Table of Contents
Advertisement
Firewall menu options
Antivirus
Click Submit.
3
Viewing antivirus statistics
The Antivirus Statistics table is located at the bottom of the Antivirus tab. This table provides a summary of
all virus activity detected by the device, across all services.
The Virus column lists the name of the detected virus.
The Number of Occurrences column lists the number of times the virus has been detected.
Testing the antivirus system
You can ensure that the antivirus system is working by running an antivirus test.
To run an antivirus test:
From the Firewall menu, click Antivirus. The Anti-Virus Configuration page appears.
1
Click the Test button at the bottom of the page. If Antivirus is enabled and configured correctly, the EICAR
2
Standard Anti-Virus Test File appears in the Antivirus Statistics table.
Note:
The EICAR Standard Anti-Virus Test File is not a virus. It is a test file for virus detection systems. For
more information, go to www.eicar.org.
Manually downloading antivirus database files
Before clam antivirus can operate, it is necessary to download the relevant database files. For an appliance
normally connected to the Internet, this operation is performed automatically on system boot and again at
intervals specified in the Antivirus configuration page (hourly, daily, or weekly). If you have an appliance
that is not connected to the Internet, it is necessary to manually install the database files. To download the
database files, it is necessary to have a machine connected to the Internet. Ideally, the freshclam utility
that comes with clam antivirus should be used to download the database files to a local machine. If
freshclam is not available, you can download the database files (main.cvd and daily.cvd) from
www.clamav.net.
Once you download these two files, the appliance requires access to the files. If you are using a remote
share or a USB storage device for antivirus, it suffices to copy these two files to the top level shared folder.
If you are not using a share or local USB storage device, the two files must be copied to the /var/clamav/
directory. This can be done using ftp or wget from the appliance. If you are not using a share or local USB
storage, you will need to reload the database files whenever the appliance reboots. For details on network
and local storage for antivirus, see
the appliance using telnet or ssh and check the database files are installed correctly. The example below
changes the directory (cd command) to the clamav directory and lists the files (ls command) within:
# cd /var/clamav
# ls -l *.cvd
-rw-r--r--
1 clamav
-rw-r--r--
1 clamav
The ls command lists the two clam files daily.cvd and main.cvd, their sizes, and permissions (rw
read/write for owner; r read-only for group and everyone). The sizes will vary from the examples shown
above (442871 and 6924820). You might have to execute the chown and chmod commands to correctly set
ownership and permissions respectively of the two database files:
# chown clamav *.cvd
# chmod 644 *.cvd
Typing chmod 644 sets read/write for the owner, and read-only for group and everyone else (6= rw owner,
4=read only group, 4=read only everyone).
McAfee UTM Firewall 4.0.4 Administration Guide
Auxiliary storage for virus
root 442871 Jan
4 10:24 daily.cvd
root 6924820 Jan
4 10:31 main.cvd
scanning. McAfee recommends you login to
225
Hide quick links:
Advertisement
Table of Contents
Troubleshooting
