Article

A Virus on i?

IBM i
Posted:
March 9, 2017

 

Do you all remember Malcom Haines’ presentation comparing the viruses on Windows and on IBM i? The first slide, for Microsoft, was an entire page filled, at a 4-point font, with different viruses. Then Malcom switched to the IBM i slide, which was blank. This would always result in an outburst in laughter among us IBM i evangelists.

But something has changed in the last few weeks: We’ve had customers calling us up, looking for an anti-virus solution for their IBMI i server. The truth is that there was a danger long before that, because the IBM i IFS can host infected Windows objects. For most of the first 10 years of the IFS, many of us have ignored the vulnerability.
 
Now for some it is too late: A virus has been flipping IFS files to a hidden object, then creating a new file with the same name that hosts a virus, continuing the string of change and duplication. This virus actually has a name: W32/Autorun.worm.aaeh and it does operate in the IFS as it says.
 
This is bad news for the whole IBM i community. But the good news is that Powertech Antivirus for IBM i, a McAfee-built native scanner for IBM i, AIX, and Linux, has a DAT file that combats the virus. It’s been able to help out those afflicted by W/32 and other viruses.
 
If you’re thinking That won’t happen to me, I have a couple things for you to consider:
  1. Why did IBM add new system values called QSCANFS and QSCANFSCTL?
  2. Try putting a windows object in the IFS. It’s easy. In fact, most software vendors, including IBM, use the IFS quite heavily.
Malcolm Haines is still correct: the IBM i OS does not get viruses. But IBM i can be a host and can re-infect the rest of your Windows servers. The good news is that HelpSystems has a natively running scanner, Powertech Antivirus. Try it free for 30 days.

 

Get Started

Safeguard your IBM Power Systems servers against viruses, worms, and malware

Related Solutions

Stay up to date on what matters.