Lotus Domino continues to grow as the standard for mail on IBM i (IBM Power Systems, System i, iSeries, AS/400 servers), and the requirement to scan mail natively is now, more than ever, a requirement too.

StandGuard Anti-Virus offers native scanning of mail on IBM i, and with this new release has been expanded to include support of Lotus Domino. This new add-on feature gives users the ability to manage, scan, and clean Domino mail and databases residing on IBM servers.

Recognizing the global nature of today’s computing, Bytware is also pleased to announce the availability of Lotus Domino support in Japanese with its Tokyo-based partner Solpac.

“We are very excited to be launching Domino support for StandGuard Anti-Virus in Japan. The ability to do real-time and on-demand scanning of Domino databases (NSF) is something most Japanese Domino customers using IBM i are looking for in this time frame,” said Solpac president Tsutomu Fujita. “And we can now set up and maintain StandGuard Anti-Virus for Domino using the Notes client interface. This is a nice interface which we like. Domino support with StandGuard Anti-Virus is something that is great news for the IBM i users in Japan.”

The Japanese-language interface is available today, and multilingual development will continue with a German-language interface planned for a future release.

StandGuard Anti-Virus Domino features include:

Mail Scanning
Dynamically scans e-mail for viruses and other types of malicious code to protect Domino mail users from receiving infected and potentially harmful e-mail.

Database Scanning
On-demand scanning of Domino databases allows users to detect viruses and malicious code embedded within document attachments and OLE objects.

Quarantine
Moves infected attachments to a quarantine database where an administrator can further investigate their origin and integrity by submitting a sample to McAfee’s AVERT Labs threat center.

Real-time Alerts
Alerts can be configured to notify IT staff when specific events occur, such as when infected messages and documents are detected or when automatic activities take place. These alerts allow administrators to be continually aware of the health and status of the system.

Automatic Updating
The database of virus definitions is automatically updated daily from McAfee’s servers or from specified computers on the local network.

Scheduling
Administrators can schedule automatic database scanning and automatic updating to occur at user-configurable times when activity is low, such as nights and weekends.

Logging
Logs all activity to a central database—including details of infected objects detected during scans and when automatic activities occur—so administrators can maintain an audit trail for investigations and regulatory compliance.

Ease of Management
Remote Domino servers can be configured and managed from a central administration server, reducing the time and effort normally required to manage remote servers. The log database is presented as a consolidated view of all events occurring across multiple servers. In addition to the traditional Notes interface, StandGuard Anti-Virus also provides a browser-based interface for viewing and managing all activities across multiple remote servers.

The Domino support is an optional add-on feature of the base StandGuard Anti-Virus solution for IBM i (i5/OS), Bytware’s native anti-virus solution designed to scan IFS directories for malicious code and perform advanced cleaning and notification procedures on IBM System i, iSeries, and AS/400 servers.

Features of the base StandGuard Anti-Virus solution for IBM i (i5/OS) include:

• The latest McAfee engine designed for IBM i.
• Scanning within compressed, packed, and OLE files.
• Decompression and scanning of files compressed in packages such as PKZIP, .LHA, .ARJ, .CHM, etc.
• Detection and cleaning of macro and script viruses/malicious code.
• Detection and cleaning of encrypted and polymorphic viruses/malicious code.
• Advanced heuristic analysis to detect new, unknown, and generic viruses/malicious code.
• Detection and removal of Trojans, worms, and many other types of malware.
• Object Integrity Scanning to detect potentially dangerous changes to OS Objects.
• Green screen and Navigator plug-ins.
• Automatic downloading of daily virus definitions directly from McAfee’s servers or the local network.
• Automatic downloading of software updates and fixes directly from Bytware’s servers or the local network.
• Built-in scheduling features for scanning and updating.
• Extensive logging capabilities.

StandGuard Anti-Virus 6.0 is part of Bytware’s StandGuard Security Suite, which includes StandGuard Anti-Virus for IBM i, i5/OS, OS/400, AIX, Linux, and Lotus Domino, along with StandGuard Network Security and StandGuard Recycle Bin. StandGuard Anti-Virus 6.0 is the latest release of its award-winning virus detection and cleaning solution powered by McAfee. Designed for the new IBM i 6.1 operating system.

For more information about StandGuard Anti-Virus 6.0, the add-on Domino support, or StandGuard Anti-Virus protection for other operating systems including IBM i, i5/OS, OS/400, AIX and Linux, please contact Bytware, Inc. at 775-851-2900 or visit www.bytware.com/products/av/ A free fully functional trial is available.

Linux, like all platforms, is susceptible to hosting and spreading viruses and malicious code; and today’s security requirements demand protection on all operating systems within a network. With this new solution, Bytware gives iSeries users who are taking advantage of the box’s ability to run multiple operating systems in multiple partitions a key tool needed to ensure that their iSeries and network stay free of malicious code.

Support for scanning and cleaning Linux and AIX partitions is now an added functionality of the StandGuard Anti-Virus for iSeries product and provides users with the convenience of a single set of virus definition files and a centralized control center for all OS/400, i5/OS, Linux, and AIX installs on a single eServer box. StandGuard Anti-Virus will automatically mount and unmount guest operating systems for unattended, scheduled scans eliminating the need to install copies on each individual partition. With this added functionality, StandGuard Anti-Virus users enjoy the most streamlined virus protection system available for managing all aspects of their iSeries system using the safety and integrity of OS/400 and i5/OS.

By using OS/400 or i5/OS to manage and initiate scanning and cleaning of Linux and AIX partitions, users can reduce the risk of Linux and UNIX viruses from migrating to OS/400 partitions while leveraging McAfee’s industry-leading scanning engine to provide the same level of protection across all operating systems on the iSeries.

Support for scanning and cleaning Linux and AIX partitions is licensed on a usage count basis to allow users the flexibility to scan the operating systems and number of installs that best fits their system configuration. For details on licensing options, please contact Bytware Sales at 775.851.2900 x2. For more information on StandGuard Anti-Virus and support for Linux and AIX scanning, please visit http://www.bytware.com/products/sgav.html.

StandGuard Anti-Virus for Linux brings the industry-leading power of McAfee’s scanning engine and the ease-of-use of the award-winning StandGuard Anti-Virus to Linux running on x86-based PCs. StandGuard Anti-Virus for Linux (x86-based PCs) allows users to detect and clean the full 150,000+ threats identified by McAfee’s AVERT, a huge improvement over the 40,000 viruses that some Linux solutions promise to detect. Bytware and McAfee’s AVERT support users’ needs 24/7/365.

Free trials of StandGuard Anti-Virus for Linux (x86-based PCs) are available and may be requested through Bytware’s website at http://www.bytware.com/products/av/trial.html

The second phase of the StandGuard Anti-Virus for Linux product release, coming soon, will bring this same powerful protection to those running Linux on the iSeries.

For more information on StandGuard Anti-Virus for Linux (x86-based PCs), please visit the main product page at http://www.bytware.com/products/av/

Available October 2005, StandGuard Anti-Virus for Linux is the second anti-virus member of Bytware’s growing StandGuard Security Suite that already includes intrusion prevention, access controls and authorities, user monitoring, vulnerability and threat mitigation, iSeries anti-virus, monitoring and notification, auditing, and recovery.

StandGuard Anti-Virus for Linux is designed to scan directories for viruses and other malicious code, and to perform advanced containment, cleaning, and notification procedures. Again building on the strengths of the world-renowned and most respected anti-virus organization McAfee, Inc., StandGuard Anti-Virus for Linux incorporates the latest McAfee scanning engine, making this a mature product backed by battle-tested technology, advanced heuristic analysis, and generic detection & cleaning.

Scanning engine features include:

• Scans within compressed files
• Decompresses and scans files compressed in packages such as PKZip, .LHA, and .ARJ
• Detects and cleans macro and script viruses
• Detects and cleans encrypted and polymorphic viruses
• Detects and cleans new viruses in executable files and OLE compound documents
• Detects and removes “Trojan horses,” worms, and many other types of malicious software (malware)
• Upgrades easily to new anti-virus technology

Additionally, StandGuard Anti-Virus for Linux includes:

• Automatic download of virus definitions (.DAT files)
• Automatic download of software updates and fixes
• Built-in scheduling features for scanning and updating
• Network-enablement
• Extensive logging capabilities

StandGuard Anti-Virus for Linux will support Linux on a stand-alone server. An added benefit to our iSeries customers is that StandGuard Anti-Virus for Linux uses the similar graphical interface that is used for StandGuard Anti-Virus for iSeries.

StandGuard Anti-Virus for Linux meets the recommended guidelines set in regulations like SOX and FISMA (Federal Information Security Act of 2002) to protect data. Guidelines set forth for anti-virus prevention strongly recommend that organizations deploy anti-virus software on all systems for which satisfactory solutions are available. Bytware is joining the many government and non-government agencies who are working together to educate organizations of the importance of deploying anti-virus software on all systems within their IT infrastructure and organization. This is the key to detecting, containing, and eradicating threats. Identifying host servers infected by malware is vital to containing malware incidents.

StandGuard Anti-Virus for Linux is part of the StandGuard Security Suite offered by Bytware, Inc., which includes StandGuard Anti-Virus for iSeries, StandGuard Security, and StandGuard Recycle Bin. Bytware’s understanding of today’s malicious threats as well as our unique understanding of today’s security and vulnerability landscape is proof positive that Bytware, Inc. is a serious provider of real security solutions and knowledge necessary for protecting you when the next exploit hits.

StandGuard Anti-Virus for Linux will be available mid-October 2005. Special release pricing will be offered to current StandGuard customers and organizations interested in replacing competitive solutions. Details and price quotes available upon request. For more information please call 775.851.2900.

Building upon object integrity and digital signature APIs that IBM has included in OS/400 since V5R1, OIS provides an easy way to identify patched programs and modifications to the operating system, allowing managers to decide what action — if any — they should take. In addition to being key to a healthy iSeries, awareness of modifications to the system is an important aspect of compliance with new regulations such as Sarbanes-Oxley.

Version 5.31 also incorporates various enhancements that have been made to StandGuard Anti-Virus since the release of version 5.30 in June of 2004.

StandGuard Anti-Virus is the award-winning native virus scanner for OS/400 and i5/OS. Designed specifically for the iSeries and powered by McAfee’s industry leading scanning engine, StandGuard Anti-Virus provides the power to ensure total coverage of computer networks to protect against viruses, Trojans, and malicious code and programs, even finding viruses that PC-based solutions simply cannot.

For more information on StandGuard Anti-Virus and OIS, visit
http://www.bytware.com/products/av/ or contact Bytware Sales at 775.851.2900.

As a recent IT Jungle article by Alex Woodie points out, “running patched programs presents risks. The potential negative effects of running patched programs range from being merely a nuisance to posing a real security problem.” In some cases patched programs can even create security exposures.

Building upon object integrity and digital signature APIs that IBM has included in OS/400 since V5R1, OIS provides an easy way to identify patched programs and modifications to the operating system, allowing managers to decide what action — if any — they should take. In addition to being key to a healthy iSeries, awareness of modifications to the system is an important aspect of compliance with new regulations such as Sarbanes-Oxley.

OIS will become available on December 1, 2004, and will initially be available only on V5R3. Versions for V5R2 and V5R1 will be released at a later date. OIS is an added feature to StandGuard Anti-Virus. There is no additional charge for the tool. Current users of StandGuard Anti-Virus V5R3M0 will receive the tool through the program’s automatic update feature, and shipments of StandGuard Anti-Virus V5R3M0 after December 1 will include the tool.

StandGuard Anti-Virus is the award-winning native virus scanner for OS/400 and i5/OS. Designed specifically for the iSeries and powered by McAfee’s industry leading scanning engine, StandGuard Anti-Virus provides the power to ensure total coverage of computer networks to protect against viruses, Trojans, and malicious code and programs.

For more information on StandGuard Anti-Virus and OIS, visit http://www.bytware.com/products/av/ or contact Bytware Sales at 775.851.2900.

Like earlier variants of Mydoom, this new worm launches distributed denial of service (DDoS) attacks, this time against Microsoft and the Recording Industry Association of America (RIAA). In addition, Mydoom.F searches for and deletes files on local and mapped drives. Primarily the worm targets images files and Microsoft Word and Excel documents and searches for extensions .bmp, .avi, .jpg, .sav, .xls, .doc, and .mdb. The worm runs in a loop and deletes additional files on each pass.

Mapped drives need not be physically located on the infected system in order to be affected by Mydoom.F. Drives located on other platforms that can house Windows files can be equally affected.

Bytware, Inc., the Reno, Nevada-based developer of StandGuard Anti-Virus for the IBM eServer iSeries, has been contacted by several iSeries shops that have suffered data loss caused by Mydoom.F infection of networked PCs. The iSeries is generally viewed as invulnerable to viruses. A common practice of scanning the iSeries with a Windows PC through a mapped drive can open a door for worms and viruses to the iSeries.

In addition to file deletion and DDoS attacks, the Mydoom.F worm opens TCP port 1080, and additional ports in the range of 3000 to 5000, in an attempt to allow the author access to infected machines.

Mydoom.F arrives as an e-mail attachment of a variety of files types, including .zip. Upon identifying shared or mapped drives, the worm makes copies of itself as .zip archives or .exe files in different directories using random file names. It also propagates by harvesting e-mail addresses from infected systems and mass mailing itself using its own SMTP engine.

Most AV vendors have added definitions for Mydoom.F and experts urge users to update their anti-virus software and to protect all systems, including non-Windows platforms that may act as file servers and are attached to Windows PCs via mapped drives.

For more information about Mydoom.F, visit the Network Associates Virus Information Library at http://vil.nai.com/vil/content/v_101038.htm

For more information about iSeries anti-virus protection, visit the main StandGuard Anti-Virus page.

StandGuard Anti-Virus, the award-winning anti-virus solution that runs natively on OS/400, has been detecting and removing copies of Mydoom found on the iSeries, according to Bytware customers. StandGuard Anti-Virus is powered by the McAfee scanning engine from Network Associates, rated the top scanning engine by the University of Hamburg Virus Test Center for three consecutive years.

Mydoom can enter the iSeries either through mail that passes through OS/400 or by copying itself to the iSeries from a client PC without the user’s knowledge. Only active scanning of the iSeries can detect the worm once it finds its way onto the system. Leaving the worm undetected can spread the infection to client PCs on your network as well as to other companies and networks with which you exchange information.

Experts say that the best way to fight Mydoom is through the use of standard anti-virus solutions. “Companies that are following recommended practices relating to secure e-mail use should be largely protected against the Mydoom virus and its variants,” explain experts in a new article on Computerworld’s Security website. These practices include vigilantly maintaining up-to-date virus definitions. iSeries security experts, including Carol Woodbury and Patrick Botz, recommend that administrators apply the same virus prevention procedures to their iSeries systems that they apply to their other platforms as a general security best practice.

More about Mydoom

The Mydoom worm has been labeled the most prolific worm ever by some security experts according to an article at SearchSecurity.com. It has shattered the records set in 2003 by the Sobig.F virus, and a new CNN article cites infection rates as high as one in three e-mails. Sobig.F peaked at an infection rate of 1 in 17 e-mails. British security firm MessageLabs reports that they have caught 1.8 million copies of Mydoom in more than 168 countries as of Wednesday, January 28. StandGuard Anti-Virus users are also reporting infections appearing on the iSeries.

The worm is particularly difficult to manage as it utilizes new techniques called “social engineering.” Using these techniques, virus writers attach their work to mail that appears to be a machine-generated error message. The idea is that users trust messages that they believe were generated by a computer as they are accustomed to receiving such messages from administrators and mail servers, especially in corporate settings.

Mydoom arrives as an attachment that can carry one of a number of different file extensions, some of which are routinely allowed by companies including the ZIP format. Many report an attachment that appears to be a text document, but has 60 spaces between the .txt and .exe extensions, preventing users from seeing the true file type. Many users view text documents as innocuous. Security experts say that these techniques are convincing many users who are normally very cautious to open and execute the worm. Mydoom also attempts to spread through file sharing services such as Kazaa if the software is found on an infected system.

The purpose of Mydoom appears to be multifaceted. Both variants target SCO, the Utah-based software company embroiled in a legal battle with IBM over Linux, for a denial of service attack (DOS) on Sunday, February 1, and install a key logger that captures any text entered into the computer, including credit card numbers and passwords. The worms also open ports on the infected system, including ports 80, 1080, 3127, 3128, 8080, and 10080, and can allow the attacker to gain complete control of the computer. The Mydoom.B variant also targets Microsoft for a DOS attack on Tuesday, February 3, and modifies systems to prevent them from utilizing anti-virus software or accessing security websites.

Mydoom is also know as Novarg, Shimgapi, and Mimail.R.

Learn more in the Midrange Server, Four Hundred Stuff article by Alex Woodie.

• Scans iSeries SMTP e-mail at the server
• Scans inside archive files such as .ZIP, .JAR, etc.
• Detects header exploits and malformed MIME
• Redirects infected or suspicious e-mail to an Administrator

Scans SMTP e-mail at the server
StandGuard Anti-Virus scans e-mail messages passing through the iSeries OS/400 Mail Server Framework, looking for known viruses as well as code that could be malicious. This means it can protect against known viruses, but most importantly, potentially against unknown viruses and/or malicious code. This is crucial as an unknown virus could be a one-off piece of code, developed specifically to break into your network.

Scans compressed and encoded messages
StandGuard Anti-Virus scans deep inside attachments to detect viruses buried in multiple levels of encoding and compression. StandGuard Anti-Virus decodes BINHEX, UUENCODE and XXENCODE, MIME (BASE64 and quoted-printable), TNEF, and IMC attachments. Files compressed with PKZIP, ZIP2EXE, ARJ, ARJ2EXE, JAR, LHA, LHA2EXE, TAR, GZIP, UNIX PACK, and MS compression methods are also effectively scanned. StandGuard Anti-Virus even scans files with multiple compression levels; for example, a ZIP file that has also been compressed with LZEXE and ARJ, then zipped again, and so on.

Detects header exploits and malformed MIME
MIME headers specify things such as the subject line, date, or filename. By specifying a well-crafted string, a skilled hacker could execute arbitrary code on the target machines. Such vulnerabilities are prone to exploitation for penetrating remote networks or for delivery of viruses and worms. This vulnerability allows attached executable files to be run when a message is simply viewed. Several common viruses make use of this exploit, including W32/Badtrans@MM, W32/Nimda.gen@MM, and W32/Klez.gen@MM. StandGuard Anti-Virus detects these header exploit tactics and blocks these messages from reaching your desktop clients such as Outlook Express where the virus is able to execute.

Redirects infected or suspicious e-mail to an Administrator
When a known virus, potentially malicious program, or an e-mail using a MIME header exploit is detected, StandGuard Anti-Virus can either redirect the mail to an administrator or simply delete the mail without forwarding. In either case, a message is logged to the AVMSGQ for real-time monitoring purposes and the AVJRN for a more permanent audit trail.

StandGuard Anti-Virus (Powered By McAfee) is a native iSeries virus detection solution designed to scan and clean viruses hiding in the OS/400 file system. StandGuard Anti-Virus incorporates the latest generation of McAfee’s scanning engine, in turn making StandGuard Anti-Virus a mature product backed by battle-tested technology, advanced heuristic analysis and generic detection, and cleaning.

Version 1.1 will be available October 1, 2003.

For more information on StandGuard Anti-Virus visit the main product page.

About McAfee Anti-Virus Security Products
McAfee anti-virus security products are a part of Network Associates McAfee Systems Protection Solutions family of products, which protect systems from security breaches, virus attacks and blended threats by providing comprehensive system and network protection. In addition to industry leading anti-virus, encryption, desktop firewall, intrusion detection, viral vulnerability assessment and online managed services, all McAfee Security products are backed by the world-leading anti-virus research organization, McAfee® AVERT(TM) (Anti-Virus and Vulnerability Emergency Response Team). McAfee AVERT is the team responsible for providing cures for major outbreaks like Mydoom, Netsky, Bagle, Blaster, Nachi and Lovsan. For more information, McAfee experts can be reached at 888-VIRUS-NO, and on the Internet at http://www.mcafeesecurity.com.

• Scans iSeries SMTP e-mail at the server
• Scans inside archive files such as .ZIP, .JAR, etc.
• Detects header exploits and malformed MIME
• Redirects infected or suspicious e-mail to an Administrator

Scans SMTP e-mail at the server

StandGuard Anti-Virus scans e-mail messages passing through the iSeries OS/400 Mail Server Framework, looking for known viruses as well as code that could be malicious. This means it can protect against known viruses, but most importantly, potentially against unknown viruses and/or malicious code. This is crucial as an unknown virus could be a one-off piece of code, developed specifically to break into your network.

Scans compressed and encoded messages

StandGuard Anti-Virus scans deep inside attachments to detect viruses buried in multiple levels of encoding and compression. StandGuard Anti-Virus decodes BINHEX, UUENCODE and XXENCODE, MIME (BASE64 and quoted-printable), TNEF, and IMC attachments. Files compressed with PKZIP, ZIP2EXE, ARJ, ARJ2EXE, JAR, LHA, LHA2EXE, TAR, GZIP, UNIX PACK, and MS compression methods are also effectively scanned. StandGuard Anti-Virus even scans files with multiple compression levels; for example, a ZIP file that has also been compressed with LZEXE and ARJ, then zipped again, and so on.

Detects header exploits and malformed MIME

MIME headers specify things such as the subject line, date, or filename. By specifying a well-crafted string, a skilled hacker could execute arbitrary code on the target machines. Such vulnerabilities are prone to exploitation for penetrating remote networks or for delivery of viruses and worms. This vulnerability allows attached executable files to be run when a message is simply viewed. Several common viruses make use of this exploit, including W32/Badtrans@MM, W32/Nimda.gen@MM, and W32/Klez.gen@MM. StandGuard Anti-Virus detects these header exploit tactics and blocks these messages from reaching your desktop clients such as Outlook Express where the virus is able to execute.

Redirects infected or suspicious e-mail to an Administrator

When a known virus, potentially malicious program, or an e-mail using a MIME header exploit is detected, StandGuard Anti-Virus can either redirect the mail to an administrator or simply delete the mail without forwarding. In either case, a message is logged to the AVMSGQ for real-time monitoring purposes and the AVJRN for a more permanent audit trail.

StandGuard Anti-Virus (Powered By McAfee) is a native iSeries virus detection solution designed to scan and clean viruses hiding in the OS/400 file system. StandGuard Anti-Virus incorporates the latest generation of McAfee’s scanning engine, in turn making StandGuard Anti-Virus a mature product backed by battle-tested technology, advanced heuristic analysis and generic detection, and cleaning.

Version 1.1 will be available October 1, 2003.

For more information on StandGuard Anti-Virus visit the main product page.