On Tue, 27 Mar 2012 11:15:52 -0400, Gross, Randall [GCG-PFS] wrote: >Ask your auditor to recommend one for the mainframe.... ;-) > That's likely not the auditor's job. But if he knows of none, it is his prerogative to assign a failing grade.
However, what body certifies the available commercial AV products for PCs? Would RACF pass that certification? Would someone have to pay for it? How about penetration tests? Install a known virus in files on both PC and z. Run PC virus scanners. They'll report it. Is there anything that will scan (all!) z/OS data sets and report the virus? That z/OS itself is not infected may be of no import; the criterion may be that the latent presence of an agent infectious to other systems must not be tolerated. In this spirit, ClamAV for Linux scans Linux mail folders and reports (eliminates?) malware that is harmless to Linux but infectious to Windows. It's a shame that the insecurities of Windows impel such mickeymouse on better OSes. -- gil ---------------------------------------------------------------------- For IBM-MAIN subscribe / signoff / archive access instructions, send email to lists...@bama.ua.edu with the message: INFO IBM-MAIN