ClamWin Virus Defintions Not Updating

If you try to update the virus defintions for ClamWin by selecting "Download Virus Database Update" and then see "Completed" immediately without new definitions being downloaded, the problem may be due to an incompatibility with the cygwin1.dll required by ClamWin and the cygwin1.dll file in use by some other application on the system, such as OpenSSH for Windows. See Incompatibility between OpenSSH for Windows and ClamWin for instructions on how to fix the problem.

You can determine which processes have the cygwin1.dll DLL loaded with the tasklist command on a Windows XP system.

C:\Program Files\ClamWin\bin>tasklist /m /fi "modules eq cygwin1.dll"

Image Name                   PID Modules
========================= ====== =============================================
sshd.exe                    5276 ntdll.dll, kernel32.dll,
                                 cygcrypto-0.9.7.dll, cygwin1.dll,
                                 ADVAPI32.DLL, RPCRT4.dll, cygz.dll,
                                 ws2_32.dll, msvcrt.dll, WS2HELP.dll,
                                 mswsock.dll, hnetcfg.dll, GDI32.dll,
                                 USER32.dll, wshtcpip.dll, wsock32.dll,
                                 DNSAPI.dll, winrnr.dll, WLDAP32.dll,
                                 Secur32.dll, mpr.dll, uxtheme.dll
switch.exe                  2336 ntdll.dll, kernel32.dll, cygwin1.dll,
                                 ADVAPI32.DLL, RPCRT4.dll, Apphelp.dll,
                                 user32.dll, GDI32.dll
sh.exe                      1192 ntdll.dll, kernel32.dll, cygwin1.dll,
                                 ADVAPI32.DLL, RPCRT4.dll, user32.dll,
                                 GDI32.dll
sh.exe                      3836 ntdll.dll, kernel32.dll, cygwin1.dll,
                                 ADVAPI32.DLL, RPCRT4.dll, Apphelp.dll,
                                 VERSION.dll, user32.dll, GDI32.dll

[/security/antivirus/clamav] permanent link

Installation of CDisplay with wpkg

I wanted to configure wpkg for a silent install of CDisplay, which is a free comic reader program. It allows images of pages that have been scanned from comics and stored in an ace, zip, rar, or tar file to be viewed by loading JPEG, PNG and static GIF images which are automatically ordered and presented for viewing one at a time or two at a time allowing one to read the electronic version in a manner similar to the paper copy.

I needed to have the program installed on a couple of PCs in my household and wanted to be able to install it on a system along with other software we commonly use by running wpkg.js from the server. My wife has scanned a good portion of her extensive comics collection and wants to be able to view them from any PC in the house.

I looked at the setup.exe file with FileAlyzer. When I listed strings in the file, I saw "Inno", so I knew it used Inno Setup an open source installer.

That installer allows you to perform a silent install with the "/silent" or "/verysilent" options.

/SILENT, /VERYSILENT

Instructs Setup to be silent or very silent. When Setup is silent the
wizard and the background window are not displayed but the installation
progress window is. When a setup is very silent this installation progress
window is not displayed. Everything else is normal so for example error
messages during installation are displayed and the startup prompt is
(if you haven't disabled it with DisableStartupPrompt or the '/SP-'
command line option.

If you don't specify the "/SP-", option a window will appear with the question "This will install CDisplay. Do you wish to continue?", which will require a "yes" or "no" response.

You can specify the installation directory with the "/Dir=dir" option. So I put the following lines in the wpkg packages.xml file to install the software in "C:\Program Files\comics\CDisplay". If you specify a directory in which to install the program, rather than taking the default one, you do not need to ensure that higher level directories exist first. E.g., in the example below, the directory "c:\program files\comics" does not have to already exist, if %PROGRAMFILES% corresponds to "C:\Program Files". Both the "Comics" and "CDisplay" directory beneath it will be created.

The package section below, which should be placed in packages.xml, assumes version 1.8 of CDisplay is being used.

<package
  id="CDisplay"
  name="CDisplay"
  revision="1"
  reboot="false"
  priority="1">

  <check type="uninstall" condition="exists" path="CDisplay 1.8" />
  <install cmd='\\server\wpkg\pkg\comics\CDisplay\setup.exe 
    /VerySilent /SP- /Dir="%PROGRAMFILES%\Comics\CDisplay"'>
    <exit code="0" />
  </install>
  <remove cmd='"%PROGRAMFILES%\Comics\CDisplay\unins000.exe"' />

The remove command above will uninstall the software, but a prompt will appear on the system asking for confirmation. When I tried the "/silent" or "/verysilent" options for the unins000.exe command, the uninstall failed. It was successful when I did not use either of those options.

References:

1. Unattended, A Windows deployment system: Unattended/Silent Installation Switches for Windows Apps
2. Inno Setup Command Line Parameters

[/os/windows/software/wpkg] permanent link

Compressing ClientApps Folder on an SBS 2003 Server

I found the free space on the C: drive on a Windows Small Business Server (SBS) 2003 system was almost depleted. By compressing the ClientApps folder I was able to gain another 300 MB of space.

I found the C:\ClientApps folder was taking about 1 GB of disk space, so I chose to compress it, which you can do by the following procedure.

1. Right-click on "ClientApps" folder.
2. Select "Properties".



3. Click on the "Advanced" button and select "Compress contents to save disk space.



4. Click on "OK".
5. Click on "OK" again to close the "ClientApps Properties" window.
6. When the "Confirm Attribute Changes" window appears, leave "Apply changes to this folder, subfolders and files checked and click on "OK".

When I started the compression, Windows estimated the process would take 23 minutes, but it actually only took a few minutes. It gave me about 300 MB more of disk space. When I right-clicked on the folder afterwards and selected "Properties", the file size was still listed as about 1 GB, but the size on disk was only 751 MB.

For other steps for freeing disk space, see Freeing Disk Space.

[/os/windows/server2003/free-disk-space-sbs2003] permanent link

Changing an Account Password from the Command Line

On a Windows 2000 or later system, you can use the net use command to change the password for any account from the command line, if you are logged into an account that is a member of the Administrators group on the system.

If you issuse the command net use username *, you will be prompted for a password and then asked to confirm the password. The password will not be echoed.

C:\Documents and Settings\administrator>net user jsmith *
Type a password for the user:
Retype the password to confirm:
The command completed successfully.

Alternatively, you can specify the new password following the account name on the command line. You will not be asked to confirm the password in that case. This method allows you to change the password for an account with a script.

C:\Documents and Settings\administrator>net user jsmith MyPaSs999 The command completed successfully.

If you attempt to use the command to change the password for another account when you are not logged in as a member of the administrator's group, you will receive a "System error 5 has occurred. Access is denied" error message.

References:

1. How to Change User Password at Command Prompt
   Microsoft Help and Support
   May 7, 2003

[/os/windows/commands] permanent link

RPC Server Unavailable Because of XP Firewall

If you get an "RPC server unavailable" error message when attempting to remotely query or administer a Windows XP SP 2 system, even though the RPcSs service is running on the remote XP system, you may need to adjust the group firewall policy for the domain.

[ More Info ]

[/os/windows/xp/firewall] permanent link

FileType

Unix and Linux systems will likely have the file command to help you identify the type of the command. A C program, FileType, is also available to aid with that task.

The developer, Paul L. Daniels, lists the following reasons why you might want to use FileType instead of the file command:

• file does not work so well for loosely defined filetypes ( ie, vCards )
• file uses a text-based type database which can impose unwanted delays in frequently invoked processes
• file does not have a heirachial type tree (ie, executable->MSDOS->EXE )
• file is not designed to be incorporated at a source level into existing projects
• Simpler and broader type detection engine ( 'file' is very good at pulling out every detail about a file, ie, the resolution of an image, however we do not wish to seek out such fine details )

[ More Info ]

[/languages/c] permanent link

Solaris Make Errors

The default path for the root account on Solaris 10 is /usr/sbin:/usr/bin. But the make utility is in /usr/ccs/bin/. If you get the error "make: not found" when you attempt to run make, you will need to adjust the path or specify it when you run the make command. You can view the default path with echo $PATH.

# echo $PATH
/usr/sbin:/usr/bin

You can use /usr/ccs/bin/make to run the make command, or you can add the directory that holds the make command to the end of the existing path with PATH=$PATH:/usr/ccs/bin.

Make needs a C compiler to compile the source code. Sun would prefer to sell you one, so you may not have one on your system. If you run make and see "cc: not found", then you don't have a C compiler on the system or make can't find it.

If instead, you see "language optional software package not installed", then the directory /usr/ucb is in your path. That directory holds a script named cc, which is the name for the C compiler, but it is pointing make to a location where the C compiler doesn't actually reside. Again, you either don't have a C compiler or make can't find it.

# /usr/ccs/bin/make
cc -Wall -Werror -g  -c pldstr.c
/usr/ucb/cc:  language optional software package not installed
*** Error code 1
make: Fatal error: Command failed for target `pldstr.o'

If you have Solaris 10, you should have the Gnu C compiler, gcc, in /opt/sfw/bin. If so, you can set up a symbolic link to point to it as shown below.

# ln -s /opt/sfw/bin/gcc /usr/bin/cc

If you don't have gcc, which is free, on the system, you can get it from sunfreeware.com or gcc.gnu.org.

References:

1. Solaris Forums - What is "language optional software package not installed"???
   March 31, 2001
2. Various problems with building anything under Solaris, especially "/usr/ucb/cc: language optional software package not installed".
   By: Alan J. Rosenthal
   June 15, 2004

[/os/unix/solaris] permanent link

XP Service Pack 2 Install Problems

When I tried to upgrade a user's home system running Windows XP Professional from Service Pack 1 to Service Pack 2, I encountered a number of problems which took me a considerable amount of time to resolve.

First I encountered an "Access is denied" error message, which I resolved by resetting the permissions on a registry key. Then I encountered an "The requested section was not present in the activation context" error message, which I resolved by running the command below.

secedit /configure /cfg %windir%\repair\ secsetup.inf /db secsetup.sdb /verbose /areas regkeys

[ More Info ]

[/os/windows/xp] permanent link

Freeing Disk Space

If you are running low on disk space on a Windows XP system, there are a number of steps you can take that may allow you to reclaim a considerable amount of disk space.

Some steps that you can take to reclaim space include the following:

1. Run Microsoft's Disk Cleanup utility
2. Remove hotfix backup files
3. Remove the service pack uninstall folder
4. Remove files in the Software Distribution folder
5. Remove folders in the Downloaded Installations folder
6. Remove System Restore points

[ More Info ]

[/os/windows/xp] permanent link

Troubleshooting CGI Scripts

If you are having problems with a CGI script, some useful links are listed below:

1. Perl & CGI Tutorial: Troubleshooting CGI Scripts
2. Troubleshooting Perl CGI scripts
3. Troubleshooting CGI Installations [CGI & Perl Tutorials]

[/languages/perl] permanent link

Microsoft AntiSpyware Expired Error

If you see a window with the following error message when you log into a PC, check on whether Microsoft AntiSpyware Beta 1 is installed and has expired.

Error

Unexpected error; quitting [ OK ]

If the message is due to an expired version of Microsoft AntiSpyware attempting to start, you should see the Microsoft AntiSpyware bullseye icon with "Error" next to it in the taskbar at the bottom of the screen.

You will see the same error if you try to start Microsoft Antispyware manually, if it has expired.

[/security/spyware/MS-Antispyware] permanent link

Copying Signatures from one PC to Another

Outlook signatures are stored at C:\Documents and Settings\username\Application Data\Microsoft\Signatures. For each signature there will be an RTF, HTM, and .TXT file. To copy signatures from one PC to another, simply copy the 3 files to the appropriate directory on the second system.

[/network/email/clients/outlook] permanent link

ClamWin Outlook Integration Problem

A user was receiving an error message when she tried to send email with attachments:

ClamWin

An Error occured reading clamscan report: [Errno 2] No such file or
directory:
u'c:\\docume~1\\beth\locals~1\\temp\\tmpafm-hj\\client_setup_wi
zard_err_jpg - Virus Deleted by ClamWin.txt

ClamWin 0.88 was installed on her system and integrated with Outlook so that it was checking incoming and outgoing email for viruses. I had to disable the Outlook integration to stop the error from occuring.

[ More Information ]

[/security/antivirus/clamav] permanent link

Installation of Advanced Registry Tracer (ART) with wpkg

I wanted to configure wpkg for a silent install of Advanced Registry Tracer (ART) from Elcomsoft. ART is a utility designed for analyzing changes made to the Windows Registry. I couldn't find any information on the developer's site or elsewhere on configuring it for a silent installation, so I looked at the setup.exe file with FileAlyzer. When I listed strings in the file, I saw "Nullsoft" and "NSIS", so I knew it used the Nullsoft Scriptable Install System (NSIS).

That installer normally allows you to perform a silent install with the "/s" option and to specify the installation directory with the "/D=dir" option. So I put the following lines in the wpkg packages.xml file to install the software in "C:\Program Files\Utilities\SysMgmt\ART"

<package
  id="ART"
  name="Advanced Registry Tracer"
  revision="1"
  reboot="false"
  priority="1">

  <check type="uninstall" condition="exists" path="Advanced Registry Tracer" />
  <install cmd='\\server\wpkg\pkg\utilities\sysmgmt\advanced_registry_tracer\setup.exe 
    /S /D=%PROGRAMFILES%\Utilities\SysMgmt\ART'>
    <exit code="0" />
  </install>
  <remove cmd='"%PROGRAMFILES%\Utilities\SysMgmt\ART\uninstall.exe" /S' />
</package>

References:

1. Unattended, A Windows deployment system: Unattended/Silent Installation Switches for Windows Apps

[/os/windows/software/wpkg] permanent link

BASH Variables

Some useful variables available in the BASH shell.

• $$ = The PID number of the process executing the shell.
• $? = Exit status variable.
• $0 = The name of the command you used to call a program.
• $1 = The first argument on the command line.
• $2 = The second argument on the command line.
• $n = The nth argument on the command line.
• $* = All the arguments on the command line.
• $# The number of command line arguments.

Example:

#!/bin/bash

if [ $# -eq 0 ]
then
  echo "Usage: $0 filename"
else
  wc -l $1
fi

The script first checks for whether any argument has been entered on the command line, i.e. whether $# equals zero. If no arguments are present on the command line, the script prints a usage message. The $0 variable holds the name of the script itself. If an argument is entered on the command line, it is presumed to be a filename and the wc command is called to count the number of lines in the file.

So, if the script is named "example", and is called without any options, then the following output would be printed.

# ./example
Usage: ./example filename

If a filename is entered on the command line and that file has 21 lines in it, the following would be printed.

# ./example sample.txt
     21 sample.txt

References:

1. Linux Shell Programming

[/os/unix/bash] permanent link

Proxying the LPD Port with Balance

I have a Solaris 10 system that is connected to one network card in a Solaris 7 system. A second network card in the Solaris 7 system connects to the LAN. The Solaris 10 system has no other network connectivity. Its web access is obtained through a SOCKS proxy server running on the Solaris 7 system. I needed to be able to print to an HP laserjet printer on the network, so I needed some way to proxy connections to the Line Printer Daemon (LPD) port, TCP port 515, on which the network printer is listening, through the Solaris 7 system. The balance load balancing and proxy program works well for such situations. In this case I didn't need to use the load balancing features of the program, just its proxying feature.

[ Solaris 10 ] <-----> [ Solaris 7 ] <-----> ( Network )

The network interface on the Solaris system that faces the Solaris 7 system has an IP address of 192.168.1.1. So on the Solaris system, I issued the following command:

# balance -b 192.168.1.1 -f 515 laserjet.moonpoint.com:515

I needed to run the command as root, since I was using a well known port, i.e. a port between 0 and 1023. To set up a process to use a well known port requires root privilege, since those are commonly used by server processes. The -b option specifies the IP address on which the system should listen for connections. In this case I want the Solaris 7 system to only listen for connections on the network card facing the Solaris 10 system, i.e. on IP address 192.168.1.1. Otherwise, by default, it would listen on all network interfaces in the system. Also, normally, balance will run in the background, but in this case I chose to keep it in the foreground with the -f option; normally I would not use that option. I then specify the local port on the Solaris 7 system on which it should listen for incoming connections. In this case the port for printing is the LPD port, TCP port 515 (balance only handles TCP ports). I then specify the system and port to which balance should route the data. I can specify a host, such as laserjet.moonpoint.com, or its IP address, such as 10.0.0.8, followed by a colon and the port number to be used on the destination system, which is the HP LaserJet printer with a network card in it.

Other options for balance are shown below.

bash-2.03$ balance

balance 3.19
Copyright (c) 2000-2003,2004 by Inlab Software GmbH, Gruenwald, Germany.
All rights reserved.

usage:
  balance [-b host] [-t sec] [-T sec] [-dfp] \
          port [h1[:p1[:maxc1]] [!] [ ... hN[:pN[:maxcN]]]]
  balance [-b host] -i [-d] port
  balance [-b host] -c cmd  [-d] port

  -b host   bind to specific host address on listen
  -B host   bind to specific host address for outgoing connections
  -c cmd    execute specified interactive command
  -d        debugging on
  -f        stay in foregound
  -i        interactive control
  -H        failover even if Hash Type is used
  -p        packetdump
  -t sec    specify connect timeout in seconds (default=5)
  -T sec    timeout (seconds) for select (0 => never) (default=0)
   !        separates channelgroups (declaring previous to be Round Robin)
   %        as !, but declaring previous group to be a Hash Type

example:
  balance smtp mailhost1:smtp mailhost2:25 mailhost3
  balance -i smtp

According to the developer, Balance successfully runs at least on Linux(386), Linux(Itanium), FreeBSD, BSD/OS, Solaris, Cygwin, Mac-OS X, HP-UX and many more. Since it runs under Cygwin, you should be able to get it to work on a Microsoft Windows system using Cygwin. It is free Open Source software released under the GPL license. It is available from http://www.inlab.de/balance.html or here.

On the Solaris 10 system, I'm using the Java Desktop System. I clicked on "Launch", "Preferences", "System Preferences", and then "Add/Remove Printer". I put in the root password when prompted, since I was logged in under a normal user account. When the Solaris Print Manager opened, I clicked on "OK" to use the default and only value of "files" for the "Naming Service". I then clicked on "Printer" and "New Network Printer". I gave the printer a name of "laserjet" and specified "192.168.1.1" for the "Printer Server" value and selected "TCP" for the "Protocol" value.

References:

1. RFC 1179 - Line Printer Daemon Protocol
2. Print Server Port Numbers for Netcat
   by Jeff Liebermann jeffl (@) comix.santa-cruz.ca.us
   Version 1.04 05/17/00
3. Setting up Sun Solaris 2.6, 7, and 8 to print to Canon Networked Printers using LPD
4. Port Numbers

[/os/unix/programs/network/proxy] permanent link

Creating a Personal Distribution List in Outlook 2003

I created instructions for someone to use to build a mailing list from a subset of the individual's in her contact list, but I haven't yet figured out how she can add addresses from the contact lists of others in her office, which have been shared and so can be accessed by selecting them from under "Other Contacts" or by "Open Shared Contacts", but which don't seem to be accessible when adding members to the personal distribution list.

[ More Info ]

[/network/email/clients/outlook] permanent link

Obtaining Information About the Windows XP Firewall from the Command Line

If you wish to check the state of the Microsoft Windows XP firewall software, you can issue the following command from a command line prompt.

C:\Documents and Settings\Administrator>netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile                           = Standard
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = None
Remote admin mode                 = Disable

Ports currently open on all network interfaces:
Port   Protocol  Version  Program
-------------------------------------------------------------------
10243  TCP       IPv4     (null)
10280  UDP       IPv4     (null)
10281  UDP       IPv4     (null)
10282  UDP       IPv4     (null)
10283  UDP       IPv4     (null)
10284  UDP       IPv4     (null)
20099  TCP       IPv4     C:\Program Files\Network\SSH\OpenSSH\usr\sbin\sshd.exe
3389   TCP       IPv4     (null)
42599  TCP       IPv4     C:\Program Files\Network\pcAnywhere\awhost32.exe
42600  UDP       IPv4     C:\Program Files\Network\pcAnywhere\awhost32.exe
2869   TCP       IPv4     (null)
1900   UDP       IPv4     C:\WINDOWS\system32\svchost.exe

The command also shows the open ports and applications that have opened particular ports.

You can also request information just on open ports with netsh firewall show portopening as below.

C:\Documents and Settings\Administrator>netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
10280  UDP       Enable   Windows Media Connect
10281  UDP       Enable   Windows Media Connect
10282  UDP       Enable   Windows Media Connect
10283  UDP       Enable   Windows Media Connect
10284  UDP       Enable   Windows Media Connect
10243  TCP       Enable   Windows Media Connect
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP

Port configuration for Standard profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
20099  TCP       Enable   SSH
10280  UDP       Enable   Windows Media Connect
10281  UDP       Enable   Windows Media Connect
10282  UDP       Enable   Windows Media Connect
10283  UDP       Enable   Windows Media Connect
10284  UDP       Enable   Windows Media Connect
10243  TCP       Enable   Windows Media Connect
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP
3389   TCP       Enable   Remote Desktop

You may notice that the second example doesn't list the two ports opened by pcAnywhere, TCP port 42599 and UDP port 42600 (the system is using non-standard pcAnywhere ports), which are listed in the first example. That is because those ports were allowed to be open in the firewall not by designating the specific ports as allowed, but by specifying the program that opens them as an "allowed program". You can see the allowed programs by using the command netsh firewall show allowedprogram.

C:\Documents and Settings\Administrator>netsh firewall show allowedprogram

Allowed programs configuration for Domain profile:
Mode     Name / Program
-------------------------------------------------------------------
Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe

Allowed programs configuration for Standard profile:
Mode     Name / Program
-------------------------------------------------------------------
Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable   pcAnywhere Main Executable / C:\Program Files\Network\pcAnywhere\Winaw32.exe
Enable   pcAnywhere Host Service / C:\Program Files\Network\pcAnywhere\awhost32.exe
Enable   pcAnywhere Remote Service / C:\Program Files\Network\pcAnywhere\awrem32.exe
Enable   proxy / C:\Program Files\Network\Proxy\proxy.exe

In the above example, the AnalogX Proxy program, proxy.exe, is allowed to open ports, though it was not running at the time the command was issued and therefore hasn't opened any ports.

If you just want to know whether the firewall is enabled, you can use the netsh firewall show service command.

C:\Documents and Settings\Administrator>netsh firewall show service

Service configuration for Domain profile:
Mode     Customized  Name
-------------------------------------------------------------------
Enable   No          UPnP Framework

Service configuration for Standard profile:
Mode     Customized  Name
-------------------------------------------------------------------
Enable   No          UPnP Framework
Enable   No          Remote Desktop

Other firewall "show" commands that are available are listed below.

C:\Documents and Settings\Administrator>netsh firewall show

The following commands are available:

Commands in this context:
show allowedprogram - Shows firewall allowed program configuration.
show config    - Shows firewall configuration.
show currentprofile - Shows current firewall profile.
show icmpsetting - Shows firewall ICMP configuration.
show logging   - Shows firewall logging configuration.
show multicastbroadcastresponse - Shows firewall multicast/broadcast response configuration.
show notifications - Shows firewall notification configuration.
show opmode    - Shows firewall operational configuration.
show portopening - Shows firewall port configuration.
show service   - Shows firewall service configuration.
show state     - Shows current firewall state.

[/os/windows/xp/firewall] permanent link