Midrange Stuff, OS/400 Edition

OS/400's e-mail facilities received an important security boost with the roll-out of native virus scanning for OS/400's POP and SMTP e-mail servers in Bytware's StandGuard Anti-Virus, the industry's only native OS/400 virus scanning tool. Bytware introduced StandGuardAV in June to address the problem of Microsoft Windows viruses infecting OS/400's Integrated File System. With StandGuardAV Version 1.1, the company has extended the product's virus-detection capabilities to incoming and outgoing e-mail.

StandGuardAV works with OS/400's Mail Server Framework to scan both incoming (SMTP) and outgoing (POP) e-mail for viruses. However, Bytware built the new e-mail scanning capabilities into StandGuardAV primarily to address the problem of viruses and worms attached to incoming mail, says Mike Grant, Bytware's founder.

IBM initially addressed the problem of incoming viruses with support for virus filtering in OS/400 V4R5. This enhancement allowed companies to filter out e-mail from certain senders or with certain subjects or attachment types. So if an e-mail arrived with an attachment named, for example, "virus.vir," an OS/400 administrator could easily weed it out with OS/400 virus filtering.

However, IBM's anti-virus filtering technique falls short in the face of today's sophisticated virus threat. Today, viruses pose as harmless Word and Zip files, which companies cannot filter out if they wish to continue using e-mail to improve business productivity. The Bugbear virus, for example, was spread as a Zip file, Grant points out.

StandGuardAV addresses this problem by scanning incoming e-mail for viruses in attachments, including archive files such as Zip files and other popular compression techniques. Because the software uses heuristics, it can also detect new viruses for which definitions have yet to be formed, a feature that Bytware calls crucial because an unknown virus could be a one-off piece of code that was developed specifically to break into a company's network.

StandGuardAV also detects e-mail header exploits and malformed Multipurpose Internet Mail Extension (MIME) headers, which the Nimda and Klez worms used to execute code on e-mail clients' desktops. When StandGuardAV finds infected or suspicious e-mail, it can be programmed to redirect the e-mail to an administrator, or to delete the e-mail altogether. In either case, Bytware says, a message is logged to the AVMSGQ for real-time monitoring purposes and to the AVJRN for a more permanent audit trail.

"This is very good news for OS/400, because until now there was no anti-virus support," Grant says of StandGuardAV's new capability to scan e-mail. "Businesses cannot afford to have a mail server without anti-virus scanning, and would be forced to use Microsoft Exchange. Some may argue the OS/400 mail server is still not feature-competitive with Exchange, but at least it's free. And now that it has anti-virus support, it could be an option for small and midsized businesses."

StandGuardAV does not, at this point, support e-mail scanning for Lotus Domino e-mail servers running on OS/400. However, Trend Micro and Symantec offer anti-virus filtering for OS/400-based Domino servers.

Bytware, based in Reno, Nevada, designed StandGuardAV to address the concerns that IBM and its largest iSeries customers had about the IFS virus problem. For years, IBM had been trying to get the large anti-virus software vendors to develop an anti-virus scanning engine that would reside natively on OS/400. It wasn't until Bytware started working closely with McAfee, a subsidiary of Network Associates, that the idea came to fruition and StandGuardAV was developed.

StandGuardAV is based on McAfee's anti-virus technology and provides McAfee's virus signatures and heuristic detection capabilities in a native OS/400 engine. For more details on StandGuardAV, see "Bytware Launches OS/400 Antivirus Software to Treat IFS Infections," in the June 23 issue of The Four Hundred.

Bytware officials report that many OS/400 administrators are still reluctant to believe that they have a virus problem on their AS/400 or iSeries servers. The officials attribute this mistaken belief to a lack of awareness of just how much the IFS is used in every-day OS/400 applications.

Each copy of StandGuardAV costs from $1,200 (on a P05 box) to $10,000 (on a P50 box). Maintenance, which is required to receive virus definition and product updates, is 22 percent per year. StandGuardAV 1.1 will be available on October 1. For more information, go to www.bytware.com.