Unable to Unlock Symantec AntiVirus Server Group

I was unable to unlock the server group on a Symantec AntiVirus Corporate Edition 8.1 server. I was also unable to start the Symantec AntiVirus Server service or update the virus definitions on the server. I discovered the problem was due to corrupt virus definitions.

[ More Info ]

[/security/antivirus/symantec] permanent link

Encoding Spaces in URLs

If you have a filename that includes spaces, you should encode the URL that you use for any links to the document, i.e. %20 should be used wherever a space occurs in the filename.

You can go to URL Encoding to see a list of characters that should be encoded, such as the space character. You can also plug in a URL there and have it converted to a browser safe version.

[/network/web/browser] permanent link

IP and Domain Name Reputation Sites

An IP address may be added to a DNS Blacklist (DNSBL), if spam is detected as emanating from that IP address. You can check for the presence of an IP address on various blacklists using the MxToolBox Email Blacklist Check, which currently checks 124 blacklists, or at individual blacklist sites, such as MAPS.

You can check on whether an IP address has been associated with attacks on other systems at DShield or myNetWatchman by performing an IP lookup.

You can also obtain information on the "reputation" for a site at Barracuda Central by performing a lookup on either an IP address or a domain name. Barracuda Networks sells widely used spam firewall devices, so a poor reputation listing at Barracuda Central may lead to email from an IP address listed there, or with a domain name in the body of email messages being found there, being blocked by those using Barracuda Networks security devices.

Another reputation site is TrustedSource. You can lookup an IP address there and see a graph of activity associated with that site. If you see red bars on the graph, those represent malicious activity associated with the IP address on the days for which those bars appear.

[/network/Internet/domains] permanent link

Locating Cybersquatters Capitalizing on a Variant of Your Domain

Cybersquatters may buy domains similar to yours hoping to take advantage of someone mistyping your domain name or to mislead someone into thinking a domain name in a URL belongs to a legitimate company or organization. For instance many people might visit microsoft.com, so a cybersquatter might buy micrsoft.com, which has a missing "o", so that someone making a typo that left out that "o" would be directed to the cybersquatter's site instead, where the cybersquatter may have nothing but ads, hoping to get money generated from those viewing those ads. If millions of people visit microsoft.com every week, the cybersquatter will probably get a signifiant amount of traffic from such a typo.

Or perhaps you own example.com. The cybersquatter may purchase example.net, if it is available. Someone seeing example.net in an email may think the domain belongs to your company and visit a site that might have nothing but ads, perhaps even risque ones, or the site might try to infect visitors with adware/spyware, which might harm your company's reputation, even though you don't own the domain name and have no control over the site.

CitizenHawk helps you locate potential cybersquatter sites for your domain name.

[/network/Internet/domains] permanent link

Configure Sendmail to Listen on All Addresses

If you can't connect to the SMTP port on a system, i.e. port 25, from external hosts, but you can connect from the system itself, then you need to comment out a line in sendmail.mc that restricts connections to the local loopback address, 127.0.0.1.

I.e., if you can use telnet 127.0.0.1 25 and see the sendmail banner, but when you use telnet 192.168.0.44 25 (presuming 192.168.0.44 is the IP address for the mail server), you get "connection refused" messages, then the default configuration option in sendmail.mc is likely preventing the connection by causing sendmail to only listen on the loopback address.

# telnet 192.168.0.44 25
Trying 192.168.0.44...
telnet: connect to address 192.168.0.44: Connection refused
telnet: Unable to connect to remote host: Connection refused

To resolve the problem, look for the following lines in sendmail.mc , which on a Linux system will likely be in the /etc/mail directory.

dnl #
dnl # The following causes sendmail to only listen on the IPv4 loopback address
dnl # 127.0.0.1 and not on any other network devices. Remove the loopback
dnl # address restriction to accept email from the internet or intranet.
dnl #
DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Edit the sendmail.mc file from the root account. Put a dnl # at the beginning of the DAEMON_OPTIONS line to comment out the line.

dnl # DAEMON_OPTIONS(`Port=smtp,Addr=127.0.0.1, Name=MTA')dnl

Then issue the following commands:

m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
/etc/init.d/sendmail restart

The first command rebuilds the .cf configuration file from the modified .mc file. The second restarts sendmail so that it is using the new configuration file.

[/network/email/sendmail] permanent link