[Last Call] Learn how to a build a cloud-first strategyRegister Now


How to check the Antivirus in the ESX server,

Posted on 2009-05-08
Medium Priority
Last Modified: 2013-12-09
Hi I have a ESX server and I have installed Mcafee antivirus linux shield now I want to check the Antivirus version in that and the Dat file version. Can some one provide the commands please.
Question by:pavansiva29
  • 2
LVL 23

Accepted Solution

Mysidia earned 2000 total points
ID: 24351494
Well, technically, there shouldn't be a way to check AV on an ESX server, because there should absolutely never be an AV on an ESX server.

Mcafee antivirus linux is for Linux servers, not ESX installations. In fact, it is completely inappropriate to install software of this nature in the embedded COS of an ESX server.

You should not be running software or allowing anyone to upload random files to your VMware ESX console OS, EXCEPT for management agents specifically approved by VMware.   High-resource programs like Antivirus apps are among the worst possible unapproved software you can try to install on the COS.

Recommended way to remediate this unsuppored config is to perform a clean re-install of ESX  and refrain from re-installing the "LinuxShield" software after the clean install.

ONLY  VMware Administrators should  ever be allowed to have shell login credentials or gain access over the network to the COS IP addresses of a VMware server;  firewalls should be put in place to deny casual access.

THIS is the way you prevent the Console OS of ESX servers from being subjugated by security risks, not by installing software that is intended for regular Linux servers.

The service console has specifically limited resources and it's not to be treated as a server, you may terribly disrupt your virtualization environment and cause failure of ESX and Virtual machines running in your environment by doing so.

This is especially grave if you are utilizing advanced features of VMware such as VMware HA or VMotion.     Unexpected resource consumption by software running in the COS can cause missed heartbeats resulting in cluster failover.

In extreme cases, a runaway AV process may  lock administrators out of the ESX management access.

There are very few system resources assigned to the ESX COS...  in fact,  there are not enough system resources there, really,  to run an AV.

I fully expect,  you will eventually have problems with your ESX server swapping or crashing and needing reboots,  when it reaches high uptimes.

LVL 23

Expert Comment

ID: 24351577
When Linuxshield is running on a server, you should be able to access it using     http://<hostname>:<port number>
By default 554433

Username 'nails'  and the password specified at time of installation.
It will have to be remote (no browser on the COS)

However,  ESX  will by default not allow this,  because there is a firewall in ESX that only permits traffic to the VMware virtualcenter and management ports.
You would need to update your firewall configuration in the Security Profile of the ESX server (using the remote console program), login to VMware, and
update configuration to allow connections on the port.

Again, this is not recommended.   The AV software may actually be a security risk, by the way.

ESPECIALLY if you are scanning files in /vmfs  filesystems.
Should the AV software contain a security hole, it may be possible for malware running on a guest OS  to exploit the hole and thereby use the AV as a path to getting into the COS.

The COS is indeed _that_ secure, that the AV itself is a much bigger risk than other theoretically possible paths of entry,  if your environment is setup correctly.

There is also a high probability of false positives if you allow virtual disks to be scanned in /vmfs.  Plus strong possibility of disrupting performance of all VMs.

And if you have shared filesystems in /vmfs,  there are even more serious issues involved.

Keep in mind also, that the VMware hypervisor heavily throttles all disk activity of the COS. So reads and writes will be dreadfully slow,  and any attempt to perform on-demand scanning will be potentially a very lengthy process.

LVL 18

Expert Comment

ID: 24352476
When the next ESX package is launched (known as vSphere), there will be a new API available known as VMsafe. VMsafe will allow the security vendors to implement their security products into the virtualization layer and McAfee has announced that they are going to support this new API. At what point we'll start seeing products supporting this future ESX version is still unknown. vSphere licenses will be available at May 21st, but GA is probably a bit later.


Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

An introduction to the wonderful sport of Scam Baiting.  Learn how to help fight scammers by beating them at their own game. This great pass time helps the world, while providing an endless source of entertainment. Enjoy!
Curious about the latest ransomware attack? Check out our timeline of events surrounding the spread of this new virus along with tips on how to mitigate the damage.
This Micro Tutorial walks you through using a remote console to access a server and install ESXi 5.1. This example is showing remote access and installation using a Dell server. The hypervisor is the very first component of your virtual infrastructu…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.
Suggested Courses

834 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question