× The internal search function is temporarily non-functional. The current search engine is no longer viable and we are researching alternatives.
As a stop gap measure, we are using Google's custom search engine service.
If you know of an easy to use, open source, search engine ... please contact support@midrange.com.


  1.  Home
  2. MIDRANGE-L
  3. January 2004

Re: Scanning the iSeries (IFS) for Viruses

i would think any processing of the ftp files has some integrity check in it
for valid data. You are reading a file and not executing a .exe.
If you read a file with commands inside, it would only look like data,
and not the data expected.
I have found many .exe and other various "pc executables" in
unprotected IFS directories. But something has to call them to do damage.
jim
----- Original Message ----- 
From: <rob@xxxxxxxxx>
To: "Midrange Systems Technical Discussion" <midrange-l@xxxxxxxxxxxx>
Sent: Thursday, January 29, 2004 12:40 PM
Subject: RE: Scanning the iSeries (IFS) for Viruses


> In most points you are right.
> - We are using an FTP exit program.
> - We do have shares assigned to the various restricted by exit point
> directories.
> - The PC's that access these directories all have virus scanning software
> on them.
> - We have a business reason.  Well, partially.  Some of our ftp is
> immediately converted using CPYFRM... to a DB2 file and posted into our
> business data.  I can't see how a virus would affect that.  Some is just
> raw ftp serving.  But some may argue that in general that the iSeries is
> the least cost effective solution on the market, but I tend to disagree
> with them using my own "lies, damned lies, and statistics".  :-)
>
> But scanning these directories themselves are not done.
>
> Hmm, I wonder if any of the exit point vendors have a virus solution?
> Perhaps it would be as simple as on the ftp exit point, simply calling the
> byteware package, or some other scanning solution for that single file.
> Granted, you have to wait until the file is all uploaded and the exit
> point is called immediately prior to the upload.  Then perhaps all the
> exit point vendors duty is to allow you to call something else when a put
> operation is completed.
>
> We do have an email virus scanning package, but not a 'ftp virus scanning
> package'.
>
> Rob Berendt
> -- 
> Group Dekko Services, LLC
> Dept 01.073
> PO Box 2000
> Dock 108
> 6928N 400E
> Kendallville, IN 46755
> http://www.dekko.com
>
>
>
>
>
> "Joe Pluta" <joepluta@xxxxxxxxxxxxxxxxx>
> Sent by: midrange-l-bounces@xxxxxxxxxxxx
> 01/29/2004 12:14 PM
> Please respond to
> Midrange Systems Technical Discussion <midrange-l@xxxxxxxxxxxx>
>
>
> To
> "'Midrange Systems Technical Discussion'" <midrange-l@xxxxxxxxxxxx>
> cc
>
> Fax to
>
> Subject
> RE: Scanning the iSeries (IFS) for Viruses
>
>
>
>
>
>
> > From: rob@xxxxxxxxx
> >
> > Technically that's true.  However 1)  A virus could be placed on a
> directory that's not shared, via FTP, etc.
>
> Yeah, that's true.  But then how would it infect another machine, except
> again through FTP?  And if you're distributing stuff through your
> network via FTP without scanning it, you've got bigger problems.
>
> Also, allowing unfettered access to your IFS via FTP is asking for
> trouble.  If it were me, I'd lock FTP down tight with an exit program.
>
> Of course, I have a general issue with using the iSeries as an FTP file
> repository.  It's about the LEAST cost-effective storage medium on the
> planet, but if you're using it to back up those files, then you may have
> a valid business reason.  At that point, I'd designate a specific folder
> for FTP access and make sure it's mapped specifically for scanning
> purposes.
>
> If on the other hand you allow unregulated FTP access to your IFS and
> you don't really know who is putting what where, then I'd agree you have
> a security issue.  But it's a lot bigger than a virus.
>
> Joe
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
> list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>
> _______________________________________________
> This is the Midrange Systems Technical Discussion (MIDRANGE-L) mailing
list
> To post a message email: MIDRANGE-L@xxxxxxxxxxxx
> To subscribe, unsubscribe, or change list options,
> visit: http://lists.midrange.com/mailman/listinfo/midrange-l
> or email: MIDRANGE-L-request@xxxxxxxxxxxx
> Before posting, please take a moment to review the archives
> at http://archive.midrange.com/midrange-l.
>
>

As an Amazon Associate we earn from qualifying purchases.

This thread ...
Replies:
Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.