PowerSC

Hi all experts

I refer to PowerSC Standard Edition:

It says: From the Security page, you can upload blocklist files that include a list of user-provided virus hash values.

1. May I ask where can we download blocklist files that include a list of user-provided virus hash values? Any recommended site?
2. Are the hashes the same as virus definition files

ClamAV is bundled in PowerSC 2.2. May I ask ClamAV as an open-sourced, is it supported by IBM PowerSC?

Look forward to your invaluable advice.

Hi Shawn,

  The blocklist feature of PSC is independent of the traditional malware-scanning provided via ClamAV.  Block-listing was driven by RFEs from organizations that had to meet requirements from governmental or industry-specific standards bodies that provide an urgent list of virus hashes and require the orgs to scan for those hashes on all applicable systems within a short time period.  The hashes (usually only a few) are provided in text files as MD5, SHA-1, or SHA-256.  These are not the same structure (or use case) as the ClamAV virus definition files; although it is assumed that these "hot off the presses" virus hashes ultimately end up in traditional virus scan databases.  At this point we don't have a recommended 'site' from which to download fresh blocklist hashes, although there are sites like malshare.com, virustotal.com, and even github projects where they can be found (caveat emptor).

  The ClamAV package is opensource and community supported.  However, any problems customers may have with the PowerSC integration and usage of ClamAV can be reported as PowerSC tickets.  The team will determine if it's an integration or package problem and will help open and track opensource community tickets as appropriate.

Tim Hill

Hi all experts

I refer to PowerSC Standard Edition:

It says: From the Security page, you can upload blocklist files that include a list of user-provided virus hash values.

1. May I ask where can we download blocklist files that include a list of user-provided virus hash values? Any recommended site?
2. Are the hashes the same as virus definition files

ClamAV is bundled in PowerSC 2.2. May I ask ClamAV as an open-sourced, is it supported by IBM PowerSC?

Look forward to your invaluable advice.

Thanks Tim for the reply. It seems that these Hash Files are given out randomly as and when it's required by some organization. So it seems that the blocklisting doesn't serve its function at all if customer don't receive these Hash Files. Am I right to think this way?

Hi Shawn,

  The blocklist feature of PSC is independent of the traditional malware-scanning provided via ClamAV.  Block-listing was driven by RFEs from organizations that had to meet requirements from governmental or industry-specific standards bodies that provide an urgent list of virus hashes and require the orgs to scan for those hashes on all applicable systems within a short time period.  The hashes (usually only a few) are provided in text files as MD5, SHA-1, or SHA-256.  These are not the same structure (or use case) as the ClamAV virus definition files; although it is assumed that these "hot off the presses" virus hashes ultimately end up in traditional virus scan databases.  At this point we don't have a recommended 'site' from which to download fresh blocklist hashes, although there are sites like malshare.com, virustotal.com, and even github projects where they can be found (caveat emptor).

  The ClamAV package is opensource and community supported.  However, any problems customers may have with the PowerSC integration and usage of ClamAV can be reported as PowerSC tickets.  The team will determine if it's an integration or package problem and will help open and track opensource community tickets as appropriate.

Tim Hill

Hi all experts

I refer to PowerSC Standard Edition:

It says: From the Security page, you can upload blocklist files that include a list of user-provided virus hash values.

1. May I ask where can we download blocklist files that include a list of user-provided virus hash values? Any recommended site?
2. Are the hashes the same as virus definition files

ClamAV is bundled in PowerSC 2.2. May I ask ClamAV as an open-sourced, is it supported by IBM PowerSC?

Look forward to your invaluable advice.

Hi - I agree with your basic point - the intended function of blocklisting is to facilitate quick checking across all LPARs for some hashes of interest (although definitely not random).  There is an existing RFE for PSC to provide a default download link from which to regularly pull "hot virus hashes" for use with blocklisting, but it is intended for use as a threat hunting tool rather than just another variation of ClamAV-like virus-database type scanning.

Thanks Tim for the reply. It seems that these Hash Files are given out randomly as and when it's required by some organization. So it seems that the blocklisting doesn't serve its function at all if customer don't receive these Hash Files. Am I right to think this way?

Hi Shawn,

  The blocklist feature of PSC is independent of the traditional malware-scanning provided via ClamAV.  Block-listing was driven by RFEs from organizations that had to meet requirements from governmental or industry-specific standards bodies that provide an urgent list of virus hashes and require the orgs to scan for those hashes on all applicable systems within a short time period.  The hashes (usually only a few) are provided in text files as MD5, SHA-1, or SHA-256.  These are not the same structure (or use case) as the ClamAV virus definition files; although it is assumed that these "hot off the presses" virus hashes ultimately end up in traditional virus scan databases.  At this point we don't have a recommended 'site' from which to download fresh blocklist hashes, although there are sites like malshare.com, virustotal.com, and even github projects where they can be found (caveat emptor).

  The ClamAV package is opensource and community supported.  However, any problems customers may have with the PowerSC integration and usage of ClamAV can be reported as PowerSC tickets.  The team will determine if it's an integration or package problem and will help open and track opensource community tickets as appropriate.

Tim Hill

Hi all experts

I refer to PowerSC Standard Edition:

It says: From the Security page, you can upload blocklist files that include a list of user-provided virus hash values.

1. May I ask where can we download blocklist files that include a list of user-provided virus hash values? Any recommended site?
2. Are the hashes the same as virus definition files

ClamAV is bundled in PowerSC 2.2. May I ask ClamAV as an open-sourced, is it supported by IBM PowerSC?

Look forward to your invaluable advice.