Search
Close this search box.

iSecurity Antivirus Release News

  • FIXED: SCANAV now properly handles long directory/file names
  • FIXED: Message handling in QHST
  • ADDED: To improve debugging, added “Information to log=6” for internal use (support).
  • ADDED: Sending alerts if the SCANAV fails
  • IMPROVED: Upgraded CLAMAV virus engine to latest version (1.3.1)
  • ADDED: Auto-activation option on IPL.
  • ADDED: SIEM entry 6V, containing entries for Antivirus and Anti-Ransomware.
  • IMPROVED: Import/Export of Antivirus definitions.
  • FIXED: Error CPE3025 in SCANSTMF command.
  • FIXED: The DSPSCNA command runs on very large IFS partitions without causing error messages.
  • ADDED: Auto-Activation of Antivirus at IPL.
  • IMPROVED: Export/import function when no virus database exists.
  • REQUIRED: As of Version 8, new license files are required.
  • ADDED: You can set the length of time to retain logs and CHKISA files in STRAV > 81 > 9.
  • IMPROVED: For better performance, when a system running multiple scanners tries to use a scanner that is already occupied, it proceeds immediately to the next scanner.
  • FIXED: Empty files now are not scanned.
  • Added: Option to refresh the AV database from * Batch Scan versus *NO/*CHGONLY
  • Added: SCANAV ONLYNEW(*YES) will not scan files for which the attribute “Object scanning” = *NO.
  • Improved: Fewer job logs created.
  • Changed: The “@” character in PGM names is now “8”
Performance enhancements by using asynchronous processing

A great performance improvement is achieved as Anti-Ransomware can now split its work into two parts. The bulk of its work can now take place asynchronously, outside of the exit programs. Other processing, and the user, no longer have to wait for these operations to complete.

Previously, Anti-Ransomware had worked entirely within exit programs, identifying attacks there. SInce the operating system waited until each exit point returned its decisions, users also had to wait until each individual action was inspected.

The product enables the user to decide which way to work.

Support of Multithread activity on the File Server

iSecurity Anti-Ransomware now supports multithreaded jobs on the File Server. Non-threaded jobs (multiple jobs named QZLSFILE) use separate jobs for each of a user’s shares. In multithreaded environments, a single job (named QZLSFILET) can share activities for multiple users. By sharing the activities, users can experience the benefits of multithreading.

The product enables the user to decide whether or not to use multithreading.

Batch scanning improvements

Batch Scan versus *NO/*CHGONLY SCANAV ONLYNEW(*YES) will not scan files with attr “Object scanning” = *NO and will not change the attribute in case of already *NO

  • Antivirus now is enabled to work in multithread environments.
  • Antivirus can now create a group of objects that are scanned together with option *GROUP.
  • Performance improvements.
  • Email alert for virus was improved.
  • Item 31 on the main menu, “Work with Quarantined Object,” displays a “Display infected objects” screen, containing information on all issues detected, whether in Real-Time or via SCANAV, including the full path for the file. If multiple issues are detected for a file, a line appears for each instance.
  • The SCANAV command now can send emails for each detected virus, in addition to the overall summary. You can configure this from the Alter option (STRAV > 81 > 8).
  • Antivirus signature files and Anti-Ransomware extension files are now downloaded securely via HTTPS.
  • We improved the Refresh AV database through *INTERNET.
  • Fixed: Problems when using PROXY to download the Antivirus pattern and the AV database.
  • The port for Refresh by *RAZLEE, set by UPDAVDFN (STRAV > 41 > 21), has changed. You must update your local firewall to allow use of IP 212.227.30.66. The old IP address, 82.165.203.224, will be available for a limited time but will then be discontinued.
  • The AV search engine has been upgraded to ClamAV version 104.2, the same version that IBM is providing with AIX.
  • The RTVATPSTS command (Retrieve ATP (AV AR) Status) has been improved. It can now receive AV FYI status.
  • SCANAV OBJ(‘/tmp’) SUBTREE(*YES) ONLYNEW(*NO) will move infected file with ‘Object scanning’ = *chgonly to quarantine.
  • Japan: QSYSOPR message CPFA0A9 about failing to find:
    /SMZVDTA/R.. ( Japanese letters instead of recycle), when deleting file
  • Daily cleaning, AV#MNT:  Add cleaning directories. Use to clean only *STMF
  • Exclude definition: use only # as prefix to comment a line; during upgrade, chage CCSID to 1208
  • On the “Update Virus Definitions (UPDAVDFN)” screen (STRAV 21 > 41): If you select either the *RAZLEE or *INTERNET options but an update fails, the update immediately tries again with the other option. This does not affect the remaining options.
  • ClamAV engine upgraded to improve real-time detection.
  • If the ICAP server is not available at startup, or if the ICAP server becomes unavailable while the real-time scan is running, an email is sent to the administrator.

  • Option 11, Work with Operators, has been moved from the Maintenance Menu (STRAV 82) to the Base Support Menu (STRAV 89).
  • Stabilization for number of (active) parallel jobs in Anti-Virus subsystem
  • Exclude directories fixes
  • Local scan bug fixes
  • ICAP load and start performance improvements
  • ICAP bug fixes

ICAP Client for Anti-Virus is now part of the iSecurity Advanced Threat Protection (ATP) suite. The suite has been restructured to include:

  • Simplified menus and command access:·
    • STRATP         Menu of Anti-Virus, Anti-Ransomware, Object Integrity Validation
    • STRAV           Menu of Anti-Virus
    • STRAR           Menu of Anti-Ransomware
    • STROBJITG    Menu of object Integrity Validation
  • Installation of *BASE (Library SMZ4) is a pre-requisite
  • Fixed authority issues while trying to tag objects (real time or ‘SCANAV’) as scanned. Objects are not  scanned unless they change.
  • Improve object check. Objects tagged as *CHGONLY are only scanned when necessary.
  • Improvement in signature download.
  • Send email when virus is found.

 

  • Verify database after refresh
  • Add message before scanning file 
  • Improved ICAP messages
  • Improved Multitasking

Global Changes:

While entering authorization codes in Option 81, there is a verification to ensure that the code corresponds to the product.

  • From each product it is possible to access the iSecurity Base options (89). It includes:
    • – Email definitions
      • Address Book (name can represent one or list if emails)
      • Definitions of the email server
      • Restrictions for where the emails can be send to (by domains or specific emails)
    • Authority code related items
      • Add Authorization Codes – enables entering of authorization codes for multiple products by a single command
      • Display Authorization Status
      • Add Daily Check of Authorization Codes – this will send a notification email once a day if any authorization code is invalid or about to expire soon.
      • Display CPU/Lpar Information – tells you how to obtain the System/LPAR info
        without having to install any iSecurity product.
    • – Other functions have been enhanced.
    • – Added ICAP capabilities
  • Fix to leave virus DB from old installation.
  • Send log to recipient list address book.
  • Add option to Send log file as mail.
  • Avoid change of system value in Real Time.
  • Avoid useless change of system values.
  • Avoid log wrapping.