The Sunbelt Kerio Personal Firewall 4 requires 10 MB of disk space for installation and runs ONLY on desktop editions of Windows 2000 and XP. Kerio Personal Firewall 4 DOES NOT run on Windows 9x, Me, NT, 2000 Server and 2003 Server.

[/os/windows/software/security/firewall] permanent link

IBM will still provide standard support until December 31, 2006, but no one will be able to buy it from IBM now.

Some OS/2 users would like to see IBM release OS/2 as open source software now, but IBM has given no indication that it will do so, even though there is little profit the company can make from it now and even though the company has now embraced the open source Linux operating system.

References:

1. IBM Withdraws OS/2
   By Sean Michael Kerner
   December 23, 2005

[/os/os2] permanent link

14:27:14 192.168.0.5:1346 polling for bad server andy
14:29:26 192.168.0.5:1346 polling for bad server andy
14:31:38 192.168.0.5:1346 polling for bad server andy

To get the system to boot normally into Windows in such a situation, hit Ctrl-C or Ctrl-X, depending on whether ghost.exe or ngctdos.exe is running on the client system, to get to a DOS prompt. You should be in the Ghost directory on the system. If not, issue the command cd ghost and then type ngctdos -hide to "hide" the Ghost virtual boot partition and restart the system normally.

References:

1. Recovering From a Stuck Symantec Ghost Virtual Boot Partition
   Cliff Under
   August 26, 2005
   
2. Cannot exit from the Ghost Virtual Boot Partition
   Symantec
   January 5, 2005
   

[/os/windows/utilities/backup/ghost] permanent link

[ More Info ]

[/os/windows/utilities/backup/ghost] permanent link

[ More Info ]

[/security/spyware/MS-Antispyware] permanent link

[ More Info ]

[/os/windows/xp] permanent link

[ More Info ]

[/os/unix/solaris] permanent link

When a user sends a message from Microsoft Outlook requesting a read receipt when the message is read, Outlook adds the header "Disposition-Notification-To:" to the message. You can add the same header to an outgoing email message from Pine. To do so, take the following steps (these steps were tested on Pine 4.44, but should work for other versions as well):

1. From Pine's main menu, hit "S" for "Setup".
2. Hit "C" for "Config".
3. You can either use the cursor keys to move down through the configuration items to find "customized-hdrs" or you can hit "W" for "WhereIs" and search for "cutomized-hders" to find it more quickly.
4. Hit "A" for "Add Value" and add Disposition-Notification-To:. If you already have another custom header, the new header will be inserted before it in the custom headers list (see Changing Pine "From" Address for adding a custom header to allow you to modify your "From" address). If you don't specify an email address after Disposition-Notitication-To:, then you can choose whether a particular message goes out with a read-receipt requested when you compose a message.
5. After adding header, hit "E" to exit Setup.
6. When asked to accept changes, answer "Y", which will return you to Pine's main menu.

Now you compose a message the way you normally would, but hit Ctrl-R while the cursor is in one of the message header fields, e.g. the "To" or "Subject" field, to get "Rich Headers". Before, I modified my personal Pine configuration settings, I would see the following "Rich Headers".

From    : John Doe <johndoe123@moonpoint.com>
To      :
Cc      :
Bcc     :
Newsgrps:
Fcc     : sent-mail
Lcc     :
Attchmnt:
Subject :
----- Message Text -----

But with the "Disposition-Notification-To:" header added, I now see the following:

From    : John Doe <johndoe123@moonpoint.com>
To      :
Cc      :
Bcc     :
Newsgrps:
Fcc     : sent-mail
Lcc     :
Attchmnt:
Subject :
Disposit:
----- Message Text -----

In the "Disposit:" field I can then type the address I want to receive the read receipt, e.g. johndoe123@moonpoint.com. I can then finish composing my message and send it as I normally would. When the Outlook user receives the message, he will be prompted as to whether he wishes to send the read receipt. If he chooses "yes" in Outlook, I will get a read receipt and know the time he read the message. If you don't need a read receipt for a particular message, you simply omit putting an email address in the "Disposit:" field.

References:

1. Using Elm, Berkeley mail, or Pine, how do I know if my message has been delivered?
2. Delivery and Read Receipts

[/network/email/clients/pine] permanent link

[ More Info ]

[/network/email/clients/eudora] permanent link

[ More Info ]

[/os/windows/software/utilities/cd-dvd/RecordNow] permanent link

1. Bad Search
   
   I appreciate it it when websites offer a means to search the site. Sometimes I've been looking for a paricular piece of information on a business site that has many webpages. I expect the information to be there, but would certainly prefer not to spend a lot of time clicking on various webpages trying to find it. But the site will offer no or very limited search capabilities, leaving me frustrated with the site. Fortunately, Google offers one a means to search a specific site, e.g. suppose one wishes to search for SomeCompany's phone number on their website. I could go to Google's site and enter "phone site:somecompany.com" to search for "phone" only on the somecompany.com website. But, of course, I won't be able to find any pages posted on the site subsequent to the Google search engine's last index of the site.
2. PDF Files for Online Reading
   
   When I'm looking for a manual for a particular piece of hardware or software, I like to be able to download the manual in PDF format from a website, so that I can store it on my computer for easy reference later. But I find some sites use PDF files in what I consider to be inappropriate ways. For instance, I've gone to a website to get information on a particular piece of software I'm interested in buying. There's a link on the site to view what the company views as the main features of the software. The link points to a PDF file, which when opened shows a one-page list of the software's main features. Why didn't the company present that as a webpage? By presenting it as a PDF file, they've interrupted my perusal of their site. I have to wait for the PDF file to be downloaded and Adobe Acrobat Reader to be opened on my system to view it, slowing me down. Of course, I also want pricing information. I've got to download another PDF file to get the pricing. At this point I'm wondering if they considered usability in their software design.
3. Not Changing the Color of Visited Links
   
   I also find it aggravating when visited links are displayed in the same color as ones I haven't visited. Why would a site designer make them the same. I'm slowed down when perusing a site, because I can't tell if I've already viewed a particular page while searching for information.
4. Non-Scannable Text
   
   I've seen webpages where the entire page is just one blob of undifferentiated text, making it less attractive than it could be and making it harder to read. I don't get too aggravated by that, though, unless the webpage is not even broken up into manageable paragraphs.
5. Fixed Font Size
   
   I've seen a number of websites where the text is presented in a tiny font that I can hardly read. This occurs on business sites as well as other sites. I'm not going to put my face up next to my monitor and squint to read the webpage. I quickly leave sites that have such webpages.
6. Page Titles With Low Search Engine Visibility
   
   Put a descriptive title on your webpages. I often have many instances of Internet Explorer or other browsers open at once on a system. At the bottom of my Windows screen I see the Internet Explorer icon with the number of webpages I have open. I can click on that icon and see the titles for the pages. Some websites don't put descriptive titles on their webpages or put ones that make it difficult to determine which site the page is associated with or what information is contained on the page. For instance, right now, in my list is a webpage titled "Home". That happens to be the homepage for my credit union, but I've had these browser instances open for a couple of days now and when I look at the list it isn't immediately apparent that "Home" is the homepage of my credit union. After all, how many other websites my use the same description for their main page? And when I want to bookmark a page, I often have to change how it will be saved, because the webpage designer didn't put a title on the page that clearly describes it. Sometimes the problem is that the title is incredibly long, which I shorten when I bookmark the page, so that I won't have issues when I try to backup such a long file name to a CD when I backup my "favorites" list, since the name might otherwise exceed the allowable filename length.
7. Anything That Looks Like an Advertisement
   
   I also tend to ignore things that look like banner ads and find that any flashing or blinking text tends to be annoying unless it is highlighting something that is truly critical. And I tend to close popup windows before their contents are even displayed when I suspect they will be advertisements.
8. Violating Design Conventions
   
   Basically, users will get frustrated if things don't work the way they expect them to work.
9. Opening New Browser Windows
   
   It can be annoying when your visiting a site and the site opens a lot of new windows on your system. You can't back up with the back button on your browser.
10. Not Answering Users' Questions
    
    Jakob Nielson lists this as number 10 on his list of "Top Ten Mistakes in Web Design", but for me it would be much higher on the list. If I'm interested in a product, I want to know its price immediately. Yet many business sites don't list their pricing. You must get the prices by sending an email or calling someone. Do they think this will make me more likely to buy? Do they think "if you have to ask, you can't afford it?"
    
    In the case of some "enterprise" software packages, the pricing is geared for medium or large corporations, i.e. you are expected to buy a license that will gove 50 or more systems. Well, let me know that immediately. And if the minimum license is a 10-user license, let me know its price on the website, so I know immediately whether the product is suitable for a small business that may only be able to afford a couple of hundred dollars for the product.
    
    If I can't find pricing on a compable product elsewhere, I may come back to a site that doesn't offer pricing and get the phone number or email address, but the odds are I won't be back to the site and will be buying a competitor's product instead. One of the strong points of the Web is that you can get instant answers to questions at any time of the day or night, even on holidays. And most of my web surfing is done outside of normal business hours, so I'm not going to have to wait until the next business day just to find out if the price is reasonable for my requirements. So I find it very irritating when sites won't provide pricing on the site.

[/network/web/design] permanent link

[ More Info ]

[/os/windows/office/powerpoint/package-cd] permanent link

Fortunately, you can modify the Windows XP firewall configuration from the command line. I entered the following command to add a firewall opening for TCP port 56080 (you will see an "OK" when the command is completed). After "portopening", you specify the protocol, i.e. "TCP", "UDP", or "All" for both, then the port number, then a name of your choosing. Unless you specify otherwise, the port will be opened so that any IP address can access it, i.e. anyone in the world who can access the system can access the port. So you might want to add the "scope" parameter to the command as well. You can issue the command netsh firewall set portopening to see all of the options.

C:\Documents and Settings\Administrator>netsh firewall set portopening TCP 56080 Proxy
Ok.

To specify that only certain IP addresses would be allowed access to the port, which is certainly desireable for any proxy services, you can use a command like the following instead.

netsh firewall set portopening protocol = TCP port = 56080 name = Proxy mode = ENABLE
          scope = CUSTOM addresses =
	            157.60.0.1,172.16.0.0/16,10.0.0.0/255.0.0.0,LocalSubnet

If the immediately above example was used, then 157.60.0.1 could access the port as could three specific subnets, the last of which is the subnet for any systems on the LAN.

After opening the appropriate firewall rule, I then started the proxy program from the command line.

C:\Documents and Settings\Administrator>"\program files\proxy\proxy"

To verify that the system was actually listening on the port I expected I used the netstat and find commands.

C:\Documents and Settings\Administrator>netstat -a | find "56080"
  TCP    HomeGarden:56080    HomeGarden:0        LISTENING

To verify the firewall rules have been updated appropriately as well, you can use the netsh firewall show portopening command.

C:\Documents and Settings\Administrator>netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP

Port configuration for Standard profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
21599  TCP       Enable   SSH
56080  TCP       Enable   Proxy
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP
3389   TCP       Enable   Remote Desktop

When you want to disable the rule you can use the same command as the one you used to enable the firewall rule, but put "disable" at the end of it.

C:\Documents and Settings\Administrator>netsh firewall set portopening TCP 56080 Proxy disable
Ok.

You can verify the rule is no longer there with the "show portopening" option again.

C:\Documents and Settings\Administrator>netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP

Port configuration for Standard profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
21599  TCP       Enable   SSH
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP
3389   TCP       Enable   Remote Desktop

[/network/proxy] permanent link

/uisr/bin/perl
/usr/sbin/perl
/usr/local/bin/perl
/usr/bin/perl5
/usr/local/bin/perl5

The first line of the Perl script should point to the location revealed for Perl by which perl. E.g., if Perl is in /usr/bin, you should see the following line as the first line of the Perl script.

#!/usr/bin/perl

But, if the path is listed correctly in the script, another check to make is that you aren't using a Perl file in DOS format. For instance, if the file was created on a Windows system and was transferred to a Unix or Linux system in binary mode rather than ASCII mode, then the lines in the file may not be terminated properly for the Linux or Unix system. For a Linux or Unix system, each line should be terminated with a newline character, i.e. hexadecimal 0A. A DOS formatted file, i.e. the text file type you would find on a Windows system will use both a carriage return (CR) and line feed (LF), i.e. a hexadecimal 0D followed by a hexadecimal 0A.

If you attempt to run a Perl script which uses the DOS format on a Unix or Linux system, you will likely get the error message ": bad interpreter: No such file or directory"

You can check the line endins with the hexdump command. Below are two example files test.pl and test2.pl, which are identical, except for the line endings.

# hexdump -C test.pl
00000000  23 21 2f 75 73 72 2f 62  69 6e 2f 70 65 72 6c 0d  |#!/usr/bin/perl.|
00000010  0a 0d 0a 70 72 69 6e 74  20 22 68 65 6c 6c 6f 5c  |...print "hello\|
00000020  6e 22 3b 0d 0a                                    |n";..|
00000025
# hexdump -C test2.pl
00000000  23 21 2f 75 73 72 2f 62  69 6e 2f 70 65 72 6c 0a  |#!/usr/bin/perl.|
00000010  0a 70 72 69 6e 74 20 22  68 65 6c 6c 6f 5c 6e 22  |.print "hello\n"|
00000020  3b 0a 0a                                          |;..|
00000023

If you examined the code in a regular editor, you would see the following lines in each file:

#!/usr/bin/perl

print "hello\n";

But, if you tried to execute them on a Unix or Linux system, you would see different results.

# ./test.pl
: bad interpreter: No such file or directory
# ./test2.pl
hello

You can convert a file, e.g. test.pl, to Unix text file format with dos2unix, which is a DOS/MAC to UNIX text file format converter.

dos2unix test.pl

References:

1. Perl & CGI Tutorial: Your First CGI Script
2. dos2unix

[/languages/perl] permanent link

I did encounter one problem when I first attempted to run the script. I kept getting a ": bad interpreter: No such file or directory" message whenever I tried to run it. That usually indicates the path to the Perl interpreter in the first line of the file is incorrect. When I checked it, I found it was "#!/usr/bin/perl". When I checked Perl's location, I saw it was in /usr/bin/perl.

which perl
/usr/bin/perl

It took me a few minutes to realize that when I downloaded list-modules.zip from the Webnet77 page and then unzipped it on my Linux server, that the extracted Perl file, list-modules.pl, was in DOS format, i.e. the end of every line was terminated with a carriage return and line feed (hexadecimal 0D and 0A) rather than just a line feed (hexadecimal 0A), which is how newlines are indicated on Unix and Linux systems. I spotted the problem when I used hexdump -C list-modules.pl. I used dos2unix list-modules.pl to convert the file to the Unix text file format. I was then able to successfully run the list-modules.pl script.

Download: list-modules.pl

[/languages/perl] permanent link

Could not start scan. Scan engine returned error 0x2.

I rebooted the fourth system, but that did not resolve the problem. I checked to make sure the Symantec Antivirus Client service was running on the system. Its status was listed as "started".

After a few tests, I found that I could run the scans without the error, if I logged into the local system administrator's account on the two systems where the error occurred. When I started the scans on the third and fourth systems I had been logged into an account in the Power Users group on the third system and a regular user account on the fourth system. But in both cases, I had started the scans by right-clicking on the icon for Symantec Client Security while holding down a shift key and then selected "Run as" and selected the local administrator's account from which to run the scan. But that didn't work. I had to actually log into that account in order to successfully run the scans. In the case of the second system where I had run the scan successfully from the local user's account, that local user account was in the administrators group for that system.

I found someone else reporting the same problem at Some1 PLZ help Symantec AV will not scan. Someone had replied to that poster that rebooting resolved the problem for him, but it didn't help for me. Other URLs listed in replies referred to error messages that didn't match the 0x2 one I saw, so I don't think they were applicable.

[/security/antivirus/symantec] permanent link

From a Unix workstation running Solaris, I entered the command ssh -L 5901:localhost:5900 administrator@192.168.0.5 to establish an SSH connection to the system with port 5901 on the Unix workstation being forwarded to port 5900 on the Windows SBS 2003 server. Port 5900 is the default port for a VNC server and the one I used on the Windows system. However, when I tried to connect to the Windows system with vncviewer by connecting to port 5901 on the Unix system, which then should be forwarded over the SSH connection to port 5900 on the Windows system, I saw the message "Local loop-back connections are disabled."

bash-2.03$ vncviewer localhost:1

VNC viewer for X version 4.0 - built Jun 14 2004 12:04:05
Copyright (C) 2002-2004 RealVNC Ltd.
See http://www.realvnc.com for information on VNC.

Tue Nov 22 16:08:49 2005
 CConn:       connected to host localhost port 5901
 CConnection: Server supports RFB protocol version 3.3
 CConnection: Using RFB protocol version 3.3

Tue Nov 22 16:08:50 2005
 main:        Local loop-back connections are disabled.

Doing a Google search on the error, I learned I needed to have the registry key HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 on the Windows system set to a DWORD value of "1". Since I had a command line prompt on the Windows system via the SSH connection, I used the reg query command to check the current value of that registry key. Sure enough, its current value was "0".

C:\Documents and Settings\Administrator>reg query HKEY_LOCAL_MACHINE\SOFTWARE\OR
L\WinVNC3                                                                       
                                                                                
HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3                                         
    ConnectPriority    REG_DWORD    0x0                                         
    DebugMode    REG_DWORD    0x0                                               
    DebugLevel    REG_DWORD    0x2                                              
    LoopbackOnly    REG_DWORD    0x0                                            
    EnableHTTPDaemon    REG_DWORD    0x1                                        
    EnableURLParams    REG_DWORD    0x0                                         
    AllowLoopback    REG_DWORD    0x0                                           
    AuthRequired    REG_DWORD    0x1                                            
                                                                                
HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default                                 

Fortunately, the reg command can also be used to modify the registry from the command line.

C:\Documents and Settings\Administrator>reg add HKEY_LOCAL_MACHINE\SOFTWARE\ORL\
WinVNC3 /v AllowLoopback /t REG_DWORD /d 1                                      
Value AllowLoopback exists, overwrite(Yes/No)? yes                              
The operation completed successfully.                                           

The REG ADD command uses the following syntax:

REG ADD KeyName [/v ValueName | /ve] [/t Type] [/s Separator] [/d Data] [/f]


In this case, the parameters used have the following meaning:

/v     The value name, in this case "AllowLoopback", to be added under the selected key.

/t     Allows one to specify the data type, which can be REG_SZ, REG_MULTI_SZ, REG_EXPAND_SZ, REG_DWORD, REG_BINARY, or REG_NONE. If none is specified, REG_SZ is assumed. In this case REG_DWORD is needed.

/d     The data to assign to the registry ValueName being added, which is "1" in this case.

Another reg query HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3 shows the value was changed.

C:\Documents and Settings\Administrator>reg query HKEY_LOCAL_MACHINE\SOFTWARE\OR
L\WinVNC3 

HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3                                         
    ConnectPriority    REG_DWORD    0x0                                         
    DebugMode    REG_DWORD    0x0                                               
    DebugLevel    REG_DWORD    0x2                                              
    LoopbackOnly    REG_DWORD    0x0                                            
    EnableHTTPDaemon    REG_DWORD    0x1                                        
    EnableURLParams    REG_DWORD    0x0                                         
    AllowLoopback    REG_DWORD    0x1                                           
    AuthRequired    REG_DWORD    0x1                                            
                                                                                
HKEY_LOCAL_MACHINE\SOFTWARE\ORL\WinVNC3\Default

After modifying the registry value, you then must stop and restart the VNC Server service.

C:\Documents and Settings\Administrator>net stop "VNC Server"                   
The VNC Server service is stopping..                                            
The VNC Server service was stopped successfully.                                
                                                                                
                                                                                
C:\Documents and Settings\Administrator>net start "VNC Server"                  
The VNC Server service is starting.                                             
The VNC Server service was started successfully.    

You should then be able to use vncviewer localhost:1 to access the remote system with VNC. After the message about the protocol version, you should see a VNC Authentication window open.

bash-2.03$ vncviewer localhost:1

VNC viewer for X version 4.0 - built Jun 14 2004 12:04:05
Copyright (C) 2002-2004 RealVNC Ltd.
See http://www.realvnc.com for information on VNC.

Tue Nov 22 17:07:42 2005
 CConn:       connected to host localhost port 5901
 CConnection: Server supports RFB protocol version 3.3
 CConnection: Using RFB protocol version 3.3

In this case, I was then able to enter the VNC authorization password and then hit Ctrl-Alt-Del on the Solaris system to enter the user name and password for the Windows SBS 2003 server.

References:

1. Cygwin ssh (OpenSSH), and Win98 - Use "crypt newpassword" to add a password into /etc/passwd

[/os/windows/software/remote-control/vnc] permanent link

A user reported a problem when switching from one on-line radio station to another. Both stations relied on Abacast streaming media software. I found that terminating the abaclient.exe process or choosing "exit" from the Abacast Client icon in the system tray would allow me to switch to ther other station and hear its music rather than the first station's music.

[ More Info ]

[/music/abacast] permanent link

Check to see whether a /rmdisk directory already exists.

# ls /rmdisk
zip zip0

In this case, the system, which happens to be a PC running Solaris 10, has a Zip drive and the directory already exists. If it didn't, you would use mkdir /rmdisk to create it.

Insert the USB key, aka flash memory or USB memory, into the system. Stop and then restart volmgmt.

# /etc/init.d/volmgt stop
# /etc/init.d/volmgt start
volume management starting.


You can use the mount command to list the mounted drives and pipe the results to the grep command to search for the USB key or you can just use ls /rmdisk and look for usbmemory.

# mount | grep rmdisk
/rmdisk/usbmemory on /vol/dev/dsk/c3t0d0/usbmemory:c read/write/setuid/devices/nohidden/nofoldcase/dev=1741001 on Wed Nov 16 11:45:28 2005
/rmdisk/zip on /vol/dev/dsk/c0t0d0/zip:c read/write/setuid/devices/nohidden/nofoldcase/dev=1741002 on Wed Nov 16 11:45:30 2005
# ls /rmdisk
rmdisk2 usbmemory zip zip0

You should then be able to find the contents of the USB drive under /rmdisk/usbmemory or perhaps under /rmdisk/unnamed_rmdisk.

[/os/unix/solaris] permanent link

References:

1. Toolbox Grayed Out

[/os/windows/office/access] permanent link

When I started Eudora 4.2 on Pamela's system, I saw the following:

Remote Instance

An instance of Eudora may be running on a remote computer. Accessing a mailbox from two instances of Eudora may lead to data corruption. Please indicate how you wish to proceed.

[ Exit this instance ]

[ Terminate remote instance ]

[ Continue (I'll accept the consequences) ]

I chose "terminate remote instance". But that just led to Eudora closing. So I looked in the directory where Eudora stores the user's email and found an OWNER.LOK file. Eudora creates the file when it starts to keep two instances of Eudora from modifying the same mail files. But, if Eudora crashes, the file may remain and you may need to manually delete it. I deleted the file.

[/network/email/clients/eudora] permanent link

Pamela reported that her system no longer had network access. When I checked the IP configuration by issuing "ipconfig/all" at a command prompt, nothing was displayed.

Microsoft Windows XP [Version 5.1.2600]
(C) Copyright 1985-2001 Microsoft Corp.

C:\Documents and Settings\Administrator>ipconfig /all

Windows IP Configuration


C:\Documents and Settings\Administrator>

I checked the network card's status under the device manager ("Start", "Control Panel", "System", "Hardware", "Device Manager" from the Windows XP "classic" control panel view). It showed the following for the network interface card:

Intel(R) PRO/100 VE Network Connection

Driver files:
C:\WINNT\System32\DRIVERS\e100b325.sys

Provider: 	Intel Corporation
File version:	8.0.19.0 built by: WinDDK
Copyright:	1995-2004, Intel Corp. All Rights Reserved.
Digital Signer:	Microsoft Windows Hardware Compatibility

Device Instance Id
PCI\VEN_8086&DEV_1039&SUBSYS_4000107B&REV_82\4&29817089&0&40F0

Resource settings:

This device isn't using any resources because it has a problem.

I rebooted the system. But the problem remained the same after rebooting. The "Intel(R) PROSet II" troubleshooting aid was present under "Start", "All Programs", "Intel". It listed the following under "Troubleshooting":

Problem:
The system has not enabled IO address mapping for the device you have installed. The device driver will not work correctly on this adapter.

Possible causes:

PC BIOS is set to Plug and Play.

Possible solutions: Try turning off Plug and Play in the PC BIOS. See your PC manual for instructions on changing your BIOS settings.

When I clicked on the "Next" button, I saw the following:

Problem:
Unable to locate the drivers for this adapter.

Possible causes:

The drivers for this adapter were not installed, or are not installed properly.

Possible solutions:
Use the "Add/Remove Hardware" wizard in the Control Panel to install the drivers for this adapter.

I went into the "Device Manager" under the "Control Panel" again and right clicked on "Intel(R) PRO/100 VE Network Connection", which was under "Network Adapters". I chose "uninstall". I received the message "Failed to uninstall the device. The device may be required to boot up the computer." I tried disabling the device prior to uninstalling it, but that yielded the same results on the uninstall step. So I re-enabled the adapter and tried "update driver" instead of "disable" or "uninstall". When I took that step, I no longer saw a yellow exclamation mark next to the "Intel(R) PRO/100 VE Network Connection". And when I went to a command prompt and issued an "ipconfig/all" command, I saw the expected results, i.e. I saw the expected IP address, subnet mask, gateway, and DNS server addresses.

I checked the "automatic updates" setting on the system and found it set for "automatically download recommended updates for my computer and install them". I changed it to "download updates for me, but let me choose when to install them." This problem was reported to me on Monday, November 14. I did see that updates had been automatically downloaded and installed for the system early in the morning on Friday, November 11.

The updates that were installed Friday were "Security Update for Windows XP (KB896424)" and "Windows Malicious Software Removal Tool - November 2005 (KB890830)". Those updates led to a system reboot, since I saw the entry below listed afterwards:

Restart Required: To complete the installation of the following updates, the computer will be restarted within 5 minutes:
- Security Update for Windows XP (KB896424)
- Windows Malicious Software Removal Tool - November 2005 (KB890830)

I don't believe either of those updates are the likely cause of the problem, however. When I checked the timestamps on files updated by the user's email client, Eudora, I saw they had been updated much later during the day on Friday.

I also noticed the following error in the system event log for November 14:

Event Type:	Warning
Event Source:	PlugPlayManager
Event Category:	None
Event ID:	256
Date:		11/14/2005
Time:		7:54:05 AM
User:		N/A
Computer:	ELLIE
Description:
Timed out sending notification of device interface change to window of "MyTest"

For more information, see Help and Support Center at 
http://go.microsoft.com/fwlink/events.asp.

When I clicked on the link in the event entry, I saw the following:

I don't know of any hardware change that might have been made on the system. I noticed the user's iPod was unplugged. I think it was plugged in previously, but I don't know if that had any bearing on the problem.

[/hardware/network/nic/intel] permanent link

A user reported a problem when switching from one on-line radio station to another. She had downloaded Abacast software from a link on one station's site. I couldn't duplicate the problem initially, but did find that a separate download is needed to use the service with Firefox versus Internet Explorer.

[ More Info ]

[/music/abacast] permanent link

If you receive an error similar to the following when sending and receiving email with Outlook, check that the domain name for the email server is valid.

Task 'ninasmith@example.com - Sending and Receiving' reported error (0x800CCC0D) : 'Unable to find the e-mail server. Please verify the server information in your account properties.'

A user reported that she could no longer send and receive email. I had her attempt to connect to port 25 on her email server from a command prompt with telnet, e.g. telnet 192.168.2.10 25. She was able to connect and received the SMTP server's prompt. I then had her try to connect to the POP3 port, port 110, with telnet 192.168.2.10.com 110. Again, she was successful, and was able to enter the user and pass commands to access her email on the server. But when I tried to lookup the IP address of the mail server, e.g. with nslookup example.com, I received the response "*** ns2.diginetusa.net can't find example.com: Server failed". I then discovered that the DNS service for the user's domain name had expired and needed to be renewed.

[/network/email/clients/outlook] permanent link

When I scanned a system, J, on October 5, 2005 with Microsoft AntiSpyware, it found Euniverse Updater, though that appeared to be a false positive, and Broadcasturban Tuner.

[/security/spyware] permanent link

When I clicked on "OK", I got the message "Access to the file was denied". And when I clicked on "OK" for that message I was back to the original message and was stuck in a circle with clicking on one message bringing up the other over and over again.

Clicking on the Trojan Horse link just brought up a Symantec webpage with generic information on trojans, which was of no help at all. Unfortunately, Symantec seems to provide a generic "trojan" page for many trojans when surely they must have some information on particular trojans.

Sophos links hhk.dll to Troj/Puper-D, which it describes as a "a browser hacking Trojan for the Windows platform." It indicates that the file shnlog.exe is associated with this trojan. I've seen references to shnlog.exe not closing properly when I shut down the system, i.e. messages indicating the application failed to initialize because the system is shutting down.

I ran a complete scan of the system even though the hhk.dll virus alert couldn't be dismissed. That scan found the following:

The files were found in the following locations:

I opted to have Norton AntiVirus attempt to fix the problems. It reported "quarantine failed" for hhk.dll and hp832A.tmp. It then asked if I wanted to delete files. It was still unable to remove everything, reporting "delete failed" for hhk.dll, hp832A.tmp, popuper.exe, and shnlog.exe. It reported intmon.exe as "quarantined".

I started regedit. I noticed that there was still a key under HKLM\Software\Microsoft\WIndows\Current\Version\Run for "PSGuard spware remover" with a value of "C:\Program Files\PSGuard\PSGuard.exe". That malware had previously been removed, so I removed the key.

And since the Sophos webpage states in regard to the Troj/Puper-D trojan that it creates a regisry key under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run named paint.exe, which points to shnlog.exe, in order to run itself on startup, I removed that, as well as one that was named notepad2.exe, which pointed to popuper.exe.

I then rebooted. Norton AntiVirus was then reporting hp8A66.tmp as a Trojan Horse and indicating it couldn't repair it. When I dismissed its warnings for that file, it reported it couldn't repair HHK.DLL again.

I tried deleting shnlog.exe, but couldn't delete the file and when I checked the registry under HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\policies\explorer\run, I found the paint.exe entry was back pointing to shnlog.exe. I deleted it again and within a few moments it was back again.

I then rebooted the system into Safe Mode and ran a scan of the system with Spybot Search & Destroy 1.4 using adware/spyware definitions from 9/23/2005. It found a plethora of malware, including AV-Gold. On a BleepingComputer.Com webpage titled "How to remove AntiVirus Gold or AVGold", I found the following description for it:

Antivirus Gold is a supposed AntiSpyware application that gets installed by Spyware/malware without asking for permission. This infection hijacks your desktop to display an ad stating you need to buy an antispyware program.

There were also removal instructions on that webpage, but I chose to have Spybot remove it. Spybot also found remnants of PSGuard, which also purports to offer you protection for your system, still on the system. It also reported CoolWWWSearch.ToonComics, PSGuard.msmsgs, QuickNavigate, Smitfraud-C, and Zonemap.Ranges. When I chose to have Spybot remove everything it found, it reported that it couldn't fix 14 items and asked if it could run again when the system was rebooted. I indicated "yes" and rebooted. A Spybot scan ran again immediately after I rebooted, but again it couldn't remove everything and suggested it be run immediately after a system restart, so I rebooted again after it completed its second scan. On the next scan, it found 27 registry entries related to Smitfraud-C, which I requested it fix. However, Spybot reported it fixed 0 of the 27 problems it found and again suggested a reboot to fix the problems it couldn't fix. But again it found 27 entries for Smitfraud-C and reported "Some problems couldn't be fixed; the reason cold be that the associated files are still in use (in memory). This could be fixed after a restart." Again it asked "May Spybot S&D run on your next system startup?" This time I answered "no", since it seemed unable to deal with the problem. But it seems to have dealt with HKK.DLL, since it was no longer in the c:\windows\system32 folder and Norton AntiVirus is no longer displaying alerts immediately after the system is rebooted.

I noticed SpyCatcher was on the system, though I didn't see any process named "spycatcher" in the Task Manager processes list. When I went to "Start" and "Programs", there was a group under titled "SpyCatcher", but the only entry within it was "Uninstall Spycatcher", though all of the files, including a SpyCatcher.exe, appeared to be present under "C:\Program Files\SpyCatcher". At the Tenebril webpage selling the product, the first feature listed for it is "Allows novice PC users to remove aggressive spyware". The Spyware Warrior Rogue/Suspect Anti-Spyware Products & Web Sites stated it was a lesser-known antispyware product that had been tested but not found to be a rogue/suspect antispyware product. Products purporting to be antispyware programs that "are of unknown, questionable, or dubious value as anti-spyware protection" are placed on the rogue/suspect list maintained at this webpage.

In addition to selling SpyCatcher, the Tenebril website also offers a free online scan for spyware at Free Online Spyware Scan.

Since SpyCatcher wasn't listed as a dubious antispyware program, I started it, but was presented with the message "Before using SpyCatcher, you must register the product with your e-mail address and CD order number." I found a positive review, SpyCatcher Review by Chris Hall at Pocket-lint.co.uk and a four-star rating for it at SpyCatcher - adware and spyware scanner on the SnapFiles website.

Since the price was only $19.95, I decided to try the product to see how it performed. After purchasing it, I was given a serial number, which I entered on the infected system. I couldn't immediately run the software, however. It insisted I must log onto the Internet to unlock SpyCatcher. So, if you had a serious adware/spyware problem that prevented you from accessing the Internet, which I've seen occur on many systems, you wouldn't be able to use the software unless you already had it installed and registed on the infected system.

I updated SpyCatcher and had it scan the system. It appeared to get stuck on the "Loadin fingerprint library" phase. It indicated it loaded 13,336 fingerprints and then appeared to hang. It didn't show any updates to the "running programs scanned", "registry items scanned", nor "files and folders scanned".

After killing the SpyCatcher.exe process and restarting it only to get the same results, I gave up on it and installed Microsoft AntiSpyware Beta1. I ran the default "intelligent quick scan", but it found nothing, so I ran a "full scan" with all options selected. It took twice as long - about 10 minutes versus about 5 minutes for the quick scan, but also found nothing.

I then decided to run another scan with Norton AntiVirus 2005 to see what it is still reporting. While that was running a Norton Personal Firewall alert popped up stating that "tgshell.exe is attempting to connect to a DNS server" asking "what do you want to do?" When I searched for information on tgshell.exe, I found the following at Task List Programs - T on the AnswersThatWork.com site.

I chose to "Always block connections from this program on all ports" for tgshell.exe.

When the Norton AntiVirus scan completed, it reported "no threats found." I ran a Spybot scan again and it again found the same 27 Smitfraud-C registry entries, under HKEY\USERS\...\Software\Microsoft\Windows\CurrentVersion\Internet Settings\ZoneMap\Domains\, which it couldn't fix. It appears to be reporting all of the sites that are listed in Internet Explorer's restricted zone, which is a zone that Internet Explorer uses to restrict access to "Web sites that could potentially damage your computer or data", so appears to be a false positive rather than any real threat.

[/security/viruses] permanent link

If you are running RunUO as a gaming server, you can use FireDaemon to run it as a Windows system service, so that it starts automatically when Windows starts and can be started and stopped with net start and net stop commands, which can be issued from another computer if desired.

[ More Info ]

[/gaming/runuo/firedaemon] permanent link

A September 21, 2005 article titled FBI cybercrime chief heading to China states that the FBI's assistant director of its Cyber Divsion will be headed to China in November to meet with Chinese counterparts to discuss intellectual property issues.

Software piracy in China is a big issue for Microsoft. Reportedly one can buy copies of Microsoft Windows operating systems or Microsoft Office in China for a few dollars. An InformationWeek article titled Microsoft Fights Priacy In China, Linux Wins states that the Business Software Alliance, of which Microsoft is a member, alleges that 90 percent of all software in China is pirated resulting in a $3.5 billion revenue loss for software vendors (this of course presumes that all those using the software would buy the software, if they couldn't get pirated versions, which is unlikely). Microsoft has resorted to offering lower-priced versions of its software in some markets to encourage users who wouldn't be able to otherwise afford Microsoft's software to buy legitimate copies rather than use pirated copies.

Who knows whether Microsoft's Bill Gates was most irked by this rampant software piracy in China or China's embrace of Linux when he reportedly accused the Chinese government and the Chinese people of treating Microsoft badly (I'm trying to keep this blog P.G. rated, so see "'China has f*cked us' - Bill Gates", if you want the details.. China has embraced Linux, which, since its source code is freely available, frees them from the worry that Microsoft or some other company may have installed hidden back doors that would allow other nations' spy agencies access to Chinese systems and, of course, frees China from reliance on software companies in other nations. I can certainly understand Microsoft executives being upset about the rampant piracy, but, of course Microsoft's own behavior when dealing with competitors shows that it doesn't hold ethical behavior in high regard, if such behavior might impede the company's success.

References:

1. Federal Computer Week
   September 21, 2005
2. Microsoft Fights Piracy In China, Linux Wins
   By Maria Trombly
   Byte.com
   September 6, 2005
3. 'China has f*cked us' - Bill Gates
   By Andrew Orlowski
   The Register
   September 7, 2005

[/security/crime] permanent link

Robert Cringely posted an article today to his I, Cringely website regarding how the amount of money an advertiser spends for Google AdWords affects the advertiser's placement with Google Adwords when someone searches for a word which the advertiser has paid Google to associate with his website in the ads Google displays. Paying more money for a particular word will supposedly increase the likelihood that the advertiser's website will appear on the first or first few pages Google displays when a search is performed that includes the word.

In the article Google Goes Las Vegas, Cringely reports that one of his readers who makes his living through a website advertised throug Google AdWords conducted an experiment using a duplicate website he created. He continued paying the same amount for AdWords associated with the primary site, but varied the amount he paid for the identical test site. Increasing the amount he paid for words associated with the duplicate site to 10 times the amount he paid for the same words to be associated with the primary site increased his revenue, though not enough to warrant the 10-fold increase in advertising costs, but when he reduced the amount he paid for the identical site, but still kept it above what he paid for the original site, his revenue for the duplicate site plummeted below what he was getting for the original site, even though he was paying more for AdWords for that site. Apparently Google's ad placement algorithm drastically penalizes advertisers when they reduce the amount they pay Google for advertising to discourage them from reducing spending.

[/network/web/shopping] permanent link

Previously you had two options with the Opera browser. You could download and ad-supported version for free or pay $39 for an ad-free version. The free version would show ad banners within the browser. But one could obtain Firefox for free without any ads. The pressure from competition with Firefox has apparently led Opera to now provide an ad-free version at no cost.

Of course, the company needs to generate revenue by some means in order to survive. Opera expects to generate sufficient revenue to continue developing their browser through revenue-sharing agreements with other sites, primarily Google, by directing traffic through Opera's built-in web search box.

Opera, of couse, is also in competition with Internet Explorer (IE), which is also free. Microsoft has the leeway of simply adding IE's development costs into the cost of its operating systems, so the user doesn't see any separate costs for that browser.

According to WebsideStory, IE's share among web users was 91 percent in April, down from 97 percent in June of 1994. They rated Opera at 0.2 percent and Firefox at 7 percent. Many people have turned to Firefox because of concerns about IE's security.

I've only used Opera on a Unix system, where I like its ability to have multiple webpages open in separate tabs and was impressed with its ability to recover from crashes. When I restarted Opera, it would allow me to go back to its state when the crash occurred with all of my previously open tabs displayed and with the ability to back up to previously viewed pages within those tabs. Since Opera is now free, I plan on installing it on my Windows systems as an alternative to IE . I now have Firefox on some of those systems as an alternative.

References:

1. Opera Makes Its Browser Free, With No Ads
   By Anick Jesdanun
   Associated Press
   September 21, 2005

[/network/web/browser] permanent link

I was given a laptop running Windows XP Home Edition with a report that it was badly infected. Norton AntiVirus 2005 was installed on the system. It was displaying alerts that the system was infected with W32.Desktophijack.

I installed Bazooka Adware and Spyware Scanner 1.13.03 on the system and updated its database to the September 20, 2005 version. It found the following malware:

Exploit ebs.fuck-access.com
Exploit crackzws-1
Exploit Lookforthe.net

For "Exploit ebs.fuck-access.com", I checked Bazooka's manual removal instructions, which suggested starting the system in safe mode and checking for various registry keys and files. I didn't find any of the listed registry keys, but I did find two of the files: c:\windows\system32\oleadm.dll and c:\windows\system\wp.bmp. I submitted oleadm.dll to Jotti's Online Malware Scan for analysis. The report I received showed that many of the 14 antivirus programs Jotti uses detected the file as being part of a trojan.

I generated a log in Bazooka, which I examined. It only listed C:\Windows\System32\wp.bmp as being associated with "Exploit ebs.fuck-access.com", though. It didn't list oleadm.dll, though the removal instructions advised removing that file if it was found. Symantec was reporting W32.Desktophijack. It's webpage for that malware indicates that wp.bmp is associated with W32.Desktophijack. It doesn't list the other files that Bazooka reports are associated with "Exploit ebs.fuck-access.com". I had to remove oleadm.dll as well as wp.bmp before Bazooka no longer detected "Exploit ebs.fuck-access.com" on the system.

I replaced the infected wininet.dll file with an uninfected copy of the file that was in c:\i386 (see W32_Desktophijack - September 17, 2005 for the MD5 checksums for the infected and uninfected versions of the file and additional information).

For the "Exploit crackz.ws 1" infection, I checked under "Add or Remove Programs" for "Content Delivery Module", "Internet Update", "OIN", "PSGuard" or "UCMore - The Search Accelerator", which the Bazooka webpage indicated are associated with this malware, but didn't find any of those. But I had noticed a deleted shortcut for PSGuard in the Recycle Bin and there was an empy "C:\Program Files\PSGuard" directory with a timestamp of 8/3/2005 6:18 PM. Apparently the software was on the system, but was deleted by the user. When I deleted that directory, Bazooka no longer reported the presence of "Exploit crackz.ws 1".

To remove "Exploit Lookforthe.net", I followed the removal instructions provided by Kephyr. I started the system in Safe Mode and then ran the registry editor, regedit. I didn't see a Olympic key under HKEY_LOCAL\MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run, but I did see a intell32.exe key with a value of "C:\WINDOWS\System32\intell32.exe". I deleted the key and removed the file from the system. That file had a time stamp of 9/20/2005 11:14 PM and was 6,144 bytes. The creation date was Saturday, August 27, 2005 1:49:48 AM. I also found one of the other files, oleext.dll, listed on the Kephyr page as being associated with this malware. It was also in the "C:\WINDOWS\system32\" directory. At SpyWare BeWare! -> PSGuard, I found a reference to this file being linked to "Trojan.Desktophijack.C". The Symantec webpage indicates this is another piece of malware that attempts to dupe unsuspecting users into downloading antispyware software by displaying a warning message linked to this malware. In reality the user's system is indeed infected - by this malware. Clicking on the link in the displayed message will take the user to a download.psguard.com webpage. I deleted oleext.dll. I didn't see any of the other files Kephyr's site reported as associated with this malware. I then went into Internet Explorer and went to "Tools" and selected "Programs", and then "Reset Web Settings".

After removing the intell32.exe registry entry and the intell32.exe and oleext.dll files, I rescanned the system with Bazooka Adware and Spyware Scanner. It reported "Nothing Detected".

I then rebooted the system normally only to find Norton AntiVirus now displaying the message "Norton AntiVirus 2005 does not support the Repair feature, please uninstall and reinstall." I rebooted again and the message didn't reappear.

[/security/viruses] permanent link

Scanning a system with Bazooka Adware and Spyware Scanner, I found components of Whazit and Media Loads, which I manually removed.

[/security/spyware/whazit] permanent link

I've started documenting differences I've found in Internet Explorer and Firefox when viewing some of the webpages I've created. Occasionally it has taken me quite a bit of time to figure out why a page looks different in Firefox than it does in Internet Explorer. Though some of the differences, e.g. the underlining of acronyms, are so minor I consider them inconsequential, others can make a page unreadable and have sometimes taken me quite a bit of time to determine exactly why the discrepancy is occurring.

[ More Info ]

[/network/web/browser] permanent link

If you have an old PC, even a 386-based PC, with just 12 MB of memory and a floppy drive, you have enough to build a firewall for home use or for use by a small business. You can build your firewall with such minimal hardware requirements if you use floppyfw. In fact, you can get by with even less than 12 MB of memory if you use an older version of floppyfw, i.e. the 1.x series rather than the current 2.x software. And the old 1.x software is still maintained by the developer.

[ More Info ]

[/os/unix/linux/network/firewall] permanent link

Norman ASA, an antivirus vendor, provides a virus warning service to websites, which can be viewed at Norman Virus Warnings or the home page for MoonPoint Support.

[/security/antivirus/norman] permanent link

When I scanned a system with Spybot Search & Destroy, Spybot reported "Windows AdTools" was present on the system. It identified the file c:\windows\system32\ide21201.vxd as being part of that adware/spyware. It did not report any other files or registry keys associated with AdTools.

[ More Info ]

[/security/spyware/adtools] permanent link

Norman ASA provides antivirus software and also a webpage where you can submit a file for a determination of whether it is malware. You will need to provide an email address where the results of the file analysis will be sent. You should get an email regarding your file submission within a minute of submitting your file. The link for the file submission is http://sandbox.norman.no/live.html.

You can also submit a file to Jotti's Online Malware Scan, where it will be scanned by Norman Virus Control as well as thirteen other scanners. The results of the analysis will be displayed immediately

[/security/antivirus/norman] permanent link

[ More Info ]

[/os/windows/xp/firewall] permanent link

I modified a script for RunUO, which is a software package that will allow you to run your own gaming server akin to the Ultima Online online roleplaying game. The Emote script will allow you to issue the command "[emote" to see a list of emotions or actions your character can display or issue a specific "[e " command to "emote", e.g. "[e giggle" will play a sound file for a giggle. The sounds are specific to the character's gender, e.g. if you issue the command "[e laugh" for a female character, you will hear a female laugh, whereas, if the command is issued for a male character, you will hear a male laugh. The same is true when you pick an option from the menu.

[/gaming/runuo] permanent link

To set up your own RunUO server take the following steps:

1. Download the RunUO server software from http://www.runuo.com/downloads/.
2. Unzip the file into the directory where you want it to reside when you run it.
3. Change the autosave value, i.e. the value that controls how often the shard saves its state to one of your liking. The default value is to save every 5 minutes. We set ours to 30 minutes, so that the delays that occur when saving are less frequent. If you wish to change the value from the default of saving every 5 minutes, edit the Scripts\Misc\AutoSave.cs file and change the "5.0" in the following line. You can edit the RunUO scripts with any text editor, e.g. Notepad.
   
   Original Line:
   
   private static TimeSpan m_Delay = TimeSpan.FromMinutes( 5.0 );

   New Line:
   
   private static TimeSpan m_Delay = TimeSpan.FromMinutes( 30.0 );

   
4. If you have a Fully Qualified Domain Name (FQDN) for your server, e.g. shard.anolonandpointsbeyond.com in our case, you can put it in Scripts\Misc\ServerList.cs.
   
   Original Line:
   
   public const string Address = null;

   New Line:
   
   public const string Address = shard.anolonandpointsbeyond.com;

   You may need to change the "null" to your IP address, e.g. 192.168.0.12, if you don't have a FQDN, such as shard.anolonandpointsbeyond.com. The comment in the Serverlist.cs file states the following:
   
   

   /* Address: * * The default setting, a value of 'null', will attempt to detect your IP address automatically: * private const string Address = null; * * This detection, however, does not work for servers behind routers. If you're running behind a router, put in your IP: * private const string Address = "12.34.56.78"; * * If you need to resolve a DNS host name, you can do that too: * private const string Address = "shard.host.com"; */

   
   Since, if you are connected to the Internet, you are behind a router, whether it's your own or your Internet Service Provider's (ISP's), I think the statement about detecting the server's address unless it is behind a router isn't clear. Maybe the router isn't at your location, e.g. maybe you have only a cable modem, but it will be connected to your ISP's router in that case. Perhaps the author meant "a router doing Network Address Translation (NAT)", but I'm not certain.
   
   
5. You should also change the ServerName variable in the Scripts\Misc\ServerList.cs file to one that fits your game. The default value is "RunUO Test Center".
   
   
6. Original Line:
   
   public const string ServerName = "RunUO Test Center";

   New Line:
   
   public const string ServerName = "Anolon";

   
7. By default the server will listen on TCP port 2593. If you want to have it listen on a different port, change the following line in Scripts/Misc/ServerList.cs.
   
   Listener.Port = 2593;

   Applications listen for connections on specific ports. Think of it like an office with multiple phone lines. Perhaps there are 10 phone numbers for the office, but Jane only answers the one that ends in 2593, e.g. 555-555-2593. If you don't know about port numbers, just accept the default value.
   
   If you have firewall software on the system functioning as the RunUO server, or that system sits behind a firewall, or behind a router doing Network Address Translation (NAT), then you will have to create a rule in the firewall or in the router that will allow outside connections to be made to the port on the RunUO server, i.e. to TCP port 2593. Otherwise no one on the other side of that router or firwall will be able to connect to the RunUO server.
   
   
8. If you wish to allow multiple accounts to be created from one IP address, change the line below in Scripts\Accounting\AccountHandler.cs. E.g. you could change the "1" to a "5" to allow someone to create 5 accounts.
   
   Original Line:
   
   private static int MaxAccountsPerIP = 1;

   New Line:
   
   private static int MaxAccountsPerIP = 5;

   
9. If you want to control who has accounts on your server, i.e. you don't want to allow people to automatically create accounts on your server, then you need to edit Scripts\Accounting\AccountHandler.cs. Change the value of "AutoAccountCreation" from "true" to "false". The script language is case sensitive so use "false" not "False".
   
   Original Line:
   
   private static bool AutoAccountCreation = true;


   New Line:
   
   private static bool AutoAccountCreation = false;

   
10. When you are ready to start your RunUO server, get a command prompt (Click on Start then Run, then type cmd and hit enter). Then switch to the directory where the RunUO software is stored and type server and hit enter to start the shard software.
    

[/gaming/runuo] permanent link

A WebRamp Entree ISDN router can be configured to function as a DHCP server. This can be done through the router's command line configuration capability by establishing a telnet connection to the router. When you have logged into the router (the default userid is "wradmin"), you can check its dhcp staruts by using the showdhcpopts command.

-> showdhcpopts

DHCP Module          :  Disabled

Domain Name          :  labyrinth.com

Gateway Address      :  192.168.  1.  2

Subnetmask id        :  255.255.255.  0

First DNS            :   10. 22.111. 53
Second DNS           :  205.197.182.100
Third DNS            :  209.150.117.251
value = 0 = 0x0

In the above example, the router's DHCP server capability is disabled, though it has already been set to provide a domain name, gateway address, subnet mask, and DNS server addresses once the DHCP server capability is re-enabled. You can change the information that it will provide to DHCP clients using the setdhcpopts command. If you want help on the command you can isse the command thelp "setdhcpopts (all arguments to the thelp command must be includied in double quotes). Once you have set the DHCP options, you can view them with the showdhcpopts command.

-> thelp "setdhcpopts"
Usage: setdhcpopts " { { -d < Domain Name > }
                       { -g < Gateway Address > }
                       { -n <-i> < ith DNS Address > } } "

Note    :    i =  {1,2,3}
value = 0 = 0x0

-> setdhcpopts "-d labyrinth.com -g 192.168.1.2 -n -1 10.22.111.53"
value = 0 = 0x0
-> showdhcpopts

DHCP Module          :  Disabled

Domain Name          :  labyrinth.com

Gateway Address      :  192.168.  1.  2

Subnetmask id        :  255.255.255.  0

First DNS            :   10. 22.111. 53
Second DNS           :  205.197.182.100
Third DNS            :  209.150.117.251
value = 0 = 0x0

With the "-d" option to setdhcpopts, you can set a domain name to be assigned to DHCP clients. The "-g" option allows you to provide the gateway address, in this case the address of of the router itself. The "-n" option allows you to set the addresses of DNS servers to be assigned to clients. The "-n" should be followed by another parameter, a dash and a number that specifies which DNS server value is being assigned, e.g. a "-1" for the first DNS server address or a "-2" for the second. That parameter should be followed by the actual DNS server address.

To specify the range of IP addresses that the DHCP server will assign use the setdhcp command.

-> thelp "setdhcp"
Usage: setdhcp " -a < Start of Address > -n < Number of Addresses > -f -p "

Note    : The value of 'Number of Addresses' must be Greater than ZERO.
value = 0 = 0x0

-> setdhcp "-a 192.168.1.50 -n 10"

 This operation may discard IP addresses that are  previously assigned/reserved.

 Are you sure you want to Continue?[y/n] :y
value = 0 = 0x0

The above setdhcp command sets the DHCP server to assign ten addresses starting at 192.168.1.50.

To actually enable the router to start functioning as a DHCP server, you need to use the enabledhcp. You need to follow that command with the saveconfig command to make the change permanent.

-> enabledhcp
Do saveconfig to save changes
value = 0 = 0x0
-> saveconfig
value = 0 = 0x0

You can then exit from the router with the exitwr command.

-> exitwr

[/network/routers/webramp] permanent link

The Russian police have announced they've caught those responsible for the murder of the man deemed Russia's number one spammer. Vardan Kushnir, who headed the English learning centers the Center for American English, the New York English Center and the Center for Spoken English was brutally murdered on Sunday, July 25. His death was caused by repeated blows to the head.

Mr. Kushnir was responsible for the transmission of millions of spam messages to Russians and others outside the country advertising the services of the companies he headed. He was well-known as a spammer in Russia and various means of exacting revenge for his spam had been tried in Russia. The American English Center's telephone numbers were widely posted on the web to encourage people to tie up the lines with calls not pertaining to purchasing the services he was advertising and his personal data was also published.The Russian deputy minister of communication recorded a message urging American Language Center to stop spamming and Rambler, one of Russia.s biggest Internet holdings, set up a calling system in its office, that played the message non-stop to the American Learning Center call-center operators and answering machines.

And a complaint was filed against him by a Moscow lawyer with the Russian Antitrust Authority, which is charged with the enforcement of ad laws. At the Antitrust Authority hearing, Kushnir claimed he had no idea who might be sending out those millions of ads for his business and the case was closed.

His death was greeted almost with jubilation by many, with Russian-language media often suggesting he got what he deserved. Some of the headlines for articles about his death included "The Spammer Had it Coming", "Spam is Deadly", "Ignoble Death Becomes Russia.s Top Spammer", "An Ultimate Solution to the Spam Problem". There was speculation in the Russian media and western media that his death might have come at the hands of someone fed up with Kushnir's spam.

But on August 14, Russian police arrested a 15-year-old girl and two boys aged 18 and 17 years of age along with a 27-year-old accomplice in connection with Kushnir's deat. They were accused of breaking into his apartment with the intent to rob him. One of the boys supposedly wielded a baseball bat to kill Kushnir. The story from the youths was that Kushnir had invited them to his place where he made passes at the 15-year-old girl. They said they tried to stop him, but Kushnir grabbed a knife and they were forced to defend themselves by hitting him on the head with an empty bottle. Their story sounds about as credible as Kushnir's claim he had no idea where all of the spam orginated from that advertised his business.

References:

1. Russian Police Claim Biggest Spammer's Murder Solved
   MosNews
   August 15, 2005
2. Russian Media Hails Spammer's Murder
   MosNews
   July 26, 2005
3. Russia.s Biggest Spammer Brutally Murdered in Apartment
   MosNews July 25, 2005
4. Russian Spammer murdered
   By John Leyden
   The Register
   July 26, 2005

[/network/email/spam] permanent link

I've started creating my own Vi tips to help me remember commands that I may not use frequently, but am likely to need again.

[/editors/vi] permanent link

While checking a system for adware/spyware, SpyCop Spyware Remover reported that cd_clint.dll, which was in c:\windows\system32 was part of "ADWARE: Cydoor". Bazooka Spyware Scanner also reported the file as being part of Cydoor.

Though cd_clint.dll is part of Cydoor, this particular file with an MD5 checksum of 65fd7ea79f626f7b57f4d6ced6339f32 is not. Instead it is a dummy file from CEXX Labs, which is intended to allow you to execute a spyware-dependent program without fear that the program is impeding the system's performance with adware/spyware. The dummy file can be downloaded from "Dummy files for neutering spyware".

The CEXX.Org webpage providing the download states that Pest Patrol 4 also gives a false positive result for this file.

For more information on Cydoor and CD_Clint.dll see Advertising Spyware: CyDoor CD_Load.exe and CD_Clint.dll"

In addition to differences in size and MD5 checksums, you can also easily distinguish the CEXX dummy version of cd_clint.dll from the Cydoor adware version by right-clicking on the file and choosing Properties and then Version. The differences between the files are listed below. It is possible Cydoor has released multiple versions of cd_clint.dll, so the size, checksum, and version information may differ for other versions of the Cydoor cd_clint.dll Dynamic Link Library (DLL) file.

Some antispyware software will report a false positive for the CEXX cd_clint.dll, identifying it as being part of Cydoor adware, apparently from the name alone. Programs I've found report a false positive and those I've found not to report it as malware are listed below.

I also submitted the file to Jotti's Online Malware Scan, which scanned the file with 14 different antivirus programs all of which reported "found nothing" for the file.

References:

1. Advertising Spyware CyDoor CD_Load.exe and CD_Clint.dll
2. Dummy files for neutering spyware
3. Cydoor - Adware removal instructions

[/security/spyware/cydoor] permanent link

I've spent a few days trying to resolve a problem on a system where there was no web access, but I could ping IP addresses, except for the IP address of the system itself. I finally traced the problem to the Norton Internet Security 2002 firewall software running on the system.

[ More Info ]

[/os/windows/software/security/firewall] permanent link

While troubleshooting an Internet access problem on a system, I noticed a lot of entries for dubious sites in the registry under HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\. There were a lot of keys for domain names I know are associated with adware/spyware, such as 180solutions.com, brilliantdigital.com, and exactsearchbar.com. There were a lot of other dubious sounding domain names, such as casinoking.com, casinolasvegas.com, and casinodelrio.com. When I checked the values of the keys, I noticed they were all set as follows:

At Microsoft's WinInet Registry settings webpage, I found the following:

Per Site Cookie Handling

To handle site-by-site cookies, per-domain cookie decisions are stored under the HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Internet Settings\P3P\History\<domain> key. The domains are added to the registry by WinInet when the user adds sites by using the Per Site Privacy Actions dialog box.

The default value of the <domain> key stores the decision value. The following table shows the possible values.

Value	Description
REG_DWORD: 1 (COOKIE_STATE_ACCEPT)	Accept all cookies from this site.
REG_DWORD: 5 (COOKIE_STATE_REJECT)	Reject all cookies from this site.

So a value of five in the key will block cookies from a site listed with that value. The values were probably placed there by one of the antispyware programs I previously installed on the system.

Internet Explorer 6 apparently checks the P3P keys to determine whether to allow a site to place a cookie on the system as described in IE6 and cookies. P3P stands for Platform for Privacy Preferences.

References:

1. WinInet Registry Settings
2. IE6 and cookies
3. P3P Public Overview

[/os/windows/registry] permanent link

Amazon.com has been hoisted on its own petard. An Associated Press report on ABC News today states that Amazon paid $40 million to Soverain Software LLC to settle a software patent-infringement lawsuit. Soverain, a small Chicago-based company claimed that Amazon's website infringed on Soverain patents on network sales sysetms and Internet server access control and monitoring systems.

Amazon's own use of software patents to try and stymie competition prompted many to urge a boycott of Amazon a few years ago. Amazon claimed Barnes and Noble's use of a one-click shopping technique infringed on an Amazon software patent. Amazon settled that lawsuit in 2002, but didn't disclose details of the settlement.

Amazon essentially obtained a patent on the idea that a command from a web browser to a web server could carry with it identifying information about your identify, which is done by the use of a cookie. Unfortunately, the US Patent Office is willing to grant software patents for lots of obvious ideas and large corporations now seek to use such patents to stifle competition. And smaller ones can use such patents to reap large rewards for simply being the first to get a patent on the idea. When someone else does the hard part of actually implementing the idea, then the software patent holder takes the other company or individual to court hoping for rich rewards with little real effort involved on their part other than filing the patent application. Instead of fostering innovation as was the founding fathers' intent for patent law, the software patents limit innovation and enrich software patent lawyers and the companies who make a living from waiting on others to implement an obvious idea and then suing them or getting a patent specifically to stymie or harrass a competitor as Amazon did with the 1-Click patent.

Even one of Amazon's own founding programmers, Paul Barton Davis, labelled Amazon's 1-Click patent "a cynical and ungrateful use of an extremely obvious technology." He further stated "Amazon.com's early development relied on the use of tools that could not have been developed if other companies and individuals had taken the same approach to technological innovation that the company is now following."

But it isn't just software patents where the ridiculousness of the US Patent Office's practices is shown. Would you believe the US Patent Office granted a patent on a crustless peanut butter and jelly sandwich? Well they did. The J.M. Smucker Co. was granted a patent on a method for making "Uncrustables", which are just peanut butter and jelly sandwiches with no crust sealed in plastic. And the US Patent and Trademark Office (USPTO) has even allowed a patent on the method of moving side-to-side on a swing. No, I'm not making this up. None other than the Wall Street Journal reports this absurdity in an April 5, 2005 article at Patent No. 6,004,596: Peanut Butter and Jelly Sandwich.

Smuckers also filed a lawsuit based on its patent, going after a small grocer and caterer, Albie's Foods Inc. of Gaylord, Michigan, demanding they stop selling crustless peanut butter and jelly sandwiches.

Why are patents granted on ideas like 1-Click shopping or sealed crustless peanut butter and jelly sandwiches? One reason may be that the USPTO encourages patent examiners to approve patents quickly with minimal quibbling, since the USPTO is now supposed to be financially self-sufficent and charges per patent application processed. You can find further information on what has led to the current state of affairs with the USPTO at The Patent Trap.

References:

1. Boycott Amazon! - GNU Project
   GNU.org
2. Unitd States Patent: 5,960,411
   GNU.org
3. Amazon One-Click Shopping
   June 5, 2000
4. Patent No. 6,004,596: Peanut Butter and Jelly Sandwich
   By Sara Schaeffer Munoz
   Staff Report of The Wall Street Journal
   April 5, 2005
5. Children Rejoice -- Peanut Butter and Jelly Patent Rejected on Appeal
   by Dennis Crouch, patent attorney at McDonnell Boehnen Hulbert & Berghoff LLP
   April 8, 2005
6. The Patent Trap
   Garrett M. Graff
   Harvard Magazine
   

[/network/web/shopping] permanent link

I noticed that a Solaris 5.7 system had run out of free space on the var partition. A "df -k" showed only a few bytes free.

# df -k
Filesystem            kbytes    used   avail capacity  Mounted on
/proc                      0       0       0     0%    /proc
/dev/dsk/c0t0d0s0    2052750 1420927  570241    72%    /
fd                         0       0       0     0%    /dev/fd
/dev/dsk/c0t0d0s3    1015542  953786     824   100%    /var
/dev/dsk/c0t0d0s4    5058110 3396738 1610791    68%    /home
swap                  212496     872  211624     1%    /tmp

I checked /var/log and found that log files were not being rotated and several had grown quite large. So I moved those to another partition. I then used the touch command to create new empty copies of the files and changed their protection so only root, which owned the files, had access.

touch sshd.log
touch maillog
chmod 600 sshd.log
chmod 600 maillog

But the system didn't seem to realize that I had moved those large files elsewhere. It didn't show any increase in free space with "df -k" after I moved the files. I logged into a user account, brought up Pine, and deleted several messages with large attachments. The system then showed an increase in free space and email started coming into the account again. It hadn't been coming in because there was no room to store it on the /var partition.

I then noticed the system didn't seem to be using the new files I created with the touch command. The sshd.log and maillog files weren't growing. I logged into the system with sshd, but no entry was placed in /var/log/sshd.log file for the login. And, though, new mail was coming in, no entries were placed in /var/log/maillog. When I checked the /var/log/syslog file I found that mail entries were appearing there. I checked /etc/syslog.conf and found the following entry that should put entries for sendmail email deliveries in /var/log/maillog.

mail.info                                       /var/log/maillog

And there was an entry that should have been putting entries in /var/log/sshd.log for ssh connections.

daemon.info                                     /var/log/sshd.log

The system had been placing the appropriate entries in those two files until I moved the maillog and sshd.log files. I then realized I probably needed to restart syslog. When I restarted it, the system suddenly acknowledged that I had a great deal more free space on the var partition and an "ls -l /var/log" showed the sshd.log and maillog files growing. And when I checked them I saw that entries were being added again for ssh logins and email deliveries.

# /etc/init.d/syslog stop
# /etc/init.d/syslog start
syslog service starting.

[/os/unix/solaris] permanent link

Some antivirus vendors offer free online virus scanning services. Though in some cases you may have to purchase software from the vendor to remove the detected malware, you will at least be able to determine if the system is infected and the particular malware infecting it.

You can also use Jotti's Online Malware Scan service to submit individual files for immediate free analysis by 14 different antivirus programs.

[ More Info ]

[/security/antivirus] permanent link

The Windows XP Firewall, which is turned on by default on systems running Windows XP Service Pack 2, unless they are in a domain with a Windows SBS 2003 server with an early version of Windows SBS 2003, can be turned off from another machine in the domain by using "Computer Management".

[ More Info ]

[/os/windows/xp/firewall] permanent link

Microsoft provides a prnmngr.vbs script with Windows XP and Small Business Server (SBS) 2003 systems. This script can be found in %windir%\system32, which will normally be c:\windows\system32. The script can be used to add, delete, and list printers or printer connections. It can also be used to set or display the default printer. If you run the script using cscript without any parameters it will display the usage information shown below. If you are unfamiliar with cscript, it provides a mechanism for running VBS scripts. The "/nologo" option for cscript supresses the display of the Microsoft logo information normally displayed when a script is run with cscript. You can run the script from a command line. You need to change to the %windir%\system32 directory or include the full path to the script when you run it, e.g. cscript /nologo c:\windows\system32\prnmngr.vbs -l.

C:\WINDOWS\system32>cscript /nologo prnmngr.vbs
Usage: prnmngr [-adxgtl?][c] [-s server][-p printer][-m driver model]
               [-r port][-u user name][-w password]
Arguments:
-a     - add local printer
-ac    - add printer connection
-d     - delete printer
-g     - get the default printer
-l     - list printers
-m     - driver model
-p     - printer name
-r     - port name
-s     - server name
-t     - set the default printer
-u     - user name
-w     - password
-x     - delete all printers
-?     - display command usage

Examples:
prnmngr -a -p "printer" -m "driver" -r "lpt1:"
prnmngr -d -p "printer" -s server
prnmngr -ac -p "\\server\printer"
prnmngr -d -p "\\server\printer"
prnmngr -x -s server
prnmngr -l -s server
prnmngr -g
prnmngr -t -p "\\server\printer"

If you want to view the default printer for a system you can use the -g parameter.

C:\WINDOWS\system32>cscript /nologo prnmngr.vbs -g The default printer is Microsoft Office Document Image Writer

If you want to view all of the printers for a system and save the output to a file, such as printers.txt, you could use the following command.

C:\Documents and Settings\Administrator>cscript /nologo c:\windows\system32\prnmngr.vbs -l >printers.txt

The information that will be displayed for each printer when you use the -l option will be similar to that shown below.

Server name
Printer name HP Business Inkjet 3000 PCL 6
Share name Pam HP3000
Driver name HP Business Inkjet 3000 PCL 6
Port name USB002
Comment
Location
Print processor WinPrint
Data type RAW
Parameters
Attributes 8776
Priority 1
Default priority 0
Status Unknown
Average pages per minute 0

References:

1. Microsoft Windows XP - Prnmngr.vbs"
2. Handy VBS Scripts

[/languages/vbs] permanent link

On Unix and Linux systems, you can use the arch command to display the application architecture of the host system. Systems can be broadly classified by their architectures, which define what executables will run on which machines. A distinction can be made between kernel architecture and application architecture (or, commonly, just "architecture"). Machines that run different kernels due to underlying hardware differences may be able to run the same application program.

On current Linux systems, arch prints things such as "i386", "i486", "i586", "alpha", "sparc", "arm", "m68k", "mips", "ppc" and is equivalent to the uname -m command.

Due to extensive historical use of this command without any options, all SunOS 5.x SPARC based systems will return "sun4" as their application architecture. Sun discourages the use of this command and recommends the use of the uname command instead.

The Solaris version accepts a -k option, which will display the kernel architecture, such as sun4m, sun4c, etc. This defines which specific SunOS kernel will run on the machine and has implications only for programs that depend on the kernel explicitly.

Examples:

RedHat Linux 9 system with a 2.4.20-28.9 kernel

$ arch
i686

Sun Ultra 5 running Solaris 5.7

$ arch
sun4
$ arch -k
sun4u

[/os/unix/commands] permanent link

I normally use the bash shell on Unix and Linux systems. A shell is the user interface to the system. The shell on Unix and Linux systems gives you the type of interface you get with a command prompt on Windows systems. On older versions of Windows you would be issuing DOS commands at the command prompt. As you have batch files with DOS, with Unix and Linux shells you can create scripts to automate your work, though you normally get a much richer set of commands than with DOS.

Prior to the development of the bash shell there was a Bourne shell and the name Bourne Again Shell (bash) comes from the name of that prior shell. The bash shell was created by Brian Fox in 1988. He continued to work on it until 1993. Chet Ramey joined Brian in the development of bash in 1989 and Chet continued the work on bash after Brian ceased his development efforts on bash.

I've posted a few bash tips in Bash Tips

[/os/unix/bash] permanent link

I use Blosxom for my blog and the Blosxom Calendar Plugin to add a calendar to the blog. I installed version 0.6i of the plugin on August 30, 2004. Today, I noticed that if I click on the path link at the bottom of an entry where the path has a directory as part of the path with a name beginning with a number, clicking on that link generates the internal server error shown below.

Server error!


    The server encountered an internal error and was 
    unable to complete your request.


    Error message:
    Premature end of script headers: blosxom


If you think this is a server error, please contact
the webmaster


Error 500

When I looked in the site's error log, I found the following.

[Mon Jul 25 19:18:21 2005] [error] [client 162.83.13.120] Cannot handle date (0, 0, 0, 1, 11, 2800) at /support/blog/plugins/calendar line 214, referer: http://support.moonpoint.com/blog/blosxom/index.html?find=Dell&plugin=find&path=

When I checked line 214 in the calendar plugin I saw the following.

$monthstart = timelocal(0,0,0,1,$month-1,$year-1900);

The problem appears to be triggered whenever there is a directory with the directory name starting with a number in part of the path. I had a directory with /pc/hardware/dell/4700 as part of the path. I renamed the 4700 directory to d4700 and the problem went away. I changed it to 4700d and the problem reoccurred. I changed it to 3800 and the problem remained. Since I didn't have time to carefully examine the code in the calendar plugin, I finally just changed the directory to dimension_4700 and left it at that.

I thought there might be a later version of the plug-in at the developer's website, but the 0.6i version is the one still posted there.

[/network/web/blogging/blosxom] permanent link

I installed ht://Dig because I thought I had placed certain information on my website, which I waned to refer to again, but couldn't locate it. I have a search tool for the blog, but that will only search the blog's content. Since I couldn't find the information with that tool, I thought I might have placed the information in a file or files that weren't part of the blog's entries. So I installed htdig and used it to search the entire site. I still couldn't find the information, though I can recall creating a webpage with the information.

Oh well, I'll just have to keep looking or figure out how to do what I need to do again. One of the reasons I created the blog was to serve as a reference when my memory fails me on how I resolved a problem in the past. But, if I didn't post the information here, it's going to take me much longer to locate it or figure out again the steps I took previously.

So I won't have that problem with installing htdig again, I've posted my notes in the blog. Hopefully, it might help someone else as well in resolving problems or answering questions about setting it up so it can be used with multiple websites on the same server.

[ More Info ]

[/network/web/tools/search] permanent link

An article titled Russia.s Biggest Spammer Brutally Murdered in Apartment appeared in MosNews today. The article states that the man considered to be Russia's biggest spammer was found brutally murdered in his apartment on Sunday from repeated blows to the head.

Vardan Kushnir, 35, headed the Center for American English, the New York Engish Centre, and the Centre for Spoken English, which sent millions of email messages every day.

According to the article, under Russian law spamming is not illegal, but Russian lawmakers are working on anti-spam measures.

[/network/email/spam] permanent link

A user reported that his address book could not be displayed in Outlook 2003. I composed a new message and tried to bring up the address book to put an address in the "To" field of the message. When I did so, I saw the message below:

The address list could not be displayed. The Contacts folder associated with this address list could not be opened; it may have been moved or deleted, or you do not have permissions. For information on how to remove this folder from the Outlook Address Book, see Microsoft Office Outlook Help.

But under "Show names from the", I could see his contact folders and even select "Contacts" and see all of the addresses in his main contacts folder. Microsoft has steps to correct the problem at http://support.microsoft.com/default.aspx?scid=kb;en-us;Q319901 in Article ID 319901 titled "The address list could not be displayed" error message when you use your Contacts to address a new message in Outlook. The article indicates the problem can be caused by a corrupted address book. The steps suggested in the article corrected the problem. I've listed the steps below:

RESOLUTION

1. Start Outlook.
2. On the Tools menu, click E-mail Accounts.
3. Click View or change existing directories or address books, and then click Next.
4. Click Outlook Address Book, and then click Remove.
5. Click Yes when you receive the prompt to confirm the removal.
6. Click Add.
7. Click Additional Address Books, and then click Next.
8. Click Outlook Address Book, and then click Next.
9. Click OK when you receive the message to restart Outlook.
10. Click Finish.
11. Click Exit on the File menu to quit Outlook.
12. Restart Outlook.
13. In the Folder list, right-click the folder that you want to use with the Address Book (for example, right-click Contacts), and then click Properties.
14. Click the Outlook Address Book tab.
15. Click to select the Show this folder as an e-mail Address Book check box (if it is not already selected), and then click OK.

[/network/email/clients/outlook] permanent link

If you need to import an Outlook Express address book into Outlook Express on another system or into the address book of another account on the same system, take the steps listed below.

Locating an Address Book

Locate the previous Outlook Express address book. It will be a .wab file (presumably this stands for "Windows Address Book"). You won't be able to locate it if the Windows Explorer is using the default folder settings, which don't allow you to view hidden and system files. You need to change those settings first, if you haven't previously done so, to display hidden and system files (instructions for viewing hidden and system files).

The address book, which will have a "wab" extension, will likely be under C:\Documents and Settings\username\Application Data\Microsoft\Address Book, where "username" is the relevant user's userid, e.g. "JSmith".

If you are importing the address book into an account on the same system, you can proceed to the step of importing it into Outlook Express. Otherwise copy it to the other system. There may also be a file with an extension "wab~". That is a backup file, which you can ignore. If you want to view the entries in the address book, you can double-click on the file and look under "Main Identity's Contacts" for the list of addresses in the address book

Importing the Address Book

1. Click on "Addresses" to open the address book.
2. Click on "File" and select "Import" followed by "Address Book (WAB)".
3. Browse to where the address book is stored, click on it to select it and then click on the "Open" button, which will import the addresses from that file. You should see "The import process completed successfully" when the operation is complete.

[/network/email/clients/outlook-express] permanent link

If your system is connected to the Internet by a dynamic Internet Protocol (IP) address, but you need to be able to reach the system with a fixed name, you can use a dynamic Domain Name System (DNS) service, such as the one provided by No-Ip.com. You can install their dynamic update client on the system and it will report its IP address to No-Ip's DNS servers.

If the No-IP Dynamic Update Client (DUC) software on a system is not updating the IP address for the system with

No-IP's servers, you can start and stop the service from the command line (you may need to be logged into an account in the administrator group) by using the following commands:

net stop noipducservice
net start noipducservice

You can determine when a system last updated its address with No-Ip's servers by logging into your No-Ip account and under "Hosts/Redirects", click on "Manage". Locate the name of the system in question and click on "Modify" for it. You will see a "Last Update" for it.

[/network/dns] permanent link

I run various sendmail log file processing scripts nightly to process the day's maillog file. At midnight, the maillog file in /var/log is rotated to /var/log/maillog.1. The log file processing scripts then analyze maillog.1 and produce reports based on its contents to allow me to track what is happening on the mail server. I added a Perl script, smlogstats, to the daily email log processing scripts.

The original smlogstats script is available from http://www.salug.org/~wcb/smlogstats.pl.txt. That script used a hardcoded output file. Since I want to maintain an archive of sendmail reports, I modified the script slightly to optionally allow the output file to be specified. The modified smlogstats.pl script has the following usage:

usage:  smlogstats.pl [ -d ] [ -l logfile ] [ -o htmlfile] [ -t n ]

-d  print detail
-l  full path name to logfile (default /var/log/maillog)
-o  full path to the html output file (default stats.html)
-t  print top n addresses (default 10)

I use another script, smlogstats-log to produce a log file when it is run by cron every night at midnight. The script puts its output in /home/logfiles1/www/support/internal/logs/mail/smlogstats/$(date --date=yesterday +%Y)/$(date --date=yesterday +%m%d%y).html. The directory path includes a directory with the year specified, i.e. date --date=yesterday +%Y, followed by the file name, which is yesterdays date in mmddyy format followed by an extension of html.

Script - smlogstats.pl
Example output file- 063005.html

[/network/email/sendmail] permanent link

If you need to configure a Windows system as a proxy server, you can use AnalogX Proxy, which is available for free.

AnalogX Proxy provides the following proxy services using the ports listed below:

    HTTP    (web browsers)                  (port 6588)
    HTTPS   (secure web browsers)           (port 6588)
    SOCKS4  (TCP proxying)                  (port 1080)
    SOCKS4a (TCP proxying w/ DNS lookups)   (port 1080)
    SOCKS5  (only partial support, no UDP)  (port 1080)
    NNTP    (usenet newsgroups)             (port 119)
    POP3    (receiving email)               (port 110)
    SMTP    (sending email)                 (port 25)
    FTP     (file transfers)                (port 21)

It is possible to change the ports used by AnalogX Proxy for the various proxy services it supports.

[ More Info ]

[/network/proxy] permanent link

I had to replace a disk drive in a Dell Dimension 4700 PC. Perhaps not coincidentally, the disk drive in another Dell Dimension 4700 PC also purchased in December 2004 died the same week. The drives were 80 GB Maxtor drives with model number 6Y080M0. It seemed odd that both systems, which though purchased from Dell at the same time were at separate locations, should suffer a drive failure in less than six months of use.

Dell shipped a replacement drive that arrived the next day. I told the Dell support person I spoke to that I only needed the drive, not someone to install it.

I was able to recover the users' files in her "My Documents" folder, but there was no backup for the system, so I had to reinstall the operating system and applications. Unfortunately, Dell apparently did not provide all of the drivers needed for the system on a CD with the system. So, though the user had a CD for Windows XP Pro, Microsoft Office 2003, Sonic RecordNow, and CyberLink DVD, there was no CD with the needed Network and Video adapter drivers nor was there one for the modem driver, which would make it difficult to obtain the needed drivers if no other PC was available to use to download the drivers.

I was able to download the needed drivers with a laptop, however, and transfer them by USB key to the 4700.

[ More Info ]

[/pc/hardware/dell/dimension_4700] permanent link

A script to configure a Solaris system as a DNS server is available at http://www.bolthole.com/solaris/configdns.sh. After downloading the script make it executable with chmod, e.g. chmod 755 configdns.sh. When you run the script, /etc/resolv.conf and either /etc/named.boot or /etc/named.conf will be replaced, so you may want to make a backup copy of those files beforehand. The output of the script, which should be run from the root account, is shown below:

# sh configdns.sh
This script will automatically configure your machine to run a
DNS server. It will completely destroy /etc/resolv.conf, and
either /etc/named.boot, or /etc/named.conf, as appropriate
It may also modify /etc/nsswitch.conf if neccessary.
Continue? (y/n)
y
copied /etc/resolv.conf to /etc/resolv.conf.pre-config
Made /etc/resolv.conf
nsswitch.conf already okay
Restarting namedemon
cat: cannot open /etc/named.pid
As soon as your internet link is up, you should be set to go!
Please note: This script assumes you are setting up a single isolated
machine. If this machine needs to allow others to query DNS through it,
please read the comments in /etc/named.conf

The /etc/named.conf file produced by the script is shown below:

options {
                directory "/etc/named";
# use 127.0.0.1 if you are an isolated machine. Otherwise, either
# comment out the "listen-on" line entirely, or supply the appropriate
# internal or external address
                listen-on { 127.0.0.1; };
        };
        zone "." in {
                type hint;
                file "named.cache";
        };

        zone "0.0.127.in-addr.arpa" in {
                type master;
                file "named.local";
        };

The "listen-on" line, by default, will have the system listen for name queries only on the loopback port, 127.0.0.1, which means that you could perform host lookups only on the system itself. You could use the nslookup command to verify that the system is responding to name queries as below:

# nslookup
Default Server:  localhost
Address:  127.0.0.1

> cisco.com
Server:  localhost
Address:  127.0.0.1

Name:    cisco.com
Address:  198.133.219.25

But, if you configure another system to use the Solaris system as a DNS server, it won't respond, since it is only listening on the local loopback port. If the Solaris system has an IP address of 192.168.1.1, you could replace the listen-on line in /etc/named.conf with listen-on { 127.0.0.1; 192.168.1.1; }; or comment out or remove the listen-on line to have the system respond to queries on any network interface. If you change /etc/named.conf, you will need to restart the name server, which you can do with the commands below:

kill `cat /etc/named.pid` 2>/dev/null
/usr/sbin/in.named

If you create a script to restart the name server, put a sleep 1 between the two lines above.

The /etc/resolv.conf file that you will have when you run the installation script will look something like the one below:

domain mycompany.com
nameserver 127.0.0.1

I've used the configdns.sh script on a Solaris 2.7 system. Other Solaris scripts are available from the creator of the script, Philip Brown, at Phil's Solaris Hints or mirrored at Phil's Solaris hints.

[/os/unix/solaris] permanent link

When Service Pack 2 is installed on a Windows XP system, the Windows Firewall is automatically activated on that system. The firewall can prevent a Symantec Antivirus Server, e.g. a system functioning as the antivirus server for Symantec AntiVirus Corporate Edition 8.0, from managing the Windows XP client. You will need to add an exception to the firewall settings on the client system to open UDP port 2967 access from the antivirus server.

[ More Info ]

[/security/antivirus/symantec] permanent link

I was switching back and forth between a Sun Solaris SPARC workstation and a Knoppix Linux LiveCD system and placed the keyboard for the Sun system against the side of the desk when I switched to the Linux system. I then inadvertently knocked over the Sun keyboard. It fell face down and the keyboard button that will power off the Sun must have been depressed, since it shut itself down. After it shut down, I hit the button again to power it up, hoping I would find my desktop just as it was when the system shut down.

When the system, which is running Solaris 2.7, powered back on, I got my Common Desktop Environment (CDE) login prompt informing me I needed to unlock the screen. I logged into the regular user account I had been using only to find a white desktop with none of the many windows that had been open previously visible. I had a lot of information I didn't want to lose, so I tried pinging the system from another system, which worked. I was also able to establish an SSH connection to the Sun system from the Linux PC.

So I went back to the Sun's console and tried some key combinations to see if I could get to any of the windows I had open previously. I found that just as on a Windows-based PC, I could hit the Alt and tab keys simultaneously to cycle through the open windows. When I did so, I saw a small icon for each window, which I could then open fully by hitting Alt-space and then choosing "Maximize" from the menu that appeared (Alt-F10 will also maximize the window). I was then able to save information in windows I had open previously.

Since I had a lot of windows open and I really wanted to just pick up from where I had been when the system powered down, I searched for an alternative means of restoring the CDE . In the Solaris 7 3/99 Online Release Notes (SUNWrdm), I found a secton titled "SPARC only: restore from sys-suspend Sometimes Does Not Restore CDE (4174133)", which described the problem I was experiencing, i.e. a white screen appearing after a system was restored from a sys-suspend. The information provided in that section is included below:

SPARC only: restore from sys-suspend Sometimes Does Not Restore CDE (4174133)

sys-suspend(1M) may hang and not refresh the screen on some slow systems. After a system is resumed, Screen Lock is in effect by default. This problem occurs after you enter a user password. A white screen is displayed instead of a Common Desktop Environment (CDE) screen. Although you can gain access to the system remotely, you cannot enter anything because the screen is still locked. If this problem occurs, you can recover the CDE session by remotely logging on the system as superuser and then killing the sys-suspend process.

Workaround: If this problem has occurred as a result of executing autoshutdown, use the dtpower(1M) application to disable autoshutdown. The problem does not occur if you execute sys-suspend without the Screen Lock option.

Refer to "Disabling the Screen Lock" in Using Power ManagementSolaris 7 Reference Manual Collection for a description on how to disable the Screen Lock for sys-suspend invoked by the keyboard's power key. To disable the Screen Lock for the sys-suspend command that is invoked from the CDE Workspace Menu:

1. Become superuser.

2. Create the following dtaction file /etc/dt/appconfig/types/locale/sunOW.dt. The locale is the name of the language option that is selected when you start CDE.

3. Copy the ACTION SDTsuspend { ... } definition from /usr/dt/appconfig/types/locale/sunOW.dt to /etc/dt/appconfig/types/locale/sunOW.dt.

4. Add the -x flag to sys-suspend command in the /etc/dt/appconfig/types/locale/sunOW.dt file.

5. Exit the CDE session and log in again.

I didn't follow those instructions, but they provided me with the clue I needed to get my desktop to reappear with all of its windows visible again. From the terminal window I had open where I had established the SSH session, I became root and then searched for the sys-suspend process. When I found it I tried to kill it with kill -HUP, but that didn't kill it, though kill -9 did produce a prompt to suspend, shutdown, or cancel on the screen of the Sun workstation.

# ps -ef | grep suspend
    root 12233 20298  0 17:15:39 pts/12   0:00 grep suspend
    root 20868 20867  0 16:18:40 ?        0:13 /usr/openwin/bin/sys-suspend
# kill -HUP 20868
# ps -ef | grep suspend
    root 12452 20298  0 17:16:16 pts/12   0:00 grep suspend
    root 20868 20867  0 16:18:40 ?        0:13 /usr/openwin/bin/sys-suspend
# kill -9 20868

When I used the kill -9 followed by the PID, a window popped up on the console with three options: suspend, shutdown, or cancel. I chose "cancel" and the desktop reappeared with all of my windows just as I had left them.

[/os/unix/solaris] permanent link

Sometimes it is desirable to change the order in which pages are printed by a printer. Some printers, such as the HP Business Inkjet 2800, allow the order in which pages are modified to be selected, e.g. print first page first or last page first.

[ More Info ]

[/os/windows/printers] permanent link

An Outlook 2003 user reported that she received the message "The command is not available. See the program documentation about how to use this extension" when trying to change her out-of-office message to reflect the fact that she was no longer out of the office. I found that by going to "Tools", "About Microsoft Office", and then re-enabling the disabled outex.dll add-in, I was able to correct the problem.

[ More Info ]

[/os/windows/office/outlook] permanent link

Solaris 7 comes with software that allows it to be set up to function as a DHCP server. It is fairly easy to set up using /usr/sbin/dhcpconfig.

[ More Info ]

[/os/unix/solaris] permanent link

While scanning a system with ClamWin that has been performing poorly, I found calsdr.dll, which ClamWin identified as Trojan.Downloader.Rameh-1, which appears to be a remnant of a previously removed FavoriteMan adware/spyware infection.

[ More Info ]

[/security/spyware/favoriteman] permanent link

I found entries in a Windows XP system's application log stating "the clocks on the client and server machines are skewed" and entries in the application log on the server referring to Kerberos problems stating "the ticket used against that server is not yet valid (in relationshiop to that server time). Contact your system administrator to make sure the client and server times are in sync". I found the problem was due to the fact that the Windows Time service, aka w32tm, was not running on the server, which was the domain controller for the domain.

[ More Info ]

[/os/windows/domain] permanent link

On Linux systems and Unix systems you can use the cal utility to view a calendar. If you type cal, you will see a calendar for the current month.

     April 2005
Su Mo Tu We Th Fr Sa
                1  2
 3  4  5  6  7  8  9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30

If you want a calendar for another month, either in the past or the future, you can specify the month and year with cal mm yyyy. E.g. to view the calendar for February 2005, you could use cal 02 2005.

    February 2005
Su Mo Tu We Th Fr Sa
       1  2  3  4  5
 6  7  8  9 10 11 12
13 14 15 16 17 18 19
20 21 22 23 24 25 26
27 28

You can view the calendar in Julian format with the -j option, i.e. produce a calendar that shows the number of days that have elapsed since the start of the year with January 1 as day one and February 1 as day 32. E.g. cal -j 02 2004 produces a Julian date calendar for February 2004.

       February 2004
Sun Mon Tue Wed Thu Fri Sat
 32  33  34  35  36  37  38
 39  40  41  42  43  44  45
 46  47  48  49  50  51  52
 53  54

If you need more features from a calendar display program, you can try the GNU gcal program or the pcal and lcal programs, which can generate postscript and html output.

[/os/unix/commands] permanent link

I needed the capability to convert Microsoft Excel spreadsheets sent to my email account on a Linux system to a form I could work with on that system. The spreadsheets contain just email addresses that I need to put into a text file for a mailing list on the Linux email server. I wanted something simple and straightforward to use. I didn't need a lot of bells and whistles, just the capability to convert the data in the .xls spreadsheet file to a text or CSV file. I found antixls, which can be downloaded from the author's site at http://www.af0.net/~dan/?antixls, which suited my needs perfectly.

Antixls is a small Perl script that can display the information in a spreadsheet in a number of modes, including in ASCII art format, "linear" (unformatted), CSV, and linearly with cell indices, which is the default mode. The antixls Perl program provides a wrapper for Kawai Takanori's Spreadsheet::ParseExcel module.

Help on using the script can be viewed by typing antixls --help.

Usage: antixls [options...] excelfile1 [excelfile2 ...]
General Options:
--help                  This help information
--version               Show version information
--formatted             Display sheets in ASCII-art table
--linear                Display sheets in "linear" (unformatted) mode
--csv                   Display sheets in CSV mode
--indexed               Display sheets linearly with cell indices (default)

I wanted to convert the membership spreadsheet to text or CSV format. I found that converting to CSV format with antixls worked, since afterwards I only needed to remove the comma at the end of each line with vi to put the email addresses in the text format I needed of one addres per line. Linear (unformatted) mode would also have worked well. As examples of the output from the program, below I've included the output in the formats the program can use for output. I placed the commands that produced the output above the output. The actual email addresses have, of course, been altered.

Sheet: 2005_All_Members
================================================================================
|OfficeE-mail                             |
|1pm4467@gw.njsp.org                      |
|1701A@dunbararm.com                      |
|1769B@dunbararm.com                      |
|aackorman2@sovlog.com                    |
|aaron.groom@pharma.com                   |
|b1smith@bulldog-tech.com                 |

Sheet: 2005_All_Members
(0, 0)          OfficeE-mail
(1, 0)          1pm4467@gw.njsp.org
(2, 0)          1701A@dunbararm.com
(3, 0)          1769B@dunbararm.com
(4, 0)          aackorman2@sovlog.com
(5, 0)          aaron.groom@pharma.com
(6, 0)          b1smith@bulldog-tech.com

Sheet: 2005_All_Members
OfficeE-mail
1pm4467@gw.njsp.org
1701A@dunbararm.com
1769B@dunbararm.com
aackorman2@sovlog.com
aaron.groom@pharma.com
b1smith@bulldog-tech.com

Site	antixls
Developer
MoonPoint

Download antixls

[/languages/perl] permanent link

If you need to locate someone's PGP key on a PGP server using gnupg, you can use the command gpg --search-keys --keyserver <servername> <name>, where "servername" is the name of the PGP server where the key is stored and "name" is the person's name. For instance, suppose the person's last name is Pacheo and the applicable key server is server1.somewhere.com, then you would use gpg --search-keys --keyserver server1.somewhere.com pacheo. If there were multiple keys on the server that matched, you would see a numbered list of all matching keys and would be prompted to enter the number for the one you want. Once you select the one you want, you should see a message indicating the public key for the person has been imported to your keyring. If you issue the command gpg --list-keys, you should see the new key listed.

If the email address associated with the new key was pacheo@abcxyz.com and you wanted to send the file confinfo.xls as an encrypted attachment to an email to the person, you could use gpg --encrypt -r pacheo@abcxyz.com confinfo.xls. Gnupg would then create a new encrypted version of the file called confinfo.xls.gpg, which you could attach to your email. The recipient, who you specify with the "-r" option, would then need a program on his end, such as gnupg, PGP, etc. that could decrypt the file, producing a duplicate of the original confinfo.xls file.

In the above example, you would be using the person's public key to encrypt the file. Only someone who has the associated private key, which should only be that person or someone he very much trusts, will be able to decrypt the file. You don't need his private key to encrypt the file, only the public key, which he can make available to anyone via the key server.

[/security/encryption/gnupg] permanent link

I see that the website, www.paypal.com.sdll.us, that was being used on Monday for a PayPal scam (see PayPal Phishing Attempt at www.paypal.com.sdll.us) has been taken down. Hopefully, the person running the spoofed site has been identified.

[/security/scams/phishing/paypal] permanent link

If a message is stuck in a sendmail mail queue and you can tell that it is because of an invalid "to" address, you can correct the problem by editing the appropriate "qf" queue file. For instance I saw a message queued the day before addressed to an address similar to john_castle@senate.state. Obviously, the sender left off the end of the address, which should have included the state abbreviation followed by .us. Since senate.state is not a valid domain name, sendmail assumed that senate.state.com was the intended domain name. A server with that name existed, but wasn't accepting email, i.e. it wasn't listening for connections on port 25 But as far as sendmail was concerned the delivery problem might only be temporary, so it would keep trying to deliver the message for five days before giving up and bouncing the message back to the sender.

The queue id for the message was j35DxWRb002888. Since sendmail stores the "envelope" information for messages in queue files in /var/mail/mqueue with filenames beginning with "qf", I used vi to edit qfj35DxWRb002888. I replaced senate.state.com with the appropriate address and replaced all occurrences of senate.state with the correct address.

If you then want to have sendmail attempt to send the queued message immediately, you can use "sendmail -q 0 -v" to have sendmail attempt to process all queued messages once immediately. The "-q" specifies the time with zero instructing it to do it now and "-v" displaying verbose results, which will allow you to see the process of sendmail connecting to a recipient's email server and attempting to deliver the message (you might not want to use the "-v" option if you have lengthy queues).

[/network/email/sendmail] permanent link

Checking a system with poor peformance using Spybot Search & Destroy, I found WildTangent Web Driver, but it did not appear to be the source of the problem and as far as I can determine isn't a significant security risk or system destabilizer.

[ More Info ]

[/security/spyware/wildtangent] permanent link

I received three copies of an attempt to garner PayPal account information today. The spoofed PayPal site was at http://www.paypal.com.sdll.us/webscr/index.html. The phisher used a JavaScript technique for overlaying Internet Explorer's address bar with a URL pointing to the real PayPal site, making it appear that anyone clicking on a link in the message had gone to the real site, whereas they would actually be at the spoofed site.

[ More Info]

[/security/scams/phishing/paypal] permanent link

If you use Pine as your email client and wish to change the "from" address it places in outgoing email, follow these instructions.

[/network/email/clients/pine] permanent link

I upgraded Clam AntiVirus (ClamAV) from version 0.80 release 2.0 to version 0.83 release 1.0 using the rpm packages provided by Dag Wieers at http://dag.wieers.com/packages/clamav. When I tried upgrading the virus database package I received the message below:

# rpm --upgrade clamav-db-0.83-1.0.rh9.rf.i386.rpm
warning: clamav-db-0.83-1.0.rh9.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6
error: Failed dependencies:
       clamav-db = 0.80-2.0.rh9.rf is needed by (installed) clamav-0.80-2.0.rh9.rf

I then remembered I need to install all four clamav packages: clamav, clamav-db, clamav-milter, and clamd together (I'm using clamav-milter to scan email passing through sendmail). When I upgraded all four packages at once, I received warnings that new configuration files were given a .rpmnew name, since I had existing .conf configuration files.

# rpm --upgrade clamav-db-0.83-1.0.rh9.rf.i386.rpm clamav-0.83-1.0.rh9.rf.i386.rpm clamd-0.83-1.0.rh9.rf.i386.rpm clamav-milter-0.83-1.0.rh9.rf.i386.rpm
warning: clamav-db-0.83-1.0.rh9.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6
warning: /var/clamav/daily.cvd created as /var/clamav/daily.cvd.rpmnew
warning: /var/clamav/main.cvd created as /var/clamav/main.cvd.rpmnew
warning: /etc/freshclam.conf created as /etc/freshclam.conf.rpmnew
warning: /etc/clamd.conf created as /etc/clamd.conf.rpmnew

When I sent a test message to an account on the system and looked at the message headers, I saw "X-Virus-Scanned: ClamAV 0.80/727/Fri Feb 25 12:12:36 2005" in the mesage indicating the old version was being used for scanning. I updated the virus definitions with freshclam and restarted the clamav milter after checking the version of freshclam.

# freshclam -V
ClamAV 0.83/790/Sat Mar 26 10:27:17 2005
# /etc/init.d/clamav-milter restart

Stopping Clamav Milter Daemon:                             [  OK  ]
Starting Clamav Milter Daemon:                             [  OK  ]

Then when I sent a test message and viewed its headers, I could see it had been scanned with the version I just installed, since I saw the following in the headers:

X-Virus-Scanned: ClamAV version 0.83,
     clamav-milter version 0.83 on frostdragon.com

[/security/antivirus/clamav] permanent link

The Red Hat Package Manager (RPM ) is a tool that automates the installation and uninstallation of software on a Linux system and allows you to more easily manage installed software. The rpm command works with software packaged into rpm files. You can use the rpm command with rpm files to determine what other software is required prior to installing the new software, i.e. you can see the "dependencies" of the new software. You can use the rpm command to easily obtain details on all software installed on a system that was installed via an rpm package. For instance rpm -a will show a list of all installed packages. If I was interested in only packages related to Clamav, a free antivirus scanner, I could filter the output with grep, e.g. rpm -a | grep clamav. I might then see the following on a system:

$rpm -qa | grep clamav
clamav-db-0.80-2.0.rh9.rf
clamav-0.80-2.0.rh9.rf
clamav-milter-0.80-2.0.rh9.rf

I could get details for one of those packages, clamav, with rpm -qi clamav.

If you wish to build your own RPM files, you can find information on how to do so at Dag Wieer's Red Hat Package Manager v4 webpage and at IBM's Packaging software with RPM webpage.

The RPM format is not restricted to just the Red Hat distributions of Linux, but is used on other Linux distributions as well, such as SuSE's and Caldera's distributions.

References:

1. Red Hat Package Manager v4
   Dag Wieers
   September 21, 2003
2. Packaging software with RPM
   Dan Poirier (poirier@us.ibm.com)
   Software engineer, IBM
   01 Nov 2001

[/os/unix/linux/utilities/package] permanent link

If you receive a winmail.dat file as an attachment, it is likely from a sender using Microsoft Outlook. In order to view the attachment, you will need to extract the contents of the winmail.dat file. TNEF is a program that works well on Unix and Linux systems for extracting the contents of such files.

[/os/unix/linux/utilities/file/misc] permanent link

If you go on travel, but need to leave Outlook open on your desktop system or, perhaps, need to have someone else open Outlook on the system at your office to check old email while you are on travel, then you may need to configure Outlook to leave email on your POP server while you are on travel.

[ More Info ]

[/os/windows/office/outlook] permanent link

Microsoft offers a utility, hotfix.exe, to aid in managing hotfixes, i.e. patch files that correct security vulnerabilities or bugs in the operating system.

[ More Info ]

[/os/windows/utilities/sysmgmt] permanent link

Microsoft provides the Disk Cleanup tool for freeing disk space on a Windows system. You can also delete the uninstall directories for patches to free additional space.

[ More Info ]

[/os/windows/utilities/sysmgmt] permanent link

Researchers at Internet Security Systems (ISS) have discovered a flaw in Mcafee's antivirus software that could allow compromise of a system running that software. The flaw affects software using versions of McAfee's antivirus library prior to 4400. Exploitation of the flaw could be achieved by sending a specially crafted LHA file by email or through the download of such a file from a website, or the opening of such a file from a shared folder on a network. The malformed LHA file can cause a stack overflow, potentially providing access to the affected system.

McAfee products affected include the following:

• Active Virus Defense
• Active VirusScan
• Active Virus Defense SMB Edition
• Active VirusScan SMB Edition
• Active Threat Protection
• Active Mail Protection
• GroupShield for Exchange
• GroupShield for Exchange 5.5
• GroupShield for Lotus Domino
• GroupShield for Mail Servers with ePO
• LinuxShield
• NetShield for Netware
• PortalShield for Microsoft SharePoint
• SecurityShield for Microsoft ISA Server
• Virex
• VirusScan (all versions)
• VirusScan Professional
• VirusScan ASaP/Managed VirusScan
• VirusScan Command Line
• VirusScan for NetApp
• VirusScan(r) Enterprise(all versions)
• WebShield Appliances
• WebShield SMTP

1. Anti-virus vulnerabilities strike again
   By John Leyden, The Register
   March 18, 2005
2. McAfee AntiVirus Library Stack Overflow
   Internet Security Systems Protection Advisory
   March 17, 2005

[/security/antivirus/mcafee] permanent link

If you need a program to read PDF files on a Solaris 2.7 system you can download a free version from Adobe's website at http://www.adobe.com/support/downloads/product.jsp?product=10&platform=unix. The current version available as of March 18, 2005 is 5.0.10.

The system requirements for Acrobat Reader 5.0.10 for a Solaris SPARC system are as follows:

• SPARC-class processor
• Solaris version 2.6, 7, or 8
• 64 MB of RAM (128 recommended)
• 30 MB of available hard disk space
• Additional 40 MB of hard-disk space for Asian fonts (optional)

After downloading the file, you can uncompress and untar it with the following commands:

gunzip solaris-5010.tar.gz
tar -xvf solaris-5010.tar

After unzipping and untarring the file that you downloaded from Adobe's website, change to the directory where you extracted the files, which will by default be an "installers" directory underneath your current directory. Then type ./INSTALL to install Adobe Acrobat 5. To integrate it into Netscape, close any instances of Netscape you have open and run the "netscape" program within the Browsers directory of the directory where you installed the Acrobat reader. If you installed Acrobat into the default location of /opt/Adobe5 and Netscape into /opt/netscape, you would go through the following dialog:

# /opt/Acrobat5/Browsers/netscape
Enter the Acrobat 5.0.10 install directory [/opt/Acrobat5]
# Enter the directory containing Netscape [/usr/local/Netscape] /opt/netscape

To start Acrobat outside a browser use /opt/Acrobat5/bin/acroread, assuming you placed Acrobat in the default directory.

[/os/unix/solaris] permanent link

After installing OpenSSH for Windows on a Windows Small Business Server 2003 system using the binary installer provided for that program, I found that it was not installed as a service. It took me quite awhile to manually install it as a service and then get it to work, but after looking at the source code for the installer I was able to see the needed steps.

[ More Info ]

[/os/windows/server2003] permanent link

• Click on "Start".
• Select "All Programs" or "Programs" depending on your operating system.
• Select "Accessories".
• Select "Windows Explorer".
• Double-click on "My Computer" in the left pane of the window that opens.
• Double-click on drive "C:".
• Double-click on the "Documents and Settings" folder.
• Double-click on the folder that matches the username you use to log into your PC. If you don't find an exact match, you will need to pick the one most likely to hold your data.
• Double-click on the "Local Settings" folder. If you don't see it, then you will need to change Explorer's configuration to display hidden files. You can do so by clicking on "Tools", then "Folder Options" and then "View". Under "Hidden files and folders", check "Show hidden files and folders" and then click on "OK". You can put the setting back to its previous setting after you have finished this procedure.
• Under the "Local Settings" folder, double-click on the "Temp" folder. If the files are not sorted in alphabetical order by file name, click on "Name" at the top of the Name column to sort them by file name.
• Scroll down until you see files that begin with the name "Acr". The type should be "TMP file". Click on the first one to highlight it. Then scroll down to the last one and, while holding down a shift key, click on it. Now all of the temporary Acrobat files should be created. These are files that are only needed temporarily by Acrobat, so they are safe to delete.
• Right-click and pick properties. The number of files you have selected will be displayed. If you see over 65,535 of these files, the large number of files is likely your problem. Click on "OK" to close the Properties window.
• Right-click again, while all of the files are still highlighted and select "Delete". When asked if you wish to send all of the files to the Recycle Bin, choose "Yes". If you hold down the shift key, while clicking on "Delete", the files won't even go into your Recycle Bin, where they could be recovered, but will instead be permanently deleted, which is probably a better option in this case, since you shouldn't ever need to recover them.
• If you changed Explorer's configuration to display hidden files, you can now put it back to what it was before by clicking on "Tools" and going through the procedure outlined above to change the way Explorer deals with hidden files. If not, you can just close the Windows Explorer window.
• Reopen Acrobat. If the cause of Acrobat crashing was too many temporary files it should now open without a problem.

[/os/windows/software/pdf] permanent link

For Windows NT and later versions of Windows, if you need to start control panel applications or folders from the command line you can obtain a command prompt and then type "control" followed by the application or folder name, e.g. "control admintools" to open the Administrative Tools folder in the Control Panel. Or, if you wish to change the theme, screen saver, appearance settings, or other desktop settings, type "control desktop". You can also just type "control" to open the control panel. Other control commands can be found at How to Open Control Panel Folders from the Command Prompt.

[/os/windows/commands] permanent link

When starting Ubisoft's Catz 5 or Dogz 5 Petz programs, the following error message may appear under Windows 2000 Service Pack 4 (SP4) or Windows XP Service Pack 2 (SP2) and no sound will be available.

This problem can be resolved by installing a patch for the Petz programs. The patch is available through the following links:

Site	Windows 2000 SP4	Windows XP SP2
Petz
MoonPoint

References:

• System Requirements for Petz
  by Daniel Wright

[/os/windows/software/games] permanent link

A scan of a system with Microsoft AntiSpyware Beta1 found files associated with Trojan.Unclassified.ContextMenuHandler.A and Vx2.Narrator.

[ More Info ]

[/security/spyware/vx2] permanent link

Microsoft purchased Giant Company Software's antispyware program in December of 2004 and now offers that software for free under its own name. I've found the software works very well at detecting and removing adware and spyware. It should be easy to install and use, even for users who aren't particularly technically proficient. The only negative factor I've found with the product is a lack of a capability to generate report files.

The sofware can be downloaded from Microsoft® Windows AntiSpyware (Beta).

Instructions for Installing Microsoft AntiSpyware

1. Microsoft Windows Anti-Spyware Preview

[/security/spyware/MS-Antispyware] permanent link

I encountered a few problems while trying to install QuarkXPress 4.0 on a new Windows XP Professional system. I was unable to get the software to run from an account with only standard user privileges on the system and had to put the user's account in the Power Users group on the system.

[ More Info ]

[/os/windows/software/quarkxpress] permanent link

Lavasoft provides an excellent antispyware product, Ad-Aware. There are several versions available. One of the versions, Ad-Aware Personal edition is free for non-commercial use.

Ad-aware SE Personal Edition is available from the following site:

1. Download.com

If you need help on how to use Ad-aware SE, you can use these instructions.

[/security/spyware/ad-aware] permanent link

A user was unable to play some wav files on her Windows XP Professional system. When I checked the codec used in the file, I found it was the IMA ADPCM codec. Though her system was showing that codec as being installed, Windows Media Player and WinAmp would not play it. I had to reinstall the codec.

[More info ]

[/os/windows/xp/sound] permanent link

I've listed below the fonts that Microsoft states it supplies with Windows XP. All of these may not necessarily be installed with a typical Windows XP installation. See Fonts Installed by Windows XP for a list of fonts typicall installed with Windows XP.

For Windows 95, 98 and ME, you can install a maximum of approximately 1,000 fonts. With versions of Windows from NT onwards, i.e. NT, 2000, and XP, there is no limit on the number of files that can be installed. However, the time required to boot your system increases as you add fonts, because the system has to read in information for all of the installed fonts as it is booting.

References:

1. Fonts supplied with Windows XP
   Microsoft Corporation
   November 20, 2001
2. Fonts Installed by Windows XP
   Styopkin Software
3. Windows Font Limit
   Styopkin Software

[/os/windows/xp] permanent link

Engineers at Cisco Systems Inc. and IBM Corporation submitted a draft proposal to the Internet Engineering Task Force on September 11 for a system that would alert people to impending catastrophic events such as the December 26, 2004 tsunami that ravaged southern Asia.

Fred Baker, a fellow at Cisco systems, and Brian Carpenter, a senior engineer at IBM, proposed an Internet-based system, which would not require any new communication protocols. As an example of how the system might work, a NOAA ocean buoy might detect a series of large incoming waves. NOAA could send out a machine-readable alert to communications companies and emergency managers using an existing security protocol, such as Secure Multipurpose Internet Mail Exchange (S/MIME), which would mitigate the chance that an alert had been spoofed. Cellular phone carriers might then alert their users by sending an alert message to the phones of all of their users in the affected area. So someone at a beach threatened by incoming waves might be alerted by his phone beeping. That person then might alert others nearby who didn't have cell phones with them.

The U.S. Department of Defense (DOD) is also considering ways to enhance communications in the event of such catastrophes as the recent tsunami. The DOD's Chief Information Officer (CIO) is considering the purchase of a system that will allow the DOD to quickly implement a communications system in an affected area which would facilitate coordination with officials in allied countries and non-governmental orgganizations (NGOs) participating in humanitarian relief efforts.

References:

1. Cisco, IBM propose Internet-based disaster alert system
   By Joab Jackson
   Government Computer News
   Published February 11, 2005
2. Structure of an International Emergency Alert System
   draft-baker-alert-system-00
   Internet Engineering Task Force (IETF)
   Submitted on January 10, 2005
3. Defense seeks humanitarian communication
   By Frank Tiboni
   Federal Computer Week
   Published on Feb. 11, 2005

[/network/Internet/IETF/drafts] permanent link

If you try to eject a floppy using the eject command on a Solaris system, but receive a "Device busy" message, you can just push the button to eject the media, but if you make changes to the diskette and then reinsert it or another one, the system may show the contents of the original diskette and not the contents of the new one when you use ls or try to access files on the new diskette. The Volume Manager may be preventing you from unmounting the diskette, in which case you need to stop it before issuing the eject command. Use /etc/init.d/volmgt stop to stop the Volume Manager. Then use the eject command to unmount the diskette. You can then physically eject it with the eject button. You can then restart the Volume Manager with /etc/init.d/volmgt start as shown below. When you put a new floppy disk in the drive, you can mount it with the volcheck command. You will need to stop and start the Volume Manager from the root account.

# eject floppy
/vol/dev/diskette0/unnamed_floppy#6: Device busy
# /etc/init.d/volmgt stop
# eject
/dev/rdiskette can now be manually ejected
# /etc/init.d/volmgt start
volume management starting.

Tested on Solaris 7

[/os/unix/solaris] permanent link

LapLink has a mechanism for changing the port number used for establishing connections. It is a more cumbersome mechansm than that provided by some other Windows remote control programs, such as Symantec's pcAnywhere, but it is possible to change the port.

LapLink uses UDP and TCP ports 1547 by default. But, if you edit the LLW.INI file, that will be in the directory C:\Windows\TSI32\LLW, you can get it to use another port. In LLW.INI, in the [TCPIP] section, add ListenPort= followed by the port number you wish to use as below:

[TCPIP]
Enabled=Yes
ListenPort=5549

What makes this approach more cumbersome is that if you need to connect to systems listening on different ports with LapLink, you need to edit the file, save your changes, and then restart LapLink to get it to use the port you want to use. If you want to go back to the default port, you can just put in "1547" for the ListenPort value.

[/os/windows/software/remote-control] permanent link

To set up a Windows Small Business Server 2003 server as a File Transfer Protocol (FTP) server, take the following steps:

1. Click on Start.
2. Click on Control Panel.
3. Click on Add or Remove Programs.
4. Click on Add/Remove Windows Components.
5. Click on Application Server to highlight it then click on Details.
6. Click on Internet Information Services (IIS) to highlight it then click on Details.
7. Click on File Transfer Protocol (FTP) Service, so that it has a checkmark next to it.
8. Click on OK.

You can configure the FTP service by taking the followng steps:

1. Click on Start.
2. Click on Control Panel.
3. Click on Admimistrative Tools.
4. Click on Internet Information Services (IIS) Manager.
5. Click on the plus sign to the left of the server name to expand the list of services under it.
6. Click on the plus sign to the left of FTP Sites to expand the list.
7. Right-click on Default FTP Site and select Properties.

To change the directory FTP users are connected to when they logon, click on the Home Directory tab under Default FTP Site Properties. Change the Local path to whatever directory you wish to be the default directory when users login. You can control the type of access allowed through Windows Explorer by right-clicking on a folder name in the Explorer then selecting Properties and clicking on the Security tab.

[/os/windows/iis] permanent link

I placed the Bazooka Spyware Scanner executable file, bazookasetup.exe, in a downloads directory on my website along with the latest spyware database for the program, bazooka_db.bdb. I was able to download both files from my webserver running Apache, but I was not able to download the .bdb file from a webserver running Microsoft's Internet Information Server (IIS). When I tried clicking on the link to download it, I would get an error page that included the information below:

I renamed the file to have different extensions, such as .bak, .txt, and .rtf and saw that IIS would recognize the file was there and allow me to download it if it had an extension for a file type the system recognized, such as .txt or .rtf, but not one it didn't recognize, such as .bak or .bdb. To allow the download of this file from IIS, I took the following steps:

1. Clicked on Start
2. Clicked on All Programs
3. Selected Administrative Tools
4. Selected Internet Information Services (IIS) Manager
5. Right-clicked on Default Web Site and selected Properties
6. I then clicked on the HTTP Headers tab



7. Clicked on the MIME Types button
8. Clicked on New
9. Put bdb in the Extension field and application/x-msdownload in the MIME type field
10. Clicked on OK twice
11. When I clicked on OK at the Default Web Site Properties window, another window appeared titled Inheritance Overrides, which stated the following:
    
    The following child nodes also define the value of the "UNCPassword" property, which overrides the values you have just set. Please select from the list below those nodes which should use the new value.
    
12. I didn't select any, just clicked on OK. I don't know why the change I made should have an effect on "UNCPassword".

[/os/windows/iis] permanent link

A user reported that he was unable to print his email from within AOL on his Dell Dimension XPS R350 system running Windows 98 Second Edition and Internet Explorer 6.0. He could print from within Microsoft Word and I found that I could print from Notepad also, but I couldn't print webpages from within AOL nor from within Internet Explorer. This occurred after I removed adware/spyware from the system. I thought perhaps some adware/spyware hadn't been fully removed or some damage had been done in removing some deeply embedded adware/spyware, but I could find nothing that I could identify as the source of the problem.

I updated Ad-aware SE Personal, Bazooka Adware and Spyware Scanner, BHODemon, and Spybot Search & Destroy, but when I scanned the system with those antispyware programs, they did not find anything else. I installed another antispyware program, PestPatrol. It found additional adware/spyware that the others hadn't detected. Though much of what it found were just cookies, which I didn't regard as more than a privacy vulnerability. It also found remnants that Ad-aware and Spybot had left, i.e. some registry entries. But, even removing everything PestPatrol found had no impact on the problem. I've seen odd behavior on systems due to problems with Layered Service Provider (LSP) software after I've removed adware/spyware, so I even checked the system with LSP-Fix and Ad-aware's LSP Explorer add-on, but found no LSP problems either.

I also updated ClamWin Antivirus and scanned the system for viruses, but found none.

I checked the system for updates by opening Internet Explorer and choosing "Tools" and then "Windows Update". I scanned for updates and found that there were 23 Critical Updates and Service Packs needed. I clicked on "Review and Install Updates", which showed me the updates I was about to install, but when I clicked on the "Install Now" button nothing appeared to happen. Trying it several times, I noticed the title bar for Internet Explorer did change color briefly each time I clicked on "Install Now".

Examing the source code for the page showed that Microsoft used javascript on the page, but when I checked the page using various browser test tools, such as BrowserHawk, BrowserInfo, and BrowserSpy, showed that Internet Explorer on the system did have javascript support enabled (another test page that just verifies javascript support is JSsupport), plus all of the other support that I would expect from the browser. None of those test tools showed anything unusual.

It appeared that the "Install Now" button would open another window and, since the title bar was changing color briefly when I clicked on it, I thought some popup blocking software was causing the problem. But when I used the Windows 98 System Information tool (click on "Start", "Programs, "Accessories", "System Tools", then "System Information", then select "Tools", "System Configuration Utility" and click on the "Startup" tab) to see what processes were starting when Windows 98 started, I didn't see any popup blocking software listed. I installed WinTasks Pro 4.3 to show me all of the running tasks, but didn't see anything unusual. Nor did ending almost all of the running processes make any difference.

Yet something was definitely stopping popup windows from appearing. I went to PopupTest.com and ran various popup tests that one could use to test popup blocking software. Normally users don't want annoying popup ads appearing, but there are occasions where the opening of a popup window is desireable. For instance, if you click on a link in a webpage that would open another window or right-click on a link in Internet Explorer and choose "Open in New Window", you want a new window to open. Good popup blocking software should allow windows to open in those cases, but some popup blocking programs may block those as well, though they shouldn't. You can test whether the latter type of popup windows are blocked at http://www.popuptest.com/goodpopups.html. I found those popup windows were blocked as well. And running checks at another popup blocker test site, PopupCheck.com also showed that all popup windows were blocked, even the kind that should be allowed.

I ran a Google search and found others reporting similar problems with popup windows not opening when clicking on links that should open a new window or when selecting "Open in New Window" for a link displayed in Internet Explorer.

1. Internet Explorer won't open in a new window
2. Internet explorer won't display anything in a new window

regsvr32 Shdocvw.dll
regsvr32 Msjava.dll
regsvr32 Oleaut32.dll
regsvr32 Mshtml.dll
regsvr32 Browseui.dll

You should close all open programs before doing so and I found I had to change the working directory to C:\Windows\System first. I've created a batch file, RegSvr32-FixIE.bat to enter the commands.

When the commands were executed, all were executed successfully, except the one for Oleaut32.dll. I saw windows appear with the following information displayed.

• DllRegisterServer in Browserui.dll succeeded.
• DllRegisterServer in Mshtml.dll succeeded.
• DllRegisterServer in Shdocvw.dll succeeded.
• DllRegisterServer in Oleaut32.dll failed. Return code was 0x80029c4a
• DllRegisterServer in Msjava.dll succeeded.

An " Explanation of Regsvr32 Usage and Error Messages" provides some information on the errors regsvr32 will return, but you need to check the "Error List from WINERROR.H" section of INFO: Translating Automation Errors for VB/VBA (Long) for the meaning of the "0x80029c4a" hexadecimal error code. Unfortunately, the only explantion is that the code 80029c4a means "Error loading type library/DLL". WinTasks did show a couple of processes running using that module, but I wasn't able to close all of them, so perhaps the problem was due to one of those processes having the oleaut32.dll module in use.

I thought the oleaut32.dll file might have become corrupted, altered, or replaced by some other program, so I also compared oleaut32.dll against a copy I obtained from DLL-files.com. A binary comparison using the Windows fc command, i.e. "fc /b", showed that the copy of oleaut32.dll on the system was exactly the same as the one I downloaded.

The Microsoft Knowlegebase article also suggested checking entries in the registry.

If the problem is still not resolved, verify that the following registry values are present and correct:
HKLM\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046}
Name: (Default)
Value: IDispatch
HKLM\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid
Name: (Default)
Value: {00020420-0000-0000-C000-000000000046}
HKLM\SOFTWARE\Classes\Interface\{00020400-0000-0000-C000-000000000046}\ProxyStubClsid32
Name: (Default)
Value: {00020420-0000-0000-C000-000000000046}

I checked all of the listed registry entries and found they were present and correct, however. The next step listed in the Knowledgebase article, if the problem was still not resolved, was to reinstall Internet Explorer. I did reinstall Internet Explorer 6.0. While doing so, I encountered the error message below.

An error has occurred while setting up "C:\WINDOWS\SYSTEM\oleaut32.dll". This error has been logged, the installation will continue.

Afterwards nothing appeared to be different. I still had the same problem as before. After the sentence about reinstalling Internet Explorer, the Knowledgebase article stated "If you are using the version of Internet Explorer that is included with your operating system, reinstall or repair your operating system." I used the Windows 98 "System File Checker", which can be run by clicking on "Start", "Programs", "Accessories", "System Tools", "System Information" and then choosing "Tools" and "System File Checker". It indicated that a couple of files should be restored, but those didn't appear to be related to the problem nor did restoring them from the Windows 98 Second Edition CD change the problem. So after that I reinstalled Windows 98 Second Edition and that finally resolved the problem. I was then able to click on links that open popup windows or right-click on a link and select "Open in New Window" and have windows actually open. And I could print webpages by going to "File" and "Print" in Internet Explorer and could also print AOL email from the system.

[/network/web/browser] permanent link

If you have a question about whether a process you see running under Task Manager, or something listed in a "Startup" group, is a legitimate process there are a number of websites that provide informaton on processes you might see running.

1. I Am Not A Geek - Startup DB
2. CastleCops - StartupList
3. WinTasks Process Library
4. Windows Files Database

[/security/spyware] permanent link

You can use PHP to provide the capability for users to upload files to your website. First create an HTML file with a form for uploading a file. Specify the PHP file that will handle the uploads in the "action" part of the form.

For the form portion of the HTML file, I've named the PHP file I will use as "upload.php". You must specify "POST" rather than "GET" for "action". PHP on the server you are using is likely to have a maximum size for POST data of 8 MB. Look for the following lines in your php.ini file, which should be in the /etc directory on a Linux system, and adjust the size to what you consider to be an appropriate number.

; Maximum size of POST data that PHP will accept.
post_max_size = 8M

There is also another limiting factor, the maximum size for a file to be uploaded, which is controlled by upload_max_filesize, in php.ini. The default value is likely to be 2 MB. When you are transmitting a file via POST using a form on a webpage, there may be other data transmitted for other fields on the form as well plus MIME headers as well. So, if you wanted to be able to transmit a file of 8 MB, you would need to set the value of upload_max_filesize to 8M, and make post_max_size slightly larger. But for this example, I'm simply going to set them both to 8M, since the other data I'm transmitting is fairly small.

To adjust the maximum allowed size for file uploads, look for the following lines in php.ini. You can specify the number in bytes or in KiloBytes (KB) or MegaBytes (MB) by putting a "K" or "M" immediately after the number in the latter two cases. Keep in mind a KiloByte is 1,024 bytes and a MegaByte is 1,024 KiloBytes, so to determine the number of bytes equivalent to a certain number of MB use Bytes = MB * 1024 * 1024.

; Maximum allowed size for uploaded files.
upload_max_filesize = 2M

There are also other parameters to consider when using a form that calls a PHP script to upload files to your website. There is also a memory_limit value, which will be a factor if the enable-memory-limit is set. In my case, using Apache 2.0.40 and PHP 4.2.2 on a Fedora Linux system, the only parameters I needed to set in php.ini were upload_max_filesize (you can determine the versions by apachectl -v and php -v. For a complete discussion of the parameters to consider see How to optimize your PHP installation to handle large file uploads.

Once you have adjusted the upload_max_filesize and post_max_size to the desired values, you may need to restart your webserver software. If you are using Apache on a Linux system you will need to do so. Use apachectl restart to restart Apache. You will need to have root access to do so. If you are using Apache, you will also need to put the following lines in Apache's httpd.conf, likely located in /etc/httpd/conf, before restarting Apache.

<Files *.php>
  SetOutputFilter PHP
  SetInputFilter PHP
  LimitRequestBody 8388608
</Files>

The reason you will need to add the lines above to httpd.conf is that Apache has a default limit for LimitRequestBody that restricts the size of all POST data for any scripting language used on a webpage. Some Redhat Package Manager (RPM) installations may set this value at 512 KB.

The HTML code you should use for the form portion of your HTML file is shown below.

<!-- The data encoding type, enctype, MUST be specified as below -->
<form enctype="multipart/form-data" action="upload.php" method="POST">
<!-- Name of input element determines name in $_FILES array -->
Send this file: <input name="userfile" type="file">
<input type="submit" value="Send File">
</form>


See upload.html for a complete HTML file to perform the upload.

For the PHP file, you can use the following code:

<?php
// In PHP versions earlier than 4.1.0, $HTTP_POST_FILES should be used instead
// of $_FILES.

$uploaddir = "../../uploads/";
$uploadfile = $uploaddir . basename($_FILES['userfile']['name']);

if (move_uploaded_file($_FILES['userfile']['tmp_name'], $uploadfile)) {
   echo "File is valid, and was successfully uploaded.<br><br>";
   echo "<b>Name:</b> " . $_FILES['userfile']['name'] . "<br>";
   echo "<b>Type:</b> " . $_FILES['userfile']['type'] . "<br>";
   printf ("<b>Size:</b> %.2f KB ", $_FILES['userfile']['size'] / 1024);
   echo "(" . $_FILES['userfile']['size'] . " bytes)<br>";
}
else {
   echo '<pre>';
   echo "Possible file upload attack!\n\n";
   echo "Here is some more debugging info:\n";
   print_r($_FILES);
   print "</pre>";
}
?>

Be sure to put a "/" at the end of the directory name for the upload directory.

When a user uploads a file, it will go into whatever directory is specified as the temp directory in php.ini. If no temp directory is specified in php.ini, the files will go into the default temp directory for the system. When the PHP program completes, it will be moved into whatever directory you specified for the upload directory. You should change the permission of the upload directory to 733, e.g. chmod 733 uploads or grant permission for the user account under which your webserver software runs, e.g. Apache, to write to this directory. I would strongly advise you to use a directory outside the document root for your website, e.g. if all of your website HTML files go under a directory named "www" under your home directory, create another directory, e.g. "uploads" at the same level as the www directory, but not underneath the "www" directory. Otherwise, if some malicious user guesses where you are placing the uploaded files, he can store a file with executable code in that directory and then use a URL which includes the name of the file he just uploaded to execute its contents.

For example, let's suppose that you are putting the uploaded files in a directory called "uploads" that lies directly beneath the one where your upload.php file resides. Someone knows or guesses that you are using a directory with that name underneath the one containing the upload.php file. He then creates a file with PHP code within it and uploads it to your webserver. Let's suppose your upload.html file is at http://somewhere.com/files/upload.html and the upload.php file is at http://somewhere.com/files/upload.php. The malicious user puts the code below in showinfo.php and then uploads it. He knows it went into a directory called "uploads" beneath the "files" directory He can then use the URL http://somewhere.com/files/showinfo.php to execute the PHP file he just put on the site.

<?

$files = `ls -la`;
$users = `who`;

echo "<pre>";
echo "Directory \n";
echo $files . "\n";
echo "Users \n";
echo $users . "\n";
echo "</pre>";

?>

The code above is relatively innocous. On a Unix or Linux system, it will only display all files in the directory where it is located and a list of the users logged into the system. But code could just as easily be inserted to replace or delete files, including system files, so it is important to protect yourself against malicious individuals wishing to do damage to your system or compromise it. So put the uploaded files in a location where no one can execute the files.

You may also wish to password protect the directory where the upload.php file is located, so that you can limit who will be able to upload files.

References:

1. Chapter 38. Handling file uploads
2. File Uploads (tutorial)
3. How do I do html form file uploads
4. How to optimize your PHP installation to handle large file uploads
5. ini_get (finding post_max_size)

[/languages/php] permanent link

For information on the system and browser you are using, such as the browser version, monitor resolution, number of colors supported, whether Flash and Java support are enabled, etc., use one of the webpages listed below.

1. BrowserHawk
2. BrowserInfo
3. BrowserSpy

[/network/web/browser] permanent link