Newsletters   Subscriptions  Forums  Store   Career  Media Kit  About Us  Contact  Search   Home 
fhs
Volume 5, Number 42 -- October 25, 2005

Raz-Lee Developing Native iSeries Antivirus Software


by Alex Woodie


iSeries shops will have another option when it comes to obtaining native OS/400 anti-virus software next month when Raz-Lee Security is expected to ship iSecurity Anti-Virus. The new software, which is currently undergoing beta tests, is designed to prevent the iSeries' Integrated File System (IFS)--and the Windows clients accessing the IFS--from becoming infected with viruses, Trojan horses, and other types of malicious code.

There's a common misperception in the OS/400 community that the iSeries is immune to viruses. In fact, security professionals for the platform prefer to say that the iSeries is virus "resistant," which reflects the fact that, while there has never been a public report of an OS/400 virus being released into the wild, the venerable server is susceptible to acting as a host for all types of malicious code written for Windows.

These little buggers can even hurt OS/400 applications and data. A virus or worm residing on a Windows client connected to an OS/400 server assumes all the capabilities within the scope and permissions of the infected user, which could enable the vector to erase files, or even cause critical applications and services like DNS, PASE, and Telnet to fail.

This is not just a theoretical threat. There are many reported cases of iSeries boxes serving as unwitting hosts for thousands of Windows viruses, repeatedly re-infecting any Windows client accessing files stored on the iSeries' IFS. Before the first native OS/400 antivirus scanner became available, IBM recommended OS/400 shops periodically check their IFS via a complicated procedure that involved mapping the IFS to a PC equipped with antivirus software, and checking for infections there.

However, this process lacked speed and simplicity, which led IBM to ask its partner ISVs to develop an antivirus scanning solution that runs natively under OS/400. Bytware responded with StandGuard Anti-Virus, an OS/400 implementation of McAfee's antivirus scanner, and which is updated through McAfee's virus definitions (see "Bytware Launches OS/400 Antivirus Software to Treat IFS Infections" for more information).

For nearly two-and-a-half years, Bytware's StandGuard AV has been the only native OS/400 antivirus software on the market. If things go as planned, that will change next month when Raz-Lee Security of Israel launches the antivirus component of its recently revealed iSecurity suite of OS/400 security tools.

iSecurity Anti-Virus 1.0

According to Raz-Lee, the Anti-Virus module of its iSecurity suite is designed to scan, detect, and remove viruses, Trojan horses, and other types of malicious code residing in various kinds of files, including ZIP, gzip, JAR, and tar files. Customers can either use the product's built-in scheduler to set the product to periodically scan the IFS, or they can use OS/400's scheduler, which the product integrates with.

The product supports the "on-access" scanning capability of OS/400 V5R3, which enables an antivirus scan to be called and performed just prior to an IFS file being opened by a PC. The software will also check a file for viruses after it's been closed on the PC, just prior to uploading it back to the IFS. A history log is also provided to supervise the product's activity.


Users have the option of interacting with iSecurity Anti-Virus via a native green-screen interface or a Java-based GUI. The software is offered in multiple languages, including English, although specific details were not provided by press time. It is also enabled for double-bit character sets, according to product screen captures provided by the company, which means it supports Asian languages.

According to Raz-Lee, the virus definitions used by iSecurity Anti-Virus are based on an open-source Linux antivirus implementation. The company says users have two ways to obtain updated virus definitions. They can either download them directly off the Web to their iSeries, or they can download them first to a PC, and then upload them to the iSeries over a LAN. As a safety precaution, any PC attempting to update the iSeries with virus definitions is first disconnected from the Internet, according to Raz-Lee. The company claims the open-source, Linux-based virus definitions it uses are often updated to protected against new threats before the definitions offered by commercial antivirus software vendors become available.

Presumably, the virus-scanning engine used by iSecurity Anti-Virus is also based on the open-source, Linux-based antivirus product used by Raz-Lee, in addition to the virus definitions. However, attempts to clarify this point, and to obtain the exact identity of this critical antivirus component from Raz-Lee's corporate and U.S. offices, were not successful prior to this newsletter's deadline.

Anti-Virus is one of nine components of Raz-Lee's iSecurity suite, which the company first started talking about in August. Other modules of the iSecurity suite include: Assessment; Firewall; Screen; Password; Audit; Action; View; Capture; and Visualizer. The Anti-Virus component will be available in the Gold and Silver packages that Raz-Lee is putting together; however, it's unknown if Anti-Virus will be available on a stand-alone basis.

iSecurity Anti-Virus 1.0 works with OS/400 V5R2 and OS/400 V5R3, although on-access scanning is only available with V5R3. The product is currently undergoing beta tests, with general availability slated for November 15. Pricing was not provided. More information may be available at www.razlee.com.


This article has been corrected since it was first published. It was erroneously stated that malicious code written for Windows cannot hurt OS/400 applications or data. In fact, a worm- or virus-laden Windows PC connected to an iSeries inherits all of the capabilities within the scope and permissions of the infected user, which could enable a virus to erase files on the iSeries and cause critical application services to fail. [Correction made 10/25/05.]

Sponsored By
ALDON

Version Control vs. SCM:
Download a White Paper

While version control is the first step in change management, you need a more powerful solution if you are developing in multi-platform environments, distributing to geographically diverse teams or are regulated.

Aldon provides Enterprise Software Configuration and Change Management robust enough to handle today's needs.

Learn more at
www.aldon.com
Editor: Alex Woodie
Contributing Editors: Dan Burger, Joe Hertvik,
Shannon O'Donnell, Timothy Prickett Morgan
Publisher and Advertising Director: Jenny Thomas
Advertising Sales Representative: Kim Reed
Contact the Editors: To contact anyone on the IT Jungle Team
Go to our contacts page and send us a message.

THIS ISSUE
SPONSORED BY:

Bytware
Aldon
Advanced Systems Concepts
Lakeview Technology
Asymex


Four Hundred Stuff

BACK ISSUES

TABLE OF
CONTENTS
iTera Says Out-of-Synch Conditions are a Thing of the Past

Raz-Lee Developing Native iSeries Antivirus Software

The Real World, Versus Real-World Load Testing

For LANSA, 3-Way Product Data Synch is as Easy as ABI EC

News Briefs and Product Shorts


The Four Hundred
Behind the Scenes at the Award-Winning iSeries Support Center

iSeries Sales Rebound 25 Percent in Q3

Sometimes You Have to Think--and Look--Inside the Box

Four Hundred Guru
Find the Length of a Character String in CL

Bugged by the Interactive Debugger

Admin Alert: How to Change OS/400 Command Default Parameters

Four Hundred Monitor


Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.
Guild Companies, Inc. (formerly Midrange Server), 50 Park Terrace East, Suite 8F, New York, NY 10034
Privacy Statement