Changing Pine "From" Address

If you use Pine as your email client and wish to change the "from" address it places in outgoing email, follow these instructions.

[/network/email/clients/pine] permanent link

Freshclam Crontab Error

Checking root's mailbox on my email server, I see messages every two hours with a subject of "Cron /usr/local/bin/freshclam --quiet" and "/bin/sh: line 1: /usr/local/bin/freshclam: No such file or directory" in the body of the message. Checking the crontab file, which contains regularly scheduled processes, with "crontab -l", I see a line with "13 */2 * * * /usr/local/bin/freshclam --quiet". But the "which freshclam" command shows "/usr/bin/freshclam" indicating freshclam is actually in /usr/bin. I edited the crontab file with "crontab -e" and removed "local" from the directory path.

[/security/antivirus/clamav] permanent link

ClamAV 0.83 Upgrade

I upgraded Clam AntiVirus (ClamAV) from version 0.80 release 2.0 to version 0.83 release 1.0 using the rpm packages provided by Dag Wieers at http://dag.wieers.com/packages/clamav. When I tried upgrading the virus database package I received the message below:

# rpm --upgrade clamav-db-0.83-1.0.rh9.rf.i386.rpm
warning: clamav-db-0.83-1.0.rh9.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6
error: Failed dependencies:
       clamav-db = 0.80-2.0.rh9.rf is needed by (installed) clamav-0.80-2.0.rh9.rf

I then remembered I need to install all four clamav packages: clamav, clamav-db, clamav-milter, and clamd together (I'm using clamav-milter to scan email passing through sendmail). When I upgraded all four packages at once, I received warnings that new configuration files were given a .rpmnew name, since I had existing .conf configuration files.

# rpm --upgrade clamav-db-0.83-1.0.rh9.rf.i386.rpm clamav-0.83-1.0.rh9.rf.i386.rpm clamd-0.83-1.0.rh9.rf.i386.rpm clamav-milter-0.83-1.0.rh9.rf.i386.rpm
warning: clamav-db-0.83-1.0.rh9.rf.i386.rpm: V3 DSA signature: NOKEY, key ID 6b8d79e6
warning: /var/clamav/daily.cvd created as /var/clamav/daily.cvd.rpmnew
warning: /var/clamav/main.cvd created as /var/clamav/main.cvd.rpmnew
warning: /etc/freshclam.conf created as /etc/freshclam.conf.rpmnew
warning: /etc/clamd.conf created as /etc/clamd.conf.rpmnew

When I sent a test message to an account on the system and looked at the message headers, I saw "X-Virus-Scanned: ClamAV 0.80/727/Fri Feb 25 12:12:36 2005" in the mesage indicating the old version was being used for scanning. I updated the virus definitions with freshclam and restarted the clamav milter after checking the version of freshclam.

# freshclam -V
ClamAV 0.83/790/Sat Mar 26 10:27:17 2005
# /etc/init.d/clamav-milter restart

Stopping Clamav Milter Daemon:                             [  OK  ]
Starting Clamav Milter Daemon:                             [  OK  ]

Then when I sent a test message and viewed its headers, I could see it had been scanned with the version I just installed, since I saw the following in the headers:

X-Virus-Scanned: ClamAV version 0.83,
     clamav-milter version 0.83 on frostdragon.com

[/security/antivirus/clamav] permanent link

Building RPMs

The Red Hat Package Manager (RPM ) is a tool that automates the installation and uninstallation of software on a Linux system and allows you to more easily manage installed software. The rpm command works with software packaged into rpm files. You can use the rpm command with rpm files to determine what other software is required prior to installing the new software, i.e. you can see the "dependencies" of the new software. You can use the rpm command to easily obtain details on all software installed on a system that was installed via an rpm package. For instance rpm -a will show a list of all installed packages. If I was interested in only packages related to Clamav, a free antivirus scanner, I could filter the output with grep, e.g. rpm -a | grep clamav. I might then see the following on a system:

$rpm -qa | grep clamav
clamav-db-0.80-2.0.rh9.rf
clamav-0.80-2.0.rh9.rf
clamav-milter-0.80-2.0.rh9.rf

I could get details for one of those packages, clamav, with rpm -qi clamav.

If you wish to build your own RPM files, you can find information on how to do so at Dag Wieer's Red Hat Package Manager v4 webpage and at IBM's Packaging software with RPM webpage.

The RPM format is not restricted to just the Red Hat distributions of Linux, but is used on other Linux distributions as well, such as SuSE's and Caldera's distributions.

References:

1. Red Hat Package Manager v4
   Dag Wieers
   September 21, 2003
2. Packaging software with RPM
   Dan Poirier (poirier@us.ibm.com)
   Software engineer, IBM
   01 Nov 2001

[/os/unix/linux/utilities/package] permanent link

TNEF

If you receive a winmail.dat file as an attachment, it is likely from a sender using Microsoft Outlook. In order to view the attachment, you will need to extract the contents of the winmail.dat file. TNEF is a program that works well on Unix and Linux systems for extracting the contents of such files.

[ More Info ]

[/os/unix/linux/utilities/file/misc] permanent link

Configuring Outlook 2000 to Leave Email on the Server

If you go on travel, but need to leave Outlook open on your desktop system or, perhaps, need to have someone else open Outlook on the system at your office to check old email while you are on travel, then you may need to configure Outlook to leave email on your POP server while you are on travel.

[ More Info ]

[/os/windows/office/outlook] permanent link

Hotfix Utility

Microsoft offers a utility, hotfix.exe, to aid in managing hotfixes, i.e. patch files that correct security vulnerabilities or bugs in the operating system.

[ More Info ]

[/os/windows/utilities/sysmgmt] permanent link

Freeing Disk Space on a Windows System

Microsoft provides the Disk Cleanup tool for freeing disk space on a Windows system. You can also delete the uninstall directories for patches to free additional space.

[ More Info ]

[/os/windows/utilities/sysmgmt] permanent link

Vulnerability Discovered in McAfee AntiVirus

Researchers at Internet Security Systems (ISS) have discovered a flaw in Mcafee's antivirus software that could allow compromise of a system running that software. The flaw affects software using versions of McAfee's antivirus library prior to 4400. Exploitation of the flaw could be achieved by sending a specially crafted LHA file by email or through the download of such a file from a website, or the opening of such a file from a shared folder on a network. The malformed LHA file can cause a stack overflow, potentially providing access to the affected system.

McAfee products affected include the following:

• Active Virus Defense
• Active VirusScan
• Active Virus Defense SMB Edition
• Active VirusScan SMB Edition
• Active Threat Protection
• Active Mail Protection
• GroupShield for Exchange
• GroupShield for Exchange 5.5
• GroupShield for Lotus Domino
• GroupShield for Mail Servers with ePO
• LinuxShield
• NetShield for Netware
• PortalShield for Microsoft SharePoint
• SecurityShield for Microsoft ISA Server
• Virex
• VirusScan (all versions)
• VirusScan Professional
• VirusScan ASaP/Managed VirusScan
• VirusScan Command Line
• VirusScan for NetApp
• VirusScan(r) Enterprise(all versions)
• WebShield Appliances
• WebShield SMTP

References:

1. Anti-virus vulnerabilities strike again
   By John Leyden, The Register
   March 18, 2005
2. McAfee AntiVirus Library Stack Overflow
   Internet Security Systems Protection Advisory
   March 17, 2005

[/security/antivirus/mcafee] permanent link

Installing Adobe Acrobat Reader 5 on a Solaris SPARC System

If you need a program to read PDF files on a Solaris 2.7 system you can download a free version from Adobe's website at http://www.adobe.com/support/downloads/product.jsp?product=10&platform=unix. The current version available as of March 18, 2005 is 5.0.10.

The system requirements for Acrobat Reader 5.0.10 for a Solaris SPARC system are as follows:

• SPARC-class processor
• Solaris version 2.6, 7, or 8
• 64 MB of RAM (128 recommended)
• 30 MB of available hard disk space
• Additional 40 MB of hard-disk space for Asian fonts (optional)

After downloading the file, you can uncompress and untar it with the following commands:

gunzip solaris-5010.tar.gz
tar -xvf solaris-5010.tar

After unzipping and untarring the file that you downloaded from Adobe's website, change to the directory where you extracted the files, which will by default be an "installers" directory underneath your current directory. Then type ./INSTALL to install Adobe Acrobat 5. To integrate it into Netscape, close any instances of Netscape you have open and run the "netscape" program within the Browsers directory of the directory where you installed the Acrobat reader. If you installed Acrobat into the default location of /opt/Adobe5 and Netscape into /opt/netscape, you would go through the following dialog:

# /opt/Acrobat5/Browsers/netscape
Enter the Acrobat 5.0.10 install directory [/opt/Acrobat5]
# Enter the directory containing Netscape [/usr/local/Netscape] /opt/netscape

To start Acrobat outside a browser use /opt/Acrobat5/bin/acroread, assuming you placed Acrobat in the default directory.

[/os/unix/solaris] permanent link

OpenSSH Server on SBS 2003 Problem

After installing OpenSSH for Windows on a Windows Small Business Server 2003 system using the binary installer provided for that program, I found that it was not installed as a service. It took me quite awhile to manually install it as a service and then get it to work, but after looking at the source code for the installer I was able to see the needed steps.

[ More Info ]

[/os/windows/server2003] permanent link

Acrobat Crashes Due to Too Many Temporary Files


If Adobe Acrobat crashes as it is opening the problem may be due to too many Acrobat temporary files. I've observed this problem with Adobe Acrobat 6.0 and I believe it is present in other versions as well. The following procedure should correct the problem:

• Click on "Start".
• Select "All Programs" or "Programs" depending on your operating system.
• Select "Accessories".
• Select "Windows Explorer".
• Double-click on "My Computer" in the left pane of the window that opens.
• Double-click on drive "C:".
• Double-click on the "Documents and Settings" folder.
• Double-click on the folder that matches the username you use to log into your PC. If you don't find an exact match, you will need to pick the one most likely to hold your data.
• Double-click on the "Local Settings" folder. If you don't see it, then you will need to change Explorer's configuration to display hidden files. You can do so by clicking on "Tools", then "Folder Options" and then "View". Under "Hidden files and folders", check "Show hidden files and folders" and then click on "OK". You can put the setting back to its previous setting after you have finished this procedure.
• Under the "Local Settings" folder, double-click on the "Temp" folder. If the files are not sorted in alphabetical order by file name, click on "Name" at the top of the Name column to sort them by file name.
• Scroll down until you see files that begin with the name "Acr". The type should be "TMP file". Click on the first one to highlight it. Then scroll down to the last one and, while holding down a shift key, click on it. Now all of the temporary Acrobat files should be created. These are files that are only needed temporarily by Acrobat, so they are safe to delete.
• Right-click and pick properties. The number of files you have selected will be displayed. If you see over 65,535 of these files, the large number of files is likely your problem. Click on "OK" to close the Properties window.
• Right-click again, while all of the files are still highlighted and select "Delete". When asked if you wish to send all of the files to the Recycle Bin, choose "Yes". If you hold down the shift key, while clicking on "Delete", the files won't even go into your Recycle Bin, where they could be recovered, but will instead be permanently deleted, which is probably a better option in this case, since you shouldn't ever need to recover them.
• If you changed Explorer's configuration to display hidden files, you can now put it back to what it was before by clicking on "Tools" and going through the procedure outlined above to change the way Explorer deals with hidden files. If not, you can just close the Windows Explorer window.
• Reopen Acrobat. If the cause of Acrobat crashing was too many temporary files it should now open without a problem.

If the problem still exists, look for Adobe Acrobat temporary files in the Windows temporary directory as well. This will likely be c:\windows\temp or c:\winnt\temp.

[/os/windows/software/pdf] permanent link

Starting Control Panel Applications from the Command Line

For Windows NT and later versions of Windows, if you need to start control panel applications or folders from the command line you can obtain a command prompt and then type "control" followed by the application or folder name, e.g. "control admintools" to open the Administrative Tools folder in the Control Panel. Or, if you wish to change the theme, screen saver, appearance settings, or other desktop settings, type "control desktop". You can also just type "control" to open the control panel. Other control commands can be found at How to Open Control Panel Folders from the Command Prompt.

[/os/windows/commands] permanent link

No Sound in Petz 5

When starting Ubisoft's Catz 5 or Dogz 5 Petz programs, the following error message may appear under Windows 2000 Service Pack 4 (SP4) or Windows XP Service Pack 2 (SP2) and no sound will be available.

Sound Error
Sorry. The sound system did not initialize. No sounds will be played. Please select Help for more information.

This problem can be resolved by installing a patch for the Petz programs. The patch is available through the following links:

Site	Windows 2000 SP4	Windows XP SP2
Petz
MoonPoint

References:

• System Requirements for Petz
  by Daniel Wright

[/os/windows/software/games] permanent link

Trojan.Unclassified.ContextMenuHandler.A and Vx2.Narrator

A scan of a system with Microsoft AntiSpyware Beta1 found files associated with Trojan.Unclassified.ContextMenuHandler.A and Vx2.Narrator.

[ More Info ]

[/security/spyware/vx2] permanent link