(but no, no such animal as a z/OS
virus checker).
More information at
http://www.detack.com/en/hms.html
Costin Enache / Detack GmbH
--- On Fri, 3/4/11, Jan Vanbrabant vanbrabant...@gmail.com wrote:
From: Jan Vanbrabant vanbrabant...@gmail.com
Subject: Re: z/OS Virus Checker zLinux Virus Checker
To: IBM-MAIN
hi all,
i almost missed this discussion. if you are interested in further arguments
and details in this field Vulnerability Analysis and Scan on z you should
also refer to the it security forum on our website. we completely solve
this problem for over a decade.
best
stephen
---
Dr. Stephen
Don't see anything like a forum in the sitemap of your web site.
J
On Fri, Mar 4, 2011 at 7:21 AM, Dr. Stephen Fedtke
max_mainframe_...@fedtke.com wrote:
hi all,
i almost missed this discussion. if you are interested in further arguments
and details in this field Vulnerability Analysis and
In 566594.91769...@web65504.mail.ac4.yahoo.com, on 01/31/2011
at 01:39 PM, Scott Ford scott_j_f...@yahoo.com said:
I agree with Elardus Engelbrecht. I understand the auditors have a
job to do,
Shooting from the hip is not party of their job. However common it may
be for auditors to generate
Clark Morris wrote:
If there is a virus, Trojan etc. that affects web servers such as Eclipse,
then
that server on zOS may be vulnerable.
This is where the scope should be. You should have something to check the
z/OS, something else to check op z/Linux, something else to check all those
to write one IMHO ..
Scott J Ford
From: Clark Morris cfmpub...@ns.sympatico.ca
To: IBM-MAIN@bama.ua.edu
Sent: Sun, January 30, 2011 2:05:47 PM
Subject: Re: z/OS Virus Checker zLinux Virus Checker
On 28 Jan 2011 15:21:24 -0800, in bit.listserv.ibm-main you wrote
required to write one IMHO
..
Scott J Ford
From: Clark Morris cfmpub...@ns.sympatico.ca
To: IBM-MAIN@bama.ua.edu
Sent: Sun, January 30, 2011 2:05:47 PM
Subject: Re: z/OS Virus Checker zLinux Virus Checker
On 28 Jan 2011 15:21:24 -0800, in bit.listserv.ibm
On Mon, 31 Jan 2011 10:53:28 -0800, Scott Ford scott_j_f...@yahoo.com wrote:
I can believe auditors would ask a question like , virus checking on
mainframes, been doing systems work on mainframes 40+ yrs, never
seen a virus AT ALL..
On a PC totally different issue, btw I think one of the
Thomas Kern wrote:
Our auditors don't think that way. They think a computer is a computer is a
computer and they all run windows and they all need McAfee AntiVirus because
that is what the windows team said they run on all the desktops. So we were
hit because we did not have McAfee on the z890.
On Mon, 2011-01-31 at 14:22 -0500, Sam Siegel wrote:
Hercules and pirated copies of zOS
Do you have evidence of this?
--
David Andrews
A. Duda Sons, Inc.
david.andr...@duda.com
--
For IBM-MAIN subscribe / signoff / archive
31, 2011 2:40:45 PM
Subject: Re: z/OS Virus Checker zLinux Virus Checker
Thomas Kern wrote:
Our auditors don't think that way. They think a computer is a computer is a
computer and they all run windows and they all need McAfee AntiVirus because
that is what the windows team said they run on all
Thomas Kern wrote on 1/31/2011 11:23 AM:
PS. They did not appreciate my picture of the z890 with a McAfee box
on top of it.
A manager at one shop I worked at long long ago mentioned that at his
previous shop, the auditors once came in and asked What do you have
that keeps application
In listserv%201101281227548868.0...@bama.ua.edu, on 01/28/2011
at 12:27 PM, Jim Marshall jim.marsh...@opm.gov said:
Auditors came around and wrote up our z/OS V1R10 Sysplex for not
running a Virus Checker. Anyone has a constructive solution as to
one being available or some verbage which
In 701312.84358...@web31803.mail.mud.yahoo.com, on 01/28/2011
at 03:20 PM, Cris Hernandez #9 hernandez...@yahoo.com said:
Address these items and I can almost guarantee that you'll pass your
audits like I do.
Only if they have the same auditors that you do.
--
Shmuel (Seymour J.)
In 4d431dc8.2080...@comcast.net, on 01/28/2011
at 01:49 PM, Ray Overby rayove...@comcast.net said:
A Virus exploits a system integrity vulnerability.
The OP quoted the auditors about asking only about virus threats, not
vulnerabilities in general.
Since we started using the tool
On 28 Jan 2011 15:21:24 -0800, in bit.listserv.ibm-main you wrote:
I too have auditors who treat the my mainframe like one those little puters
and I find it best to first educate them before they convince my management to
send me chasing phantoms. Don't assume your auditor won't appreciate a
Cris Hernandez #9 wrote:
I too have auditors who treat the my mainframe like one those little puters
and I find it best to first educate them before they convince my management
to send me chasing phantoms. Don't assume your auditor won't appreciate a
mainframe education.
Jim Marshall wrote:
Elardus,
Please let me add some information in response to your posting:
There is a difference between a Virus and a System Integrity
Exposure.The System Integrity Exposure is the Root Cause that a Virus
exploits.There may be many Viruses, especially in Windows Systems, which
exploit the
On Sat, 29 Jan 2011 14:04:21 -0600, Ray Overby wrote:
..., if any integrity exposures were found,
they would have reported the vulnerabilities to IBM z/OS Development and
Development would have fixed them.That would just be the normal course
of business within IBM.
Auditors came around and wrote up our z/OS V1R10 Sysplex for not running a
Virus Checker. Anyone has a constructive solution as to one being available or
some verbage which defends the position.
Been hunting around for a Virus Checker for zLinux. Also interested in what
kind of over head it
http://ibmmainframes.com/about5373.html discusses MVS internal attack
testing and no actual attacks. Some damage from trusted users
misusing commands.
http://www.informatik.uni-leipzig.de/cs/Literature/Features/report.pdf
Bottom of page 20 section 2.3.5
Of course, mainframe communications are
On 28 January 2011 13:27, Jim Marshall jim.marsh...@opm.gov wrote:
Auditors came around and wrote up our z/OS V1R10 Sysplex for not running a
Virus Checker.
Perhaps you should ask them to point out a z/OS virus that you could
use to test with...
Anyone has a constructive solution as to one
A Virus exploits a system integrity vulnerability. About five years
ago, I was engaged to investigate a z/OS facility for system integrity
vulnerabilities and, through that work, have developed a product, the
z/OS Vulnerability Analysis Tool, that does a system vulnerability
assessment on
I don't have a z/OS solution for you, but I do use CLAMAV on my zLinux
webservers. It is not an efficient solution. It takes a lot of CPU and I/O.
If I had to do it over again, I would engineer an x86 staging server to do
ALL the Anti-Virus scanning as files are placed there for migration to the
Date: Fri, 28 Jan 2011 14:25:26 -0500
From: t...@harminc.net
If they claim that Windows malware on z/OS is a problem, then
ask them if their approved Windows AV scheme scans for z/OS malware in
Windows files, and if not why not!
I like that, Tony!
Cliff McNeill
I too have auditors who treat the my mainframe like one those little puters and
I find it best to first educate them before they convince my management to send
me chasing phantoms. Don't assume your auditor won't appreciate a mainframe
education.
The first place to hide a virus is in the OS,
26 matches
Mail list logo