Viruses and Other Software Threats › Detecting and Controlling Software Threats › Detecting Viruses
Detecting Viruses
Viruses can infect your operating system or spread through your program libraries. If your program libraries are infected and you have access to the system libraries, it might be possible for a virus to attack the operating system, causing widespread damage to multiple users.
Generally, you can use some of these techniques to detect the presence of a virus:
- Use the CA Auditor SMF Analysis Function to detect whether an abnormally high number of updates are made to your program libraries.
- Investigate changes that do not correlate with authorized change‑control procedures.
- Monitor identical changes to multiple programs or libraries.
- Investigate any control section (CSECT) that does not follow a standard naming convention. Use the CA Auditor Program Statistics, Program Origin, and Product Identity displays to identify these modules.
- Browse programs to look for eye‑catchers, which commercial software publishers use to record copyright notices, version and level numbers, and other types of maintenance information.
- Look for literal information that might identify a virus. A phrase such as “Gotcha” would be very suspicious.
