animal as a z/OS
virus checker).
More information at
http://www.detack.com/en/hms.html
Costin Enache / Detack GmbH
--- On Fri, 3/4/11, Jan Vanbrabant wrote:
> From: Jan Vanbrabant
> Subject: Re: z/OS Virus Checker & zLinux Virus Checker
> To: IBM-MAIN@bama.ua.edu
> Date: Friday,
Don't see anything like a "forum" in the sitemap of your web site.
J
On Fri, Mar 4, 2011 at 7:21 AM, Dr. Stephen Fedtke <
max_mainframe_...@fedtke.com> wrote:
> hi all,
>
> i almost missed this discussion. if you are interested in further arguments
> and details in this field "Vulnerability Analy
hi all,
i almost missed this discussion. if you are interested in further arguments
and details in this field "Vulnerability Analysis and Scan on z" you should
also refer to the "it security forum" on our website. we completely solve
this problem for over a decade.
best
stephen
---
Dr. Stephen
In <566594.91769...@web65504.mail.ac4.yahoo.com>, on 01/31/2011
at 01:39 PM, Scott Ford said:
>I agree with Elardus Engelbrecht. I understand the auditors have a
>job to do,
Shooting from the hip is not party of their job. However common it may
be for auditors to generate BS requirements, tha
Thomas Kern wrote on 1/31/2011 11:23 AM:
PS. They did not appreciate my picture of the z890 with a McAfee box
on top of it.
A manager at one shop I worked at long long ago mentioned that at his
previous shop, the auditors once came in and asked "What do you have
that keeps application program
: z/OS Virus Checker & zLinux Virus Checker
Thomas Kern wrote:
>Our auditors don't think that way. They think a computer is a computer is a
computer and they all run windows and they all need McAfee AntiVirus because
that is what the windows team said they run on all the desktops. So
On Mon, 2011-01-31 at 14:22 -0500, Sam Siegel wrote:
> Hercules and pirated copies of zOS
Do you have evidence of this?
--
David Andrews
A. Duda & Sons, Inc.
david.andr...@duda.com
--
For IBM-MAIN subscribe / signoff / archive
Thomas Kern wrote:
>Our auditors don't think that way. They think a computer is a computer is a
computer and they all run windows and they all need McAfee AntiVirus because
that is what the windows team said they run on all the desktops. So we were
hit because we did not have McAfee on the z890.
A
On Mon, 31 Jan 2011 10:53:28 -0800, Scott Ford wrote:
> I can believe auditors would ask a question like , virus checking on
> mainframes, been doing systems work on mainframes 40+ yrs, never
> seen a virus AT ALL..
> On a PC totally different issue, btw I think one of the reason you dont see
>
lty required to write one IMHO
> ..
>
> Scott J Ford
>
>
>
>
>
>
> From: Clark Morris
> To: IBM-MAIN@bama.ua.edu
> Sent: Sun, January 30, 2011 2:05:47 PM
> Subject: Re: z/OS Virus Checker & zLinux Virus Checker
>
>
write one IMHO ..
Scott J Ford
From: Clark Morris
To: IBM-MAIN@bama.ua.edu
Sent: Sun, January 30, 2011 2:05:47 PM
Subject: Re: z/OS Virus Checker & zLinux Virus Checker
On 28 Jan 2011 15:21:24 -0800, in bit.listserv.ibm-main you wrote:
>I too have a
Clark Morris wrote:
>If there is a virus, Trojan etc. that affects web servers such as Eclipse,
>then
that server on zOS may be vulnerable.
This is where the scope should be. You should have something to check the
z/OS, something else to check op z/Linux, something else to check all those
th
On 28 Jan 2011 15:21:24 -0800, in bit.listserv.ibm-main you wrote:
>I too have auditors who treat the my mainframe like one those little puters
>and I find it best to first educate them before they convince my management to
>send me chasing phantoms. Don't assume your auditor won't appreciate a
In <4d431dc8.2080...@comcast.net>, on 01/28/2011
at 01:49 PM, Ray Overby said:
>A Virus exploits a system integrity vulnerability.
The OP quoted the auditors about asking only about virus threats, not
vulnerabilities in general.
>Since we started using the tool commercially, in the
>last tw
In <701312.84358...@web31803.mail.mud.yahoo.com>, on 01/28/2011
at 03:20 PM, Cris Hernandez #9 said:
>Address these items and I can almost guarantee that you'll pass your
>audits like I do.
Only if they have the same auditors that you do.
--
Shmuel (Seymour J.) Metz, SysProg and JOAT
In , on 01/28/2011
at 12:27 PM, Jim Marshall said:
>Auditors came around and wrote up our z/OS V1R10 Sysplex for not
>running a Virus Checker. Anyone has a constructive solution as to
>one being available or some verbage which defends the position.
"We are not using z/OS to distribute PC so
On Sat, 29 Jan 2011 14:04:21 -0600, Ray Overby wrote:
>
> ..., if any integrity exposures were found,
>they would have reported the vulnerabilities to IBM z/OS Development and
>Development would have fixed them.That would just be the normal course
>of business within IBM.
>
Elardus,
Please let me add some information in response to your posting:
There is a difference between a Virus and a System Integrity
Exposure.The System Integrity Exposure is the Root Cause that a Virus
exploits.There may be many Viruses, especially in Windows Systems, which
exploit the same
Cris Hernandez #9 wrote:
>I too have auditors who treat the my mainframe like one those little puters
and I find it best to first educate them before they convince my management
to send me chasing phantoms. Don't assume your auditor won't appreciate a
mainframe education.
Jim Marshall wrote:
I too have auditors who treat the my mainframe like one those little puters and
I find it best to first educate them before they convince my management to send
me chasing phantoms. Don't assume your auditor won't appreciate a mainframe
education.
The first place to hide a virus is in the OS, y
> Date: Fri, 28 Jan 2011 14:25:26 -0500
> From: t...@harminc.net
> If they claim that Windows malware on z/OS is a problem, then
> ask them if their approved Windows AV scheme scans for z/OS malware in
> Windows files, and if not why not!
I like that, Tony!
Cliff McNeill
I don't have a z/OS solution for you, but I do use CLAMAV on my zLinux
webservers. It is not an efficient solution. It takes a lot of CPU and I/O.
If I had to do it over again, I would engineer an x86 staging server to do
ALL the Anti-Virus scanning as files are placed there for migration to the
pu
A Virus exploits a system integrity vulnerability. About five years
ago, I was engaged to investigate a z/OS facility for system integrity
vulnerabilities and, through that work, have developed a product, the
z/OS Vulnerability Analysis Tool, that does a system vulnerability
assessment on z/OS
On 28 January 2011 13:27, Jim Marshall wrote:
> Auditors came around and wrote up our z/OS V1R10 Sysplex for not running a
> Virus Checker.
Perhaps you should ask them to point out a z/OS virus that you could
use to test with...
> Anyone has a constructive solution as to one being available
So
http://ibmmainframes.com/about5373.html discusses MVS internal attack
testing and no actual attacks. Some damage from trusted users
misusing commands.
http://www.informatik.uni-leipzig.de/cs/Literature/Features/report.pdf
Bottom of page 20 section 2.3.5
Of course, mainframe communications are su
Auditors came around and wrote up our z/OS V1R10 Sysplex for not running a
Virus Checker. Anyone has a constructive solution as to one being available or
some verbage which defends the position.
Been hunting around for a Virus Checker for zLinux. Also interested in what
kind of over head it
26 matches
Mail list logo