|Applies To||RSA Product Set: SecurID|
RSA Product/Service Type: Authentication Manager
RSA Version/Condition: 8.1.0
O/S Version: ESXi 5.0
Product Description: RSA SID Access Virtual Appliance
|Issue||Need to configure ClamAV and Information|
|Resolution||>>ClamAV: RSA Authentication Manager Antivirus |
Each RSA Authentication Manager instance includes Clam Antivirus (ClamAV) software. ClamAV is an open-source software toolkit that is intended to reduce the risk of intrusion or malicious system or data access. Apply software updates to ClamAV only as part of RSA-delivered updates.
>> What action is taken by ClamAV when a virus is found (either during a scheduled or on-access scan), Will the infected files be cleaned, deleted, or moved to quarantine ?
The ClamAV detects but it doesn't clean up nor quarantine any viruses. By default it only logs the infected files in /var/log/clamav.log.
You can control the action it takes by using one of the below options with clamscan:
-i, --infected : Only print infected files.
>> ClamAV is not a resident scanner. The Scan has to be initiated manually. It’s not a real time scanner, it can be setup to run scheduled scans only.
To run scans manually , type the following line:
sudo clamscan -r / --exclude-dir=/proc --exclude-dir=/sys --exclude-dir=/opt/rsa/am/rsapgdata --follow-dir-symlinks=0 --follow-file-symlinks=0 --log=/var/log/clamav.log
To schedule automatic virus scans, create a cron job that runs the same command
>> How to update the signatures?
You will need to update them by updating definition files, If the Authentication Manager instance has access to the Internet, you can automatically download and apply the latest antivirus definition files. Type the following command:
If the Authentication Manager instance does not have access to the Internet, manually download the main.cvd and daily.cvd antivirus definition files from the ClamAV web site:
|Notes||More details on the man page: http://linux.die.net/man/1/clamscan|
Additional Information: https://help.ubuntu.com/community/ClamAVare ClamAV:Infected files reporting
Set up procedure : RSA Authentication Manager Administrator's guide page 416