Even experienced IBM i admins sometimes question whether malware protection is necessary for this platform. It’s true that IBM i (AS/400, iSeries) can’t be infected by a PC virus. But anti-malware software is necessary to prevent the IFS from acting as a host and delivery mechanism for viruses and malware, and to prevent viruses from indirectly affecting IBM i operations.
If the integrated file system (IFS) is used as a file server for PC files, the files stored on the IFS have the potential to carry viruses. An infected file that is saved from a PC to the IFS and then redistributed to another PC can transmit a virus to the new PC.
Let’s examine three specific ways viruses and malware can get onto the IFS.
Discoverable Shares
One way a virus can be spread to the IFS is through discoverable shares. In Windows, discoverable shares are found under the option for “network” on the very bottom of the left sidebar of the File Explorer tool. If network discovery is not turned off, you will be able to see all the discoverable file shares that exist on your network as an available resource.
If malware infects a device that is connected to your organization’s network and does not have discovery turned off, the attacker will be able to take advantage of the authorities of that user. That means they can potentially view, encrypt, alter, and delete all discoverable shares spanning your entire network regardless of whether they’re mapped as a drive by the end user. The same principle applies to the IP address of a server. If an attacker knows the IP address and discovery is turned on, they have access to all your shares.
Are Windows Viruses a Threat?
There is often confusion around whether Windows viruses can affect IBM i—meaning impact IBM i performance. Here’s the deal:
- Viruses cannot hide inside RPG and CL programs
- Viruses cannot hide inside Physical and Logical files
- IBM i cannot run .exe files that contain viruses
- IBM i can run Java and UNIX executables that contain viruses
- Viruses can hide inside Java and UNIX stream files
Windows viruses can affect IBM i, for example:
A DOS command could be issued to “delete all” from a directory, which is mapped to the IBM i. IBM i libraries will appear as a directory to a malicious program or virus running on the PC. The DEL *.* command could be used to delete all objects in an IBM i library, rendering the system useless.
Read more here