iSecurity Antivirus Release News
Performance enhancements by using asynchronous processing
A great performance improvement is achieved as Anti-Ransomware can now split its work into two parts. The bulk of its work can now take place asynchronously, outside of the exit programs. Other processing, and the user, no longer have to wait for these operations to complete.
Previously, Anti-Ransomware had worked entirely within exit programs, identifying attacks there. SInce the operating system waited until each exit point returned its decisions, users also had to wait until each individual action was inspected.
The product enables the user to decide which way to work.
Support of Multithread activity on the File Server
iSecurity Anti-Ransomware now supports multithreaded jobs on the File Server. Non-threaded jobs (multiple jobs named QZLSFILE) use separate jobs for each of a user’s shares. In multithreaded environments, a single job (named QZLSFILET) can share activities for multiple users. By sharing the activities, users can experience the benefits of multithreading.
The product enables the user to decide whether or not to use multithreading.
Batch scanning improvements
Batch Scan versus *NO/*CHGONLY SCANAV ONLYNEW(*YES) will not scan files with attr “Object scanning” = *NO and will not change the attribute in case of already *NO
- Antivirus now is enabled to work in multithread environments.
- Antivirus can now create a group of objects that are scanned together with option *GROUP.
- Performance improvements.
- Email alert for virus was improved.
- Item 31 on the main menu, “Work with Quarantined Object,” displays a “Display infected objects” screen, containing information on all issues detected, whether in Real-Time or via SCANAV, including the full path for the file. If multiple issues are detected for a file, a line appears for each instance.
- The SCANAV command now can send emails for each detected virus, in addition to the overall summary. You can configure this from the Alter option (STRAV > 81 > 8).
- Antivirus signature files and Anti-Ransomware extension files are now downloaded securely via HTTPS.
- We improved the Refresh AV database through *INTERNET.
- Fixed: Problems when using PROXY to download the Antivirus pattern and the AV database.
- The port for Refresh by *RAZLEE, set by UPDAVDFN (STRAV > 41 > 21), has changed. You must update your local firewall to allow use of IP 220.127.116.11. The old IP address, 18.104.22.168, will be available for a limited time but will then be discontinued.
- The AV search engine has been upgraded to ClamAV version 104.2, the same version that IBM is providing with AIX.
- The RTVATPSTS command (Retrieve ATP (AV AR) Status) has been improved. It can now receive AV FYI status.
- SCANAV OBJ(‘/tmp’) SUBTREE(*YES) ONLYNEW(*NO) will move infected file with ‘Object scanning’ = *chgonly to quarantine.
- Japan: QSYSOPR message CPFA0A9 about failing to find:
/SMZVDTA/R.. ( Japanese letters instead of recycle), when deleting file
- Daily cleaning, AV#MNT: Add cleaning directories. Use to clean only *STMF
- Exclude definition: use only # as prefix to comment a line; during upgrade, chage CCSID to 1208
- On the “Update Virus Definitions (UPDAVDFN)” screen (STRAV 21 > 41): If you select either the *RAZLEE or *INTERNET options but an update fails, the update immediately tries again with the other option. This does not affect the remaining options.
- ClamAV engine upgraded to improve real-time detection.
If the ICAP server is not available at startup, or if the ICAP server becomes unavailable while the real-time scan is running, an email is sent to the administrator.
- Option 11, Work with Operators, has been moved from the Maintenance Menu (STRAV 82) to the Base Support Menu (STRAV 89).
- Stabilization for number of (active) parallel jobs in Anti-Virus subsystem
- Exclude directories fixes
- Local scan bug fixes
- ICAP load and start performance improvements
- ICAP bug fixes
ICAP Client for Anti-Virus is now part of the iSecurity Advanced Threat Protection (ATP) suite. The suite has been restructured to include:
- Simplified menus and command access:·
- STRATP Menu of Anti-Virus, Anti-Ransomware, Object Integrity Validation
- STRAV Menu of Anti-Virus
- STRAR Menu of Anti-Ransomware
- STROBJITG Menu of object Integrity Validation
- Installation of *BASE (Library SMZ4) is a pre-requisite
- Fixed authority issues while trying to tag objects (real time or ‘SCANAV’) as scanned. Objects are not scanned unless they change.
- Improve object check. Objects tagged as *CHGONLY are only scanned when necessary.
- Improvement in signature download.
- Send email when virus is found.
- Verify database after refresh
- Add message before scanning file
- Improved ICAP messages
- Improved Multitasking
While entering authorization codes in Option 81, there is a verification to ensure that the code corresponds to the product.
- From each product it is possible to access the iSecurity Base options (89). It includes:
- – Email definitions
- Address Book (name can represent one or list if emails)
- Definitions of the email server
- Restrictions for where the emails can be send to (by domains or specific emails)
- Authority code related items
- Add Authorization Codes – enables entering of authorization codes for multiple products by a single command
- Display Authorization Status
- Add Daily Check of Authorization Codes – this will send a notification email once a day if any authorization code is invalid or about to expire soon.
- Display CPU/Lpar Information – tells you how to obtain the System/LPAR info
without having to install any iSecurity product.
- – Other functions have been enhanced.
- – Added ICAP capabilities
- – Email definitions
- Fix to leave virus DB from old installation.
- Send log to recipient list address book.
- Add option to Send log file as mail.
- Avoid change of system value in Real Time.
- Avoid useless change of system values.
- Avoid log wrapping.