Audit User Manual - Raz
Contents
1. X File name SMZVDTA log av 109 Purpose AV general log file X To check logging of viruses please find the string alert To check logging of virus definition update x find the string updated BS 0 09099 909999 0099999999090 9 0099900099990 99 9999899990 9999 9909999090009 HSH sdlt tst txt OK HSH AVSCANALL 2006 11 02 18 27 SUMMARY HSH AVSCANALL 2006 11 02 18 27 Known Viruses 74991 HSH AVSCANALL 2006 11 02 18 27 Engine Version 0 88 HSH AVSCANALL 2006 11 02 18 27 Scanned Directories 1 HSH AVSCANALL 2006 11 02 18 27 Scanned Files 54 HSH AVSCANALL 2006 11 02 18 27 Infected Files 36 HSH AVSCANALL 2006 11 02 18 27 Data Scanned 8 13 MB HSH AVSCANALL 2006 11 02 18 27 Time 355 905 sec 5 m 55 s ri Nov 3 81 08 26 2006 gt F3 Exit Fi0 Display Hex Fi2 Cancel Fi5 Services Fl6 Repeat find Fi9 Left F20 Right Summary Log showing scan details Quarantining Viruses Quarantine is a secure isolated location which contains viruses that infect your files Viruses that have been placed in Quarantine can do no further harm V5R3 and up they can neither replicate themselves nor infect other files Once inside Quarantine an infected file can be kept there indefinitely erased completely or returned to its location To view virus2. Directories File Extensions to Include Real time scan File name SMZVDTA conf DA_inc conf There are 2 types of include options 1 directories 2 File Extensions Use this file to specify up to 50 directories File Extensions to be included in Real time scan Start each directory Extension in a neu line from its first column Preceeding a line with a x a makes it a comment Examples 194 home user WARNING If this file has lines to include only related files are scanned Other directories are NOT SCRNNED So use this option carefully x x x x E x x FIO IKARIA AAA K F2 Save F3 Save Exit F12 Exit FiS Services F16 Repeat find F17 Repeat change Include Directories To save without exiting press F2 To save and exit press twice To exit without saving press F12 Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 24 RAZ LEE gt The iSeries Security Experts Mail Scanning Anti Virus 5 8 and higher comes with build in Mail Alert for SMTP mail servers of AS 400 build in SMTP server Lotus Notes SMTP server Edit File 4SMZVDTA conf smtp conf Record 1 of 20 by 18 Column 74 by 126 Control fj m AA S A MEE rr M m P DM MC DEM M
3. of 99999999 5 5 999999 55 599999999 55 99999999559999999999955555 99999994 4 Mail server directories used for mail alert to recipient File name SMZVDTA conf smtp conf Explanation virus is found in a mail envelope from the following directories the AV software will send mail alert to the recipient with virus name subject sender and the path name of the infected original mail quarantine The mail quarantine directory is SMZVDTA mail_qrtn Some known mail server directories pre entered If your mail server uses another directory for mail than the following please add it here X For more information send mail to support razlee com BS 9 gt gt amp 0 0 099909 990 0 0 00000999999 0 0 000909999 0 00 0009909909 00 0000000999090 000008 QTCPTMM SMTPBOX QTCPTMM ATTABOX DOMINO DATA NOTES DATA E MEE TE MM uM F2 Save F3 Save Exit F12 Exit 15 Fi6 Repeat find F17 Repeat change Fi9 Lefi Mail Scanning The Mail Alert scans the email received on the SMTP server and sends an alarm to the recipient instead of the original infected mail Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 25 RAZ LEE gt The iSeries Security Experts Anti Virus at a Glance PC Type Viruses The following shows the basic procedures described in this chapter
4. Send 5 5 06 message Y Y Yes Generate 5 Traps Y Yes Send Twitter message Y Yes Send Mail of type 1 Not secured 3 Secured 9 Messages to QSYSOPR are sent in all product editions All other options require Enterprise Edition F3 Exit Fi2 Previous Enable SIEM amp MAIL Alerting SYSLOG Definitions This feature sends different events from the AS 400 different facilities such as logs and message systems to a remote Syslog server according to range of severities like emergency alert critical error warning and more Select option 21 Syslog and define whether to send Syslog message to what IP address from which facility list of optional facilities below in what range of severity list below and how will the message look Anti Virus 6 3 User Manual Chapter 4 System Configuration 40 RAZ LEE gt The iSeries Security Experts SYSLOG Definitions Type choices press Enter SYSLOG type and port Destination address 29 01 12 12 01 35 Type 1 UDP 2 TCP Port Number without quotation marks Facility Range of severities to send LOCAL USE 6 LOCAL6 Emergency NOTICE SIGNIFICANT Message structure amp d amp B Razlee amp 9 amp 1 Mix Variables and constants except amp to compose message amp i First level msg amp 2 Second level msg amp 3 Msg Id amp 4 System amp 5 Module amp 6 Prod Id amp 7
5. 10 Refreshing Viruses from the CD 11 Refreshing Viruses from the Internet 12 Virus Refreshing from a 2222 00 13 Activating Real Time Virus Protection enne 14 De activating Real Time Virus 040004000 0 mener 16 SCANNING Tor VISOS D REBRY 16 SCAM VISOS 17 Quarantining VIRUSES ista 19 Scheduling Virus 20 Excluding Directories During Virus 0 0 22 Include Directories During Virus Scans sse 23 Mall SCAM ing 25 Anti Virus at a Glance PC Type 26 Chapter 3 Native AS 400 Suspicious Objects 27 Suspicious Native 27 Scanning for Suspicious 11 11110 eene nennen snnt 28 Scheduling Future Scans riirii iiid anane da oiiaaie 29 Working with Suspicious 29 Anti Virus 6 3 User Manual i RAZ LEE gt The iSeries Security Experts Working with Quarantined Objects ener nennen nnns nnne 32 id a 33 Creating Reports on Suspicious 33 Creat
6. Anti Virus at a Glance PC Type Viruses Step 1 Refresh Virus Definitions gt Options 41 Step 2 Activate Real Time Detection Option 1 Step 3 Perform Virus Scan Options 11 12 Step 4 Option 51 Step 5 Option 62 Step 6 RESTO SOON IS Option 15 Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 26 Chapter 3 Native AS 400 Suspicious Objects This chapter will cover suspicious objects found in both the IFS and the Native AS 400 A suspicious object is that which may or may not have integrity violations An integrity violation occurs if Command has been tampered with Object has a digital signature that is not valid Object has an incorrect domain attribute for its object type Program or module object has been tampered with Library s attributes have been tampered with If an integrity violation has occurred the object name library name or path name object type object owner and type of failure are logged to a database file If you scan the integrated file system using a PC mapped to your system through System i NetServer the following actions occur Uses up network resources Moves data across the network in the clear Might cause scanners to go into infinite loops Suspicious Native Objects Type STRSEC on any command line and select option 5 Anti Virus NOTE f system password is requested type QSECOFR To
7. Accompany the work with the complete corresponding machine readable source code for the Library including whatever changes were used in the work which must be distributed under Sections 1 and 2 above and if the work is an executable linked with the Library with the complete machine readable work that uses the Library as object code and or source code so that the user can modify the Library and then relink to produce a modified executable containing the modified Library It is understood that the user who changes the contents of definitions files in the Library will not necessarily be able to recompile the application to use the modified definitions Use a suitable shared library mechanism for linking with the Library A suitable mechanism is one that 1 uses at run time a copy of the library already present on the user s computer system rather than copying library functions into the executable and 2 will operate properly with a modified version of the library if the user installs one as long as the modified version is interface compatible with the version that the work was made with Accompany the work with a written offer valid for at least three years to give the same user the materials specified in Subsection 6a above for a charge no more than the cost of performing this distribution If distribution of the work is made by offering access to copy from a designated place offer equivalent access to copy the above specifie
8. non free programs must be allowed to use the library A more frequent case is that a free library does the same job as widely used non free libraries In this case there is little to gain by limiting the free library to free software only so we use the Lesser General Public License In other cases permission to use a particular library in non free programs enables a greater number of people to use a large body of free software For example permission to use the GNU C Library in non free programs enables many more people to use the whole GNU operating system as well as its variant the GNU Linux operating system Although the Lesser General Public License is Less protective of the users freedom it does ensure that the user of a program that is linked with the Library has the freedom and the wherewithal to run that program using a modified version of the Library The precise terms and conditions for copying distribution and modification follow Pay close attention to the difference between a work based on the library and a work that uses the library The former contains code derived from the library whereas the latter must be combined with the library in order to run GNU LESSER GENERAL PUBLIC LICENSE TERMS AND CONDITIONS FOR COPYING DISTRIBUTION AND MODIFICATION This License Agreement applies to any software library or other program which contains a notice placed by the copyright holder or other authorized party saying it may be distri
9. ready for the AS 400 update tool 7 To update virus database on a daily basis add ScheduledUpdate bat to the PC scheduled tasks Select Start gt Programs gt Accessories gt System Tools gt Scheduled Tasks and click Add Scheduled Task 8 Browse to folder and open ScheduledUpdate bat 9 Check daily option fill in login password choose your preferred time for the update select Finish and press Enter 10 Return to native interface and enter STRA V to return to the Anti Virus main screen 11 Select 41 Refresh The Update Virus Definitions UPDAVDEN screen appears 12 Select LAN from the Type field and press Enter to begin the update process 13 Press Enter to return to the main screen Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 13 RAZ LEE gt The iSeries Security Experts Activating Real Time Virus Protection This feature enables Anti Virus to get up and running and start examining all incoming files folders and IFS objects To activate real time detection follow this procedure 1 Select 1 Activation The Activation screen appears AVSETMN Activation iSecurity AntiVirus System 5720 Select one of the following Activation 1 Activate Real Time Detection 2 De activate Real Time Detection 5 Work with Active Jobs Selection or command gt F3 Exit F4 Prompt F9 Retrieve F12 Cancel Fi3 Information Assistant F16 AS 400 main menu
10. 03 00 00 Time XSAME CURRENT Bottom F3 Exit F4 Prompt F5 Refresh F10 Additional parameters F12 Cancel F13 Hou to use this display 24 keys Change Job Schedule Entry CHGJOBSCDE 3 Enter your parameters frequency date day time and press Enter Working with Suspicious Objects To work with suspicious objects follow this procedure 1 Select 21 Work with Suspicious Objects The Work with Suspicious Objects screen appears showing those suspicious objects found by the scan Anti Virus 6 3 User Manual Chapter 3 Native AS 400 Suspicious Objects 29 RAZ LEE The iSeries Security Experts Type options press Enter 1 Select 3 Confirm Opt Library cs 651 5 LS 05 05 05 05 05 F3 Exit F7 Subset Hork with Suspicious Objects Object INSMRKMAGR ALCCPU CLSEXEPGM CPBLDTMP TST 5 CHGSYSSRM LSI LSSRVR EVGNR MPORGA OSI OSRBLA OSRBLB Position to library Omit confirmed objects xNO 4 Quarantine 5 Display 8 Recreate pgm 9 Disconfirm Type Owner Violation Confirmed xPGM QSECOFR NOTTRRNS xNO xPGM QPGHR NOTTRRNS xNO kxPGM QPGHR NOTTRRNS xNO xPGM QSECOFR NOTTRRNS xNO xPGM OPGMR NOTTRANS xNO xPGh QSECOFR NOTTRANS XNO xPGh QSECOFR NOTTRANS xNO xPGH QSECOFR NOTTRRNS xNO xPGM QSECOFR NOTTRRNS XNO xPGH QPGHR NOTTRANS XNO xPGM QPGHR NOTTRANS XNO xPGH QSECOFR NOTTRRNS xNO xPGM 05 NOTTRANS xNO xPGM QSECOFR NOTTRRNS XNO F15 Information 203
11. 29 01 12 13 33 18 Type options press Enter Twitter User ID 5520 trevorl Consumer key Consumer secret Access token Token secret To enter the information requested above you need to configure appropriate Tuitter application uhich establishes the synchronization to Tuitter Log in to your Twitter account at https dev tuitter com apps Create an application e g Raz Lee iSecurity From My Applications select the application to display its details Copy Consumer Key Consumer Secret Access Token and Access Token Secret See full guide at http www razlee com twitter working with twitter pdf F3 Exit Fi2 Cancel Twitter Definitions Anti Virus 6 3 User Manual Chapter 4 System Configuration 42 Appendix License Agreement GNU LESSER GENERAL PUBLIC LICENSE Version 2 1 February 1999 Copyright C 1991 1999 Free Software Foundation Inc 59 Temple Place Suite 330 Boston MA 02111 1307 USA
12. 3 Both file and journal PC Virus scanner Specifies which PC Virus scanner is used to method perform IFS files scan Currently only ClamAV On Access Definitions To set the scan definitions select option 2 On Access Definitions Anti Virus Access Definitions Type options press Enter Scan during open close 1 Both 2 0pen 3 Close Preferably a file should be scanned when it is opened before its actual use as well as at close time if it has been modified Scan only file servers accesses Y Y Yes If Y is selected only accesses through the file servers will be scanned This option modifies system value QSCRNFSCTL Scan file systems control Scan the object up to the size of 4096 Size in KB This setting helps prevent lengthy scans Use with caution Files uhich are larger than specified uill not be scanned at real time Instead they uill be treated as clean files Long files should be scanned in advance using the SCRNRV command Note that when 5 has been used and System Value setting is QSCRNFSCTL XUSEOCORTR this object uill require a re scan only after being changed Log debug information Y Yes Set this value to Y uhen requested by technical assistance only F3 Exit F12 Cancel Anti Virus On Access Definitions Description Scan during It is recommended that files are scanned when open close opened before their actual use as well as when they are clos
13. Everyone is permitted to copy and distribute verbatim copies of this license document but changing it is not allowed Preamble The licenses for most software are designed to take away your freedom to share and change it By contrast the GNU General Public Licenses are intended to guarantee your freedom to share and change free software to make sure the software is free for all its users This license the Lesser General Public License applies to some specially designated software packages typically libraries of the Free Software Foundation and other authors who decide to use it You can use it too but we suggest you first think carefully about whether this license or the ordinary General Public License is the better strategy to use in any particular case based on the explanations below When we speak of free software we are referring to freedom of use not price Our General Public Licenses are designed to make sure that you have the freedom to distribute copies of free software and charge for this service if you wish that you receive source code or can get it if you want it that you can change the software and use pieces of it in new free programs and that you are informed that you can do these things To protect your rights we need to make restrictions that forbid distributors to deny you these rights or to ask you to surrender these rights These restrictions translate to certain responsibilities for you if you distribute copies of the
14. Manual Appendix License Agreement A 3 RAZ LEE gt The iSeries Security Experts In addition mere aggregation of another work not based on the Library with the Library or with a work based on the Library on a volume of a storage or distribution medium does not bring the other work under the scope of this License 3 You may opt to apply the terms of the ordinary GNU General Public License instead of this License to a given copy of the Library To do this you must alter all the notices that refer to this License so that they refer to the ordinary GNU General Public License version 2 instead of to this License If a newer version than version 2 of the ordinary GNU General Public License has appeared then you can specify that version instead if you wish Do not make any other change in these notices Once this change is made in a given copy it is irreversible for that copy so the ordinary GNU General Public License applies to all subsequent copies and derivative works made from that copy This option is useful when you wish to copy part of the code of the Library into a program that is not a library 4 You may copy and distribute the Library or a portion or derivative of it under Section 2 in object code or executable form under the terms of Sections 1 and 2 above provided that you accompany it with the complete corresponding machine readable source code which must be distributed under the terms of Sections 1 and 2 above on a me
15. Virus Scans This procedure enables you to exclude up 50 file extensions and or directories during virus scans To exclude files and folders during real time scanning select 6 At IFS Viruses Worms and Trojans To exclude files and folders during scheduled scanning select 15 Exclude on Regular Scan Enter file name in the Edit File field see upper call out in the following screen capture 2 Enter additional files in the field provided between the Beginning of Data and End of Data fields see lower arrow in the following screen capture Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 22 RAZ LEE gt The iSeries Security Experts Edit File ASMZVDTA conf ALL_exc conf Record 1 of 21 by 18 Column Control I 109 by 126 of File SMZVDTA conf ALL_exc conf There are 2 types of exclude options 1 directories 2 File Extensions to be excluded when the command SCANAY is used Preceeding a line with a or i makes it a comment Examples log SMZVDTA A A x x x Directories File Extensions to Exclude in SCANAV Command Use this file to specify up to 58 director
16. Visit our website at http www razlee com Record your Product Authorization Code Here Computer Model Serial Number Authorization Code Table of Contents About This Manual susurra rr ic 1 Product Documentation Overview nn 1 Printed Material ere 1 Online Heli 1 Typography Conventions 1 Other iSecurity Products 2 Chapter 1 Introducing Antl VIFHS cornisa 4 WIEN cC 4 Why You Need Ant Virus ic nico 5 Whatiare Viruses edet e 6 FIGHUING ATTE 6 Mail Scan EE 6 Keeping Your Computer 44 arcano cnn nc 7 guias ERI 7 sucre 8 System Requirements 8 Native OS 400 Text Based User 8 Er 8 Data Entry EOS ccoo t erede cue iter teu dese iti 9 Chapter 2 Working with PC Type Viruses 10 Refreshing Updating Virus Definition
17. definitions for the first time Enter the command into the command line and select option 12 The Change Domain CHGTCPDMN screen appears Check that your DNS Domain Name Server is defined If not update your ISP Domain details Press Enter and then STRAV to return to the Anti Virus main screen Select 41 Refresh The Update Virus Definitions UPDAVDEN screen appears NOTE Select INTERNET from the Type field and press Enter A message screen appears 6 after a few moments with update details Press Enter to return to the main screen Anti Virus 6 3 User Manual Chapter 2 Working with Viruses 12 RAZ LEE gt The iSeries Security Experts Virus Refreshing from a LAN NOTE Steps 1 9 are to be performed only when updating virus definitions for the first time 1 Enter the command CFGTCP into the command line and select option 10 The Work with TCP IP Host Table Entries screen appears 2 Add your IP address with the host name AVDBPC by using option 1 next to the blank line at the top of the Internet Address column 3 Copy directory from the installation disk to 4 Open folder and double click Apache installation file C avpc apache_2 0 43 win32 x86 no_ssl exe NOTE Enter domain server name and email when prompted you can use any text you like 6 Double click batch file ScheduledUpdate bat When the download is finished files are
18. library or if you modify it For example if you distribute copies of the library whether gratis or for a fee you must give the recipients all the rights that we gave you You must make sure that they too receive or can get the source code If you link other code with the library you must provide complete object files to the recipients so that they can relink them with the library after making changes to the library and recompiling it And you must show them these terms so they know their rights We protect your rights with a two step method 1 we copyright the library and 2 we offer you this license which gives you legal permission to copy distribute and or modify the library To protect each distributor we want to make it very clear that there is no warranty for the free library Also if the library is modified by someone else and passed on the recipients should know that what they have is not the original version so that the original author s reputation will not be affected by problems that might be introduced by others Finally software patents pose a constant threat to the existence of any free program We wish to make sure that a company cannot effectively restrict the users of a free program by obtaining a restrictive license from a patent holder Therefore we insist that any patent license obtained for a version of the library must be consistent with the full freedom of use specified in this license Most GNU software includin
19. quarantine details select 61 Display The Display Object Links screen Choose 5 Display Use the Page Down option on the keyboard to view additional 1 appears 2 details 3 To delete a file select 62 Work With The Work with Object Links screen appears Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 19 RAZ LEE gt The iSeries Security Experts Work with Object Links Directory SMZVDTR quarant ine options press Enter 2 Edit 3 4 Remove 5 Display 7 Rename 8 Display attributes 11 current directory Opt Object link Type Attribute Text b zip STMF b zip 000 STMF b zip 001 STMF bank651 eml STMF be STMF be mbr STMF 000 STMF be 000 STMF be 001 STMF Parameters or command F3 Exit F4 Prompt F5 Refresh F9 Retrieve Fi2 Cancel F17 Position to F22 Display entire field F23 More options Work with Object Links 4 Toremove a virus from quarantine and thereby erase it select Opt 4 and then Enter to confirm Scheduling Virus Scans Use this option to schedule a regularly occurring scan i e 9 00 every morning or a single specific scan to occur at a future time 1 Select 13 Schedule Scan The Work with Job Schedule Entries WRK JOBSCDE screen appears Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 20 RAZ LEE gt The iSeries Security Experts Work with Job Schedule Entries WRKJOBSCDE Type ch
20. used to search within texts Screen e Screen protects unattended terminals and PC workstations from unauthorized use It provides adjustable terminal and user specific timeout capabilities Password Password provides a first tier wall of defense for users by ensuring that user passwords cannot be easily cracked Anti Virus 6 3 User Manual About This Manual 3 Chapter 1 Introducing Anti Virus Raz Lee Security s Anti Virus module part of the iSecurity suite offers total protection for the System i against viruses Trojan horses and malicious code Anti Virus scans all accessed files offers comprehensive virus detection by marking quarantining and deleting infected files and prevents your System i from becoming a source of infection No effective security policy is complete without Anti Virus New Features Version 6 3 SIEM Alerts now support both SNMP and Twitter in addition to Syslog and email Free version with permanent authorization code 2 Virus and Trojan horse protection Automatic signature updates Virus scanning automatic manual Version 6 0 Compatible from V5R4 uses new ClamAV 0 97 3 engine features Heuristic improvements improve the PE heuristics detection engine by adding support of bogus icons and fake PE header information In a nutshell ClamAV can now detect malware that tries to disguise itself as a harmless application by using the most common Windows program ico
21. window appears F6 Add New Create a new record or data item F8 Print Print the current report or data item F9 Retrieve Retrieve the previously entered command F12 Cancel Return to the previous screen or menu without updating Anti Virus 6 3 User Manual Chapter 1 Introducing Anti Virus Chapter 2 Working with PC Type Viruses This chapter guides you through the steps necessary to begin using Authority on Demand for the first time Also covered in this chapter are the basic procedures for configuring the product for day to day use This chapter describes the procedures for setting up real time detection and anti virus activation Type STRSEC on any command line and select option 5 Anti Virus NOTE f system password is requested type OSECOFR To work with PC type viruses worms and Trojan horses select 11 IFS Viruses Worms and Trojans from the main menu AVIFS IFS Viruses Worms and Trojans iSecurity Anti Virus System 520 Real Time Detection On access Refresh Virus Definitions Activation 41 Refresh Include Directories 42 Schedule Refresh Exclude Directories 49 Display Last Update Time not specify both Include amp Exclude Reports Scan IFS Directory 5 Command 51 Display Log 11 Scan in Batch 52 Display 014 Logs 12 Scan on line 55 Display Journal 13 Schedule Scan 15 Exclude on Regular Scan Quarantine 61 Display 62 Hork with Special Directories Block
22. 95 3 AV5 5 was 0 95 2 Fix of restart bug when previous jobs not terminated Remove Scan exit points when ending ZANTIVIRUS subsystem and avoid hang up in IPL process Version 5 5 Check for PASE installation before installing the product Add STRSEC to support product authorization Version 5 2 Phishing email detection good for mail servers Alarm print when virus database is older than 7 days Works faster in PASE Linux like mode W Support for sending real time virus alerts to SYSLOG QS YSOPR and e mails Version 4 5 Define general syslog usage in Anti Virus option 81 gt 21 New options in Anti Virus On Access Definitions menu 81 gt 2 Why You Need Anti Virus Until just a few years ago the System i was used almost exclusively in a closed environment and the OS 400 operating system provided the strongest data and system security in the world But times have changed In today s world of PCs distributed databases the Internet and web technologies closed computing environments are nearly extinct Technological advances opened up the System 1 to the rest of the world but in the process brought with it many of the security risks inherent in distributed environments leading to a shocking discovery Although the System i AS 400 doesn t run exe files it can house virus infected files so they can wait silent and deadly until someone on the network transfers and opens the relevant file o
23. Activation Select 1 Activate Real Time Detection from the Activation menu Check that the subsystem ZANTIVIRUS is activated by selecting 5 Work with Active Jobs from the Activation menu The Work with Subsystem Jobs screen appears Check that the word ACTIVE appears in the Status field as shown in the following screen capture If so the subsystem is activated that Anti Virus is already providing top virus protection and removal Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 14 RAZ LEE gt The iSeries Security Experts Subsystem Type options press Enter 2 Change 3 Hold 4 End 8 Work with spooled files Opt Job User RNTIVIRU81 SECURITYSP ANTIVIRUO2 SECURITYSP AVMONITOR SECURITYSP Parameters or command Work with Subsystem Jobs 720 15 03 07 02 40 02 ZANT IVIRUS S Work with 6 Release 7 Display message 13 Disconnect Type BATCH BATCH AUTO Function ACTIVE PGM AVCLCT ACTIVE ACTIVE DLY 38 Bottom F3 Exit F4 Prompt F5 Refresh F12 Cancel F17 Top F18 Bottom F9 Retrieve 11 schedule data Work with Subsystem Jobs ZANTIVIRUS Active NOTE 7e Anti Virus subsystem is composed of three processes jobs To work with these processes select Option 5 6 Press F12 to return to the Activation menu NOTE Users are alerted regarding viruses found through the Real Time Detection feature only when they try to open the file containing the virus In this case acc
24. Anti Virus The Virus Detection and Removal Component of iSecurity Security User Manual Version 6 3 RAZ LEE gt urity Experts Updated 02 02 2012 Copyright Notice O Copyright Raz Lee Security Inc All rights reserved This document is provided by Raz Lee Security for information purposes only Raz Lee SecurityO is a registered trademark of Raz Lee Security Inc Action System Control User Management Assessment Firewall Screen Password Audit Capture View Visualizer FileScope Anti Virus AP Journal O are trademarks of Raz Lee Security Inc Other brand and product names are trademarks or registered trademarks of the respective holders Microsoft Windows0O is a registered trademark of the Microsoft Corporation Adobe Acrobat is a registered trademark of Adobe Systems Incorporated Information in this document is subject to change without any prior notice The software described in this document is provided under Raz Lee s license agreement This document may be used only in accordance with the terms of the license agreement The software may be used only with accordance with the license agreement purchased by the user No part of this document may be reproduced or retransmitted in any form or by any means whether electronically or mechanically including but not limited to photocopying recording or information recording and retrieval systems without written permission given by Raz Lee Security Inc
25. ICABLE LAW OR AGREED TO IN WRITING WILL ANY COPYRIGHT HOLDER OR ANY OTHER PARTY WHO MAY MODIFY AND OR REDISTRIBUTE THE LIBRARY AS PERMITTED ABOVE BE LIABLE TO YOU FOR DAMAGES INCLUDING ANY GENERAL SPECIAL INCIDENTAL OR CONSEQUENTIAL DAMAGES ARISING OUT OF THE USE OR INABILITY TO USE THE LIBRARY INCLUDING BUT NOT LIMITED TO LOSS OF DATA OR DATA BEING RENDERED INACCURATE OR LOSSES SUSTAINED BY YOU OR THIRD PARTIES OR A FAILURE OF THE LIBRARY TO OPERATE WITH ANY OTHER SOFTWARE EVEN IF SUCH HOLDER OR OTHER PARTY HAS BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES END OF TERMS AND CONDITIONS Anti Virus 6 3 User Manual Appendix License Agreement A 7
26. Inform Maintenance 21 Mail Directories 81 System Configuration 82 Maintenance Menu Selection or command gt F3 Exit F4 Prompt F9 Retrieve F12 Cancel Fi3 Information Assistant F16 AS 400 main menu IFS Viruses Worms and Trojans Refreshing Updating Virus Definition Files Perform this procedure to ensure that you have the most up to date virus definition files available virus definitions are generally updated on average twice daily Anti Virus provides two options for updating Both are accessed by selecting 11 IFS Viruses Worms and Trojans gt 41 Refresh This sub menu has an extended option CD This option refreshes the Virus Signature Database from a CD which was burned using the internet connected PC which downloaded files main cvd and daily cvd from the ClamAV server Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 10 RAZ LEE gt The iSeries Security Experts The option INTERNET is downloaded directly from the internet to the System i This option enables users to refresh virus definitions at their own computers The option LAN is first download first to a PC then uploaded to the System i via a LAN This option enables only one user to download definitions thereby providing greater security All other users receive their updates from that user NOTE Since many System i computers are not permitted to be directly connected to the internet because of regul
27. Rudit type amp H Hour amp M Minute amp d Day in month amp m Month mm amp a amp R Heekday abbr full F3 Exit F12 Cancel amp 8 Host name amp 9 0p sys amp S Second amp X Time amp y Year yy amp x Date amp b amp B Month name abbr full SYSLOG Definitions SYSLFC SYSLOG FACILITY KERNEL MESSAGES FTP DAEMON USER LEVEL MESSAGES NTP SUBSYSTEM MAIL SYSTEM LOG AUDIT SYSTEM DAEMONS LOG ALERT SECURITY AUTHORIZATION CLOCK DAEMON MESSAGES LOCAL USE 0 LOCALO SYSLOGD INTERNAL LOCAL USE 1 LOCAL 1 LINE PRINTER SUBSYSTEM LOCAL USE 2 LOCAL2 NETWORK NEWS SUBSYSTEM LOCAL USE 3 LOCAL3 UUCP SUBSYSTEM LOCAL USE 4 LOCALA CLOCK DAEMON LOCAL USE 5 LOCALS SECURITY AUTHORIZATION LOCAL USE 6 LOCALO MESSAGES LOCAL USE 7 LOCAL7 SYSLSV SYSLOG SEVERITY EMERGENCY WARNING ALERT NOTICE SIGNIFICANT CRITICAL INFORMATIONAL ERROR DEBUG Anti Virus 6 3 User Manual Chapter 4 System Configuration 41 RAZ LEE gt The iSeries Security Experts SNMP Definitions Select option 22 SNMP to display the SNMP definitions Use the following command text to define the SNMP Trap manager ADDTCPHTE INTNETADR n n n n HOSTNAME TRAPMAN Twitter Definitions Select option 24 Twitter to define the Twitter permissions for sending messages For detailed instructions on defining Twitter for iSecurity Anti Virus see the following document http www razlee com twitter working with twitter pdf Tuitter Definitions
28. an completely eliminate the virus threat It is mandatory to take additional precautions in order to safeguard your network Inform all personnel at your company of the dangers of virus infection Train them to recognize the signs of possible infection These include error messages corrupt data and system slowdown Maintain reliable data backups at all times i e CDs additional hard disks etc Do not open any e mail attachment unless you know it is from a reliable source Attachments are notorious for spreading viruses Be suspicious of e mails with over general message lines such as RE An Answer Thanks or Hi Do not open any attachments with file extensions such as drv sys dll exe eml scr ocx com pif bin vbe bat nws 1 nk cpl and shs Choose assistants to assist you in handling emergencies and possible infection if the systems administrator isn t present Feature Overview Anti Virus 6 3 User Manual Chapter 1 Introducing Anti Virus Automatic regularly updated database Mail Support for SMTP mail servers that scans and sends alarm to the recipient instead of the original infected mail Detects catches and quarantines viruses worms Trojan horses and malicious software malware Command line scanner Database updater with support for digital signatures Cannot be disabled by viruses On Access and Scanning Built in support for zip gzip jar and tar files User fr
29. atory issues we recommend using option CD instead Each procedure is explained below in detail Refreshing Viruses from the CD 1 2 3 Enter the command STRA V to return to the Anti Virus main screen Select 41 Refresh The Update Virus Definitions UPDAVDEN screen appears Select from the Type field and press Enter A message screen appears after a few moments with update details Press Enter to return to the main screen NOTE To view the most recent update select 49 Display Last Update Time The date appears together with the precise update time and file definition file details The following shows a sample message this step is also relevant for internet and LAN refreshing Anti Virus 6 3 User Manual Chapter 2 Working with Viruses 11 RAZ LEE Y The Series Security Experts IFS Viruses Worms and Trojans iSecurity Anti Virus System 5720 Select of the following Last attempt for download was at 08 03 07 16 46 52 The current definition file details ClamAV VDB 08 Mar 2007 13 40 0000 2777 13290 1 Fi2 Cancel At On Access 81 System Configuration 32 At Regular Scan 82 Maintenance Menu Selection or command gt 49 F3 Exit F4 Prompt F9 Retrieve F12 Cancel Fi3 Information Assistant F16 AS 400 main menu Display Last Update Time Refreshing Viruses from the Internet 3 4 NOTE Steps 1 and 2 are to be performed only when updating virus
30. ayouts and accessors and small macros and small inline functions ten lines or less in length then the use of the object file is unrestricted regardless of whether it is legally a derivative work Executables containing this object code plus portions of the Library will still fall under Section 6 Otherwise if the work is a derivative of the Library you may distribute the object code for the work under the terms of Section 6 Any executables containing that work also fall under Section 6 whether or not they are linked directly with the Library itself 6 As an exception to the Sections above you may also combine or link a work that uses the Library with the Library to produce a work containing portions of the Library and distribute that work under terms of your choice provided that the terms permit Anti Virus 6 3 User Manual Appendix License Agreement A 4 RAZ LEE Y The Series Security Experts modification of the work for the customer s own use and reverse engineering for debugging such modifications You must give prominent notice with each copy of the work that the Library is used in it and that the Library and its use are covered by this License You must supply a copy of this License If the work during execution displays copyright notices you must include the copyright notice for the Library among them as well as a reference directing the user to the copy of this License Also you must do one of these things a
31. buted under the terms of this Lesser General Public License also called this License Each licensee is addressed as you A library means a collection of software functions and or data prepared so as to be conveniently linked with application programs which use some of those functions and data to form executables The Library below refers to any such software library or work which has been distributed under these terms A work based on the Library means either the Library or any derivative work under copyright law that is to say a work containing the Library or a portion of it either verbatim or with modifications and or translated straightforwardly into another language Hereinafter translation is included without limitation in the term modification Anti Virus 6 3 User Manual Appendix License Agreement A 2 RAZ LEE Y The Series Security Experts Source code for a work means the preferred form of the work for making modifications to it For a library complete source code means all the source code for all modules it contains plus any associated interface definition files plus the scripts used to control compilation and installation of the library Activities other than copying distribution and modification are not covered by this License they are outside its scope The act of running a program using the Library is not restricted and output from such a program is covered only if its contents constitute a work bas
32. ch applies to it and any later version you have the option of following the terms and conditions either of that version or of any later version published by the Free Software Foundation If the Library does not specify a license version number you may choose any version ever published by the Free Software Foundation 14 If you wish to incorporate parts of the Library into other free programs whose distribution conditions are incompatible with these write to the author to ask for permission For software which is copyrighted by the Free Software Foundation write to the Free Software Foundation we sometimes make exceptions for this Our decision will be guided by the two goals of preserving the free status of all derivatives of our free software and of promoting the sharing and reuse of software generally NO WARRANTY 15 BECAUSE THE LIBRARY IS LICENSED FREE OF CHARGE THERE IS NO WARRANTY FOR THE LIBRARY TO THE EXTENT PERMITTED BY APPLICABLE LAW EXCEPT WHEN OTHERWISE STATED IN WRITING THE COPYRIGHT HOLDERS AND OR OTHER PARTIES PROVIDE THE LIBRARY AS IS WITHOUT WARRANTY OF ANY KIND EITHER EXPRESSED OR IMPLIED INCLUDING BUT NOT LIMITED TO THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE THE ENTIRE RISK AS TO THE QUALITY AND PERFORMANCE OF THE LIBRARY IS WITH YOU SHOULD THE LIBRARY PROVE DEFECTIVE YOU ASSUME THE COST OF ALL NECESSARY SERVICING REPAIR OR CORRECTION 16 IN NO EVENT UNLESS REQUIRED BY APPL
33. ct Documentation Overview Raz Lee takes customer satisfaction seriously Our products are designed for ease of use by personnel at all skill levels especially those with minimal AS400 experience The documentation package includes a variety of materials to get you familiar with this software quickly and effectively Printed Materials This user guide is the only printed documentation necessary for understanding this product It is available in user friendly PDF format and may be displayed or printed using Adobe Acrobat Reader version 4 0 or higher Acrobat Reader is included on the product CD ROM This manual contains concise explanations of the various product features as well as step by step instructions for using and configuring the product Online Help AS400 context sensitive help is available at any time by pressing the F1 key A help window appears containing explanatory text that relates to the function or option currently in use Online help will shortly be available in Windows help format for viewing on a PC with terminal emulation Typography Conventions Menu options field names and function key names are written in Bold References to chapters or sections are written in OS 400 commands and system messages are written in Bold Italic Key combinations are separated by a dash for example Shift Tab Emphasis is written in Times New Roman bold Anti Virus 6 3 User Manual About This Manual 1 RAZ LEE gt Th
34. d materials from the same place Verify that the user has already received a copy of these materials or that you have already sent this user a copy For an executable the required form of the work that uses the Library must include any data and utility programs needed for reproducing the executable from it However as a special exception the materials to be distributed need not include anything that is normally distributed in either source or binary form with the major components compiler kernel and so on of the operating system on which the executable runs unless that component itself accompanies the executable It may happen that this requirement contradicts the license restrictions of other proprietary libraries that do not normally accompany the operating system Such a contradiction means you cannot use both them and the Library together in an executable that you distribute 7 You may place library facilities that are a work based on the Library side by side in a single library together with other library facilities not covered by this License and distribute such a combined library provided that the separate distribution of the work based on the Library and of the other library facilities is otherwise permitted and provided that you do these two things Anti Virus 6 3 User Manual Appendix License Agreement A 5 RAZ LEE gt The iSeries Security Experts a Accompany the combined library with a copy of the same work base
35. d on the Library uncombined with any other library facilities This must be distributed under the terms of the Sections above b Give prominent notice with the combined library of the fact that part of it is a work based on the Library and explaining where to find the accompanying uncombined form of the same work 8 You may not copy modify sublicense link with or distribute the Library except as expressly provided under this License Any attempt otherwise to copy modify sublicense link with or distribute the Library is void and will automatically terminate your rights under this License However parties who have received copies or rights from you under this License will not have their licenses terminated so long as such parties remain in full compliance 9 You are not required to accept this License since you have not signed it However nothing else grants you permission to modify or distribute the Library or its derivative works These actions are prohibited by law if you do not accept this License Therefore by modifying or distributing the Library or any work based on the Library you indicate your acceptance of this License to do so and all its terms and conditions for copying distributing or modifying the Library or works based on it 10 Each time you redistribute the Library or any work based on the Library the recipient automatically receives a license from the original licensor to copy distribute link with or m
36. dium customarily used for software interchange If distribution of object code is made by offering access to copy from a designated place then offering equivalent access to copy the source code from the same place satisfies the requirement to distribute the source code even though third parties are not compelled to copy the source along with the object code 5 A program that contains no derivative of any portion of the Library but is designed to work with the Library by being compiled or linked with it is called a work that uses the Library Such a work in isolation is not a derivative work of the Library and therefore falls outside the scope of this License However linking a work that uses the Library with the Library creates an executable that is a derivative of the Library because it contains portions of the Library rather than a work that uses the library The executable is therefore covered by this License Section 6 states terms for distribution of such executables When a work that uses the Library uses material from a header file that is part of the Library the object code for the work may be a derivative work of the Library even though the source code is not Whether this is true is especially significant if the work can be linked without the Library or if the work is itself a library The threshold for this to be true is not precisely defined by law If such an object file uses only numerical parameters data structure l
37. e iSeries Security Experts Other iSecurity Products Raz Lee s iSecurity is an integrated state of the art security solution for all System i servers providing cutting edge tools for managing all aspects of network access data and audit security Its individual components work together transparently providing comprehensive out of the box security Other iSecurity products include Anti Virus 6 3 User Manual About This Manual Assessment Assessment checks your ports sign on attributes user privileges passwords terminals and more Results are instantly provided with a score of your current network security status with its present policy compared to the network if iSecurity were in place Firewall Firewall protects and secures all types of access to and from the System i within or outside the organization under all types of communication protocols Firewall manages user profile status secures entry via pre defined entry points and profiles activity by time Its Best Fit algorithm determines the validity of any security related action hence significantly decreasing system burden while not compromising security Visualizer Visualizer is an advanced DWH statistical tool with state of the art technology This solution provides security related data analysis in GUI and operates on summarized files hence it gives immediate answers regardless of the amount of security data being accumulated Audit Audit
38. ed if they have been modified 1 Both recommended 2 Open 3 Close Anti Virus 6 3 User Manual Chapter 4 System Configuration 38 RAZ LEE gt The iSeries Security Experts Description Scan only file servers accesses This option modifies system value QSCANFSCTL Scan file systems control Y Yes only access attempts carried out through the file servers N No scan from WRKLNK or EDITF as well Scan the object up to the size of Size in KB This setting helps prevent lengthy scans Use with caution Files which are larger than specified will not be scanned at real time but a message will be inserted in the log file Instead they will be treated as clean files Large files should be scanned in advance using the SCANAV command Note that when SCANAV has been used and System Value setting is QSCANFSCTL USEOCOATR this object will require a re scan only after being changed Log debug information N No default Y Yes set this value to Y when requested by technical assistance only Anti Virus 6 3 User Manual Chapter 4 System Configuration RAZ LEE gt The iSeries Security Experts Enable SIEM amp MAIL Alerting From the iSecurity Part 5 System Configuration screen select option 5 Enable SIEM amp MAIL Alerting to send message alerts to QS YSOPR E mail address and SYSLOG 11 Enable SIEM amp MAIL Alerting Type options press Enter Send message to QSYSOPR Y Yes
39. ed on the Library independent of the use of the Library in a tool for writing it Whether that is true depends on what the Library does and what the program that uses the Library does 1 You may copy and distribute verbatim copies of the Library s complete source code as you receive it in any medium provided that you conspicuously and appropriately publish on each copy an appropriate copyright notice and disclaimer of warranty keep intact all the notices that refer to this License and to the absence of any warranty and distribute a copy of this License along with the Library You may charge a fee for the physical act of transferring a copy and you may at your option offer warranty protection in exchange for a fee 2 You may modify your copy or copies of the Library or any portion of it thus forming a work based on the Library and copy and distribute such modifications or work under the terms of Section 1 above provided that you also meet all of these conditions a The modified work must itself be a software library b You must cause the files modified to carry prominent notices stating that you changed the files and the date of any change c You must cause the whole of the work to be licensed at no charge to all third parties under the terms of this License d Ifa facility in the modified Library refers to a function or a table of data to be supplied by an application program that uses the facility other than as an argument pas
40. ess is denied to the file and an Attribute Scan Fail message appears in the log file Consequentially the virus contained in the file can do no further harm NOTE The command SMZV ENDRTAV stops accepting new objects to be checked and lets the current object being checked to be finished then the subsystem ZANTIVIRUS ends The command SMZV STRRTAV starts the system Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 15 RAZ LEE gt The iSeries Security Experts De activating Real Time Virus Protection 1 To de activate real time detection select 2 De activate Real Time Detection from the Activation menu 2 To check that the subsystem is de activated wait about 30 seconds and select 5 Work with Active Jobs A message should appear at the bottom of the Activation screen as shown in the following screen capture AVSETMN Activation iSecur ity AntiVir System 720 Select one of the following Activation 1 Activate Real Time Detection 2 De activate Real Time Detection 5 Work with Active Jobs Selection or command F3 Exit F4 Prompt F9 Retrieve F12 Cancel Fi3 Information Assistant F16 AS 400 main menu Subsystem ZANTIVIRUS not active Work with Subsystem Jobs Subsystem ZANTIVIRUS Not Active Scanning for Viruses Anti Virus supports two different types of virus scans B Scan in Batch Opt 11 This option enables Anti Virus scanning to run as a background process thus enabling you to con
41. g some libraries is covered by the ordinary GNU General Public License This license the GNU Lesser General Public License applies to certain designated Anti Virus 6 3 User Manual Appendix License Agreement A 1 RAZ LEE gt The iSeries Security Experts libraries and is quite different from the ordinary General Public License We use this license for certain libraries in order to permit linking those libraries into non free programs When a program is linked with a library whether statically or using a shared library the combination of the two is legally speaking a combined work a derivative of the original library The ordinary General Public License therefore permits such linking only if the entire combination fits its criteria of freedom The Lesser General Public License permits more lax criteria for linking other code with the library We call this license the Lesser General Public License because it does Less to protect the user s freedom than the ordinary General Public License It also provides other free software developers Less of an advantage over competing non free programs These disadvantages are the reason we use the ordinary General Public License for many libraries However the Lesser license provides advantages in certain special circumstances For example on rare occasions there may be a special need to encourage the widest possible use of a certain library so that it becomes a de facto standard To achieve this
42. hen they are changed or new signature files are loaded Ignore all previous signatures N Y Yes N No After the next Signatures update all objects will be considered unscanned Information to log 1 Viruses Signature update 2 Same Excludes 3 RII Log method 1 File 2 Journal 3 Both The logging function can use a standard file a journal or both PC Virus scanner method 1 1 amAV This specifies which PC Virus scanner is used to perform non native files verification F3 Exit Fi2 Cancel Anti Virus General Definitions Description Work in FYI The FYI Simulation Mode allows users to scan Simulation Mode files without marking files as scanned Y Simulation mode files not marked as scanned N Files are marked as scan failure virus or scan success clean Scan only if object Y Files will be scanned only if they are new or was changed if they have been changed This setting saves processing time N Files will be scanned when they are changed or new signature files are loaded Ignore all previous After the next Signatures update all objects will signatures be considered un scanned Information to log 1 Viruses Signature update 2 Same Excludes 3 All Anti Virus 6 3 User Manual Chapter 4 System Configuration 37 RAZ LEE The iSeries Security Experts Description Log method The logging function can use a standard file a journal or both 1 Standard file 2 Journal
43. i Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 17 RAZ LEE gt The iSeries Security Experts 4 Check Anti Virus virus fighting capabilities by scanning false and harmless files Anti Virus will consider it a virus and place it in quarantine If not check your configuration settings and or contact Raz Lee The files names are eicar com and MyDoomsS both found in SMZVDTA virus_template NOTE f you are using the Scan in Batch option 11 you must select 51 Display Log from the main menu to see virus details at the end of the scan use Page Down on the keyboard if necessary NOTE This step is not necessary for real time scans as results are displayed immediately without any user prompting The summary log offers this information Known viruses Scanned directories s Scanned files a Infected files Data scanned I O buffer size s Time of scan Starting time of scan Virus scans Quarantined viruses Real time activation de activation Virus removal Virus definition updates Scan scheduling Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 18 RAZ LEE gt The iSeries Security Experts The following is an example of a summary log Browse ASMZVDTA log av log Record 1 of 11864 by 18 Column 71 by 131 Control I m M PW rM no MS cote 9 of
44. iendly multilingual interface green screen and GUI with simple activation features Integration with OS 400 Scheduler Summary Log for review and analysis RAZ LEE gt The iSeries Security Experts Benefits Prevents your System i from becoming an infection source Scans files before and or after they used Built in scheduler enables planned virus scanning Based on popular signature file used in the Open Source Linux environment Signature file is updated often even before some of the commercial files Signature file loaded directly from the web into the System i or from a web connected PC which disconnects from the web upon System i access User friendly green screen and GUI interfaces System Requirements Disk space 110MB PASE Linux like environment installation required Operating System V5R4 or higher NOTE PASE installation will be required in the near future for Audit FlleScope and perhaps for other tools as well Native OS 400 Text Based User Interface Anti Virus is designed to be a user friendly product The user interface follows standard System i CUA conventions All product features are available via the menus so you are never required to memorize arcane commands Many features are also accessible via the command line for the convenience of experienced users Menus Product menus allow for easy access to all features with a minimum of keystrokes Menu option
45. ies File Extensions Start each directory Extension in a neu line from its first column 5525 59559595595959559595549959595595959959595595959559595945959559525959959595995959559595 QIBM QOpenSys F2 Save F3 Save Exit Fi2 Exit Fi5 Services F16 Repeat find F17 Repeat change Fi9 Left Exclude Directories To save without exiting press F2 To save and exit press F3 twice To exit without saving press F12 Include Directories During Virus Scans This procedure enables you to include up 50 file extensions and or directories during virus scans To include files and folders during real time scanning select 5 At IFS Viruses Worms and Trojans 1 Enter file name in the Edit File field see upper call out in the following screen capture 2 Enter additional files in the field provided between the Beginning of Data and End of Data fields see lower arrow in the following screen capture Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 23 RAZ LEE gt The iSeries Security Experts Edit File SMZVDTA conf OA_inc conf Record 1 of 17 by 10 Column 109 by 126 Control 2 m Pree O IE JAB e g inni ng of
46. ing Reports all Non Confirmed Objects sse 34 Creating Reports on all Confirmed 34 Create Reports on all Quarantined 34 Anti Virus at a Glance Native 35 Chapter 4 System 2 ER an 36 General A nnne nnns nnns nnne en 36 On Access 38 Enable SIEM amp MAIL 40 SYSLOG DefiMtONS 40 SNMP DeTiINIMOMS lata 42 Twitter Definitions 22 AEA 42 Appendix License 1 ad 1 GNU LESSER GENERAL PUBLIC LICENSE sese A 2 Anti Virus 6 3 User Manual ii RAZ LEE gt The iSeries Security Experts About This Manual This user guide is intended for system administrators and security administrators responsible for the implementation and management of security on AS400 systems However any user with basic knowledge of AS400 operations will be able to make full use of this product after reading this book Produ
47. is a security auditing solution that monitors System i events in real time It includes a powerful query generator plus a large number of predefined reports Audit can also trigger customized responses to security threats by means of the integrated script processor contained in Action Action Action automatically intercepts and responds to security breaches system activity events QHST contents and other message queues Inquiring messages can be automatically answered Alerts are sent by e mail SMS pagers or the message queues Command scripts with replacement variables perform customized corrective actions such as terminating a user session or disabling a user profile RAZ LEE Y The Series Security Experts AP Journal AP Journal automatically manages database changes by documenting and reporting exceptions made to the database journal View View is a unique patent pending field level solution that hides sensitive fields and records from restricted users This innovative solution hides credit card numbers customer names etc Restricted users see asterisks or zeros instead of real values View requires no change in existing applications It works for both SQL and traditional I O Capture Capture silently captures and documents user screens for tracking and monitoring without any effects on system performance It also preserves job logs for subsequent review Capture can run in playback mode and can be
48. log 91 Language Support 22 SNMP 99 Copyright Notice 23 Mail 24 Tuitter Selection gt L Restart Real Time AV to activate changes Release 06 3 11 12 29 44DE466 520 7459 Authorization code V16714069275 1 1 Ruthorization code expired or not valid Real Time SIEM and Native Objects Integrity checks require Enterprise Edition F3 Exit F22 Enter Authorization Code iSecurity Part 5 System Configuration General Definitions This option presents general definitions relating to log and scans Follow this procedure 1 Select 1 General Definitions from the iSecurity part 5 System Configuration screen The Anti Virus General Definitions screen appears 2 Set parameters and definitions according to the following table and press Enter Anti Virus 6 3 User Manual Chapter 4 System Configuration 36 RAZ LEE The iSeries Security Experts Anti Virus General Definitions Type options press Enter Work in XFYIx Simulation mode Y Yes is acronym for For Your Information In this mode use of objects containing viruses will be reported but not prevented This will also require re scan of all object and consume more resources Scan only if object uas changed Y Y Yes If Y is selected files will be scanned only if they neu or if they have been changed This setting saves processing time Otherwise files will also be scanned w
49. n their PC Anti Virus 6 3 User Manual Chapter 1 Introducing Anti Virus 5 RAZ LEE gt The iSeries Security Experts What are Viruses Viruses are programs or pieces of malicious code that load and attach themselves to your computer without your knowledge Once inside they infect exe files and disk boot sectors where they proceed to replicate at enormous speeds Viruses are all man made They range from harmless pranks that are mere annoyances to your computer such as screen messages to catastrophic instruments of destruction that can wipe out your hard disk There are different types of viruses Worms are special kinds of viruses that replicate themselves but cannot attach to other programs Trojan horses named after the classic Greek myth also do not replicate themselves They are programs that pretend to have useful and helpful features while they are actually destructive Malware malicious software is actually a general all encompassing term for any program designed to take over and harm your computer and operating system In history the Trojan horse was a large hollow wooden horse that was filled with Greek soldiers After the horse was introduced within the walls of Troy the soldiers climbed out of the horse and fought the Trojans In the computer world a program that hides destructive functions is often called a Trojan horse Fighting Viruses New viruses are constantly being introduced to the world The go
50. nfirmed Work with Suspicious Objects Confirm Object as Non Offensive options press Enter 4 Quarantine 5 Display 8 Recreate pgm 1 Select 3 Confirm Opt Librar cp Work with Suspicious Objects Position to library Omit confirmed objects Quarantine Object Press Enter to confirm F12 to Cancel CP Library cs 651 LS LS 05 05 MPORGA 05 OSI 05 OSRBLA 05 OSRBLB F3 Exit F7 Subset Object Type Owner ALCCPU kPGM QPGHR F12 Cancel NOTTRRNS NOTTRANS NOTTRANS NOTTRANS NOTTRANS QSECOFR QSECOFR QSECOFR F15 Informat ion XNO 9 Disconf irm Violation NOTTRRNS Work with Suspicious Objects Quarantine Object Anti Virus 6 3 User Manual Chapter 3 Native AS 400 Suspicious Objects 31 RAZ LEE gt The iSeries Security Experts Display Object Integrity Details ALCCPU Library Language ID Display date time 26 10 08 10 17 58 Violation NOTTRANS object has not been converted to RISC format Press Enter to continue F3 Exit Display Object Integrity Details Option 1 3 Type choices and or press Enter to confirm Working with Quarantined Objects An object placed in Quarantine is isolated and can do no further harm see Chapter Four for details After an object is placed in Quarantine you can view details about that object or delete it permanently See Creating Reports at the end of this chapter for information on rep
51. nfirmed 1 Select Opt 51 All Suspicious Objects The Display AV Object Integrity screen appears 2 Leave options at default and press Enter to access the Delay Suspicious Objects screen Choose one of the following options Enter Opt 1 to select an object The Display Object Integrity Details screen appears Press F7 to access the Select Objects to Work With screen Anti Virus 6 3 User Manual Chapter 3 Native AS 400 Suspicious Objects 33 RAZ LEE gt The iSeries Security Experts Creating Reports on all Non Confirmed Objects This feature runs reports on all non confirmed suspicious objects 1 Select Opt 52 All Suspicious Objects The Display AV Object Integrity screen appears Leave all options at their default parameters and press Enter to access the Delay Suspicious Objects screen Choose one of the following options Enter Opt 1 to select an object The Display Object Integrity Details screen appears Press F7 to access the Select Objects to Work With screen Creating Reports on all Confirmed Objects This feature runs reports on all confirmed suspicious objects 1 Select Opt 55 All Suspicious Objects The Display AV Object Integrity screen appears Leave all options at their default parameters and press Enter to access the Display Confirmed Violation screen Choose one of the following options Enter Opt 1 to select an object The Display Confirmed Object Integrity Detail screen a
52. ns Signature Improvements logical signature improvements to allow more detailed matching and referencing groups of signatures Additionally improvements to wildcard matching on word boundaries and newlines Support for new archives 7zip InstallShield and CPIO LibClamAV can now transparently unpack and inspect their contents Support for new executable file formats 64 bit ELF files and OS X Universal Binaries with Mach O files Additionally the PE module can now decompress and inspect executables packed with UPX 3 0 New PDF parser a Support for custom database URLs Support for signatures based on SHA1 and SHA256 Better error detection 2 Performance improvements overall performance improvements and memory optimizations for a better overall resource utilization experience Anti Virus 6 3 User Manual Chapter 1 Introducing Anti Virus 4 RAZ LEE gt The iSeries Security Experts Version 5 8 When scanning only new not scanned before files the scan check is done in the context of the same job which saves the overhead of opening a new job In addition it saves locking problem in one of SEA customers When ending all subsystems by ENDSBS ALL IMMED for backup as example the scan exit programs are removed automatically to avoid IFS hang up In every directory scan there is a heading with time and name of the directory scanned Version 5 6 Includes the current new version of ClamAV 0
53. numbering and terminology are consistent throughout this product as well as other Raz Lee products To select a menu option simply type the option number and press Enter The command line is available from nearly all product menus If the command line does not appear and your user profile allows use of the command line press F10 to display it Anti Virus 6 3 User Manual Chapter 1 Introducing Anti Virus 8 RAZ LEE gt The iSeries Security Experts Data Entry Screens Data entry screens include many convenient features such as Pop up selection windows Convenient option prompts Easy to read descriptions and explanatory text for all parameters and options a Search and filtering with generic text support The following describes the different data entry screens To enter data in a field type the desired text and then press Enter or Field Exit To move from one field to another without changing the contents press Tab To view options for a data field together with an explanation press 4 To accept the data displayed on the screen and continue press Enter The following function keys may appear on data entry screens Function Key Description F1 Help Display context sensitive help F3 Exit End the current task and return to the screen or menu from which the task was initiated F4 Prompt Display a list of valid options for the current field or command For certain data items a pop up selection
54. od news is that there are solid tools that follow every new threat and enable you to keep your computer and network clean safe and virus free But standard PC based anti virus programs are simply not effective enough in the AS 400 world When checking the Integrated File System they re slow can compromise security and are not immune to viruses themselves The answer is a native AS 400 based application By using Clam anti virus detection technology Raz Lee s Anti Virus enables you to fight viruses using a comprehensive and specially designed product Working extremely fast Anti Virus user friendly interface incorporates the most intuitive activation features on the market helping you to keep viruses away from your network and PC Mail Scan Anti Virus takes control just when the IFS file that contains an email is being closed or opened That way the scan is done before the recipient gets the email If the email is a phishing mail or contains a virus the recipient gets a mail describing the virus found and name of the quarantined file the recipient will never get the actual infected email Phishing mail scan is done only by ClamAV Anti Virus 6 3 User Manual Chapter 1 Introducing Anti Virus 6 RAZ LEE gt The iSeries Security Experts Keeping Your Computer Virus Free In addition to installing Raz Lee s Anti Virus and updating virus definitions on a regular basis it is important to note that no single product c
55. odify the Library subject to these terms and conditions You may not impose any further restrictions on the recipients exercise of the rights granted herein You are not responsible for enforcing compliance by third parties with this License 11 If as a consequence of a court judgment or allegation of patent infringement or for any other reason not limited to patent issues conditions are imposed on you whether by court order agreement or otherwise that contradict the conditions of this License they do not excuse you from the conditions of this License If you cannot distribute so as to satisfy simultaneously your obligations under this License and any other pertinent obligations then as a consequence you may not distribute the Library at all For example if a patent license would not permit royalty free redistribution of the Library by all those who receive copies directly or indirectly through you then the only way you could satisfy both it and this License would be to refrain entirely from distribution of the Library If any portion of this section is held invalid or unenforceable under any particular circumstance the balance of the section is intended to apply and the section as a whole is intended to apply in other circumstances It is not the purpose of this section to induce you to infringe any patents or other property right claims or to contest validity of any such claims this section has the sole purpose of protecting the integrit
56. oices press Enter Name genericX XALL XPRINT Sequence XDATETIME xJOBQ Scheduled by user Submit date XRLL XCURRENT Job queue xRLL Library XLIBL xCURLIB Bottom F3 Exit F4 Prompt F5 Refresh F12 Cancel 13 to use this display F24 More keys Work with Job Schedule Entries WRKJOBSCDE 2 Press Enter The screen shows a list of defined jobs 3 Type 2 in the Opt field to modify an existing job or press F6 to add a new job and press Enter The Change Job Schedule Entry CHGJOBSCDE screen appears The following screen shows an example Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 21 RAZ LEE Y The Series Security Experts Change Job Schedule Entry CHGJOBSCDE Type choices press Enter Job name gt RVeIFS Name Entry number gt 000437 000001 999999 xONLY Command to run Ne 0BJ folder filex ONLYNEW xYES WA Frequency XSAME Schedule date XNONE Date xSAME xCURRENT Schedule day XSRME XALL XMON Schedule time 01 00 00 Time XSAME XCURRENT Bottom F3 Exit F4 Prompt F5 Refresh Fi0 Additional parameters Fi2 Cancel F13 How to use this display F24 More keys Change Job Schedule Entry CHGJOBSCDE 4 Enter your parameters frequency date day time and press Enter Excluding Directories During
57. orts To work with objects in Quarantine follow this procedure 1 Select 61 Work with Quarantined Objects The Work with Objects Using PDM screen appears Anti Virus 6 3 User Manual Chapter 3 Native AS 400 Suspicious Objects 32 RAZ LEE gt The iSeries Security Experts Work with Objects Using PDM Library SMZVORN Position to Position to type Type options press Enter 2 Change 3 Copy 4 Delete 5 7 8 description 9 Save 10 Restore 11 Move Opt Object Type Attribute Text RVGQ880801 xPGM RPG Original object IGUD BDIKR xPGM 0000010 CLP Original object RLTOOLS H2 xPGM RVGQ880011 CLP Original object RLTOOLS TESTHV1 RVGQ880812 CLP Original object RLTOOLS2 TESTHV1 xPGM RVGQ800830 Original object PRECOSIS HRKSYSRCH xP RVGQ880888 xCHD Original object RLSYS Q xCMD Bottom Parameters or command F3 Exit F4 Prompt F5 Refresh F6 Create F9 Retrieve F10 Command entry F23 More options F24 More keys COPYRIGHT IBM CORP 1981 2002 Work With Objects Using PDM 2 Select Opt 8 to display a description of the suspicious object or Opt 4 to delete it permanently Creating Reports Create reports to suit your needs by using the following options Simply select the correct report type and then follow the wizard Creating Reports on Suspicious Objects This feature runs reports on all suspicious objects both confirmed and non co
58. ppears Press F7 to access the Select Objects to Work With screen Create Reports on all Quarantined Objects To run reports on objects found in Quarantine 1 2 Select Opt 59 All Suspicious Objects In the Display Library screen select Opt 5 to display the object s full attributes and then press Enter to access the Display Object Description Full screen Press Enter to return to the Display Library screen Anti Virus 6 3 User Manual Chapter 3 Native AS 400 Suspicious Objects 34 RAZ LEE gt The iSeries Security Experts Anti Virus at a Glance Native Objects The following chart shows the basic procedures described in this chapter Anti Virus at a Glance Native Objects Step 1 Scan for Suspicious Objects Options 11 Step 2 Work with Suspicious Objects Option 21 Step 3 Quarantine Infected Objects Option 61 Options 51 52 Step4 MUITO 55 59 Step 5 Schedule Future Scan Option 62 Anti Virus 6 3 User Manual Chapter 3 Native AS 400 Suspicious Objects 35 Chapter 4 System Configuration Select option 81 System Configuration NOTE f system password is requested type OSECOFR iSecurity Part 5 System Configuration 29 01 12 11 46 31 520 Select one of the following AntiVirus More Settings 1 General Definitions 41 Proxy Setup 2 Real Time on access Definitions 5 Enable SIEM amp MAIL Alerting SIEM amp Mail Definitions General 21 Sys
59. put priority on xJOBD 1 9 xJOBD Print device a asja More F3 Exit F4 Prompt F5 Refresh F1 Additional parameters 12 F13 How to use this display F24 More keys Submit Job Anti Virus 6 3 User Manual Chapter 3 Native AS 400 Suspicious Objects XCURRENT Name XCURRENT xUSRPRF 28 RAZ LEE gt The iSeries Security Experts This option submits a batch job which runs the AVOBITG command This info can either add information or delete it This command which exists in the SMZV library runs the CHKOBJITG command and adds or replaces the existing collected data with the new For a detailed description of all its parameters except REPLACE and ADD see the CHKOBJITG definition in the IBM literature Scheduling Future Scans Use this option to schedule a regularly occurring scan i e 9 00 every morning or a single specific scan to occur at a later date 1 Select 15 Schedule Scan The Change Job Schedule Entry CHGJOBSCDE screen appears 2 Press Enter to view all the parameters The following shows an example Change Job Schedule Entry CHGJOBSCDE Tupe choices press Enter gt RVeNTV Name Entry number 000001 999999 xONLY Command to run ENZV AVOBJITG USRPRF XRLL MBROPT REPLACE Frequency xHEEKLY XSRME XHEEKLY Schedule date XNONE Date xSRME xCURRENT Schedule day xRLL XSRME XALL xMON Schedule time
60. sed when the facility is invoked then you must make a good faith effort to ensure that in the event an application does not supply such function or table the facility still operates and performs whatever part of its purpose remains meaningful For example a function in a library to compute square roots has a purpose that is entirely well defined independent of the application Therefore Subsection 2d requires that any application supplied function or table used by this function must be optional if the application does not supply it the square root function must still compute square roots These requirements apply to the modified work as a whole If identifiable sections of that work are not derived from the Library and can be reasonably considered independent and separate works in themselves then this License and its terms do not apply to those sections when you distribute them as separate works But when you distribute the same sections as part of a whole which is a work based on the Library the distribution of the whole must be on the terms of this License whose permissions for other licensees extend to the entire whole and thus to each and every part regardless of who wrote it Thus it is not the intent of this section to claim rights or contest your rights to work written entirely by you rather the intent is to exercise the right to control the distribution of derivative or collective works based on the Library Anti Virus 6 3 User
61. suspicious objects selected including confirmed 2 Choose one of the following options screens are displayed following the table 1 Select Work with Suspicious Objects Description Displays details such as violation 3 Confirm Confirms object as non offensive Enter descriptive text and press Enter 4 Quarantine Places object in Quarantine 5 Display Runs the appropriate display command as per the object type 9 Disconfirm Removes the non offensive status from a confirmed object F7 Subset Accesses the Select Objects to Work With screen This enables you to determine which parameters appear on the Work with Suspicious Objects screen Anti Virus 6 3 User Manual Chapter 3 Native AS 400 Suspicious Objects 30 RAZ LEE gt The iSeries Security Experts Type options press Enter 4 Quarantine 5 Display 8 Recreate pgm 1 Select 3 Confirm Opt L Hork uith Suspicious Objects Position to library mit confirmed objects Confirm Object as Non Offensive XNO 9 Disconf irm choices and press Enter to confirm F12 to cancel Library F3 Exit MPORGA OSI OSRBLA OSRBLB F3 Exit F7 Subset Object Type Duner ALCCPU xPGh QPGHR Description J NOTTRRNS Violation F12 Cancel NOTTRRNS NOTTRRNS NOTTRRNS NOTTRRNS NOTTRRNS QSECOFR QSECOFR QSECOFR F15 Information 203 suspicious objects selected including co
62. tinue working in another application At the end of the scan you must select 51 Display Log to see results Scan Now Opt 12 This option creates an interactive process enabling you to view the Log as the files are being scanned Anti Virus 6 3 User Manual Chapter 2 Working with PC Type Viruses 16 RAZ LEE gt The iSeries Security Experts Scan Viruses To perform virus scans follow this simple procedure 1 Select 11 Scan or 12 Scan Now from the main menu The Scan by Anti Virus screen appears An explanatory table follows the screen capture Scan by AntiVirus Type choices press Enter IFS Directory or file New files only 5 0 Wait for results xNO Batch gt 5 XYES 0 Bottom F3 Exit F4 Prompt F5 Refresh F 2 Cancel 1 to use this display 24 keys Scan by Anti Virus SCANAV Description IFS Directory or file Name of directory or name of file New Files Only YES Scan only those files that have been added since the previous scan NO Scan all files in IFS Wait for results YES Performs on line scan NO Performs batch scan 2 Enter the file name or directory you want to scan plus additional parameters and press Enter A summary scan appears at the scan finish Any virus found is immediately quarantined 3 To abort a scan after scanning has begun select 2 De activate Real Time Detection from the Activation menu Ant
63. work with Native AS 400 Suspicious Objects select 21 Suspicious Objects from the Anti Virus main menu The Suspicious Native Objects screen appears Proceed to the next step Scanning for Viruses Anti Virus 6 3 User Manual Chapter 3 Native AS 400 Suspicious Objects 27 RAZ LEE The iSeries Security Experts Suspicious Native Objects iSecurity Anti Virus System 720 Select one of the following Scan Reports 11 Scan 51 All Suspicious Objects 15 Scan by Schedul er 52 Non Confirmed Objects 55 All Confirmations 59 Quarantined Objects Suspicious Objects Quarant ine 21 Work with Suspicious Objects 61 Work with Quarantined Objects Maintenance 81 System Configuration 82 Maintenance Menu Selection or command F3 Exit F4 Prompt F9 Retrieve F12 Cancel Fi3 Information Assistant F1i6 AS 400 main menu Suspicious Native Objects Scanning for Suspicious Objects Scan for suspicious objects by selecting Opt 11 Scan The Submit Job SBMJOB screen appears Submit Job SBMJOB Type choices press Enter Command to run zs sa ss SHNZV AVOBJITG USRPRF xALL MBROPT REPLACE aO sais 55 9 5 gt 2 gt AMELIE XJOBD Job description same xUSRPRF Name XUSRPRF Librari se e a a Name XLIBL xCURLIB Job queue s n sne xJOBD Name XJOBD Libary Gs GR Hoe S Name XLIBL xCURLIB Job priority XJOBD 1 9 xJOBD Out
64. y of the free software distribution system which is implemented by public license practices Many people have made generous contributions to the wide range of software distributed through that system in reliance on consistent application of that system it is up to the author donor to decide if he or she is willing to distribute software through any other system and a licensee cannot impose that choice This section is intended to make thoroughly clear what is believed to be a consequence of the rest of this License Anti Virus 6 3 User Manual Appendix License Agreement A 6 RAZ LEE Y The Series Security Experts 12 If the distribution and or use of the Library is restricted in certain countries either by patents or by copyrighted interfaces the original copyright holder who places the Library under this License may add an explicit geographical distribution limitation excluding those countries so that distribution is permitted only in or among countries not thus excluded In such case this License incorporates the limitation as 1f written the body of this License 13 The Free Software Foundation may publish revised and or new versions of the Lesser General Public License from time to time Such new versions will be similar in spirit to the present version but may differ in detail to address new problems or concerns Each version is given a distinguishing version number If the Library specifies a version number of this License whi
Download Pdf Manuals
Related Search