Clark Morris wrote: >If there is a virus, Trojan etc. that affects web servers such as Eclipse, >then that server on zOS may be vulnerable.
This is where the scope should be. You should have something to check the z/OS, something else to check op z/Linux, something else to check all those things which run Java, SQL, source codes, etc. Of course, there is RACF, APF, comparing libraries, Health Checker, etc. Determine what the auditors really want (after education of course) and work on that. Ray Overby wrote: >There is a difference between a Virus and a System Integrity Exposure. [ ... rest snipped ... ] Agreed. And thanks for your interesting comments about IBM and VAT product. I'm well aware of how IBM is working with security exposures. More or less they are working like this: They accept a APAR, keep it secret while working on it and dropping everything else. Then they distribute a fix with these words more or less: 'Apply this NOW and no, we are NOT going to tell you what is it supposed to do.' I think we must let the OP says what he wants: A/V scanner or something like VAT product. And on WHAT should that software focus? Paul Gilmartin wrote: >Fantasia: An entrepreneur attempts to start a business marketing a virus detection/removal product. The business rapidly fails as purchasers return the product perceiving it's defective because it reports removing no viruses. Oh no! You just flamed a budding enterpreneur's dream... ;-D Groete / Greetings Elardus Engelbrecht ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: GET IBM-MAIN INFO Search the archives at http://bama.ua.edu/archives/ibm-main.html