AIX

 View Only

 Questions to compliance PCI-DSS V4 about Virus/Malware on AIX operating system.

CHARIN KUMJUDPAI's profile image
CHARIN KUMJUDPAI posted Thu February 13, 2025 06:24 AM

Dear AIX OS and Security,

Customer running many AIX servers version (7.2 and 7.3)  as enterprise infra servers.

AIX Admin team has a few questions to response to audit about the compliance PCI-DSS V4 which is related to the Virus and Malware risks in AIX are:

Q1: Now, on the market. Have any software product from any third party or IBM to available for protect Anti-virus / Malware on AIX operating?


Q2: From number 1 above, If so, please let us know ASAP with that product?. 

Q3: Please let us to known until now on Worldwide, Have AIX still not have any infect from Virus/Malware?

Regards,
CK.

#virus-malware-in-aix

#aix

Igor Novotny's profile image
Igor Novotny IBM Champion posted Fri February 14, 2025 01:26 AM

There is an antivirus solution for AIX from Raz-Lee Security (razlee.com).

CHARIN KUMJUDPAI's profile image
CHARIN KUMJUDPAI posted Fri February 14, 2025 02:35 AM

Thank you Mr.Igor Novotny,

I've navigate the url: https://razlee.com/isecurity-antivirus-for-aix/
Seems this url information help me to answered the questions (Q1+Q2).

Any comments for Q3?

Regards
CK.

Andrey Klyachkin's profile image
Andrey Klyachkin IBM Champion posted Fri February 14, 2025 04:29 AM

Two more choices:

  • https://www.fortra.com/products/virus-protection-software-linux-aix-and-ibm-i
  • https://public.dhe.ibm.com/aix/freeSoftware/aixtoolbox/RPMS/ppc-7.3/clamav/

Information from IBM: https://www.ibm.com/support/pages/aix-security-virus-and-malware-protection-options-aix

As far as I remember, there was one "virus" in 90/00s specifically targeted at AIX. There is a newer example from 2018 - https://github.com/fboldewin/FastCashMalwareDissected/blob/master/Operation%20Fast%20Cash%20-%20Hidden%20Cobra%E2%80%98s%20AIX%20PowerPC%20malware%20dissected.pdf

CHARIN KUMJUDPAI's profile image
CHARIN KUMJUDPAI posted Sun February 16, 2025 11:31 PM

Hello Mr.,

Thank you for your information.


Igor Stepanov's profile image
Igor Stepanov posted Mon February 17, 2025 03:37 AM

Q3:

AIX itself can store malware that later infects Windows computers. Files sit on the server until someone opens them, spreading the virus across the network. 

PCI DSS says organizations can justify not using antivirus software on systems that are "not commonly affected by malware" if they annually document the justification for not using anti-malware. To document, in this case, means to sign a statement 'we don't need antivirus'.

Raz-Lee Security offers Free Virus Scan at the moment: https://razlee.com/isecurity-atp-solutions/free-virus-scan-ibm-i-aix/

Phill Rowbottom's profile image
Phill Rowbottom IBM Champion posted Tue February 18, 2025 05:14 AM

There aren't really any virus' that affect AIX - make sure that you're up to date with your security patching to eliminate any vulnerabilities that could be used to gain access or elevate privileges.  

AIX can be a conduit for virus' that affect other platforms though.  If you're using AIX as a file & print server (samba) then scanning the hosted files for virus' is a VERY good idea.

Trend Micro Deep security has an AIX agent that performs virus scanning on AIX.  If your organisation is already using Trend for other platforms, then it could be a good option:

https://help.deepsecurity.trendmicro.com/20_0/on-premise/agent-compatibility.html#:~:text=Trend%20Micro%20releases%20agents%20for%20major%20Linux%20versions%2C,they%20use%20a%20kernel%20supported%20by%20the%20agent.
https://help.deepsecurity.trendmicro.com/20_0/on-premise/supported-features-by-platform.html#AIX

CHARIN KUMJUDPAI's profile image
CHARIN KUMJUDPAI posted Thu February 20, 2025 03:20 AM

Thank you all IBM to respond customer questions.
Today, I've meeting with customer and reference detail as IBM provided.

Now, I've convince customer to use the IBM Community channel to ask question (if they have another question from audit team).

Regards,

CK