[Last Call] Learn about multicloud storage options and how to improve your company's cloud strategy. Register Now


How to check the Antivirus in the ESX server,

Posted on 2009-05-08
Medium Priority
Last Modified: 2013-12-09
Hi I have a ESX server and I have installed Mcafee antivirus linux shield now I want to check the Antivirus version in that and the Dat file version. Can some one provide the commands please.
Question by:pavansiva29
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
LVL 23

Accepted Solution

Mysidia earned 2000 total points
ID: 24351494
Well, technically, there shouldn't be a way to check AV on an ESX server, because there should absolutely never be an AV on an ESX server.

Mcafee antivirus linux is for Linux servers, not ESX installations. In fact, it is completely inappropriate to install software of this nature in the embedded COS of an ESX server.

You should not be running software or allowing anyone to upload random files to your VMware ESX console OS, EXCEPT for management agents specifically approved by VMware.   High-resource programs like Antivirus apps are among the worst possible unapproved software you can try to install on the COS.

Recommended way to remediate this unsuppored config is to perform a clean re-install of ESX  and refrain from re-installing the "LinuxShield" software after the clean install.

ONLY  VMware Administrators should  ever be allowed to have shell login credentials or gain access over the network to the COS IP addresses of a VMware server;  firewalls should be put in place to deny casual access.

THIS is the way you prevent the Console OS of ESX servers from being subjugated by security risks, not by installing software that is intended for regular Linux servers.

The service console has specifically limited resources and it's not to be treated as a server, you may terribly disrupt your virtualization environment and cause failure of ESX and Virtual machines running in your environment by doing so.

This is especially grave if you are utilizing advanced features of VMware such as VMware HA or VMotion.     Unexpected resource consumption by software running in the COS can cause missed heartbeats resulting in cluster failover.

In extreme cases, a runaway AV process may  lock administrators out of the ESX management access.

There are very few system resources assigned to the ESX COS...  in fact,  there are not enough system resources there, really,  to run an AV.

I fully expect,  you will eventually have problems with your ESX server swapping or crashing and needing reboots,  when it reaches high uptimes.

LVL 23

Expert Comment

ID: 24351577
When Linuxshield is running on a server, you should be able to access it using     http://<hostname>:<port number>
By default 554433

Username 'nails'  and the password specified at time of installation.
It will have to be remote (no browser on the COS)

However,  ESX  will by default not allow this,  because there is a firewall in ESX that only permits traffic to the VMware virtualcenter and management ports.
You would need to update your firewall configuration in the Security Profile of the ESX server (using the remote console program), login to VMware, and
update configuration to allow connections on the port.

Again, this is not recommended.   The AV software may actually be a security risk, by the way.

ESPECIALLY if you are scanning files in /vmfs  filesystems.
Should the AV software contain a security hole, it may be possible for malware running on a guest OS  to exploit the hole and thereby use the AV as a path to getting into the COS.

The COS is indeed _that_ secure, that the AV itself is a much bigger risk than other theoretically possible paths of entry,  if your environment is setup correctly.

There is also a high probability of false positives if you allow virtual disks to be scanned in /vmfs.  Plus strong possibility of disrupting performance of all VMs.

And if you have shared filesystems in /vmfs,  there are even more serious issues involved.

Keep in mind also, that the VMware hypervisor heavily throttles all disk activity of the COS. So reads and writes will be dreadfully slow,  and any attempt to perform on-demand scanning will be potentially a very lengthy process.

LVL 18

Expert Comment

ID: 24352476
When the next ESX package is launched (known as vSphere), there will be a new API available known as VMsafe. VMsafe will allow the security vendors to implement their security products into the virtualization layer and McAfee has announced that they are going to support this new API. At what point we'll start seeing products supporting this future ESX version is still unknown. vSphere licenses will be available at May 21st, but GA is probably a bit later.


Featured Post

2017 Webroot Threat Report

MSPs: Get the facts you need to protect your clients.
The 2017 Webroot Threat Report provides a uniquely insightful global view into the analysis and discoveries made by the Webroot® Threat Intelligence Platform to provide insights on key trends and risks as seen by our users.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Google Drive is extremely cheap offsite storage, and it's even possible to get extra storage for free for two years.  You can use the free account 15GB, and if you have an Android device..when you install Google Drive for the first time it will give…
In part one, we reviewed the prerequisites required for installing SQL Server vNext. In this part we will explore how to install Microsoft's SQL Server on Ubuntu 16.04.
Teach the user how to join ESXi hosts to Active Directory domains Open vSphere Client: Join ESXi host to AD domain: Verify ESXi computer account in AD: Configure permissions for domain user in ESXi: Test domain user login to ESXi host:
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

656 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question