Cisco Systems® does not formally certify antivirus products with Cisco® CallManager software. However, the company recognizes that in today's environment any Windows 2000 server needs virus protection, and the Cisco CallManager is no exception. Cisco has verified McAfee VirusScan Enterprise 8.0i with Cisco CallManager under heavy traffic loads. The Cisco Technical Assistance Center (TAC) supports Cisco CallManager installation with McAfee VirusScan Enterprise 8.0i.
Although the installation and configuration of McAfee VirusScan Enterprise is very easy, a few important steps need to be taken. This document provides information about the installation and configuration of McAfee VirusScan Enterprise 8.0i on Cisco CallManager platforms based on Cisco's experience in company labs and comments from customers who have successfully implemented antivirus software.
Installation is pretty straight forward. During the installation process, you will select a "Typical Installation".
1. Insert the disk. The following splash screen will be displayed (Figure 1).
Figure 1. McAfee Multi-Tier Anti-Virus Version 8.0i
2. Select VirusScan v8.0i for WinNT/2K/XP (Figure 2).
Figure 2. Selecting VirusScan v8.01 for Win NT/2K/XP
3. Now click Install VirusScan v8.0i (Figure 3).
Figure 3. Installing McAfee VirusScan
4. When the process begins you will see the screen shown in Figure 4.
Figure 4. Recompose Screen
5. On the User Agreement screen, click Next (Figure 5).
Figure 5. McAfee VirusScan Enterprise Setup
6. Read the License Agreement. Choose the proper license expiry type and country. Choose the radio button to accept the terms and click OK (Figure 6).
Figure 6. License Agreement
7. Select Typical for the Setup type and click Next (Figure 7).
Figure 7. Setup Type
8. Click Install to start installation (Figures 8 and 9).
Figure 8. Installation Confirmation
Figure 9. Installation Progress
9. Uncheck the Update Now and Run On-Demand Scan boxes. These should be completed after the configuration. Click Finish (Figure 10).
Figure 10. Installation Completion Screen
For normal operation on Cisco CallManager, most of the default settings for McAfee VirusScan Enterprise 8.0i are fine. However, the default setting for the maximum CPU usage and the heuristics must be changed, the Script-Scan option must be disabled, and the trace files directory needs to be excluded.
The next section describes this process.
Configuring Maximum CPU Usage and Heuristics
1. Right click the McAfee VirusScan icon in the System Tray and choose VirusScan Console. (Figure 11).
Figure 11. VirusScan System Tray
2. In the VirusScan Console window, right click Scan All Fixed Disks and choose Properties. (Figure 12).
Figure 12. VirusScan Console
3. Left click the Advanced tab.
4. Move the CPU Utilization slider from 100% to 10% and also uncheck both Heuristics (Figure 13).
Figure 13. VirusScan On-Demand Scan Properties
5. In the VirusScan console, right click On-Access Scanner and choose Properties (Figure 14).
Figure 14. VirusScan Console
Figure 15. On-Access Scan Properties
6. Now left click the Script Scan tab and then uncheck the Enable Script Scan (Figure 16).
Figure 16. ScriptScan Properties
7. Click Apply.
8. Click Ok.
Configuring the Exclusions for Cisco CallManager
9. Now open the VirusScan Console and right click ScanAll Fixed Disks and choose Properties and go to Detection (Figure 17).
Figure 17. ScanAll Fixed Disks Properties
10. Now click the Exclusion button and then left click Add (Figure 18).
Figure 18. Set Exclusions
11. In the Add Exclusion Item screen, add the C:\Programs\Cisco\Trace directory for the Cisco Trace (Figure 19).
Figure 19. Add Exclusion Item Screen
If the server is running any third-party applications, these programs may need to be excluded from scanning to avoid any performance problems. Customization of file scanning should be looked at on a per-server basis to determine what configuration meets the customer's needs.
Possible Negative Impact on the Server of Scheduled File Scanning
The protection McAfee VirusScan Enterprise 8.0i offers by running in the background and scheduled file scanning of the entire directory structure are different processes. Scheduled file scanning is very processor-intensive, potentially impacting call processing if this occurred during high-volume traffic. Therefore, it is critical to schedule a complete file scan only during the middle of the night or other nonpeak time schedules.
Disabling Antivirus Software during Cisco CallManager Installations and Upgrades
During an installation or upgrade of Cisco CallManager, you will be prompted to disable antivirus software prior to continuing. This is done by right clicking the McAfee icon in the task bar and disabling the virus scan software.
McAfee VirusScan Enterprise 8.0i can be uninstalled using the normal Windows 2000 software uninstall procedure.
1. Open the Control Panel (Figure 20).
Figure 20. Opening Control Panel
2. Choose Add/Remove Programs (Figure 21).
Figure 21. Control Panel
3. Click the Remove button on McAfee VirusScan Enterprise (Figure 22).