Keep PC users out of the IFS by disconnecting any drives mapped to the IFS. If Scanning support is not being used or enabled or if the IBM i system is an older release, then the following steps may be used to disinfect files using a clean PC with current PC OS updates that has the current security program updates and definitions applied: If Scanning support is enabled, actively monitoring, and disinfecting files, then ensure you have the current definitions applied on the IBM i server, along with current Cumulative, Groups, Recommended PTFs for i5/OS NetServer. What to Do If a virus is found in a stream file in the Integrated File System? Your security policies must be designed to protect your system from computer viruses and malicious programs. Security suite program vendors normally provide updated programs that can be downloaded free of charge from the vendor's Web site. New viruses, malwares, spywares, ransomwares appear frequently, and a security suite program cannot provide protection against a malicious activity it does not recognize. Note: The OEM security suite programs must have their files updated regularly. For information and support on these products, please contact the OEM vendor directly. An security suite package that runs on the operating system and makes use of the security suite scanning support is available from vendors: HelpSystems, RazLee, SeaSoft. Additionally APIs, CL commands, and system values are provided for the business partner and user to customize the scanning environment and levels of protection. If the accessed object has a virus and cannot be repaired, the operation fails and prevents the virus from being propagated. These exit points allow real-time (when object is accessed) and manually started scanning. This enablement runs the the OEM security product through the operating system exit points. Scanning enablement allows security suite business partner products to 'hook' into the operating system and detect if an IFS file is a virus carrier when the object is opened (QIBM_QP0L_SCAN_OPEN) or closed (QIBM_QP0L_SCAN_CLOSE). In addition, it is recommended that the IFS Scanning support feature be used. To ensure objects on the IFS are not infected, all clients susceptible to viruses, malware, spyware, ransomware, etc, should run security suite program that monitors for unauthorized activity, and quarantines infected objects on the PC, and thus preventing the spread of infected objects to IBM i server. Likewise, if a network drive is mapped to the IFS, a virus running on a PC (and which is capable of damaging files on a network drive) can damage any file stored on the IFS. An infected file that is copied, moved, or saved from a PC to the IFS and then redistributed to another PC can transmit a virus to the new PC. If the stream based file system is used as a file server for PC files, the files stored on the IFS may carry viruses. The Integrated File System (IFS) is a part of the IBM i operating system, it supports stream input/output and storage management similar to personal computer and UNIX operating systems, while providing an integrating structure over all information stored in the system (see File system comparison). However, the IBM i does provide Scanning support to scan for malicious activity using 3rd party software. PC-based viruses will not run on the IBM i operating system and there are no IBM Anti-Virus, Anti-Spyware, Anti-Malware, Anti-Ransomware, etc programs available from IBM for the IBM i operating system. The architecture of the IBM i system makes it highly unlikely that a virus could be written to attack it. Viruses attack a specific computer architecture.
0 Comments
Leave a Reply. |