Raz-Lee Developing Native iSeries Antivirus Software
October 25, 2005 Alex Woodie
iSeries shops will have another option when it comes to obtaining native OS/400 anti-virus software next month when Raz-Lee Security is expected to ship iSecurity Anti-Virus. The new software, which is currently undergoing beta tests, is designed to prevent the iSeries’ Integrated File System (IFS)–and the Windows clients accessing the IFS–from becoming infected with viruses, Trojan horses, and other types of malicious code.
There’s a common misperception in the OS/400 community that the iSeries is immune to viruses. In fact, security professionals for the platform prefer to say that the iSeries is virus “resistant,” which reflects the fact that, while there has never been a public report of an OS/400 virus being released into the wild, the venerable server is susceptible to acting as a host for all types of malicious code written for Windows.
These little buggers can even hurt OS/400 applications and data. A virus or worm residing on a Windows client connected to an OS/400 server assumes all the capabilities within the scope and permissions of the infected user, which could enable the vector to erase files, or even cause critical applications and services like DNS, PASE, and Telnet to fail.
This is not just a theoretical threat. There are many reported cases of iSeries boxes serving as unwitting hosts for thousands of Windows viruses, repeatedly re-infecting any Windows client accessing files stored on the iSeries’ IFS. Before the first native OS/400 antivirus scanner became available, IBM recommended OS/400 shops periodically check their IFS via a complicated procedure that involved mapping the IFS to a PC equipped with antivirus software, and checking for infections there.
However, this process lacked speed and simplicity, which led IBM to ask its partner ISVs to develop an antivirus scanning solution that runs natively under OS/400. Bytware responded with StandGuard Anti-Virus, an OS/400 implementation of McAfee‘s antivirus scanner, and which is updated through McAfee’s virus definitions (see “Bytware Launches OS/400 Antivirus Software to Treat IFS Infections” for more information).
For nearly two-and-a-half years, Bytware’s StandGuard AV has been the only native OS/400 antivirus software on the market. If things go as planned, that will change next month when Raz-Lee Security of Israel launches the antivirus component of its recently revealed iSecurity suite of OS/400 security tools.
iSecurity Anti-Virus 1.0
According to Raz-Lee, the Anti-Virus module of its iSecurity suite is designed to scan, detect, and remove viruses, Trojan horses, and other types of malicious code residing in various kinds of files, including ZIP, gzip, JAR, and tar files. Customers can either use the product’s built-in scheduler to set the product to periodically scan the IFS, or they can use OS/400’s scheduler, which the product integrates with.
The product supports the “on-access” scanning capability of OS/400 V5R3, which enables an antivirus scan to be called and performed just prior to an IFS file being opened by a PC. The software will also check a file for viruses after it’s been closed on the PC, just prior to uploading it back to the IFS. A history log is also provided to supervise the product’s activity.
Users have the option of interacting with iSecurity Anti-Virus via a native green-screen interface or a Java-based GUI. The software is offered in multiple languages, including English, although specific details were not provided by press time. It is also enabled for double-bit character sets, according to product screen captures provided by the company, which means it supports Asian languages.
According to Raz-Lee, the virus definitions used by iSecurity Anti-Virus are based on an open-source Linux antivirus implementation. The company says users have two ways to obtain updated virus definitions. They can either download them directly off the Web to their iSeries, or they can download them first to a PC, and then upload them to the iSeries over a LAN. As a safety precaution, any PC attempting to update the iSeries with virus definitions is first disconnected from the Internet, according to Raz-Lee. The company claims the open-source, Linux-based virus definitions it uses are often updated to protected against new threats before the definitions offered by commercial antivirus software vendors become available.
Presumably, the virus-scanning engine used by iSecurity Anti-Virus is also based on the open-source, Linux-based antivirus product used by Raz-Lee, in addition to the virus definitions. However, attempts to clarify this point, and to obtain the exact identity of this critical antivirus component from Raz-Lee’s corporate and U.S. offices, were not successful prior to this newsletter’s deadline.
Anti-Virus is one of nine components of Raz-Lee’s iSecurity suite, which the company first started talking about in August. Other modules of the iSecurity suite include: Assessment; Firewall; Screen; Password; Audit; Action; View; Capture; and Visualizer. The Anti-Virus component will be available in the Gold and Silver packages that Raz-Lee is putting together; however, it’s unknown if Anti-Virus will be available on a stand-alone basis.
iSecurity Anti-Virus 1.0 works with OS/400 V5R2 and OS/400 V5R3, although on-access scanning is only available with V5R3. The product is currently undergoing beta tests, with general availability slated for November 15. Pricing was not provided. More information may be available at www.razlee.com.
This article has been corrected since it was first published. It was erroneously stated that malicious code written for Windows cannot hurt OS/400 applications or data. In fact, a worm- or virus-laden Windows PC connected to an iSeries inherits all of the capabilities within the scope and permissions of the infected user, which could enable a virus to erase files on the iSeries and cause critical application services to fail. [Correction made 10/25/05.]