cancel
Showing results for 
Show  only  | Search instead for 
Did you mean: 
Former Member
Not applicable
Report Inappropriate Content
Message 1 of 5

VSEL On-Demand scans - configuration, visibility and files involved - request for confirmation of understanding!

Hi,

Questions at end of this post.  Work I have carried out so far detailed below 🙂

I was hoping somebody could clarify my understanding of on-demand scans related to VirusScan Enterprise for Linux 1.7.  From a default install, if I browse to the VSEL GUI and look at scheduled tasks, there is only the 'LinuxShield Update' task listed, and nothing alluding to the fact that a scheduled on-demand scan exists.  However, looking at crontab yields:

=====================================================
[root@host etc]# cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
### McAfeeVSEForLinux SCHEDULED TASK INFORMATION FOLLOWS.  DO NOT EDIT THIS SECTION. ###
0 0 * * * root /opt/NAI/LinuxShield/bin/nails runsched 1
### END OF McAfeeVSEForLinux SCHEDULED TASK INFORMATION. ###
[root@host etc]#
=====================================================

...which looks to me like there is an on-demand scan scheduled every midnight.  Looking at the ods.cfg (/var/opt/NAI/LinuxShield/etc/ods.cfg), I gather that this is run with the exclusion of /proc + subdirs.


=====================================================
# Exclude /proc for on-demand by default. Can be removed on the UI if really required
nailsd.profile.ODS.filter.proc.type: exclude-path
nailsd.profile.ODS.filter.proc.path: /proc
nailsd.profile.ODS.filter.proc.subdir: true
nailsd.profile.ODS_default.filter.proc.type: exclude-path
nailsd.profile.ODS_default.filter.proc.path: /proc
nailsd.profile.ODS_default.filter.proc.subdir: true
=====================================================


If I go on to add another on-demand scan task ('Test OD scan'), to run every Wednesday @ 03:00, and exclude /hello_exclusion (subdirs not excluded), I get the below, and can confirm that this scan is listed in the VSEL GUI under 'scheduled tasks':

=====================================================
[root@host etc]# cat /etc/crontab
SHELL=/bin/bash
PATH=/sbin:/bin:/usr/sbin:/usr/bin
MAILTO=root
HOME=/

# run-parts
01 * * * * root run-parts /etc/cron.hourly
02 4 * * * root run-parts /etc/cron.daily
22 4 * * 0 root run-parts /etc/cron.weekly
42 4 1 * * root run-parts /etc/cron.monthly
### McAfeeVSEForLinux SCHEDULED TASK INFORMATION FOLLOWS.  DO NOT EDIT THIS SECTION. ###
0 0 * * * root /opt/NAI/LinuxShield/bin/nails runsched 1
0 3 * * 3 root /opt/NAI/LinuxShield/bin/nails runsched 2
### END OF McAfeeVSEForLinux SCHEDULED TASK INFORMATION. ###
[root@host etc]#
=====================================================

...as expected, another entry added to crontab.  In the ods.cfg, I can see the relevant section for the exclusions:

=====================================================
nailsd.profile.ODS_2.filter.0.path: /proc
nailsd.profile.ODS_2.filter.0.subdir: true
nailsd.profile.ODS_2.filter.0.type: exclude-path
nailsd.profile.ODS_2.filter.1.path: /hello_exclusion
nailsd.profile.ODS_2.filter.1.subdir: false
nailsd.profile.ODS_2.filter.1.type: exclude-path
=====================================================

After this, I changed the agent component from unmanaged to managed mode, so VSEL is now centrally managed.  A client OD task configured on ePO called 'Centrally Managed VSEL ODS'.  This client task had an exlusion configured of '/epotestODS'.  When this was pulled down by the managed server (confirmed in agent logs), the crontab did not change, however a file 1.tsk appeared in /opt/McAfee/cma/scratch/AgentDB/Task , and listing the contents of this proved that this was what I was looking for:

=====================================================
[Exclusions]
ExcludedItem_0=3|7|/proc
ExcludedItem_1=3|3|/epotestODS
bAppendExclusions=0
dwExclusionCount=2
=====================================================


Soooooo, to summarise:

1) The default on-demand scan task for VSEL is configured to run at midnight, and is not listed in the VSEL Apache GUI under 'scheduled tasks' - could this be confirmed?
2) Any custom OD scan tasks configured via the VSEL GUI are listed under the VSEL Apache GUI 'scheduled tasks' and the crontab file is updated as required - could this be confirmed?
3) The default and the custom OD scan tasks configured via the VSEL GUI are scheduled via crontab - could this be confirmed?
4) As far as I can see, the only way to disable the *default* OD scan task is to comment out the relevant line in the crontab file.  Could it be confirmed whether this is the only way to do this?
5) Any OD scan tasks configured and managed via ePO do not appear in the VSEL GUI 'scheduled tasks', and are not scheduled via crontab.  I am guessing that the schedule is controlled via the agent scheduler component (I am guessing further that this actually needs to be the case as the task start time can be randomised and I dont believe you can do that via crontab) - could this be confirmed as correct?

Any comment or feedback on this would be greatly appreciated as always!

Message was edited by: dmease729 on 21/12/12 11:18:44 CST
4 Replies
Former Member
Not applicable
Report Inappropriate Content
Message 2 of 5

Re: VSEL On-Demand scans - configuration, visibility and files involved - request for confirmation of understanding!

The entry in /etc/crontab, following the initial installation, is the system update  listed on the GUI scheduled tasks tab.  No scans are scheduled unless you create one from the schedule on-demand scan tab.

Former Member
Not applicable
Report Inappropriate Content
Message 3 of 5

Re: VSEL On-Demand scans - configuration, visibility and files involved - request for confirmation of understanding!

Hi gzickert,

Thanks for the reply, muchly appreciated!

Former Member
Not applicable
Report Inappropriate Content
Message 4 of 5

Re: VSEL On-Demand scans - configuration, visibility and files involved - request for confirmation of understanding!

Hi, does anyone have any more information on this?

Former Member
Not applicable
Report Inappropriate Content
Message 5 of 5

Re: VSEL On-Demand scans - configuration, visibility and files involved - request for confirmation of understanding!

I have found that the scheduled scans appear in the client GUI, in the Scheduled Tasks section after they have run for the first time. If you want to feel confident that scheduled tasks will work properly you can always configure a test scheduled scan of one small folder in advance and then check that it shows up.

You Deserve an Award
Don't forget, when your helpful posts earn a kudos or get accepted as a solution you can unlock perks and badges. Those aren't the only badges, either. How many can you collect? Click here to learn more.

Community Help Hub

    New to the forums or need help finding your way around the forums? There's a whole hub of community resources to help you.

  • Find Forum FAQs
  • Learn How to Earn Badges
  • Ask for Help
Go to Community Help

Join the Community

    Thousands of customers use the McAfee Community for peer-to-peer and expert product support. Enjoy these benefits with a free membership:

  • Get helpful solutions from McAfee experts.
  • Stay connected to product conversations that matter to you.
  • Participate in product groups led by McAfee employees.
Join the Community
Join the Community