McAfee potentials impacts

Support for security such as Firewalls and securing linux
amedix
Posts: 18
Joined: 2015/10/30 05:58:13

McAfee potentials impacts

Postby amedix » 2017/07/25 09:37:24

Hi,

I've been asked by my manager to give a list of a potential impacts in system level when installing McAfee on a CentOS/RedHat machine ? In an other word what to check in a system after installing Macfee ?

It's first time I will install an antivirus on a linux server :-)


Thanks in advance.

User avatar
TrevorH
Forum Moderator
Posts: 21206
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: McAfee potentials impacts

Postby TrevorH » 2017/07/25 11:51:34

Mcafee has a linux version?
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

amedix
Posts: 18
Joined: 2015/10/30 05:58:13

Re: McAfee potentials impacts

Postby amedix » 2017/07/25 12:45:41

I was also surprised when I heard in my new job that the IT direction got Mcafee agent to install in their RedHat machines.

MartinR
Posts: 281
Joined: 2015/05/11 07:53:27
Location: UK

Re: McAfee potentials impacts

Postby MartinR » 2017/07/25 12:55:46

https://www.mcafee.com/uk/products/virusscan-enterprise-for-linux.aspx - seems so. In the past these have just looked for MS viruses hiding in Linux servers, what the current offering does I have no idea.

User avatar
TrevorH
Forum Moderator
Posts: 21206
Joined: 2009/09/24 10:40:56
Location: Brighton, UK

Re: McAfee potentials impacts

Postby TrevorH » 2017/07/25 15:20:04

So, as far as "impacts" go, if it doesn't have a kernel module then I wouldn't expect much of an impact. If it does... well I'm not sure I'd run it.
CentOS 5 died in March 2017 - migrate NOW!
Full time Geek, part time moderator. Use the FAQ Luke

amedix
Posts: 18
Joined: 2015/10/30 05:58:13

Re: McAfee potentials impacts

Postby amedix » 2017/08/02 10:50:54

Hi,

I'm about to install McAfee on a RHEL7 box and to measure the performances on the system level (CPU, RAM, Disk).

I want to compare performances between the pre-install and post-install mode.

What is the most significant column of the command iostat (or any other command) output I have to take into consideration ? I would be grateful if you give an example.


Thanks in advance.

macattack2241
Posts: 6
Joined: 2017/08/18 15:56:54

Re: McAfee potentials impacts

Postby macattack2241 » 2017/08/18 17:02:55

Hi, I've worked with McAfee Virus Scammer for Enterprise Linux (VSEL) extensively and found it to be quite a resource hog when it comes to how scans are handled. On-Access scanning can seriously affect RHEL 7's performance to the point of maxing out the CPU load due to it constantly scanning any files that are opened, compressed, etc. It was an ongoing battle with the security team to have them set to On-Demand scanning and when they would push back I would just alter the config for VSEL's scanning and make it immutable.

Standard location of On Access Scanning type for VSEL:

/var/opt/NAI/LinuxShield/etc/nailsd.cfg

nailsd.cfg:146:nailsd.profile.OAS.allFiles: true

*set OAS to false and then set immutable flag on the config*

I do not recommend using any virus scanner on Linux as its not necessary if you are using good security practices DACs + MACs (SELinux is my favorite). In the years that I used VSEL on my systems due to security policies, it never once found a virus and I found myself constantly having to update the definitions (/opt/NAI/LinuxShield/bin/nails task –run 1) since they're almost always out of sync with the HBSS master.