How to check the Antivirus in the ESX server,

Hi I have a ESX server and I have installed Mcafee antivirus linux shield now I want to check the Antivirus version in that and the Dat file version. Can some one provide the commands please.
pavansiva29Asked:
Who is Participating?

[Webinar] Streamline your web hosting managementRegister Today

x
 
MysidiaConnect With a Mentor Commented:
Well, technically, there shouldn't be a way to check AV on an ESX server, because there should absolutely never be an AV on an ESX server.


Mcafee antivirus linux is for Linux servers, not ESX installations. In fact, it is completely inappropriate to install software of this nature in the embedded COS of an ESX server.

You should not be running software or allowing anyone to upload random files to your VMware ESX console OS, EXCEPT for management agents specifically approved by VMware.   High-resource programs like Antivirus apps are among the worst possible unapproved software you can try to install on the COS.

Recommended way to remediate this unsuppored config is to perform a clean re-install of ESX  and refrain from re-installing the "LinuxShield" software after the clean install.


ONLY  VMware Administrators should  ever be allowed to have shell login credentials or gain access over the network to the COS IP addresses of a VMware server;  firewalls should be put in place to deny casual access.

THIS is the way you prevent the Console OS of ESX servers from being subjugated by security risks, not by installing software that is intended for regular Linux servers.

The service console has specifically limited resources and it's not to be treated as a server, you may terribly disrupt your virtualization environment and cause failure of ESX and Virtual machines running in your environment by doing so.

This is especially grave if you are utilizing advanced features of VMware such as VMware HA or VMotion.     Unexpected resource consumption by software running in the COS can cause missed heartbeats resulting in cluster failover.


In extreme cases, a runaway AV process may  lock administrators out of the ESX management access.

There are very few system resources assigned to the ESX COS...  in fact,  there are not enough system resources there, really,  to run an AV.

I fully expect,  you will eventually have problems with your ESX server swapping or crashing and needing reboots,  when it reaches high uptimes.



0
 
MysidiaCommented:
When Linuxshield is running on a server, you should be able to access it using     http://<hostname>:<port number>
By default 554433

Username 'nails'  and the password specified at time of installation.
It will have to be remote (no browser on the COS)

However,  ESX  will by default not allow this,  because there is a firewall in ESX that only permits traffic to the VMware virtualcenter and management ports.
You would need to update your firewall configuration in the Security Profile of the ESX server (using the remote console program), login to VMware, and
update configuration to allow connections on the port.

Again, this is not recommended.   The AV software may actually be a security risk, by the way.

ESPECIALLY if you are scanning files in /vmfs  filesystems.
Should the AV software contain a security hole, it may be possible for malware running on a guest OS  to exploit the hole and thereby use the AV as a path to getting into the COS.

The COS is indeed _that_ secure, that the AV itself is a much bigger risk than other theoretically possible paths of entry,  if your environment is setup correctly.


There is also a high probability of false positives if you allow virtual disks to be scanned in /vmfs.  Plus strong possibility of disrupting performance of all VMs.

And if you have shared filesystems in /vmfs,  there are even more serious issues involved.


Keep in mind also, that the VMware hypervisor heavily throttles all disk activity of the COS. So reads and writes will be dreadfully slow,  and any attempt to perform on-demand scanning will be potentially a very lengthy process.





0
 
larstrCommented:
When the next ESX package is launched (known as vSphere), there will be a new API available known as VMsafe. VMsafe will allow the security vendors to implement their security products into the virtualization layer and McAfee has announced that they are going to support this new API. At what point we'll start seeing products supporting this future ESX version is still unknown. vSphere licenses will be available at May 21st, but GA is probably a bit later.

Lars
0
All Courses

From novice to tech pro — start learning today.