> I stayed out of this business for a good reason, but wouldn't clam-av > on s390 primarily check for signatures of found PC virus code?
It also looks for some of the more common script-kiddie and worm attacks for Linux. Not very many, but then again, there aren't that many to look for. > That > would imply clam-av (and similar solutions) are meant to run on your > mail server before passing e-mail attachments to your clients. Or > maybe on a file server to nanny the end-users. We could certainly > argue whether the mainframe is the most cost effective place to do > this. Violent agreement, I think. It's dumb, but this is a battle you don't *have* to fight and it can be converted easily into an advantage, if needed.