Originally posted by: SystemAdmin

Has any one installed antivirus software on AIX?

There are products available from McAfee like "McAfee VirusScan command line scanner for Unix" If any one has worked with such tools, are these tools useful to run?

Any help is appreciated?

Originally posted by: SystemAdmin

> Has any one installed antivirus software on AIX?

> There are products available from McAfee like
> "McAfee VirusScan command line scanner for Unix" If
> f any one has worked with such tools, are these tools
> useful to run?

After googling the above (http://www.mcafee.com/us/enterprise/products/anti_virus/file_servers_desktops/virusscan_command_line_scanner_windows_unix.html),
I understand this software is a CLI (versus GUI) mail stream "firewall",
executed on a unix host, to filter out Microsoft malware and Windows worms,
before the mail triggers destructive activity on Microsoft and/or Windows boxes on the LAN.

<ANECDOTE>
At a prior company a few years ago,
I managed a (non-AIX) unix box that was our primary internal web server.
To support its service users, the unix box was placed in our demilitarized
with access to both the LAN and internet.

Already positioned in the demilitarized zone,
it was used as a temporary mail relay one time that the Microsoft mail relay required servicing.

While serving as temporary mail relay service,
a Microsoft virus (species forgotten) struck the company,
and penetrated the antivirus software running on Microsoft Windows elsewhere,
bringing most departments to a screeching halt.
Our department, using the unix box,
running (IIRC McAfee) antivirus software,
had Microsoft and/or Windows boxes on the LAN that continued to run,
though the flood on the outside network still slowed service to and from the outside network to a crawl.

The temporary nature of the unix box service as mail relay,
became permanent.
</ANECDOTE>

Originally posted by: mahespth

The AIX IP Security (firewall) allows you to create pattern matching filter rules based on binary patterns; this also allows you to wload a clamav virus database (www.clamav.net) of patterns. Of course this only works on network traffic;

"http://www.clamav.net"
"http://publib.boulder.ibm.com/infocenter/pseries/v5r3/topic/com.ibm.aix.security/doc/security/intrusion_prevention.htm?resultof=%22%6d%6b%66%69%6c%74%22%20"

Regards
Steve Maher

Originally posted by: SheylaSmitt

You also can use ESET antivirus. http://eset-endpoint.kiev.ua/mail-linux.html

Originally posted by: archtop

I read somewhere that Avast has adapted its programme. But I do not believe in free protection system.

I use this Defender http://soft2secure.com/knowledgebase/cry128-cry9

Originally posted by: Apollodorus

This stream of 10 years! But the topic dedicated to computer security is still relevant, especially after cyber attacks this year((( 

Originally posted by: Apollodorus

here is information about the new threat:

The crypto ransomware breed known as Crysis, or Dharma, appears to be gearing up for a rise. It has been spawning malicious descendants almost on a weekly basis since early August 2017, having been in an idle state for months on end. The latest offshoot has introduced the .arena file extension token to the digital extortion environment. After encrypting a victim's personal data, this Crysis mod appends original filenames with a variant-specific string in the following format: id-{victim ID}.[chivas@aolonline.top].arena. The variable part is a unique identifier assigned to the infected user. It consists of eight hexadecimal characters. Ultimately, the ransomware turns a file named Sample.docx into something like Sample.docx.id-CFABE140.[chivas@aolonline.top].arena.