‘On-Access’ Virus Scanning to Debut with OS/400 V5R3

One of the new features iSeries shops can look forward to in OS/400 V5R3 is the capability to detect and clean viruses at the moment a user attempts to open a file that’s been infected with a virus, or the file is otherwise accessed. This so-called “on access” virus scanning capability will debut with OS/400 V5R3, which IBM is preparing to announce. On-access scanning will require an OS/400 antivirus scanning engine, such as Bytware‘s StandGuard Anti-Virus.

Bytware launched the industry’s first–and still the only–OS/400-based virus scanning and removal tool in the summer of 2003 (see “Bytware Launches OS/400 Antivirus Software to Treat IFS Infections”). With StandGuard AV, the Reno, Nevada, software company gave OS/400 shops the ability to detect, delete, and repair files in the OS/400 Integrated File System (IFS) that have been infected with Windows viruses, worms, and assorted digital pests, without mapping a network drive.

While IBM has recommended for years that OS/400 shops ensure that their Windows-like IFS folders are virus-free by mapping the drive to a PC equipped with standard antivirus software, and then scanning for viruses, having a native OS/400 antivirus engine is considered a superior solution, for a number of reasons, including speed, security, thoroughness, and ease-of-use. IBM tried, unsuccessfully, for years to get independent software vendors interested in developing a native solution like StandGuard AV, and it finally succeeded with Bytware and its antivirus partner, Network Associates’ McAfee subsidiary.

Native OS/400 antivirus scanning was on the influential Large iSeries User Group’s list of requested enhancements. Another item on its list is real-time virus scanning. But because real-time, or on-access, virus detection required changes to OS/400, the capability could not be delivered until OS/400 V5R3. With that release due to be announced any time now, on-access virus scanning is finally a reality.

OS/400 V5R3 will ship with the on-access virus detection capability turned on by default, according to Bytware, which announced the new on-access scanning capability last Friday. This does not mean that OS/400 V5R3 users will get virus detection capabilities–on-access or otherwise–with OS/400 itself. They still will need to buy a native OS/400 virus scanning engine from a third-party to make it work, and right now StandGuardAV is the only such tool.

Bytware officials say they have worked closely with IBM engineers to prepare StandGuardAV for OS/400 V5R3 and will have the product ready when the next release of the operating system ships (which has not yet been announced). The Bytware product, which had been at Version 1.11, will be bumped up to Version 5, Release 3, to coincide with the new release of OS/400. The product’s new name is StandGuard Anti-Virus for iSeries V5R3.

On-access virus scanning will be possible with OS/400 V5R3 thanks in part to a new attribute that IBM added to IFS files that shows the date that file was last scanned for viruses, says Mike Grant, Bytware’s founder and chief executive. OS/400 will decide whether to call StandGuardAV for a virus scan by looking at the last-scanned date. StandGuardAV will not be called to scan files that have already been successfully opened. Digital signatures will be used to ensure that file properties, such as a stamp from the system clock, are not tampered with. Grant says this new attribute will also enable regularly scheduled virus scans with StandGuardAV to be performed much more quickly than before. “Now I can do a scan, which took six hours before, in 10 minutes, because nothing’s changed,” he says.

This new on-access scanning feature will require a new StandGuardAV batch job to run continuously in the background. While scanning for viruses is processor-intensive work, Grant says he hopes his product’s multithreaded design and the new last-scanned date attribute will help to minimize the impact on iSeries processors. Large files, such as executables or ZIP files, could take a couple of seconds to scan before opening, while text files will open almost instantly, just like with Windows PCs, he says. For maximum protection, Bytware recommends using a combination of scheduled full-system scans, as well as the on-access real-time scanning feature.

StandGuardAV for iSeries V5R3 will contain several other enhancements. Large-scale implementations should go much more quickly now that Bytware is taking advantage of a particular API in OS/400 that allows ISVs to use IBM’s PTF update facility. With this release, users will be able to push the product out to multiple systems with very little effort, using Management Central, Grant says. There is also a new graphical quarantine manager, as well as a new graphical interface for selecting which directories the user wants to enable on-access scanning for. Bytware has altered its pricing. The first copy of StandGuardAV will range from $1,200 to $7,000 (depending on the processor tier) per OS/400 logical partition. For more information, go to www.bytware.com.

Editor’s Note: This article has been corrected since its original publication. While timestamps will be used to determine which files in OS/400 V5R3 (which is now called i5/OS V5R3) will be subject to “on access” virus scanning, i5/OS will use digital signatures to ensure that file properties, such as a stamp from the system clock, are not tampered with. Guild Companies regrets the error. [Correction made 5/11/04]