Newsletters Subscriptions Forums Media Kit About Us Contact Search Home

Stuff
OS/400 Edition
Volume 2, Number 22 -- November 6, 2003

OS/400 Alert: Filtering SMTP Server


by Shannon O'Donnell

This week we will take a look at how to use the iSeries Navigator and an OS/400 SMTP server to protect your system from being used as an e-mail virus propagator. If you are interested in getting the most out of Windows PC security, you will want to read the section on Microsoft security tutorials. And, finally, we alert you to a search-engine-hijacking program that may be installed on your PC right now, sending confidential Windows account information to its host server.

Filtering E-Mail for OS/400 SMTP Server

With so many e-mail viruses floating around the Web, you are probably more than a little worried about your AS/400 or iSeries becoming infected by one of them. Our venerable computing system is immune to most, if not all, of the viruses spreading around the Internet today. Of course, an Integrated File System (IFS) can still act as a repository for viruses, even though it is not infected, in the traditional meaning of the word. The Nimda virus is a good example of how a virus, spread by Windows PCs, was able to propagate itself through OS/400 mapped drives, even though the AS/400 itself was not vulnerable. Another way the AS/400 can be used to spread mail viruses is through its SMTP (Simple Mail Transfer Protocol) server.

If you are using the OS/400 SMTP server to send, receive, or forward e-mail, you may inadvertently be passing along virus-infected e-mail. If you are concerned about this, there is a way to configure your SMTP server to filter e-mail you do not want to pass along.

Configuring the SMTP E-Mail Filter

To configure the SMTP e-mail filter, open an Operations Navigator (or iSeries Navigator) session and expand the Network tree item all the way through to the TCP/IP Servers tree item. Finally, right-click the SMTP Server and select Properties from the context menu. When you do, you should see a new panel.

If you do not see this panel, click the Filters tab on the panel you do have open.

The e-mail filter is very easy to use and can be configured from the single interface of the Properties panel on the iSeries Navigator SMTP server. One way you can choose to filter e-mail is by subject line. If, for example, you know that a certain virus is floating around the Web with a subject line of "Don't be late," you can click the Subject Comparison Add button and add that text to the list, and any e-mail with that subject line won't be allowed through.

The same technique works when you want to filter e-mail by file name extensions (if you do not want to allow *.exe or *.bmp files through as attachments, for example). You can also filter e-mail by originator address (don't accept e-mails from jerk@hotmail.com, for example) or by type/subtype in content-type.

There is no native OS/400 virus filter, at least not one supported by IBM, although there are third-party virus filters designed for OS/400. However, the e-mail filter tool for the SMTP server is a step in the right direction. When used judiciously and updated regularly, you have a tool that can be used as one more step in locking down your OS/400 server against attacks.

This Week's Nasty Windows Worries

W32.Mimail.C@mm, W32.Mimail.D@mm, W32.Mimial.E@mm--Suppose you get an e-mail with a subject line that reads "Don't be late!" or "Our Private Photos," and it has an attachment named readnow.zip or photos.zip. Do not open it! These little viruses are so much fun that Norton created a special tool to get rid of them. Can you say Nimbda?

Backdoor.Madfind is a virus that gives a hacker complete access to your system via ports 123 and 2425.

W32.HLLW.Gaobot.BV is a virus that takes advantages of multiple vulnerabilities, including the DCOM RPC vulnerability, the RPC locator vulnerability, and the WebDav vulnerability.

VBS.Noex.Trojan is a Trojan horse virus that is a little different: When it runs, it modifies the Windows Registry to keep *.exe (executable) files from running.

Microsoft Tutorials on PC Security

Want to know how to configure your browser to take advantage of trusted and restricted zones, to allow or disallow easy downloading of Web content? Looking for ways to use digital certificates to set up Secure Socket Layer (SSL) connections between your PC and a Web server? Want to know more about Windows updates? Or are you looking for information on how to install a Windows firewall? Then go to Microsoft's Web site for a set of articles explaining how you can secure your PC.

Your Browser May Be Hijacked

From the "too much time on their hands" department: Someone has way too much time on their hands when they can sit around thinking up new ways to hijack your Web browser. Case in point: ShopNav, an online search engine, has created a search-hijacker program that exploits holes in Internet Explorer to download and install ShopNav's own search engine--whether you want it or not! Not only do you get this unwanted search engine, but once installed, it will also send Windows account information and preferences to the ShopNav Web site. If you are not sure if you have this hijacker on your PC, open Windows Explorer and look in the Program Files directory. If you have a directory named SRNG, you are infected. For removal instructions, go to doxdesk.com.

PTFs and Fixes for OS/400 and Related Programs

The latest cumulative package from IBM for V5R2 customers is the one that came out on September 9. The latest HIPER package was released on October 14, so you'll want to grab this one if you're not current. The Database Group PTF hasn't been updated since mid-August, so if you've applied one in the last few weeks, you're probably okay for now. For complete details on this week's recommended fixes, go to IBM's Web site.


Sponsored By
WORKSRIGHT SOFTWARE

Do you need area code information?
Do you need ZIP Code information?
Do you need ZIP+4 information?
Do you need city name information?
Do you need county information?
Do you need a nearest dealer locator system?

We can HELP! We have affordable AS/400 software and data to do all of the above. Whether you need a simple city name retrieval system or a sophisticated CASS postal coding system, we have it for you!

The ZIP/CITY system is based on 5-digit ZIP Codes. You can retrieve city names, state names, county names, area codes, time zones, latitude, longitude, and more just by knowing the ZIP Code. We supply information on all the latest area code changes. A nearest dealer locator function is also included. ZIP/CITY includes software, data, monthly updates, and unlimited support. The cost is $495 per year.

PER/ZIP4 is a sophisticated CASS certified postal coding system for assigning ZIP Codes, ZIP+4, carrier route, and delivery point codes. PER/ZIP4 also provides county names and FIPS codes. PER/ZIP4 can be used interactively, in batch, and with callable programs. PER/ZIP4 includes software, data, monthly updates, and unlimited support. The cost is $3,900 for the first year, and $1,950 for renewal.

Just call us and we'll arrange for 30 days FREE use of either
ZIP/CITY or PER/ZIP4.

WorksRight Software, Inc.
Phone: 601-856-8337
Fax: 601-856-9432
E-mail: software@worksright.com
Web site: www.worksright.com


THIS ISSUE
SPONSORED BY:

T.L. Ashford
ASNA
Profound Logic Software
WorksRight Software


BACK ISSUES

TABLE OF
CONTENTS
JUnit Automates Java Testing

Back to Basics: Modifying a Subfile

Admin Alert: Hidden Secrets of the SBMJOB Command

OS/400 Alert: Filtering SMTP Server

Editors
Shannon O'Donnell
Kevin Vandever

Managing Editor
Shannon Pastore

Contributing Editors:
Howard Arner
Raymond Everhart
Joe Hertvik
Ted Holt
Marc Logemann
David Morris

Publisher and
Advertising Director:
Jenny Thomas

Advertising Sales Representative
Kim Reed

Contact the Editors
Do you have a gripe, inside dope or an opinion?
Email the editors:
editors@itjungle.com


Copyright © 1996-2008 Guild Companies, Inc. All Rights Reserved.