?
Solved

How to check the Antivirus in the ESX server,

Posted on 2009-05-08
5
Medium Priority
?
1,227 Views
Last Modified: 2013-12-09
Hi I have a ESX server and I have installed Mcafee antivirus linux shield now I want to check the Antivirus version in that and the Dat file version. Can some one provide the commands please.
0
Comment
Question by:pavansiva29
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
5 Comments
 
LVL 23

Accepted Solution

by:
Mysidia earned 2000 total points
ID: 24351494
Well, technically, there shouldn't be a way to check AV on an ESX server, because there should absolutely never be an AV on an ESX server.


Mcafee antivirus linux is for Linux servers, not ESX installations. In fact, it is completely inappropriate to install software of this nature in the embedded COS of an ESX server.

You should not be running software or allowing anyone to upload random files to your VMware ESX console OS, EXCEPT for management agents specifically approved by VMware.   High-resource programs like Antivirus apps are among the worst possible unapproved software you can try to install on the COS.

Recommended way to remediate this unsuppored config is to perform a clean re-install of ESX  and refrain from re-installing the "LinuxShield" software after the clean install.


ONLY  VMware Administrators should  ever be allowed to have shell login credentials or gain access over the network to the COS IP addresses of a VMware server;  firewalls should be put in place to deny casual access.

THIS is the way you prevent the Console OS of ESX servers from being subjugated by security risks, not by installing software that is intended for regular Linux servers.

The service console has specifically limited resources and it's not to be treated as a server, you may terribly disrupt your virtualization environment and cause failure of ESX and Virtual machines running in your environment by doing so.

This is especially grave if you are utilizing advanced features of VMware such as VMware HA or VMotion.     Unexpected resource consumption by software running in the COS can cause missed heartbeats resulting in cluster failover.


In extreme cases, a runaway AV process may  lock administrators out of the ESX management access.

There are very few system resources assigned to the ESX COS...  in fact,  there are not enough system resources there, really,  to run an AV.

I fully expect,  you will eventually have problems with your ESX server swapping or crashing and needing reboots,  when it reaches high uptimes.



0
 
LVL 23

Expert Comment

by:Mysidia
ID: 24351577
When Linuxshield is running on a server, you should be able to access it using     http://<hostname>:<port number>
By default 554433

Username 'nails'  and the password specified at time of installation.
It will have to be remote (no browser on the COS)

However,  ESX  will by default not allow this,  because there is a firewall in ESX that only permits traffic to the VMware virtualcenter and management ports.
You would need to update your firewall configuration in the Security Profile of the ESX server (using the remote console program), login to VMware, and
update configuration to allow connections on the port.

Again, this is not recommended.   The AV software may actually be a security risk, by the way.

ESPECIALLY if you are scanning files in /vmfs  filesystems.
Should the AV software contain a security hole, it may be possible for malware running on a guest OS  to exploit the hole and thereby use the AV as a path to getting into the COS.

The COS is indeed _that_ secure, that the AV itself is a much bigger risk than other theoretically possible paths of entry,  if your environment is setup correctly.


There is also a high probability of false positives if you allow virtual disks to be scanned in /vmfs.  Plus strong possibility of disrupting performance of all VMs.

And if you have shared filesystems in /vmfs,  there are even more serious issues involved.


Keep in mind also, that the VMware hypervisor heavily throttles all disk activity of the COS. So reads and writes will be dreadfully slow,  and any attempt to perform on-demand scanning will be potentially a very lengthy process.





0
 
LVL 18

Expert Comment

by:larstr
ID: 24352476
When the next ESX package is launched (known as vSphere), there will be a new API available known as VMsafe. VMsafe will allow the security vendors to implement their security products into the virtualization layer and McAfee has announced that they are going to support this new API. At what point we'll start seeing products supporting this future ESX version is still unknown. vSphere licenses will be available at May 21st, but GA is probably a bit later.

Lars
0

Featured Post

Connect further...control easier

With the ATEN CE624, you can now enjoy a high-quality visual experience powered by HDBaseT technology and the convenience of a single Cat6 cable to transmit uncompressed video with zero latency and multi-streaming for dual-view applications where remote access is required.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this article, I will show you HOW TO: Perform a Physical to Virtual (P2V) Conversion the easy way from a computer backup (image).
This article investigates the question of whether a computer can really be cleaned once it has been infected, and what the best ways of cleaning a computer might be (in this author's opinion).
This Micro Tutorial steps you through the configuration steps to configure your ESXi host Management Network settings and test the management network, ensure the host is recognized by the DNS Server, configure a new password, and the troubleshooting…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…
Suggested Courses

770 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question