McAfee Takes Six Months To Patch Remote Code Exploit In Linux VirusScan Enterprise

mask.of.sanity writes: A researcher has reported 10 vulnerabilities in McAfee's VirusScan Enterprise for Linux that when chained together result in root remote code execution. McAfee took six months to fix the bugs issuing a patch December 9th.
Citing the security note, CSO adds that "one of the issues affects Virus Scan Enterprise for Windows version 8.7i through at least 8.8." The vulnerability was reported by Andrew Fasano at MIT's federally-funded security lab, who said he targeted McAfee's client because "it runs as root, it claims to make your machine more secure, it's not particularly popular, and it looks like it hasn't been updated in a long time."

Re:Anti-Virus on Linux?

How common is it for Linux systems to have discrete anti-virus software running on them?

Nowadays it's unheard of. Everybody uninstalled antivirus on linux because of the false positives from systemd.

Re: Anti-Virus on Linux?

[bsDaemon]

They can be used to scan emails coming in our out of your mail server; scan files on web servers for thing that might there to be infect other end points, etc. As to how common it is in the "real world," I don't know. I remember arguing about a requirement to support Mcafee with DISA a while back because running a competitor's product on the control plane of our own certainly was a non-starter, but they had a requirement around it. We won the argument, but it took some doing.

McAfee is only for the clueless

[pete6677]

You can tell a company IT department is run by clueless morons if they install McAfee products, which have always caused many more problems then they've prevented.

Re:Anti-Virus on Linux?

[LVSlushdat]

Last company I worked for before I retired in 2010, had a compute cluster of a bit over 100 Dell 1U servers running, at the time, RHEL3/4. One of my tasks at the time was to upgrade them from RHEL3/4 to 5.. I suggested going with CentOS5 to save some serious $$$. I was shot down, as the PTB decided that RHEL5 was the way they would go, AND each node would get McAfee AV. Cue me shuddering.. Fortuantly, the PTB got a quote from Redhat that apparently shocked even them and I was given the goahead to use CentOS5 and only put AV on the master node which would get ONE license for RHEL5. We also had several Precision workstations running Linux and I was directed to put McAfee on them.. WHAT a pain in the ass to get that piece of shit even working correctly..
Up to that point, I'd never seen AV on any Linux machine besides a mailserver to stop malware getting on any Windows clients...