|
From: QSCANFSCTL As an iSeries anti-virus provider I feel compelled to comment on some of these points since I deal with viruses every day and iSeries customers with virus related issues.
I am not a vendor. I in no way make or lose money by whether or not someone gets anti-virus software. I am simply trying to be pragmatic.
This is a bit of a tricky statement. The IFS is the entire system, it encompasses all (7?) file systems. That's why the I in IFS stands for Integrated. To say that something must be copied to the IFS is to say that it must be copied to the disk in some way. That's not any different than Windows. But I could also create a symlink to somewhere in QFileSvr.400 and access that file without physically having the file on disk!
Yes, that's exactly what I'm saying. As opposed to data that is created from the iSeries by any iSeries technique (other than copying stream files). That is: if you don't copy stream files (this includes copying, unzipping, FTPing, etc.), you can't get a virus on your IFS. If, on the other hand, you open an IFS directory to one of these methods, you now make your IFS a vector of infection. My point? Don't use your iSeries as a file server and you cannot get infected. However, it should also be noted that even if you do get an infected file in your IFS, IT WILL NOT HURT YOUR iSERIES. It can only cause damage if the virus is subsequently sent to some other "compatibly vulnerable" operating system.
What I think is meant is the files must be copied to the root '/' file system? However, I have seen viruses in QOPT, QSYS (save files), QOpenSys and root all come to mind. There is a general mis-perception that the IFS is separate from the iSeries and is somehow not being used or takes special action to use it (not to imply you are saying that, its just my experience talking with iSeries users).
I'm not sure what you mean by a virus in a QSYS save file. Unless the save file is of an IFS directory that was previously infected by one of the methods I spoke of earlier, YOU CANNOT GET A VIRUS. A virus cannot magically appear in a save file. It must come from an infected directory.
I think what is meant is the viruses must INITIALLY get on an iSeries system via a non-iSeries machine. That is partially true, at some point the file had to get there from somewhere (ie Windows), but after that it can go from iSeries to iSeries quite easily using any of our data transfer methods mentioned above (ie I could FTP you a save file, I could burn a DVD, all using my iSeries).
No. What I mean is that the virus must ORIGINATE on a non-iSeries machine, and only if you use your iSeries as a file server can you POSSIBLY get infected. You say the iSeries is a good file server, but quite honestly it is NOT a good file server. The disk is relatively slow for stream file access and is much more expensive. If all you are doing is moving a file from point A to point C via point B, there is no compelling reason for point B to be an iSeries (except under specific circumstances). If, on the other hand, you're talking about processing a file sent to the iSeries, who cares? No virus in any stream file will hurt an iSeries reading it. And no program written by an iSeries programmer will create a virus; iSeries programmers aren't typically sick that way. As always, the only way to create a virus on an iSeries is to copy one you got from somewhere else. Moral of the story? If you're bringing in viruses into your system, you ought to check them at the door. Any directories that MIGHT be able to receive a virus should not be open to the rest of your network. This is the only place where an iSeries virus scanner might help: if you receive files SOLELY through your iSeries, then let your iSeries scan them before moving them into an accessible directory. But you could just as easily have that directory be on another machine in your network, just as barricaded, and let a cheaper PC-based program scan it. And of course, if any files come into your network without going through the iSeries, then all the iSeries AV software in the world isn't going to do you any good.
I was personally involved in a customer incident where their iSeries telnet server kept crashing. They spent several days with Rochester support loading PTFs and eventually replaced some hardware. Days later it turned out to be a virus (runnning on a Windows PC) that was flooding their telnet server with bad packets. There's a PMR out there that addressed it, quitely as a 'Intergrity problem'. Was their iSeries affected? If you ask this customer I can assure you they wont agree the system cannot be affected. And how do you think they felt about the 2 days of downtime they had?! To make matters worse, once they cleaned the infected PC, the problem came back a week later because the infected file was still on their iSeries and it reinfected their PC but they never checked there. Yes they had antivirus running on their PC but it was freeware and it didn't know about the virus.
This is simply FUD. The problem is that they got a virus on their PC and it attacked their network. This has nothing to do with the iSeries; the attacked machine could have just as easily been a firewall or a phone system. Having iSeries AV software wouldn't have helped at all.
I know of other real situations but I should leave it at that.
I challenge you to provide any evidence of an iSeries being affected by a virus running on the iSeries itself.
Intel viruses aren't going to be running in QBATCH, but that is not required these days to affect a networked server.
True, but an iSeries AV package isn't going to help this problem! And that's what I'm talking about.
The iSeries has probably the best anti-virus technology in existence. It cant be shut down by a virus (unlike Windows). Once a file has been marked as infected it cannot be opened in any way (without changing the system value QSCANFSCTL). Once a file has been scanned successfully it is not scanned again by every other user accessing that file, even if you move the ASP to another iSeries! There can be a permanent record made in QAUDJRN for proof of scanning (good for those regulatory requirements). Sorry if that sounds like a sales pitch its just I'm excited about the technology -- its very impressive what IBM did. Just another example on how the iSeries is better than other platforms (yet gets little respect)!
But this doesn't matter ONE TINY BIT if ANY of your machines is not running ALL of their software off of IFS drives! I don't want to argue the semantics, but an iSeries AV package only stops your iSeries from passing around infections that you got somewhere else. If you are vulnerable to those infections, then you're going to get them in your system, because there's no way that your iSeries is going to protect all the disk in your network.
Thanks for taking the time and interest Joe. I hope the information is helpful. We don't want any of those misrepresentations out there! Mike Grant Bytware, Inc. 775-851-2900
Back atcha. Just don't tell me that putting AV software on my iSeries does anything more than stop the iSeries from being a vector of spread. If I have a virus vulnerability, all the iSeries AV software in the world won't protect me, and in the end, chances are all those viruses won't affect my iSeries anyway! Joe
As an Amazon Associate we earn from qualifying purchases.
This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].
Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.
midrange.com
