IBM i Global

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.

Robert, are you sure that it is indeed malware, as the title implies, or could it be a false positive from your AV?

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.

No I'm not sure.  I'm doubting it is.  It takes moving mountains though to get the network people to make a change though.  When I'm doing this I simply do not have that time.

I can GET from one lpar to the other but I cannot PUT.  Is it the port, or the random way that either the client or the server binds to IP addresses?  Each lpar of IBM i supports multiple IP addresses for different things.  Multiple Domino servers on a single lpar is our classic example.

It would probably be easier if IBM would just take the false positive out.

This last time I used saving it to virtual tape on our VTL and restoring it to the other lpar.  When you're talking a 4GB file that's not such a bad thing.  And with VTL there's no physical laying hands on tapes.  Which is kind of nice since it's a couple hour drive to the DC.

Robert, are you sure that it is indeed malware, as the title implies, or could it be a false positive from your AV?

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.

------------------------------
Robert Berendt IBMChampion
------------------------------

This is the condition technically known as "Your firewall configuration is poo." Contact Mordac, the Preventer of Information Services, in your IT dep't. to fix it.

------------------------------
Jack Woehr
IBM Champion 2021 - 2024
IBM Qiskit Advocate

Original Message:
Sent: Wed March 13, 2024 12:05 PM
From: Robert Berendt
Subject: PTFs containing embedded malware

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.

------------------------------
Robert Berendt IBMChampion
------------------------------

That is the most descriptive term I can use for him on a PG forum.

Another thing:  He cannot begin to grasp the firewall setup to allow me to use ftps from an lpar of vios to IBM.  Despite my sending him multiple links on why ftps can be difficult to set up on a firewall.  So I have to download vios upgrades to a PC and run through some gyrations.  Really painstaking process to thoroughly document for doing those patches you have to burn directly to FC cards, disk drives, etc.  You know, all that crap we take for granted with IBM i's PTFs which doesn't apply when it comes to VIOS.  My documentation is required to be thorough enough so that someone else can do it in my absence, and by the 3rd Power system, often is.  As my sergeant said "We're all expendable.".

This is the condition technically known as "Your firewall configuration is poo." Contact Mordac, the Preventer of Information Services, in your IT dep't. to fix it.

------------------------------
Jack Woehr
IBM Champion 2021 - 2024
IBM Qiskit Advocate

Original Message:
Sent: Wed March 13, 2024 12:05 PM
From: Robert Berendt
Subject: PTFs containing embedded malware

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.

------------------------------
Robert Berendt IBMChampion
------------------------------

A quick & easy fix I used some time ago: zip your bin/iso files before transfer.

As they are big files they need resources to decompress, so you may be lucky enough to have AV ignore them ;)

Unzipping the files is made easy with the help of ACS's IFS browser.

That is the most descriptive term I can use for him on a PG forum.

Another thing:  He cannot begin to grasp the firewall setup to allow me to use ftps from an lpar of vios to IBM.  Despite my sending him multiple links on why ftps can be difficult to set up on a firewall.  So I have to download vios upgrades to a PC and run through some gyrations.  Really painstaking process to thoroughly document for doing those patches you have to burn directly to FC cards, disk drives, etc.  You know, all that crap we take for granted with IBM i's PTFs which doesn't apply when it comes to VIOS.  My documentation is required to be thorough enough so that someone else can do it in my absence, and by the 3rd Power system, often is.  As my sergeant said "We're all expendable.".

This is the condition technically known as "Your firewall configuration is poo." Contact Mordac, the Preventer of Information Services, in your IT dep't. to fix it.

------------------------------
Jack Woehr
IBM Champion 2021 - 2024
IBM Qiskit Advocate

Original Message:
Sent: Wed March 13, 2024 12:05 PM
From: Robert Berendt
Subject: PTFs containing embedded malware

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.

------------------------------
Robert Berendt IBMChampion
------------------------------

Dear Robert,

When you say "I can GET from one lpar to another but I can't PUT...", you should know that I've stopped using ftp/sftp since I started having security problems with clients.

Since then, I only use QFileSvr.400 for all my transfers of .udf/.iso DVDs between IBM i (via the internal vlan if they are on the same server).

I hope this helps. 

A quick & easy fix I used some time ago: zip your bin/iso files before transfer.

As they are big files they need resources to decompress, so you may be lucky enough to have AV ignore them ;)

Unzipping the files is made easy with the help of ACS's IFS browser.

That is the most descriptive term I can use for him on a PG forum.

Another thing:  He cannot begin to grasp the firewall setup to allow me to use ftps from an lpar of vios to IBM.  Despite my sending him multiple links on why ftps can be difficult to set up on a firewall.  So I have to download vios upgrades to a PC and run through some gyrations.  Really painstaking process to thoroughly document for doing those patches you have to burn directly to FC cards, disk drives, etc.  You know, all that crap we take for granted with IBM i's PTFs which doesn't apply when it comes to VIOS.  My documentation is required to be thorough enough so that someone else can do it in my absence, and by the 3rd Power system, often is.  As my sergeant said "We're all expendable.".

This is the condition technically known as "Your firewall configuration is poo." Contact Mordac, the Preventer of Information Services, in your IT dep't. to fix it.

------------------------------
Jack Woehr
IBM Champion 2021 - 2024
IBM Qiskit Advocate

Original Message:
Sent: Wed March 13, 2024 12:05 PM
From: Robert Berendt
Subject: PTFs containing embedded malware

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.

------------------------------
Robert Berendt IBMChampion
------------------------------

I believe there is a file system size limitation with QFileSvr.400.  Although I cannot find that limitation anywhere.

We're talking about 4GB files.

Dear Robert,

When you say "I can GET from one lpar to another but I can't PUT...", you should know that I've stopped using ftp/sftp since I started having security problems with clients.

Since then, I only use QFileSvr.400 for all my transfers of .udf/.iso DVDs between IBM i (via the internal vlan if they are on the same server).

I hope this helps. 

A quick & easy fix I used some time ago: zip your bin/iso files before transfer.

As they are big files they need resources to decompress, so you may be lucky enough to have AV ignore them ;)

Unzipping the files is made easy with the help of ACS's IFS browser.

That is the most descriptive term I can use for him on a PG forum.

Another thing:  He cannot begin to grasp the firewall setup to allow me to use ftps from an lpar of vios to IBM.  Despite my sending him multiple links on why ftps can be difficult to set up on a firewall.  So I have to download vios upgrades to a PC and run through some gyrations.  Really painstaking process to thoroughly document for doing those patches you have to burn directly to FC cards, disk drives, etc.  You know, all that crap we take for granted with IBM i's PTFs which doesn't apply when it comes to VIOS.  My documentation is required to be thorough enough so that someone else can do it in my absence, and by the 3rd Power system, often is.  As my sergeant said "We're all expendable.".

This is the condition technically known as "Your firewall configuration is poo." Contact Mordac, the Preventer of Information Services, in your IT dep't. to fix it.

------------------------------
Jack Woehr
IBM Champion 2021 - 2024
IBM Qiskit Advocate

Original Message:
Sent: Wed March 13, 2024 12:05 PM
From: Robert Berendt
Subject: PTFs containing embedded malware

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.

------------------------------
Robert Berendt IBMChampion
------------------------------

Dear Robert,

When you say "I can GET from one lpar to another but I can't PUT...", you should know that I've stopped using ftp/sftp since I started having security problems with clients.

Since then, I only use QFileSvr.400 for all my transfers of .udf/.iso DVDs between IBM i (via the internal vlan if they are on the same server).

I hope this helps. 

A quick & easy fix I used some time ago: zip your bin/iso files before transfer.

As they are big files they need resources to decompress, so you may be lucky enough to have AV ignore them ;)

Unzipping the files is made easy with the help of ACS's IFS browser.

That is the most descriptive term I can use for him on a PG forum.

Another thing:  He cannot begin to grasp the firewall setup to allow me to use ftps from an lpar of vios to IBM.  Despite my sending him multiple links on why ftps can be difficult to set up on a firewall.  So I have to download vios upgrades to a PC and run through some gyrations.  Really painstaking process to thoroughly document for doing those patches you have to burn directly to FC cards, disk drives, etc.  You know, all that crap we take for granted with IBM i's PTFs which doesn't apply when it comes to VIOS.  My documentation is required to be thorough enough so that someone else can do it in my absence, and by the 3rd Power system, often is.  As my sergeant said "We're all expendable.".

This is the condition technically known as "Your firewall configuration is poo." Contact Mordac, the Preventer of Information Services, in your IT dep't. to fix it.

------------------------------
Jack Woehr
IBM Champion 2021 - 2024
IBM Qiskit Advocate

Original Message:
Sent: Wed March 13, 2024 12:05 PM
From: Robert Berendt
Subject: PTFs containing embedded malware

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.

------------------------------
Robert Berendt IBMChampion
------------------------------

@Nicolas FRAYSSE QFileSvr.400 seems to work, both directions.

Size of object data in bytes . . . . . :   3893442560
Allocated size of object . . . . . . . :   3909091328

The CUME750_4.bin byte count is: 3893442560.

Dear Robert,

When you say "I can GET from one lpar to another but I can't PUT...", you should know that I've stopped using ftp/sftp since I started having security problems with clients.

Since then, I only use QFileSvr.400 for all my transfers of .udf/.iso DVDs between IBM i (via the internal vlan if they are on the same server).

I hope this helps. 

A quick & easy fix I used some time ago: zip your bin/iso files before transfer.

As they are big files they need resources to decompress, so you may be lucky enough to have AV ignore them ;)

Unzipping the files is made easy with the help of ACS's IFS browser.

That is the most descriptive term I can use for him on a PG forum.

Another thing:  He cannot begin to grasp the firewall setup to allow me to use ftps from an lpar of vios to IBM.  Despite my sending him multiple links on why ftps can be difficult to set up on a firewall.  So I have to download vios upgrades to a PC and run through some gyrations.  Really painstaking process to thoroughly document for doing those patches you have to burn directly to FC cards, disk drives, etc.  You know, all that crap we take for granted with IBM i's PTFs which doesn't apply when it comes to VIOS.  My documentation is required to be thorough enough so that someone else can do it in my absence, and by the 3rd Power system, often is.  As my sergeant said "We're all expendable.".

This is the condition technically known as "Your firewall configuration is poo." Contact Mordac, the Preventer of Information Services, in your IT dep't. to fix it.

------------------------------
Jack Woehr
IBM Champion 2021 - 2024
IBM Qiskit Advocate

Original Message:
Sent: Wed March 13, 2024 12:05 PM
From: Robert Berendt
Subject: PTFs containing embedded malware

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.

------------------------------
Robert Berendt IBMChampion
------------------------------

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.

Hello Robert,

If you do not have any LPAR available allowing you to run the SNDPTFORD downloading the PTFs as savefiles, Then it seems you are stuck here.

The advantage of ordering PTFs as savefiles is that allows you to only download the delta. Apart from that, PTFs are directly on the place where they need to be. I am just lucky, because all our customers allow us to order the PTFs with the command "SNDPTFORD PTFID((*ALLGRP)) CHKPTF(*YES)". This is only needed for one system. It is called the central system having all the IBM license programs installed, also installed on the other LPARs. After having them applied Administration Runtime Expert is used to distribute them to other LPARs. 
If this sounds interesting please have look here => Manage PTFs on IBM i with Administration Runtime Expert ARE

I have been doing this in this way for the past 5 years at least, and it simply saves me time.The biggest advantage of this approach is that only the delta of the PTF savefiles are downloaded and no longer I have to deal with image catalogs. 

The only time I use an image catalog for PTFs is when doing an upgrade.

If the above is of no use for you, please feel 100 % to disagree and ignore it ;-)

Greetings Rudi

Sure would be nice to be able to order PTFs without the network stopping it due to suspected malware.

Just the latest groups and "recommended" ptf's for 7.5.  Comes down in several .bin files.  That 4th file gets really pounded when we try to distribute it to our dmz lpar.