Article

A Virus on i?

IBM i
Posted:
March 9, 2017

 

Do you all remember Malcom Haines’ presentation comparing the viruses on Windows and on IBM i? The first slide, for Microsoft, was an entire page filled, at a 4-point font, with different viruses. Then Malcom switched to the IBM i slide, which was blank. This would always result in an outburst in laughter among us IBM i evangelists.

But something has changed in the last few weeks: We’ve had customers calling us up, looking for an anti-virus solution for their IBM i server. The truth is that there was a danger long before that, because the IBM i IFS can host infected Windows objects. For most of the first 10 years of the IFS, many of us have ignored the vulnerability.
 
Now for some it is too late: A virus has been flipping IFS files to a hidden object, then creating a new file with the same name that hosts a virus, continuing the string of change and duplication. This virus actually has a name: W32/Autorun.worm.aaeh and it does operate in the IFS as it says.
 
This is bad news for the whole IBM i community. But the good news is that StandGuard anti-virus, a McAfee-built native scanner for IBM i, AIX, and Linux, has a DAT file that combats the virus. It’s been able to help out those afflicted by W/32 and other viruses.
 
If you’re thinking That won’t happen to me, I have a couple things for you to consider:
  1. Why did IBM add new system values called QSCANFS and QSCANFSCTL?
  2. Try putting a windows object in the IFS. It’s easy. In fact, most software vendors, including IBM, use the IFS quite heavily.
Malcolm Haines is still correct: the IBM i OS does not get viruses. But IBM i can be a host and can re-infect the rest of your Windows servers. The good news is that Bytware, a division of HelpSystems, has a natively running scanner, Stand Guard Anti-Virus. Try it free for 30 days.

 

Get Started

Safeguard your IBM Power Systems servers against viruses, worms, and malware

Related Solutions