Viruses and IBM i

Viruses stored on the IBM i present a serious risk to your network and your data. In most cases, your IBM i system can be "seen" by every computer in your network. If an infected file is executed by any of these computers, that computer becomes infected, which in turn can launch new attacks against the rest of the network and even back to the IBM i itself. These attacks can render computers and the network inoperable.

A running virus has access to all of the same resources as the user that launched the virus. Consequently, if an administrator-level user becomes infected then the virus has access to all the same resources as that user (everything). Viruses can alter, copy, delete, and run commands against IBM i files, programs and libraries. With respect to IBM i, a virus could spread to other systems and partitions through the use of network shares and the Integrated File System (IFS).

Many DOS and Unix commands will execute against an IBM i system. The DEL command, for example, can be used to delete files on a user's local C drive as well as IBM i files and libraries. Likewise, the COPY command can be used to copy files. A running virus can execute these and other dangerous system commands against a network drive mapped to the IBM i, causing serious damage. Viruses can also execute commands using FTP scripts, and access IBM i data via ODBC drivers stored on the infected computer.

There are many ways a virus can make its way to an IBM i: A mapped drive, the CD/DVD drive, an FTP script, sharing files and programs with other computers, vendors and business partners are just a few examples. The best policy is to not try and "outguess" all of the possibilities — virus writers are always improving their code to take advantage of all the latest technologies.