On 28 January 2011 13:27, Jim Marshall <jim.marsh...@opm.gov> wrote: > Auditors came around and wrote up our z/OS V1R10 Sysplex for not running a > Virus Checker.
Perhaps you should ask them to point out a z/OS virus that you could use to test with... > Anyone has a constructive solution as to one being available Some time ago one of our customers wanted to use z/OS UNIX as a file server to store Windows users' data on. They were talking to us about synchronizing their DCE and Windows passwords, but in passing they wanted something to scan for Windows malware on z/OS. At the time, Sophos claimed to have such a thing, but to my knowledge it was never actually delivered. I'm not sure if the customer eventually implemented their server as proposed, or to what extent the lack of AV was the cause. > or some verbage which defends the position. I would ask your auditors what malware problem they are trying to address. If they believe there is malware in the wild that targets z/OS, I think we would all be interested to hear about it. Obviously it's not impossible, and there have been various trojans and such over the last decades, but it's just not the problem that Windows in particular faces. If they are concerned about z/OS hosting Windows malware in its files, even though z/OS itself is immune (unless it's Java, perhaps), then they should identify the threat, i.e. how does its presence on z/OS threaten the target Windows platforms? You might be able to divide and conquer... If they can't point out any z/OS malware, and can't show a scenario where Windows malware in z/OS files causes an additional exposure to Windows systems, then you're done. If they claim that Windows malware on z/OS is a problem, then ask them if their approved Windows AV scheme scans for z/OS malware in Windows files, and if not why not! That should keep them busy. Tony H. ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html