Solved

How to check the Antivirus in the ESX server,

Posted on 2009-05-08
5
1,181 Views
Last Modified: 2013-12-09
Hi I have a ESX server and I have installed Mcafee antivirus linux shield now I want to check the Antivirus version in that and the Dat file version. Can some one provide the commands please.
0
Comment
Question by:pavansiva29
  • 2
5 Comments
 
LVL 23

Accepted Solution

by:
Mysidia earned 500 total points
Comment Utility
Well, technically, there shouldn't be a way to check AV on an ESX server, because there should absolutely never be an AV on an ESX server.


Mcafee antivirus linux is for Linux servers, not ESX installations. In fact, it is completely inappropriate to install software of this nature in the embedded COS of an ESX server.

You should not be running software or allowing anyone to upload random files to your VMware ESX console OS, EXCEPT for management agents specifically approved by VMware.   High-resource programs like Antivirus apps are among the worst possible unapproved software you can try to install on the COS.

Recommended way to remediate this unsuppored config is to perform a clean re-install of ESX  and refrain from re-installing the "LinuxShield" software after the clean install.


ONLY  VMware Administrators should  ever be allowed to have shell login credentials or gain access over the network to the COS IP addresses of a VMware server;  firewalls should be put in place to deny casual access.

THIS is the way you prevent the Console OS of ESX servers from being subjugated by security risks, not by installing software that is intended for regular Linux servers.

The service console has specifically limited resources and it's not to be treated as a server, you may terribly disrupt your virtualization environment and cause failure of ESX and Virtual machines running in your environment by doing so.

This is especially grave if you are utilizing advanced features of VMware such as VMware HA or VMotion.     Unexpected resource consumption by software running in the COS can cause missed heartbeats resulting in cluster failover.


In extreme cases, a runaway AV process may  lock administrators out of the ESX management access.

There are very few system resources assigned to the ESX COS...  in fact,  there are not enough system resources there, really,  to run an AV.

I fully expect,  you will eventually have problems with your ESX server swapping or crashing and needing reboots,  when it reaches high uptimes.



0
 
LVL 23

Expert Comment

by:Mysidia
Comment Utility
When Linuxshield is running on a server, you should be able to access it using     http://<hostname>:<port number>
By default 554433

Username 'nails'  and the password specified at time of installation.
It will have to be remote (no browser on the COS)

However,  ESX  will by default not allow this,  because there is a firewall in ESX that only permits traffic to the VMware virtualcenter and management ports.
You would need to update your firewall configuration in the Security Profile of the ESX server (using the remote console program), login to VMware, and
update configuration to allow connections on the port.

Again, this is not recommended.   The AV software may actually be a security risk, by the way.

ESPECIALLY if you are scanning files in /vmfs  filesystems.
Should the AV software contain a security hole, it may be possible for malware running on a guest OS  to exploit the hole and thereby use the AV as a path to getting into the COS.

The COS is indeed _that_ secure, that the AV itself is a much bigger risk than other theoretically possible paths of entry,  if your environment is setup correctly.


There is also a high probability of false positives if you allow virtual disks to be scanned in /vmfs.  Plus strong possibility of disrupting performance of all VMs.

And if you have shared filesystems in /vmfs,  there are even more serious issues involved.


Keep in mind also, that the VMware hypervisor heavily throttles all disk activity of the COS. So reads and writes will be dreadfully slow,  and any attempt to perform on-demand scanning will be potentially a very lengthy process.





0
 
LVL 18

Expert Comment

by:larstr
Comment Utility
When the next ESX package is launched (known as vSphere), there will be a new API available known as VMsafe. VMsafe will allow the security vendors to implement their security products into the virtualization layer and McAfee has announced that they are going to support this new API. At what point we'll start seeing products supporting this future ESX version is still unknown. vSphere licenses will be available at May 21st, but GA is probably a bit later.

Lars
0

Featured Post

Free Trending Threat Insights Every Day

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

Suggested Solutions

Last article we focus in how to VMware: How to create and use VMs TAGs – Part 1 so before follow this article and perform the next tasks, you should read the first article how to create the TAG before using them in Veeam Backup Jobs.
In this step by step tutorial with screenshots, we will show you HOW TO: Enable SSH Remote Access on a VMware vSphere Hypervisor 6.5 (ESXi 6.5). This is important if you need to enable SSH remote access for additional troubleshooting of the ESXi hos…
Teach the user how to install log collectors and how to configure ESXi 5.5 for remote logging Open console session and mount vCenter Server installer: Install vSphere Core Dump Collector: Install vSphere Syslog Collector: Open vSphere Client: Config…
This video shows you how easy it is to boot from ISO images for virtual machines with the ISO images stored on a local datastore on the ESXi host.

744 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now