Virus scanning the iSeries IFS
Application security, backdoors, Compliance, configuration, CRM, Current threats, Database, Disaster Recovery, Encryption, Exchange, Firewalls, Forensics, Hacking, human factors, Incident response, Instant Messaging, Intrusion management, Network security, patching, PEN testing, Platform Security, Policies, Risk management, Secure Coding, Security, Security Program Management, Spyware, Trojans, Viruses, VPN, vulnerability management, Wireless, worms
Do you know of any products that will allow me to scan my IFS for viruses? If so, are you using the product(s) and are you satisfied with their performance?
THANKS! for your help.
Software/Hardware used:
Software/Hardware used:
ASKED:
February 7, 2006 7:22 AM
UPDATED:
February 13, 2006 10:18 AM
Answer Wiki:
There are a couple of ways to scan the IFS for Viruses. One is to use Trend Micro www.trendmicro.com. I think it more for Domino for iSeries though. The other is to use a PC or NT server with Norton's or other flavor of antivirus. Map a drive to the IFS and scan the drive. This is the cheapest way, but not very fast.
At our shop we don't scan the IFS for virus very often and use the second method I mentioned. Our reasons are, we already have Norton on each desktop and scan incoming email attachments too. The AS/400 is behind our DMZ. Only internal users can get access to the IFS. Having a third layer is overkill for us.
Hope this information helps.
To see all answers submitted to the Answer Wiki: View Answer History.
(Disclaimer — I work for The PowerTech Group, Inc., an iSeries security vendor.)
It’s been a couple years since, but I’ve installed and tested two native AV solutions — McAfee and Sophos. Both performed well enough and I have no major issues with them. I believe that Bytware’s StandGuard AV is built around McAfee and it seems to do well at managing AV activity and integrating with day to day system use. (We wanted to understand the market/technology, but we didn’t see sufficient ROI to pursue.)
Other solutions can be made to work. I think a few have even managed to get ClamAV going. The value-add for a product such as StandGuard AV comes in the GUI control and the automation that’s provided for downloading/installing updates plus the links through the OS/400 registration facility that allow automatic scanning of IFS files when opened, etc.
You can go open-source if you wish. Anything that can be made to run under Linux on PowerPC or AIX can be made to run on iSeries; that includes McAfee, Sophos and possibly others. Or you can go with a product designed for OS/400; StandGuard AV is the only one I’m aware of.
Technically, you can also go with any solution that can access shares across a Windows or a NFS network. This might be run from a cheaper Windows or Linux server or an integrated server card and would access only directories that have been shared. An obvious downside is that this would only cover basic scans and would not cover files as they are opened or written.
FYI, I work for a financial trading company and although the razlee was pitched by their president, I have recently heard good things about that product from a third party.