The idea of malware, ransomware, and viruses infecting your IBM i server might seem impossible.
Many have heard that viruses cannot impact IBM i, but the reality is that the integrated file system (IFS) is a tree-like structure. This structure can house Word documents, PDFs, MP3s, JPEG images, and these files can be just as infected on the IBM i server as they can on any Windows work station or server.
How Malware Reaches the IBM i
One of the misconceptions is that a virus on IBM i won’t do any damage to the native side of the system. However, the QSYS.LIB is one of the branches of the IFS, and it contains all your native objects—your RPG programs, your query definitions, and even your physical data files.
A virus that lands in the integrated file system can spread to other objects in the IFS or even other servers. But it can also potentially drill down into QSYS.LIB, causing issues with the existing objects there. It will not spread the infection due to the projection mechanism within the OS, but that’s not to say it won't delete, rename, or potentially encrypt those native objects.
Does the IBM i Have Built-In Malware Scanning Technology?
The good news is that the OS has some built-in functionality to support doing native anti-virus scanning within the IBM i environment, allowing you to protect the system from an infected object delivering its payload.
This functionality does exist, but it is not automatically activated because the operating system contains no native scan engine. So how can you activate this function?
If you've been infected with a virus and your first inclination is to roll to a backup machine or perform a disaster rollover, it's important to remember that once the objects hits the IFS, it has already been replicated to the IFS on the that backup server.
How can this be fixed? I’d like to introduce the native scan engine for IBM i. It’s called Powertech Antivirus for IBM i. It plugs into the OS, which means it provides several significant advantages over trying to do a scan from a remote server through a file share.
Watch the above video for a demonstration of how Powertech Antivirus for IBM i protects against ransomware using behavior-based detection.
First, it allows you to perform live scanning. Thanks to the integration with the operating system and the foundation that was built by IBM, objects can be scanned before they are actually opened, meaning infected objects are prevented from delivering their payload.
The integration with the operating system is key to the solution's success. From a performance and integrity perspective, you can leverage the properties that exist on all the IFS files that say when to scan, how to scan, and what should we do if an infection is found. This functionality is self-contained as well, which means the IBM i server can be disconnected from the network and scan itself without being reliant on any type of network connectivity.
Secure Scanning Across Networks
If you try to scan across the network, not only does that create a significant performance overhead, but all those IFS objects are traveling in clear text, which means you’re potentially transmitting data that people can collect. In addition, you need a profile that has all object authority, which means we now have a drive share set up that’s opening the door arguably wider than it was before.
You’re much better off doing this natively. It is the most effective way to perform a scan and using the Powertech Antivirus for IBM i engine is the recommended approach. This engine is a commercial-grade scan engine powered by Trelix (formerly McAfee). The solution downloads its DAT files directly from that organization, who typically updates them on a daily basis.
This is a very comprehensive, powerful approach to protecting not only the IFS but also the native structures within IBM i.
Let's Get Started
See if malware is lurking on your servers. Find and remove it with a free virus scan.
