
Advanced features
Recover the quarantined items
84
Product Guide
Troubleshooting
These are tested solutions to known situations that you might encounter when installing or using the
product.
Contents
Frequently asked questions
Error messages
Contact information
Installation
This section helps you with the frequently asked questions related to the software installation.
Scanning
This section helps you with the frequently asked questions related to on-access and on-demand
scanning.
Why are some files being scanned and detected twice since the quarantine
directory was changed?
The software maintains a cache to record details of files that have been scanned. Changing the
quarantine directory flushes the cache. So the software must rescan the file to ensure that its
information is up to date.
Some large files are not scanned completely and timed out before completing
scanning.
On servers with low-specification hardware, the software abandons scanning of some large files
because of the length of time taken. You can increase the time-out value at Maximum scan time on the
On-Access Settings page and the On-Demand Settings page.
Product Guide
85
Troubleshooting
Frequently asked questions
Why does a file disappear or report "access denied" when an operation (such as
cat) is performed on it?
The file is infected, and has been cleaned (or deleted or quarantined), or denied access by the
on-access scanner. View Detected Items in the browser interface to see if malware was detected in that
file.
How can I release a file where the on-access scanner has denied access?
Add the file to the list of paths excluded (on the On-Access Settings page), or create a directory on the
same file system, and add that directory to the list. Use mv to move the file to the exclusion directory.
Because mv is a meta-data change, it does not cause any on-access scanning.
If the software has blocked the file, the file is likely to be infected, and is not scanned again when in an
excluded directory.
Open a standard text editor, then type the following character string as one line, with no spaces or
line breaks:
X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H*
The line shown above should appear as one line in your text editor window, so be sure to maximize
your text editor window and delete any line breaks. Also, be sure to type the letter O, not the
number 0, in the "X5O..." that begins the test message.
If you are reading this manual on your computer, you can copy the line directly from the
file and paste it into your text editor. If you copy the line, be sure to delete any carriage
returns or spaces.
2
Save the file with the name EICAR.COM. The file size will be between 68 and 70 bytes (depending
on end-of-line characters appended by the editor).
86
Product Guide
Troubleshooting
Frequently asked questions
Detections of viruses and other potentially unwanted software, and the result of any action taken.
Events for specific tasks such as updates to DAT files, and on-demand scanning tasks.
What happens to the log messages if the system logger is not working?
If SYSLOG logging is enabled (from the General Settings page) and syslog has stopped due to a fault, all
log messages are printed on the console. Apart from SYSLOG, VirusScan Enterprise for Linux stores
logs in the event database. You can view the information at the Detected Items and System Events pages of
the browser-based interface.
General information
This section helps you with the frequently asked questions such as general information such as
contacting technical support.
In the Scanning Summary page, click Diagnostic Report. You can select all the text, copy it, then paste
it in a text editor.
Where can I obtain the open source code for third-party components?
Open source code is available on the products download site. See Contact information.
Product Guide
87
Troubleshooting
Error messages
Error messages
The software error messages appear on the browser and system events log.
Error messages appear in several forms:
Messages displayed in the browser, as shown in Understanding error messages section. These are
browser problems and errors reported by the web server.
Messages logged in the system events log. For a list of categories of these messages, see the next
table.
Error Categories
Description
30003999
50005999
Scan Manager
60006999
Logging errors
70007999
Configuration errors
80008999
90009999
Monitoring errors
Contact information
Use this contact information such as the threat center, download site, technical support, customer
service, and professional services.
88
Product Guide
Troubleshooting
Contact information
Product Documentation
Product Evaluation
Product Guide
89
Troubleshooting
Contact information
90
Product Guide
Index
A
about this guide 7
advanced features 79
agent wake-up call
create 22
analysis
detected items 38
exporting the results 40, 41
system events 40
anti-virus actions
configure 61
on-access settings 61
automatic refresh
page information 32
configuration: logging 54
configure
clear statistics 55
on-access settings 56
on-demand settings 63
console
interface 30
contact information 88
conventions and icons used in this guide 7
create schedule
run on-demand scan 48
update the product 46
creation
on-demand scan task 76
customer service 88
browser interface
configure 54
general settings 54
C
clearing statistics
general settings 55
components 10
configuration
administrator password 77
anti-virus actions 61
browser interface 54
extension based scanning 59
general settings 53, 56
local repository 67
on-access policy 73
on-access scanning 61
on-demand scanning 63
paths excluded 58
policy settings 72
proxy settings 68
reports 77
repositories 67
repository list 67
scanning options 57
SMTP notifications 65
SMTP settings 66
DAT files
scanning 11
dates and times
displaying 33
default configuration
resetting 56
default files
extension based scanning 60
delete existing
scheduled tasks 43
deployment
prerequisite 20
software 20
deployment software
managed systems 15
detected items
analyze 38
export to csv 40
view 38
view results 39
diagnostic report
obtaining 38
scanning summary 38
documentation
audience for this guide 7
product-specific, finding 8
typographical conventions and icons 7
Product Guide
91
Index
download site 88
E
error messages
troubleshoot 88
understanding 33
events
trigger scanning 9
exporting the results
detected items 40
for analysis 40, 41
system events 41
extension based scanning
scan specific files 60
extension-based scanning
configure 59
on-access settings 59
scan all files 60
scan default files 60
scan specific files 60
ExtraDAT files
view 43
information (continued)
ExtraDAT files 43
viewing 35
installation
extensions 21
frequently asked questions 85
Novell server 18
silent mode 19
standalone system 16
standalone systems 15
SUSE systems 17
testing 24
Ubuntu systems 17
using command line 16
interface
console 30
navigation pane 30
opening 29
quick help pane 30
using 29
introduction 9
KnowledgeBase 88
files
G
general information
frequently asked questions 87
general settings
browser interface 54
clear statistics 55
configure 53
reset defaults 56
general settings: logging 54
H
host summary
view 35
how
quarantine action works 82
scanning works 11
I
information
expanding and collapsing tables 31
92
LDAP authentication 79
links bar 30
logging on
VirusScan Enterprise for Linux interface 29
logging: general settings 54
long tables
navigating through 32
M
malware detection
test on standalone systems 24
managed systems
upgrade 23
McAfee Labs 88
McAfee ServicePortal, accessing 8
modify existing
scheduled tasks 42
N
navigation pane 30
user interface 30
notification templates
substituting variables 80
notifications
configure 65
SMTP notifications 65
SMTP settings 66
Product Guide
Index
notifications (continued)
substitution variables 80
O
on-access scan 11
on-access scanning
test on standalone systems 24
on-access settings
anti-virus actions 61
configure 56
extension based scanning 59
paths excluded 58
scanning options 57
on-demand scan 11
testing on managed systems 25
testing on standalone systems 24
on-demand scans
running 48
schedule 48
on-demand settings
configure 63
opening
interface 29
P
packages
checking in 20
page information
automatically refresh 32
page settings
changing 32
pane
navigation 30
paths excluded
configure 58
on-access settings 58
policies
create 72
modify 72
policies setting 71
policy
enforcement 74
management 71
processes 10
product
configuring 53
interact 10
updating 46
product update 46
schedule 46
professional services 88
proxy settings
configure 68
repositories 68
Q
quarantine action
how it works 82
working of 82
quarantined items
recover 82
query 78
quick help pane 30
R
recently detected items
scanning summary 37
recently scanned items
scanning summary 37
regular expression based
scanning 58
repositories
configure 67
proxy settings 68
repository list 67
repository list
configure 67
repositories 67
requirements
hardware 15
software 15
reset defaults
configure 56
general settings 56
run
on-demand scans 48
run immediately
scheduled tasks 42
running on-demand scan
creating a schedule to 48
S
scan specific files
extension based scanning 60
scan types
on-access 11
on-demand 11
scanning
DAT files 11
frequently asked questions 85
regular expression based 58
types 11
what and when 11
scanning options
configure 57
on-access settings 57
scanning summary
diagnostic report 38
recently detected items 37
Product Guide
93
Index
94
T
table columns
sort 31
tables
collapsing 31
expanding 31
technical support 88
Technical Support, finding product information 8
threat center 88
time differences
understanding 45
troubleshoot
error messages 88
VirusScan Enterprise for Linux 85
types
scanning 11
U
understanding error messages 33
update
VirusScan Enterprise for Linux 46
updating the product
creating a schedule to 46
user interface
navigation pane 30
viewing 29
using the interface 29
using wizards
VirusScan Enterprise for Linux 32
V
view
detected items 38
host summary 35
scanning summary 36
scheduled tasks 41
system events 40
user interface 29
VirusScan Enterprise for Linux information 35
view results
detected items 39
viruses and detection
frequently asked questions 86
VirusScan Enterprise for Linux
about 9
advanced features 79
configure 53
contact information 88
logging on 29
product update 46
sorting tables 31
troubleshoot 85
using the interface 29
view information 35
Product Guide
Index
wizards (continued)
VirusScan Enterprise for Linux 32
W
WebImmune 88
wizards
using 32, 45
Product Guide
95
00