The McAfee MOVE AV SVM Settings policy must be configured to scan for Multipurpose Internet Mail Extensions (MIME)-encoded files.
Overview
| Finding ID | Version | Rule ID | IA Controls | Severity |
|---|---|---|---|---|
| V-78573 | MV45-SVM-000006 | SV-93279r1_rule | Medium |
| Description |
|---|
| Multipurpose Internet Mail Extensions (MIME) encoded files can be crafted to hide a malicious payload. When the MIME encoded file is presented to software that decodes the MIME encoded files, such as an email client, the malware is released. Scanning these files as part of the regularly scheduled scans tasks will mitigate this risk. |
| STIG | Date |
|---|---|
| McAfee MOVE AV Multi-Platform 4.5 Security Technical Implementation Guide | 2018-07-09 |
Details
| Check Text ( C-78143r1_chk ) |
|---|
| Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "Scanning Options", verify the "Enabled scanning for MIME-encoded files" check box is selected. If the "Enabled scanning for MIME-encoded files" is not selected, this is a finding. |
| Fix Text (F-85309r1_fix) |
|---|
| Access the McAfee ePO console. Select Menu >> Policy >> Policy Catalog and then select "MOVE AntiVirus 4.5.0" from the Product list. From the Category list, select "SVM Settings". Select each configured SVM Settings policy. Click "Show Advanced". Under "Scanning Options", select the "Enabled scanning for MIME-encoded files" check box. Click "Save". |