IBM Power Ideas Portal


This portal is to open public enhancement requests against IBM Power Systems products, including IBM i. To view all of your ideas submitted to IBM, create and manage groups of Ideas, or create an idea explicitly set to be either visible by all (public) or visible only to you and IBM (private), use the IBM Unified Ideas Portal (https://ideas.ibm.com).


Shape the future of IBM!

We invite you to shape the future of IBM, including product roadmaps, by submitting ideas that matter to you the most. Here's how it works:

Search existing ideas

Start by searching and reviewing ideas and requests to enhance a product or service. Take a look at ideas others have posted, and add a comment, vote, or subscribe to updates on them if they matter to you. If you can't find what you are looking for,

Post your ideas

  1. Post an idea.

  2. Get feedback from the IBM team and other customers to refine your idea.

  3. Follow the idea through the IBM Ideas process.


Specific links you will want to bookmark for future use

Welcome to the IBM Ideas Portal (https://www.ibm.com/ideas) - Use this site to find out additional information and details about the IBM Ideas process and statuses.

IBM Unified Ideas Portal (https://ideas.ibm.com) - Use this site to view all of your ideas, create new ideas for any IBM product, or search for ideas across all of IBM.

ideasibm@us.ibm.com - Use this email to suggest enhancements to the Ideas process or request help from IBM for submitting your Ideas.

Add a new idea Subscribe
Status Future consideration
Workspace IBM i
Categories IFS (Integrated File System) and Servers
Created by Guest
Created on Feb 6, 2020

RELATED IDEAS

QIBM_QP0L_SCAN_CLOSE extended functionality

as described in the documentation of the QIBM_QP0L_SCAN_CLOSE exit point, the exit point is not called e.g. if the file was opened for write only. In case a customer transfer a virus containing file via FTP to an IFS directory, the file is stored in the IFS without having the chance to be scanned. This is a security leak that can be used if the file is for any reasons proceeded while an installed antivirus solution is not activated. This is like you ask Symantec/Avira/Kaspersky to allow a virus infected file being stored on a windows server. I think they never will do it.


Use Case:

Please check if it is possible to enhance the functionality of this exit point e.g. by adding a new format SCCL0200 that scans also a file on write. In this case arriving files that are uploaded should be marked as scan failure and access from the operating system should be blocked. Customers have to write their applications that access this file with error handling or use the current format SCCL0100.


Idea priority High
  • Guest
    Reply
    |     Aug 1, 2021

    In IBM i we have exit point that control access to ifs objects. This are:

    QIBM_QP0L_SCAN_CLOSE Format SCCL0100
    QIBM_QP0L_SCAN_OPEN Format SCOP0100

    These exit points are responsible for files that are opened and closed in IFS. Unfortunately neither the CLOSE and the OPEN exit point are triggered when opening files for write only. This is a gap because

    - Files arrive the IFS through FTP that writes files to the IFS. In this case virus infected files are written in the IFS and remain there. We may find them during regular scheduled scans only. This is a risk, because if for any reasons the file is opened e.g. for forwarding to another partner while the exit points are not registered (maintenance, update, etc.) infected files are distributed.
    o Never infected files should be stored in IFS
    - Files attacked by Ransomware are also written to the IFS in mode open for write. Therefore nobody can analyze the files running exit point programs to check if the file is created from Ransomware and an attack will encrypt probably all IFS files from the mapped drive.
    o Never Ransomware attacks should be able to write encrypted files in IFS

    Exit points are able to have programs registered that check the content of a file and set the flag “check status” to “FAILURE”. This flag is used to prevent access to this object from IBM I and is perfect for blocking access to infected files. Companies that use exit points for IFS are aware and can adjust their programs to handle files with “check status FAILURE”.

    Our request:

    Allow all write operations to pass the exit point QIBM_QP0L_SCAN_CLOSE SCCL0100

  • Guest
    Reply
    |     Jul 30, 2021

    Hello Developer Friends,
    any progress until now which can be shared to public?

  • Guest
    Reply
    |     Sep 30, 2020

    We understand this request and will continue to evaluate.

  • Guest
    Reply
    |     Aug 26, 2020

    Hello IBM,

    i received the information from a customer and verified it: A file that arrives through FTP into the IFS is not passing the exit point for virus scan. Also if the ifs file is saved into a savefile and forwarded to another system it is not checked.

    This means we receive on the IBM i virus containing files, save them and send them unscanned to other systems.

    For our customer (of large user group) is this a critical issue. Why don't you enable the exit point for this operations?

    A file that arrives in the IFS can be scanned and marked as FAILURE. On save of an IFS object this can be scanned as well to avoid distribution of virus contaning files.

  • Guest
    Reply
    |     Mar 17, 2020

    The CAAC has reviewed this requirement and recommends that IBM view this as a high priority requirement that is important to be addressed. Is the scenario's exit point really working as described for FTP?

    Background: The COMMON Americas Advisory Council (CAAC) members have a broad range of experience in working with small and medium-sized IBM i customers. CAAC has a key role in working with IBM i development to help assess the value and impact of individual RFEs on the broader IBM i community, and has therefore reviewed your RFE.

    For more information about CAAC, see www.common.org/caac

    For more details about CAAC's role with RFEs, see http://www.ibmsystemsmag.com/Blogs/i-Can/May-2017/COMMON-Americas-Advisory-Council-%28CAAC%29-and-RFEs/

    Nancy Uthke-Schmucki - CAAC Program Manager

  • Guest
    Reply
    |     Mar 16, 2020

    The COMMON Europe Advisory Council (CEAC) has reviewed this requirement and recommends that IBM view this as a HIGH priority requirement that is important to address.

    The majority of workstations in use today are yet to adopt Windows 10. This extra layer of security will offer an additional level of protection for users connecting to IBM i via net server.

    Background: The CEAC members have a broad range of experience in working with small and medium-sized IBM i customers. CEAC has a crucial role in working with IBM i development to help assess the value and impact of individual RFEs on the broader IBM i community and has therefore reviewed your RFE.

    To find out how CEAC help to shape the future of IBM i, see CEAC @ ibm.biz/BdYSYj and the article "The Five Hottest IBM i RFEs Of The Quarter" at ibm.biz/BdYSZT

    Therese Eaton – CEAC Program Manager, IBM

By clicking the "Post Comment" or "Submit Idea" button, you are agreeing to the IBM Ideas Portal Terms of Use.
Do not place IBM confidential, company confidential, or personal information into any field.