Granted, one should never rely on the developer's or distributors' word on such matters, since they will often simply define the terms "adware" and "spyware" so that they don't include techniques used by their software, instead of using the commonly accepted definitions. But, as far as I can determine, LimeWire has indeed been distributed, even in the free version, without adware or spyware for several years now.

[ More Info ]

[/network/p2p] permanent link

[ More Info ]

[/security/trojans] permanent link

The location where svchost.exe should be located can be found in the registry at HKLM\SYSTEM\CurrentControlSet\Services\RpcSs\ImagePath.

I copied the file from another Windows XP SP2 system. The file was 14KB and was dated 8/4/2004 with an MD5 hash of 8f078ae4ed187aaabc0a305146de6716 .

I discovered the svchost.exe file was missing while trying to determine why the taskbar wasn't displaying properly - it was 1/2 height and couldn't be stretched, even though unlocked, there were no programs shown on the taskbar, and the Start button was missing.

References:

1. Infected Gateway Laptop - December 2007

[/os/windows/xp] permanent link

C:\WINDOWS\system32>ipconfig

Windows IP Configuration

An internal error occurred: The request5 is not supported.

Please contact Microsoft Product Support Services for further help.

Additional information: Unable to query host name.

It took several days for me to remove all of the malware and restore network connectivity.

[ More Info ]

[/security/removal-logs] permanent link

netsh interface ip set address "Local Area Connection" dhcp

You can also set the DNS servers from the command line using the command below.

netsh interface ip set dns "Local Area Connection" dhcp

References:

1. Configure TCP/IP from the Command Prompt
   By Daniel Petri
   Petri IT Knowledgebase

[/os/windows/commands] permanent link

Disks:
Disk /dev/sda: 80.0 GB, 80026361856 bytes

Candidate Windows partitions found:
 1 :            /dev/sda1   76316MB BOOT

Please select partition by number or
 q = quit
 d = automatically start disk drivers
 m = manually select disk drivers to load
 f = fetch additional drivers from floppy / usb
 a = show all partitions found
 l = show propbable Windows (NTFS) partitions only
Select: [1] _

Selected 1
Mounting from /dev/sda1, with filesystem type NTFS

NTFS volume version 3.1.

=========================================================
   Step TWO: Select PATH and registry files
=========================================================
What is the path to the registry directory? (relative to windows disk)
[WINDOWS/system32/config] : _

Select which part of registry to load, use predefined choices
1 - Password reset [sam system security]
2 - RecoveryConsile parameters [software]
q - quit - return to previous
[1] : _

<>========<> chntpw Main Interactive Menu <>========<>

Loaded hives: <sam> <system> <security>

  1 - Edit user data and passwords
  2 - Syskey status & change
  3 - RecoveryConsole settings

  9 - Registry editor, now with full write support!
  q - Quit (you will be asked if there is something to save)

What to do? [1] -> _

Failed login count: 1, while max tries is: 5
Total  login count: 68

- - - - User Edit Menu:
 1 - Clear (blank) user password
 2 - Edit (set new) user password (careful with this on XP or Vista)
 3 - Promote user (Make user an administrator)
(4 - Unlock and enable user account) [seems unlocked already]
 q - Quit editing user, back to user select
Select: [q] > _

When the system booted into Windows XP, I tried logging into the administrator account. I saw the message "Your password has expired and must be changed." I entered a new password and was able to login to the administrator's account.

[/os/windows/utilities/sysmgmt] permanent link

$LogFile indicates unclean shutdown (0, 0)
Failed to mount '/dev/sda1': Operation not supported
Mount is denied because NTFS is marked to be in use. Choose one action:

Choice 1: If you have Windows then disconnect the external devices by
          clicking on the 'Safely Remove Hardware' icon in the Windows
          taskbar then shutdown Windows cleanly.

Choice 2: If you don't have Windows then you can use the 'force' option for
          your own responsibility. For example type on the command line:

            mount -t ntfs-3g /dev/sda1 /mnt/hdd -o force

    Or add the option to the relevant row in the /etc/fstab file:

            /dev/sda1 /mnt/hdd ntfs-3g defaults,force 0 0

[/os/unix/commands/mount] permanent link

If you want to verify that a NTP server is available and responding to NTP queries, you can go to Query NTP server and enter the Fully Qualified Domain Name (FQDN) or IP address of the system to be queried to submit an NTP query to the system from that site. If the queried system is responding to NTP requests, you will see something similar to the following:

Output of NTP server at 68.87.96.5

ntpdate

30 Nov 16:12:42 ntpdate[23942]: ntpdate 4.1.1@1.786 Tue Sep 23 17:37:40 UTC 2003 (1)
server 68.87.96.5, stratum 2, offset 0.001361, delay 0.10997
30 Nov 16:12:42 ntpdate[23942]: adjust time server 68.87.96.5 offset 0.001361 sec

If you see "stratum 0" displayed on the results page, the system is not responding to NTP queries. The offset and delay values will be zero as well in that case.

You can find a list of publicly accessible NTP servers at NTP.Servers Web .

[/network/ntp] permanent link

1. Create an entry in /etc/hosts for the second hostname. In this particular case I added a myhost2 entry, so that I had the following entries in the file.

   127.0.0.1    localhost       
   10.0.74.214  myhost1.example.com myhost1   loghost
   10.0.74.193  myhost2.example.com myhost2
   192.168.1.1  janus

   Myhost1 and myhost2 will apply to the same network interface, whereas janus is for the second network interface card in the system. The myhost2 entry is the only new entry.
2. Create /etc/hostname.hme:n files, or /etc/hostname.le0:n files depending on your system configuration, that contain the hostname for the virtual host n. You don't need to create hostname.hme0:0 as it is the same as hostname.hme0.

The above changes will cause the virtual hosts to be configured at boot time. If you don't want to reboot the system, you can use the ifconfig command to have the system start responding on the second IP address without rebooting.

# ifconfig hme0:1 up
# ifconfig hme0:1 128.183.72.193 netmask 255.255.255.0

References:

1. FAQs document :How to setup multiple ip for Solaris
   Date: March 30, 1998
   Freelab
2. Configuring Networking
   By: Keith Parkansky
   Date: May 1, 2002
   Solaris x86

[/os/unix/solaris] permanent link

References:

1. System Won't Resume from Hibernation
   MoonPoint Support

[ More Info ]

[/os/unix/linux/ubuntu] permanent link

1. Open the BlackBerry Desktop Manager.
2. Double-click on Email Settings.

   

3. Click on the Filters tab.

   

4. Click on the New button.
5. At the Add Filter window type whatever name you wish to use for the filter in the Filter Name field.

   

6. You can filter on the "from", "sent to", "subject", and "body" fields.
   
   If you did not want to forward messages from a particular email address, you would check the From checkbox. If you didn't want to forward messages from multiple senders, you could put all of their email addresses in the From field, separating the addresses by semicolons. You can also use an asterisk as a wildcard to block multiple sending addresses. For instance if you wanted to block all email from xyzcorp.com senders, you could put *@xyzcorp.com in the From field.
7. Check the "Don't forward message to the device" checkbox.
8. Click on OK.
9. Click on OK again at the Email Settings window.

[/network/email/blackberry] permanent link

You also have the option, after you've looked up the MX information for a domain, to perform a blacklist check. That test will check a mail server IP address against 147 DNS based email blacklists. (Commonly called Realtime blacklist, DNSBL or RBL ). If your mail server has been blacklisted, some email you send may not be delivered. Email blacklists are a common method employed by email server administrators to reduce spam.

[/network/email/info] permanent link

[/hardware/storage/iomega] permanent link

The problem is apparently due to the other distributions of Linux not recognizing the Serial ATA chipset on the motherboard of the system, at least for the versions that I was using. The system has a PCChips A31G V:1.0 motherboard According to Serial ATA (SATA) chipsets ? Linux support status, "Some SATA chipsets have been supported since practically forever, as their programming interfaces are unchanged from PATA predecessors. Others are brand-new and require new drivers from scratch.

Refererences:

1. LiveCD
   Wikipedia - the free encyclopedia
   
2. Serial ATA (SATA) chipsets ? Linux support status
   Revised: February 27, 2007
   Linuxmafia

[/os/unix/linux/knoppix] permanent link

[ More Info ]

[/os/windows/xp] permanent link

The .msf file is a Mail Summary File. It does not contain the messages for a mailbox, only an index of those messages to make sorting and locating messages quicker. If you delete an msf file, which you should only do without Netscape being open, the mailbox messages themselves remain and the index will be rebuilt the next time you open Netscape and access the mailbox.

However, even after deleting the inbox.msf file twice and having Netscape rebuild it, the user reported the problem recurring. I sent a few test messages to his address. When I checked his inbox they were highlighted as unread. I marked the entire folder as read to reset the counter. He said that sometime later he was having the same problem. For instance he might see 145 listed as the number of unread messages, but only a couple would be bolded indicating they were unread. And when I sorted messages by their read status, I would only see a couple.

I finally traced the issue to Netscape's "view" options. Netscape offers different "views" for your mailboxes. You can chose to view all mail or restrict the display of messages in various ways, e.g. perhaps you only want to see unread mail, or messages marked as important, or messages with attachments, or just email from the last 5 days. Another option is to display only mail from "People I Know", which I believe is email from addresses in your address book, though I'm not sure if in Netscape 7.2 it inclues email addresses from the Collected Address Book as well.

When I clicked on "View" then "Messages", I saw that Netscape was set to display messages from "People I Know" rather than "All". I changed the setting to "All".

[/network/email/clients/netscape] permanent link

[ More Info ]

[/languages/vbs] permanent link

I edited /etc/mail/access and added the line below:

someuser@frostdragon.com                  550 Mailbox disabled for this recipient

The 550 is a standard error code for an email server to return to an email client when email is rejected. You can specify whatever message you wish after it. In this case I chose "Mailbox disabled for this recipient". I could have just used the following line instead, if I didn't want to specify my own specific error message.

someuser@frostdragon.com                  REJECT

After executing the command makemap hash /etc/mail/access </etc/mail/access to rebuild the access database file, you can test the block by establishing a telnet connection to port 25 on the server, issuing an helo or ehlo command, then a mail from command with any address as the "from" address, and then a rcpt to command with the relevant recipient address.

mail from: someone@example.com
250 2.1.0 someone@example.com... Sender ok
rcpt to: someuser@frostdragon.com
550 5.0.0 someuser@frostdragon.com... Mailbox disabled for this recipient
rcpt to: someuser@moonpoint.com
250 2.1.5 someuser@moonpoint.com... Recipient ok
quit
221 2.0.0 frostdragon.com closing connection

From the above, I can see that email to the address I wanted marked as invalid is rejected immediately, but email to the same username at a different domain name gets through. Mail with a "from" address of someuser@frostdragon.com would still be accepted, even though it is now rejected as a "to" address.

Since I don't want the server to accept email if that address appears as a "from" address either, I added the line below to /etc/mail/access as well and rebuilt the access database with makemap hash /etc/mail/access </etc/mail/access.

From:someuser@frostdragon.com             550 We don't accept mail from spammers

If you try sending using a "from" address of someuser@frostdragon.com now, the message will be rejected. However, if you test the block by the telnet e.g. telnet frostdragon.com 25 and then issuing an ehlo or helo command followed by mail from and rcpt to commands, you won't see the rejection message until you've entered the rcpt to command, i.e. it doesn't occur when the mail from command is issued.

mail from:<someuser@frostdragon.com>
250 2.1.0 <someuser@frostdragon.com>... Sender ok
rcpt to:<myself@moonpoint.com>
550 5.0.0 <myself@moonpoint.com>... We don't accept mail from spammers

References:

1. FEATUREs for check_* in sendmail 8.9
   Sendmail.Org
2. Configuring sendmail to Reject Unsolicited Mail
   HP Technical Documentation
3. Anti-Spam Configuration Control
   Sendmail.Org
4. SMTP Service Extension for Returning Enhanced Error Codes
   The Internet Engineering Task Force (IETF)
5. 22.6. The /etc/mail/access and access.db files
   Securing and Optimizing Linux
   RedHat Edition - A Hands on Guide

[/network/email/sendmail] permanent link

By Disc
Alphabetical listing

Additional packages in RPM format can be found at Dag Wieër's Apt/Yum RPM package overview.

[/os/unix/linux/redhat] permanent link

# dig

; <<>> DiG 9.2.1 <<>>
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60704
;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       517448  IN      NS      G.ROOT-SERVERS.NET.
.                       517448  IN      NS      H.ROOT-SERVERS.NET.
.                       517448  IN      NS      I.ROOT-SERVERS.NET.
.                       517448  IN      NS      J.ROOT-SERVERS.NET.
.                       517448  IN      NS      K.ROOT-SERVERS.NET.
.                       517448  IN      NS      L.ROOT-SERVERS.NET.
.                       517448  IN      NS      M.ROOT-SERVERS.NET.
.                       517448  IN      NS      A.ROOT-SERVERS.NET.
.                       517448  IN      NS      B.ROOT-SERVERS.NET.
.                       517448  IN      NS      C.ROOT-SERVERS.NET.
.                       517448  IN      NS      D.ROOT-SERVERS.NET.
.                       517448  IN      NS      E.ROOT-SERVERS.NET.
.                       517448  IN      NS      F.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
F.ROOT-SERVERS.NET.     172107  IN      A       192.5.5.241
J.ROOT-SERVERS.NET.     172107  IN      A       192.58.128.30

;; Query time: 169 msec
;; SERVER: 207.233.128.10#53(207.233.128.10)
;; WHEN: Thu Nov  8 16:15:46 2007
;; MSG SIZE  rcvd: 260

I only saw the addresses for two of the thirteen root servers listed. The servers are named A.ROOT-SERVERS.NET. through M.ROOT-SERVERS.NET. as shown by the output of a dig command below.

# dig . NS @f.root-servers.net

; <<>> DiG 9.2.1 <<>> . NS @f.root-servers.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 19934
;; flags: qr aa rd; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 13

;; QUESTION SECTION:
;.                              IN      NS

;; ANSWER SECTION:
.                       518400  IN      NS      H.ROOT-SERVERS.NET.
.                       518400  IN      NS      I.ROOT-SERVERS.NET.
.                       518400  IN      NS      J.ROOT-SERVERS.NET.
.                       518400  IN      NS      K.ROOT-SERVERS.NET.
.                       518400  IN      NS      L.ROOT-SERVERS.NET.
.                       518400  IN      NS      M.ROOT-SERVERS.NET.
.                       518400  IN      NS      A.ROOT-SERVERS.NET.
.                       518400  IN      NS      B.ROOT-SERVERS.NET.
.                       518400  IN      NS      C.ROOT-SERVERS.NET.
.                       518400  IN      NS      D.ROOT-SERVERS.NET.
.                       518400  IN      NS      E.ROOT-SERVERS.NET.
.                       518400  IN      NS      F.ROOT-SERVERS.NET.
.                       518400  IN      NS      G.ROOT-SERVERS.NET.

;; ADDITIONAL SECTION:
A.ROOT-SERVERS.NET.     3600000 IN      A       198.41.0.4
B.ROOT-SERVERS.NET.     3600000 IN      A       192.228.79.201
C.ROOT-SERVERS.NET.     3600000 IN      A       192.33.4.12
D.ROOT-SERVERS.NET.     3600000 IN      A       128.8.10.90
E.ROOT-SERVERS.NET.     3600000 IN      A       192.203.230.10
F.ROOT-SERVERS.NET.     3600000 IN      A       192.5.5.241
G.ROOT-SERVERS.NET.     3600000 IN      A       192.112.36.4
H.ROOT-SERVERS.NET.     3600000 IN      A       128.63.2.53
I.ROOT-SERVERS.NET.     3600000 IN      A       192.36.148.17
J.ROOT-SERVERS.NET.     3600000 IN      A       192.58.128.30
K.ROOT-SERVERS.NET.     3600000 IN      A       193.0.14.129
L.ROOT-SERVERS.NET.     3600000 IN      A       199.7.83.42
M.ROOT-SERVERS.NET.     3600000 IN      A       202.12.27.33

;; Query time: 235 msec
;; SERVER: 192.5.5.241#53(f.root-servers.net)
;; WHEN: Thu Nov  8 16:22:59 2007
;; MSG SIZE  rcvd: 436

I also checked the status of the DNS service on the system with the rndc status command and saw the following:

# rndc status
number of zones: 6
debug level: 0
xfers running: 0
xfers deferred: 0
soa queries in progress: 0
query logging is OFF
server is up and running

When I checked the /var/named/named.ca file on the system, I found it was dated January 24, 2003, so was almost 5 years old, since the current date is November 8, 2007. I backed up the current named.ca file and then overwrote the file with the latest information.

# dig . NS @f.root-servers.net >/var/named/named.ca

I then restarted the DNS server with /etc/init.d/named restart.

Note: if you see the following when you check the DNS server status, try issuing the /etc/init.d/restart command again.

# rndc status
rndc: connect failed: connection refused

The root hints file, /var/named/named.ca should be updated periodically, which I hadn't been doing on the server. A script to do so can be found at Keeping it working. The script will have to be customized for your particular system though, e.g. I would need to use named.ca instead of root.hints for the filename. And you also need to substitute the name of a system or an IP address of a system that should normally be reachable over your Internet connection for some.machine.net

References:

1. Configuring DNS > Configuring named
   O'Reilly - Safari Books Online
2. LOCAL AREA NETWORK DOMAIN NAME SYSTEM (DNS)
   Small Enterprise Networking and Computing Primer
3. Keeping it working
   Linux.com

[/network/dns] permanent link

[ More Info ]

[/security/spyware] permanent link

[ More Info ]

[/hardware/network/nic/sis] permanent link

[ More Info ]

[/hardware/network/nic/sis] permanent link

# ifconfig eth0 192.168.1.5 netmask 255.255.255.0
# route add default gw 192.168.1.1 eth0

[/os/unix/linux/ubuntu] permanent link

 Interface    Received        Sent       Total
                  Kbps        Kbps        Kbps

 eth0           189.04        4.00      193.12

 lo               0.00        0.00        0.00

 All            189.04        4.00      193.12

 Press 'q' to quit...           Elapsed time: 0 hrs, 0 mins, 4 s

If you hit the m key while the program is running, it will show the maximum bandwidth used while it has been running. You can also start the program with ibmonitor --max to display the maximum bandwidth utilization.

 Interface    Received        Sent       Total
                  Kbps        Kbps        Kbps

 eth0           294.40        5.92      300.32
 |---- Max      443.12       64.40      448.40

 lo               0.00        0.00        0.00
 |---- Max       20.24       20.24       40.56

 All            294.40        5.92      300.32
 |---- Max      453.28       74.56      468.64

 Press 'q' to quit...           Elapsed time: 0 hrs, 0 mins, 43 s

References:

1. ibmonitor Interactive Bandwidth Monitor
   SourceForge.net
2. Perl ReadKey Module for ibmonitor
   Date: October 26, 2007
   MoonPoint Support

[/languages/perl] permanent link

# rpm --install ibmonitor-1.4-1.noarch.rpm
warning: ibmonitor-1.4-1.noarch.rpm: V3 DSA signature: NOKEY, key ID 1ac70ce6
error: Failed dependencies:
        perl(Term::ReadKey) is needed by ibmonitor-1.4-1
# perldoc -l Term::ReadKey
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Term/ReadKey.pm

But when I used the perldoc -l command to check on whether all of the required modules for ibmonitor were present, I saw it listed.

$ perldoc -l Term::ANSIColor
/usr/lib/perl5/5.8.0/Term/ANSIColor.pm
$ perldoc -l Term::ReadKey
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Term/ReadKey.pm
$ perldoc -l Time::HiRes
/usr/lib/perl5/vendor_perl/5.8.0/i386-linux-thread-multi/Time/HiRes.pm

I also saw it listed when I used the find-modules.pl script I have on the system.

# ./find-modules.pl | grep -i ReadKey
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Term/ReadKey.pm
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Term/ReadKey.pm
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Term/ReadKey.pm

When I used the one-line Perl command perl -MTerm::ReadKey -el Perl did not complain. Nor did it complain when I tried perl -e 'use Term::ReadKey;'. If the module wasn't found by Perl it should complain it couldn't locate the module anywhere when I used either command.

And when I used the List Perl Modules CGI script, I have on the system, I also saw it listed there. So I didn't know why I got the message indicating the module is missing when I tried to install ibmonitor.

I used the locate command to look for any other occurrences of the file ReadKey.pm on the system, which showed the following.

# locate ReadKey.pm
/root/.cpan/build/TermReadKey-2.21/ReadKey.pm
/root/.cpan/build/TermReadKey-2.21/blib/lib/Term/ReadKey.pm
/usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Term/ReadKey.pm

I decided to try downloading and installing the module again through CPAN.

# perl -MCPAN -e shell
Undefined value assigned to typeglob at (eval 14) line 15,  line 11.
Warning [/etc/inputrc line 11]:
  Invalid variable `mark-symlinked-directories'

cpan shell -- CPAN exploration and modules installation (v1.76)
ReadLine support enabled

cpan> install Term::ReadKey
PAN: Storable loaded ok
Going to read /root/.cpan/Metadata
  Database was generated on Thu, 24 Nov 2005 14:54:20 GMT
CPAN: LWP::UserAgent loaded ok
Fetching with LWP:
  ftp://archive.progeny.com/CPAN/authors/01mailrc.txt.gz
LWP failed with code[500] message[LWP::Protocol::MyFTP: connect: timeout]
Fetching with Net::FTP:
  ftp://archive.progeny.com/CPAN/authors/01mailrc.txt.gz
Fetching with LWP:
  ftp://carroll.cac.psu.edu/pub/CPAN/authors/01mailrc.txt.gz
Going to read /root/.cpan/sources/authors/01mailrc.txt.gz
CPAN: Compress::Zlib loaded ok
Fetching with LWP:
  ftp://archive.progeny.com/CPAN/modules/02packages.details.txt.gz
LWP failed with code[500] message[LWP::Protocol::MyFTP: connect: timeout]
Fetching with Net::FTP:
  ftp://archive.progeny.com/CPAN/modules/02packages.details.txt.gz
<text snipped>
  /usr/bin/make test -- OK
Running make install
Installing /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Term/ReadKey/ReadKey.so
Files found in blib/arch: installing files in blib/lib into architecture dependent library tree
Installing /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/Term/ReadKey.pm
Installing /usr/share/man/man3/Term::ReadKey.3pm
Writing /usr/lib/perl5/site_perl/5.8.0/i386-linux-thread-multi/auto/Term/ReadKey/.packlist
Appending installation info to /usr/lib/perl5/5.8.0/i386-linux-thread-multi/perllocal.pod
  /usr/bin/make install  -- OK

cpan> exit
No history written (no histfile specified).
Lockfile removed.

Installing the later version of ReadKey.pm didn't help, though. I still got the same error message when I tried to install ibmonitor.

# rpm --install ibmonitor-1.4-1.noarch.rpm
warning: ibmonitor-1.4-1.noarch.rpm: V3 DSA signature: NOKEY, key ID 1ac70ce6
error: Failed dependencies:
        perl(Term::ReadKey) is needed by ibmonitor-1.4-1

I downloaded the src.rpm file, ibmonitor-1.4-1.src.rpm . Installed it with rpm --install ibmonitor-1.4-1.src.rpm, which created two files: usr/src/redhat/SOURCES/ibmonitor-1.4.tar.gz and /usr/src/redhat/SPECS/ibmonitor.spec. When I checked the ibmonitor.spec file, I found the following line in the spec file:

Requires:       perl(Term::ReadKey)

The Term::ReadKey module is only needed for ibmonitor fo changing the display on the fly by hitting certain keys, e.g. "m" to show the maximum bandwidth used while the program has been running. The program, which is a Perl script, will run without ReadKey support being present on the system. There is code within the script that checks for the presence of the module, but doesn't require it to be present. That code is shown below.

# Check for installation of Term-ReadKey module
eval q/use Term::ReadKey;/;
if (!$@) {
        $useReadKey = 1;
}

Since the module is actually present on the system and I can change the ibmonitor display by hitting the keys that trigger options in the program, such as the display of maximum bandwidth, I used rpm --nodeps --install ibmonitor-1.4-1.noarch.rpm to ignore the dependency check for Term::ReadKey and proceed with the installation of the ibmonitor RPM file. The program worked fine after the installation.

The RPM installation installs the following files:

$ ls -l /usr/share/doc/ibmonitor-1.4/
total 44
-rw-r--r--    1 root     root           33 Oct 13  2006 AUTHORS
-rw-r--r--    1 root     root         4260 Oct 13  2006 ChangeLog
-rw-r--r--    1 root     root        18009 May  3  2003 COPYING
-rw-r--r--    1 root     root         5477 Oct 13  2006 README
-rw-r--r--    1 root     root           67 Oct 13  2006 TODO
$ ls -l /usr/bin/ibmonitor
-rwxr-xr-x    1 root     root        31971 Oct 13  2006 /usr/bin/ibmonitor

References:

1. How do I find which modules are installed on my system?
   perlfaq3 - perldoc.perl.org


2. Chapter 10. Advanced RPM Packaging
   Fedora Documentation on docs.fedoraproject.org


3. Chapter 22. Spec File Syntax
   Fedora Documentation on docs.fedoraproject.org


4. [COMMIT LOGREPORT] package/rpm/SPECS lire.spec,1.26,1.27
   By: Wytze van der Raay wraay at users.sourceforge.net
   Date: August 4, 2006
   lists.logreport.org Mailing Lists


5. Spec file tags
   Date: July 2, 2005
   Wraptastic

[/languages/perl] permanent link

[/hardware/power] permanent link

A problem has been detected and Windows has been shut down to prevent damage
to your computer.

If this is the first time yo've seen this Stop error screen,
restart your computer. If this screen appears again, follow
these steps:

Check to besure you have adequate disk space. If a driver is
identified in the Stop message, disable the driver or check
with the manufacturer for driver updates. Try changing video
adapters.

Check with your hardware vendor for any BIOS updates. Disable
BIOS memory options such as caching or shadowing. If you need
to use Safe Mode to remove or disable compoinets, restart your
computer, pres F8 to select Advanced Startup Options, and then
select Safe Mode.

Technical information:

*** STOP: 0x0000008E (0xC0000005,0xBFA14A9B,0xEBF7D7Dc,0x00000000)


*** ialmdev5.DLL - Address FBA14A9B base at BFA02000, DateStamp 40292c7e

Beginning dump of physical memory
Physical memory dump complete.
Contact your system administrator or technical support group for further
assistance.

When I rebooted the system, which is running Windows XP Professional Service Pack 2, and logged in, I received a notification that the system had recovered from a serious error. I chose to send the log to Microsoft and saw a webpage appear stating "Problem caused by Intel Graphics Driver".

Problem caused by Intel Graphics Driver

This problem was caused by Intel Graphics Driver. Intel Graphics Driver was created by Dell Inc..

There is no solution for this probem at this time.

However, your computer is missing updates that can help improve its stability and security.

In Internet Explorer (6.0.2900), I clicked on Tools then selected Windows Update. I was notified that "To use Microsoft Update, you must first install the latest version of some Windows components. This will allow your computer to work with these new features on the site:". But the installation of Windows Genuine Advantage Validation Tool (KB892130) failed. I tried several more times, including after rebooting, but the results were always the same.

I then tried the method outlined at Easy Way to Bypass Windows Genuine Advantage. I took the following steps in Internet Explorer.

1. Click on Tools.
2. Select Internet Options.
3. Click on the Programs tab.
4. Click on the Manage Add-ons tab.
5. Scroll down to you see "Windows Genuine Advantage Validation Tool" in the Name field.
6. Click on Disable to disable that add-on.
7. You will see an Add-on Status window appear stating "You have chosen to disable this add-on. For the change to take effect, you may need to restart Internet Explorer." Click on OK.
8. Click on OK to close the Manage Add-ons window.
9. Click on OK to close the Internet Options window.
10. Close Internet Explorer.

I then reopened Internet Explorer and clicked on Tools then Windows Update. Again, I clicked on the Express button to get high-priority updates. Again the Microsoft website wanted to install Windows Genuine Advantage Tool (KB892130), but again it failed.

I then went back to the Manage Add-ons window in Internet Explorer. I left Windows Geinuine Advantage Tool disabled, but clicked on the Update ActiveX button. I was prompted as to whether I wanted to install Windows Genuine Advantae and clicked on the Install button. I received a message that "The add-on was updated successfully.

I closed and reopened Internet Explorer. I then clicked on Tools and selected Windows Update again. I again clicked on the Express button to get high-priority updates. Again the installation of Windows Genuine Advantage Validation Tool failed. I re-enabled the add-on and restarted Internet Explorer.

Looking over the comments to the Digg posting at HOW TO: Bypass Windows Genuine Advantage!, I found that Microsoft patched that Windows Genuine Advantage bypass some time ago. The system was purchased from Dell and has the pre-installed version of Microsoft Windows XP on it. It is a valid copy, but because of Microsoft's Windows Genunine Advantage process, I don't appear to be able to download updates through Windows Update in Internet Explorer.

The system is configurd to download and install automatic updates every day at 3:00 A.M.. Looking at the "Review your update history" information, I see Windows Defender updates are occurring regularly with the last one occurring on Friday, October 19, 2007. The last WIndows XP update occurred on Thursday, October 11 with the Security Update for Windows XP (KB933729) listed.

At Microsoft Windows Update Troubleshooter, under the Manual installation instructions for Windows Update controls, I found a statement that "Several problems on the Windows Update site can be caused by outdated or mismatched site software." I downloaded the iuctl.cab file mentioned from http://v4.windowsupdate.microsoft.com/cab/x86/unicode/iuctl.cab. I followed the instructions for extracting its contents and then right-clicked on the iuctl "Setup Information" file, i.e. iuctl.inf, and chose Install.

I still had the same problem afterwards, though. Nor did closing Internet Explorer, reinstalling from the iuctl.inf, and reopening Internet Explorer and trying again, produce any different results.

Looking in C:\WINDOWS\WindowsUpdate.log, I see the following lines at the bottom of the file.

WARNING: WU client failed insalling updates with error 0x80240020
>>--  RESUMED -- COMAPI: Install [ClientId = MicrosoftUpdate]
  - Install call failed
  - Reboot required = No
  - WARNING: Exit code = 0x80240FFF; Call error code = 0x80240020
---------
--  END  -- COMAPI: Install [ClientID = MicrosoftUpdate]
-------------
WARNING: Operation failed due to earlier error, hr=80240020

At Window's Update error??, I found a suggestion to check whether *.microsoft.com and *.windowsupdate.com are in Internet Explorer's Trusted sites list. They were not, so I put them there by taking the following steps in Internet Explorer.

1. Click on Tools.
2. Select Internet Options.
3. Click on the Security tab.
4. Click on Trusted Sites.
5. Click on the Sites button.
6. Uncheck "Require server verification (https:) for all sites in this zone.
7. Put *.microsoft.com in the "Add this Web site to this zone" field and click on Add.
8. Put *.windowsupdate.com in the "Add this Web site to this zone" field and click on Add.
9. Click on OK.

I again tried Windows Update. Again the installation of the Windows Genuine Advantage Tool failed after I clicked on the Download and install now button to install it. I still got the message that "The following updates were not installed: Windows Genuine Advantage Tool (KB892130)". It still doesn't show up as a failure under the "Review your update history" link, though. But I can't search for updates either.

I found the same problem as evidenced by WindowsUpdate.log described at Re: Update still failing with 80240020 and 8024000c

I've tried Windows Update by logging into the domain administrator's account, the local administrator's account for the system, and another account in the local administrator's group. The results are always the same.

I next tried the suggestion at Windows Update Installation Error by clicking on Start, selecting Run, typing Secpol.msc, and hitting Enter. Then, under Local Policies, I checked that the Administrators group was included in the Security Setting for the following policies. It was listed for all of them.

Back up files and directories
Debug programs
Manage auditing and security log
Restore files and directories
Take ownership of files or other objects

So to this point, I've been unable to resolve the problem. Since I need to resolve a problem with Microsoft Excel on the system, I can't spend any more time on this issue tonight. I thought perhaps an update to Microsoft Office that I might find through Windows Update could resolve that problem, but I'll have to address that problem outside of the Windows Update process. And I'll have to look for an update to the graphics adapter later as well.

References:

1. Easy Way to Bypass Windows Genuine Advantage
   YouAreAdopted.Com
2. HOW TO: Bypass Windows Genuine Advantage!
   Digg
3. Windows Update Troubleshooter
   Microsoft Corporation
4. Re: Update still failing with 80240020 and 8024000c
   By: Robert Aldwinckle (robald_at_techemail.com)
   Date: October 17, 2004
   Tech-Archive.net: The source for usenet news
5. Windows Update Installation Error
   By Torgeir Bakken (MVP)
   Discussion - microsoft.public.windowsupdate | Google Groups

[/os/windows/xp] permanent link

After upgrading SSH on a system to version 4.7p1, I found I could no longer SSH into the system, except if I used ssh 127.0.0.1 from the system itself.

At first, I thought it was a firewall issue, but I was told that the firewall was configured to allow outside access to the system via port 22, yet I still couldn't get in. When I tried to connect to the system via ssh from the console of the system itself, I couldn't get in if I used the Fully Qualified Domain Name (FQDN) nor the IP address of the system. I got an "ssh_exchange_identification" error when I tried.

# ssh server1.example.com
ssh_exchange_identification: Connection closed by remote host

I rebooted the system, but the results were the same. When I checked to see whether the system was listening on all interfaces on port 22, I saw the following:

# netstat -a | grep 22
      *.22                 *.*                0      0     0      0 LISTEN

When I used tail /var/log/authlog, I saw the following:

Oct 18 18:49:44 server1 reboot: rebooted by jsmith
Oct 18 18:51:23 server1 sshd[258]: error: Bind to port 22 on 0.0.0.0 failed: Address already in use.
Oct 18 18:51:23 server1 sshd[258]: fatal: Cannot bind any address.
Oct 18 18:53:21 server1 sshd[2310]: refused connect from 89.sub-75-196-157.myvzw.com
Oct 18 18:54:51 server1 sshd[2415]: refused connect from server1.example.com
Oct 18 18:55:25 server1 sshd[2420]: refused connect from server1.example.com
Oct 18 18:57:13 server1 sshd[2426]: refused connect from frostdragon.com

When I checked to see what application had port 22 open with lsof, I found sshd listed.

# lsof -i TCP:22
COMMAND PID USER   FD   TYPE        DEVICE SIZE/OFF NODE NAME
sshd    249 root    4u  inet 0x30000115068      0t0  TCP *:22 (LISTEN)

I didn't see any setting in /usr/local/etc/sshd_config that I thought would cause the problem. I then looked in /etc/hosts.allow and realized I needed to add SSH access there. I added the line below.

sshd   : allow ALL

I was then able immediately to SSH into the system. But, when I did so, I realized that no login banner was appearing. I needed to have a warning banner clearly stating, before any userid or password prompt appeared, that access is allowed only for authorized users. So I created a file /etc/banner with text for that warning message (the file has 744 protection, i.e. world read access). I then modified the "banner" section of /usr/local/etc/sshd_config to point to the banner text file /etc/banner.

# no default banner path
#Banner /some/path
Banner /etc/banner

I then restarted sshd.

# /etc/init.d/sshd stop
Stopping sshd
# /etc/init.d/sshd start
Starting sshd

Then when I attempted to ssh into the system, I saw the banner prior to the password prompt appearing.

[/network/ssh] permanent link

# ssh -V
OpenSSH_3.7.1p1, SSH protocols 1.5/2.0, OpenSSL 0.9.7b 10 Apr 2003

Note: if you need to check the version of the SSH daemon software on a remote system, you can ssh to the system using the -v option to obtain verbose debugging messages, which will reveal the version number on the remote system in the "remote protocol version" line. Note: the version you see on the first line is the version of the ssh client you are using, not the version on the remote SSH server.

# ssh -v jsmith@192.168.0.11
OpenSSH_3.5p1, SSH protocols 1.5/2.0, OpenSSL 0x0090701f
debug1: Reading configuration data /etc/ssh/ssh_config
debug1: Applying options for *
debug1: Rhosts Authentication disabled, originating port will not be trusted.
debug1: ssh_connect: needpriv 0
debug1: Connecting to example.com [192.168.0.11] port 22.
debug1: Connection established.
debug1: identity file /home/jim/.ssh/identity type -1
debug1: identity file /home/jim/.ssh/id_rsa type -1
debug1: identity file /home/jim/.ssh/id_dsa type -1
debug1: Remote protocol version 2.0, remote software version OpenSSH_3.7.1p1
debug1: match: OpenSSH_3.7.1p1 pat OpenSSH*

openssh-4.7p1

Installation of that version also requires the installation of the packages openssl-0.9.8e (do not use the older openssl packages), zlib, libgcc-3.3 or gcc-3.3.2, prngd and optionally, but highly recommended, the perl, egd and tcp_wrappers packages.

When I checked the OpenSSL version on the system, I found it also needed to be updated.

# /usr/local/ssl/bin/openssl version
OpenSSL 0.9.7b 10 Apr 2003

The information for the OpenSSL 0.9.8e package stated that you "may also need to install either gcc-3.4.6 or libgcc-3.4.6 to obtain the libgcc_s.so.1 library.

I found that gcc was also outdated.

# gcc -v
Reading specs from /usr/local/lib/gcc-lib/sparc-sun-solaris2.7/3.0.4/specs
Configured with: ../gcc-3.0.4/configure
Thread model: posix
gcc version 3.0.4

The gcc package requires the installation of libiconv, but that was already on the system in /usr/local/lib. The gcc package is fairly large; since I already had an earlier version of gcc on the system, I decided to proceed with the installation of OpenSSL 0.9.8e instead of waiting over a 1/2 hour to download the latest version of the gcc package.

# gunzip openssl-0.9.8e-sol7-sparc-local.gz
# pkgadd -d ./openssl-0.9.8e-sol7-sparc-local

The following packages are available:
  1  SMCossl     openssl
                 (sparc) 0.9.8e

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1
Processing package instance <SMCossl> from 
</tmp/openssl-0.9.8e-sol7-sparc-local>

openssl
(sparc) 0.9.8e
The OpenSSL Group
Using  as the package base directory.
## Processing package information.
## Processing system information.
   711 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
* /usr/local/ssl 
* /usr/local/ssl/bin 
* /usr/local/ssl/bin/c_rehash 
* /usr/local/ssl/bin/openssl
* /usr/local/ssl/certs 
* /usr/local/ssl/include 
* /usr/local/ssl/include/openssl 
* /usr/local/ssl/include/openssl/aes.h
* /usr/local/ssl/include/openssl/asn1.h
* /usr/local/ssl/include/openssl/asn1_mac.h
* /usr/local/ssl/include/openssl/asn1t.h
* /usr/local/ssl/include/openssl/bio.h
* /usr/local/ssl/include/openssl/blowfish.h 
* /usr/local/ssl/include/openssl/bn.h
* /usr/local/ssl/include/openssl/buffer.h
* /usr/local/ssl/include/openssl/cast.h
* /usr/local/ssl/include/openssl/comp.h
* /usr/local/ssl/include/openssl/conf.h
* /usr/local/ssl/include/openssl/conf_api.h 
[Hit  to continue display]

* /usr/local/ssl/include/openssl/crypto.h
* /usr/local/ssl/include/openssl/des.h
* /usr/local/ssl/include/openssl/des_old.h
* /usr/local/ssl/include/openssl/dh.h
* /usr/local/ssl/include/openssl/dsa.h
* /usr/local/ssl/include/openssl/dso.h
* /usr/local/ssl/include/openssl/e_os2.h
* /usr/local/ssl/include/openssl/ebcdic.h 
* /usr/local/ssl/include/openssl/ec.h
* /usr/local/ssl/include/openssl/engine.h
* /usr/local/ssl/include/openssl/err.h
* /usr/local/ssl/include/openssl/evp.h
* /usr/local/ssl/include/openssl/hmac.h
* /usr/local/ssl/include/openssl/idea.h
* /usr/local/ssl/include/openssl/krb5_asn.h
* /usr/local/ssl/include/openssl/kssl.h
* /usr/local/ssl/include/openssl/lhash.h
* /usr/local/ssl/include/openssl/md2.h
* /usr/local/ssl/include/openssl/md4.h
* /usr/local/ssl/include/openssl/md5.h
[Hit  to continue display]
* /usr/local/ssl/include/openssl/obj_mac.h
* /usr/local/ssl/include/openssl/objects.h
* /usr/local/ssl/include/openssl/ocsp.h
* /usr/local/ssl/include/openssl/opensslconf.h
* /usr/local/ssl/include/openssl/opensslv.h
* /usr/local/ssl/include/openssl/ossl_typ.h
* /usr/local/ssl/include/openssl/pem.h
* /usr/local/ssl/include/openssl/pem2.h 
* /usr/local/ssl/include/openssl/pkcs12.h
* /usr/local/ssl/include/openssl/pkcs7.h
* /usr/local/ssl/include/openssl/rand.h
* /usr/local/ssl/include/openssl/rc2.h
* /usr/local/ssl/include/openssl/rc4.h
* /usr/local/ssl/include/openssl/ripemd.h
* /usr/local/ssl/include/openssl/rsa.h
* /usr/local/ssl/include/openssl/safestack.h
* /usr/local/ssl/include/openssl/sha.h
* /usr/local/ssl/include/openssl/ssl.h
* /usr/local/ssl/include/openssl/ssl2.h 
* /usr/local/ssl/include/openssl/ssl23.h 
[Hit  to continue display]

* /usr/local/ssl/include/openssl/ssl3.h
* /usr/local/ssl/include/openssl/stack.h
* /usr/local/ssl/include/openssl/symhacks.h
* /usr/local/ssl/include/openssl/tls1.h
* /usr/local/ssl/include/openssl/tmdiff.h
* /usr/local/ssl/include/openssl/txt_db.h
* /usr/local/ssl/include/openssl/ui.h
* /usr/local/ssl/include/openssl/ui_compat.h 
* /usr/local/ssl/include/openssl/x509.h
* /usr/local/ssl/include/openssl/x509_vfy.h
* /usr/local/ssl/include/openssl/x509v3.h
* /usr/local/ssl/lib 
* /usr/local/ssl/lib/libcrypto.a
* /usr/local/ssl/lib/libssl.a
* /usr/local/ssl/lib/pkgconfig 
* /usr/local/ssl/lib/pkgconfig/openssl.pc
* /usr/local/ssl/man 
* /usr/local/ssl/man/man1 
* /usr/local/ssl/man/man1/CA.pl.1
* /usr/local/ssl/man/man1/asn1parse.1
[Hit  to continue display]

* /usr/local/ssl/man/man1/ca.1
* /usr/local/ssl/man/man1/ciphers.1
* /usr/local/ssl/man/man1/crl.1
* /usr/local/ssl/man/man1/crl2pkcs7.1
* /usr/local/ssl/man/man1/dgst.1
* /usr/local/ssl/man/man1/dhparam.1
* /usr/local/ssl/man/man1/dsa.1
* /usr/local/ssl/man/man1/dsaparam.1
* /usr/local/ssl/man/man1/enc.1
* /usr/local/ssl/man/man1/gendsa.1
* /usr/local/ssl/man/man1/genrsa.1
* /usr/local/ssl/man/man1/nseq.1
* /usr/local/ssl/man/man1/ocsp.1
* /usr/local/ssl/man/man1/openssl.1
* /usr/local/ssl/man/man1/passwd.1
* /usr/local/ssl/man/man1/pkcs12.1
* /usr/local/ssl/man/man1/pkcs7.1
* /usr/local/ssl/man/man1/pkcs8.1
* /usr/local/ssl/man/man1/rand.1
* /usr/local/ssl/man/man1/req.1
[Hit  to continue display]

* /usr/local/ssl/man/man1/rsa.1
* /usr/local/ssl/man/man1/rsautl.1
* /usr/local/ssl/man/man1/s_client.1
* /usr/local/ssl/man/man1/s_server.1
* /usr/local/ssl/man/man1/sess_id.1
* /usr/local/ssl/man/man1/smime.1
* /usr/local/ssl/man/man1/speed.1
* /usr/local/ssl/man/man1/spkac.1
* /usr/local/ssl/man/man1/verify.1
* /usr/local/ssl/man/man1/version.1
* /usr/local/ssl/man/man1/x509.1
* /usr/local/ssl/man/man3 
* /usr/local/ssl/man/man3/ASN1_OBJECT_new.3
* /usr/local/ssl/man/man3/ASN1_STRING_length.3
* /usr/local/ssl/man/man3/ASN1_STRING_new.3
* /usr/local/ssl/man/man3/ASN1_STRING_print_ex.3
* /usr/local/ssl/man/man3/BIO_ctrl.3
* /usr/local/ssl/man/man3/BIO_f_base64.3
* /usr/local/ssl/man/man3/BIO_f_buffer.3
* /usr/local/ssl/man/man3/BIO_f_cipher.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/BIO_f_md.3
* /usr/local/ssl/man/man3/BIO_f_null.3
* /usr/local/ssl/man/man3/BIO_f_ssl.3
* /usr/local/ssl/man/man3/BIO_find_type.3
* /usr/local/ssl/man/man3/BIO_new.3
* /usr/local/ssl/man/man3/BIO_push.3
* /usr/local/ssl/man/man3/BIO_read.3
* /usr/local/ssl/man/man3/BIO_s_accept.3
* /usr/local/ssl/man/man3/BIO_s_bio.3
* /usr/local/ssl/man/man3/BIO_s_connect.3
* /usr/local/ssl/man/man3/BIO_s_fd.3
* /usr/local/ssl/man/man3/BIO_s_file.3
* /usr/local/ssl/man/man3/BIO_s_mem.3
* /usr/local/ssl/man/man3/BIO_s_null.3
* /usr/local/ssl/man/man3/BIO_s_socket.3
* /usr/local/ssl/man/man3/BIO_set_callback.3
* /usr/local/ssl/man/man3/BIO_should_retry.3
* /usr/local/ssl/man/man3/BN_CTX_new.3
* /usr/local/ssl/man/man3/BN_CTX_start.3
* /usr/local/ssl/man/man3/BN_add.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/BN_add_word.3
* /usr/local/ssl/man/man3/BN_bn2bin.3
* /usr/local/ssl/man/man3/BN_cmp.3
* /usr/local/ssl/man/man3/BN_copy.3
* /usr/local/ssl/man/man3/BN_generate_prime.3
* /usr/local/ssl/man/man3/BN_mod_inverse.3
* /usr/local/ssl/man/man3/BN_mod_mul_montgomery.3
* /usr/local/ssl/man/man3/BN_mod_mul_reciprocal.3
* /usr/local/ssl/man/man3/BN_new.3
* /usr/local/ssl/man/man3/BN_num_bytes.3
* /usr/local/ssl/man/man3/BN_rand.3
* /usr/local/ssl/man/man3/BN_set_bit.3
* /usr/local/ssl/man/man3/BN_swap.3
* /usr/local/ssl/man/man3/BN_zero.3
* /usr/local/ssl/man/man3/CRYPTO_set_ex_data.3
* /usr/local/ssl/man/man3/DH_generate_key.3
* /usr/local/ssl/man/man3/DH_generate_parameters.3
* /usr/local/ssl/man/man3/DH_get_ex_new_index.3
* /usr/local/ssl/man/man3/DH_new.3
* /usr/local/ssl/man/man3/DH_set_method.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/DH_size.3
* /usr/local/ssl/man/man3/DSA_SIG_new.3
* /usr/local/ssl/man/man3/DSA_do_sign.3
* /usr/local/ssl/man/man3/DSA_dup_DH.3
* /usr/local/ssl/man/man3/DSA_generate_key.3
* /usr/local/ssl/man/man3/DSA_generate_parameters.3
* /usr/local/ssl/man/man3/DSA_get_ex_new_index.3
* /usr/local/ssl/man/man3/DSA_new.3
* /usr/local/ssl/man/man3/DSA_set_method.3
* /usr/local/ssl/man/man3/DSA_sign.3
* /usr/local/ssl/man/man3/DSA_size.3
* /usr/local/ssl/man/man3/ERR_GET_LIB.3
* /usr/local/ssl/man/man3/ERR_clear_error.3
* /usr/local/ssl/man/man3/ERR_error_string.3
* /usr/local/ssl/man/man3/ERR_get_error.3
* /usr/local/ssl/man/man3/ERR_load_crypto_strings.3
* /usr/local/ssl/man/man3/ERR_load_strings.3
* /usr/local/ssl/man/man3/ERR_print_errors.3
* /usr/local/ssl/man/man3/ERR_put_error.3
* /usr/local/ssl/man/man3/ERR_remove_state.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/EVP_BytesToKey.3
* /usr/local/ssl/man/man3/EVP_DigestInit.3
* /usr/local/ssl/man/man3/EVP_EncryptInit.3
* /usr/local/ssl/man/man3/EVP_OpenInit.3
* /usr/local/ssl/man/man3/EVP_PKEY_new.3
* /usr/local/ssl/man/man3/EVP_PKEY_set1_RSA.3
* /usr/local/ssl/man/man3/EVP_SealInit.3
* /usr/local/ssl/man/man3/EVP_SignInit.3
* /usr/local/ssl/man/man3/EVP_VerifyInit.3
* /usr/local/ssl/man/man3/OBJ_nid2obj.3
* /usr/local/ssl/man/man3/OPENSSL_VERSION_NUMBER.3
* /usr/local/ssl/man/man3/OpenSSL_add_all_algorithms.3
* /usr/local/ssl/man/man3/PKCS12_create.3
* /usr/local/ssl/man/man3/PKCS12_parse.3
* /usr/local/ssl/man/man3/PKCS7_decrypt.3
* /usr/local/ssl/man/man3/PKCS7_encrypt.3
* /usr/local/ssl/man/man3/PKCS7_sign.3
* /usr/local/ssl/man/man3/PKCS7_verify.3
* /usr/local/ssl/man/man3/RAND_add.3
* /usr/local/ssl/man/man3/RAND_bytes.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/RAND_cleanup.3
* /usr/local/ssl/man/man3/RAND_egd.3
* /usr/local/ssl/man/man3/RAND_load_file.3
* /usr/local/ssl/man/man3/RAND_set_rand_method.3
* /usr/local/ssl/man/man3/RSA_blinding_on.3
* /usr/local/ssl/man/man3/RSA_check_key.3
* /usr/local/ssl/man/man3/RSA_generate_key.3
* /usr/local/ssl/man/man3/RSA_get_ex_new_index.3
* /usr/local/ssl/man/man3/RSA_new.3
* /usr/local/ssl/man/man3/RSA_padding_add_PKCS1_type_1.3
* /usr/local/ssl/man/man3/RSA_print.3
* /usr/local/ssl/man/man3/RSA_private_encrypt.3
* /usr/local/ssl/man/man3/RSA_public_encrypt.3
* /usr/local/ssl/man/man3/RSA_set_method.3
* /usr/local/ssl/man/man3/RSA_sign.3
* /usr/local/ssl/man/man3/RSA_sign_ASN1_OCTET_STRING.3
* /usr/local/ssl/man/man3/RSA_size.3
* /usr/local/ssl/man/man3/SMIME_read_PKCS7.3
* /usr/local/ssl/man/man3/SMIME_write_PKCS7.3
* /usr/local/ssl/man/man3/SSL_CIPHER_get_name.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/SSL_COMP_add_compression_method.3
* /usr/local/ssl/man/man3/SSL_CTX_add_extra_chain_cert.3
* /usr/local/ssl/man/man3/SSL_CTX_add_session.3
* /usr/local/ssl/man/man3/SSL_CTX_ctrl.3
* /usr/local/ssl/man/man3/SSL_CTX_flush_sessions.3
* /usr/local/ssl/man/man3/SSL_CTX_free.3
* /usr/local/ssl/man/man3/SSL_CTX_get_ex_new_index.3
* /usr/local/ssl/man/man3/SSL_CTX_get_verify_mode.3
* /usr/local/ssl/man/man3/SSL_CTX_load_verify_locations.3
* /usr/local/ssl/man/man3/SSL_CTX_new.3
* /usr/local/ssl/man/man3/SSL_CTX_sess_number.3
* /usr/local/ssl/man/man3/SSL_CTX_sess_set_cache_size.3
* /usr/local/ssl/man/man3/SSL_CTX_sess_set_get_cb.3
* /usr/local/ssl/man/man3/SSL_CTX_sessions.3
* /usr/local/ssl/man/man3/SSL_CTX_set_cert_store.3
* /usr/local/ssl/man/man3/SSL_CTX_set_cert_verify_callback.3
* /usr/local/ssl/man/man3/SSL_CTX_set_cipher_list.3
* /usr/local/ssl/man/man3/SSL_CTX_set_client_CA_list.3
* /usr/local/ssl/man/man3/SSL_CTX_set_client_cert_cb.3
* /usr/local/ssl/man/man3/SSL_CTX_set_default_passwd_cb.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/SSL_CTX_set_generate_session_id.3
* /usr/local/ssl/man/man3/SSL_CTX_set_info_callback.3
* /usr/local/ssl/man/man3/SSL_CTX_set_max_cert_list.3
* /usr/local/ssl/man/man3/SSL_CTX_set_mode.3
* /usr/local/ssl/man/man3/SSL_CTX_set_msg_callback.3
* /usr/local/ssl/man/man3/SSL_CTX_set_options.3
* /usr/local/ssl/man/man3/SSL_CTX_set_quiet_shutdown.3
* /usr/local/ssl/man/man3/SSL_CTX_set_session_cache_mode.3
* /usr/local/ssl/man/man3/SSL_CTX_set_session_id_context.3
* /usr/local/ssl/man/man3/SSL_CTX_set_ssl_version.3
* /usr/local/ssl/man/man3/SSL_CTX_set_timeout.3
* /usr/local/ssl/man/man3/SSL_CTX_set_tmp_dh_callback.3
* /usr/local/ssl/man/man3/SSL_CTX_set_tmp_rsa_callback.3
* /usr/local/ssl/man/man3/SSL_CTX_set_verify.3
* /usr/local/ssl/man/man3/SSL_CTX_use_certificate.3
* /usr/local/ssl/man/man3/SSL_SESSION_free.3
* /usr/local/ssl/man/man3/SSL_SESSION_get_ex_new_index.3
* /usr/local/ssl/man/man3/SSL_SESSION_get_time.3
* /usr/local/ssl/man/man3/SSL_accept.3
* /usr/local/ssl/man/man3/SSL_alert_type_string.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/SSL_clear.3
* /usr/local/ssl/man/man3/SSL_connect.3
* /usr/local/ssl/man/man3/SSL_do_handshake.3
* /usr/local/ssl/man/man3/SSL_free.3
* /usr/local/ssl/man/man3/SSL_get_SSL_CTX.3
* /usr/local/ssl/man/man3/SSL_get_ciphers.3
* /usr/local/ssl/man/man3/SSL_get_client_CA_list.3
* /usr/local/ssl/man/man3/SSL_get_current_cipher.3
* /usr/local/ssl/man/man3/SSL_get_default_timeout.3
* /usr/local/ssl/man/man3/SSL_get_error.3
* /usr/local/ssl/man/man3/SSL_get_ex_data_X509_STORE_CTX_idx.3
* /usr/local/ssl/man/man3/SSL_get_ex_new_index.3
* /usr/local/ssl/man/man3/SSL_get_fd.3
* /usr/local/ssl/man/man3/SSL_get_peer_cert_chain.3
* /usr/local/ssl/man/man3/SSL_get_peer_certificate.3
* /usr/local/ssl/man/man3/SSL_get_rbio.3
* /usr/local/ssl/man/man3/SSL_get_session.3
* /usr/local/ssl/man/man3/SSL_get_verify_result.3
* /usr/local/ssl/man/man3/SSL_get_version.3
* /usr/local/ssl/man/man3/SSL_library_init.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/SSL_load_client_CA_file.3
* /usr/local/ssl/man/man3/SSL_new.3
* /usr/local/ssl/man/man3/SSL_pending.3
* /usr/local/ssl/man/man3/SSL_read.3
* /usr/local/ssl/man/man3/SSL_rstate_string.3
* /usr/local/ssl/man/man3/SSL_session_reused.3
* /usr/local/ssl/man/man3/SSL_set_bio.3
* /usr/local/ssl/man/man3/SSL_set_connect_state.3
* /usr/local/ssl/man/man3/SSL_set_fd.3
* /usr/local/ssl/man/man3/SSL_set_session.3
* /usr/local/ssl/man/man3/SSL_set_shutdown.3
* /usr/local/ssl/man/man3/SSL_set_verify_result.3
* /usr/local/ssl/man/man3/SSL_shutdown.3
* /usr/local/ssl/man/man3/SSL_state_string.3
* /usr/local/ssl/man/man3/SSL_want.3
* /usr/local/ssl/man/man3/SSL_write.3
* /usr/local/ssl/man/man3/X509_NAME_ENTRY_get_object.3
* /usr/local/ssl/man/man3/X509_NAME_add_entry_by_txt.3
* /usr/local/ssl/man/man3/X509_NAME_get_index_by_NID.3
* /usr/local/ssl/man/man3/X509_NAME_print_ex.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/X509_new.3
* /usr/local/ssl/man/man3/bio.3
* /usr/local/ssl/man/man3/blowfish.3
* /usr/local/ssl/man/man3/bn.3
* /usr/local/ssl/man/man3/bn_internal.3
* /usr/local/ssl/man/man3/buffer.3
* /usr/local/ssl/man/man3/crypto.3
* /usr/local/ssl/man/man3/d2i_ASN1_OBJECT.3
* /usr/local/ssl/man/man3/d2i_DHparams.3
* /usr/local/ssl/man/man3/d2i_DSAPublicKey.3
* /usr/local/ssl/man/man3/d2i_PKCS8PrivateKey.3
* /usr/local/ssl/man/man3/d2i_RSAPublicKey.3
* /usr/local/ssl/man/man3/d2i_SSL_SESSION.3
* /usr/local/ssl/man/man3/d2i_X509.3
* /usr/local/ssl/man/man3/d2i_X509_ALGOR.3
* /usr/local/ssl/man/man3/d2i_X509_CRL.3
* /usr/local/ssl/man/man3/d2i_X509_NAME.3
* /usr/local/ssl/man/man3/d2i_X509_REQ.3
* /usr/local/ssl/man/man3/d2i_X509_SIG.3
* /usr/local/ssl/man/man3/des.3
[Hit  to continue display]

* /usr/local/ssl/man/man3/dh.3
* /usr/local/ssl/man/man3/dsa.3
* /usr/local/ssl/man/man3/engine.3
* /usr/local/ssl/man/man3/err.3
* /usr/local/ssl/man/man3/evp.3
* /usr/local/ssl/man/man3/hmac.3
* /usr/local/ssl/man/man3/lh_stats.3
* /usr/local/ssl/man/man3/lhash.3
* /usr/local/ssl/man/man3/md5.3
* /usr/local/ssl/man/man3/mdc2.3
* /usr/local/ssl/man/man3/pem.3
* /usr/local/ssl/man/man3/rand.3
* /usr/local/ssl/man/man3/rc4.3
* /usr/local/ssl/man/man3/ripemd.3
* /usr/local/ssl/man/man3/rsa.3
* /usr/local/ssl/man/man3/sha.3
* /usr/local/ssl/man/man3/ssl.3
* /usr/local/ssl/man/man3/threads.3
* /usr/local/ssl/man/man3/ui.3
* /usr/local/ssl/man/man3/ui_compat.3
[Hit  to continue display]

* /usr/local/ssl/man/man5 
* /usr/local/ssl/man/man5/config.5
* /usr/local/ssl/man/man7 
* /usr/local/ssl/man/man7/des_modes.7
* /usr/local/ssl/misc 
* /usr/local/ssl/misc/CA.pl
* /usr/local/ssl/misc/CA.sh
* /usr/local/ssl/misc/c_hash 
* /usr/local/ssl/misc/c_info 
* /usr/local/ssl/misc/c_issuer
* /usr/local/ssl/misc/c_name 
* /usr/local/ssl/openssl.cnf
* /usr/local/ssl/private 

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y
...
/usr/local/ssl/misc/c_hash 
/usr/local/ssl/misc/c_info 
/usr/local/ssl/misc/c_issuer
/usr/local/ssl/misc/c_name 
/usr/local/ssl/openssl.cnf
[ verifying class  ]

Installation of <SMCossl> was successful.
#

I chose to replace the outdated versions of files when prompted as to whether I wanted to "install these conflicting files". I checked the version of OpenSSL afterwards and saw the new version listed.

# /usr/local/ssl/bin/openssl version
OpenSSL 0.9.8e 23 Feb 2007

I then installed OpenSSH 4.7.1

# gunzip openssh-4.7p1-sol7-sparc-local.gz
# pkgadd -d openssh-4.7p1-sol7-sparc-local

The following packages are available:
  1  SMCosh471     openssh
                   (sparc) 4.7p1

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1


Processing package instance <SMCosh471> from </tmp/openssh-4.7p1-sol7-sparc-local>

openssh
(sparc) 4.7p1
The OpenSSH Group
Using  as the package base directory.
## Processing package information.
## Processing system information.
   9 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
* /usr/local/bin/scp
* /usr/local/bin/sftp
* /usr/local/bin/ssh
* /usr/local/bin/ssh-add
* /usr/local/bin/ssh-agent
* /usr/local/bin/ssh-keygen
* /usr/local/bin/ssh-keyscan
* /usr/local/etc/moduli
* /usr/local/etc/ssh_config
* /usr/local/etc/sshd_config
* /usr/local/libexec 
* /usr/local/libexec/sftp-server
* /usr/local/libexec/ssh-keysign
* /usr/local/libexec/ssh-rand-helper
* /usr/local/man/man1/scp.1
* /usr/local/man/man1/sftp.1
* /usr/local/man/man1/ssh-add.1
* /usr/local/man/man1/ssh-agent.1
* /usr/local/man/man1/ssh-keygen.1
[Hit  to continue display]

* /usr/local/man/man1/ssh-keyscan.1
* /usr/local/man/man1/ssh.1
* /usr/local/man/man5/ssh_config.5
* /usr/local/man/man5/sshd_config.5
* /usr/local/man/man8 
* /usr/local/man/man8/sftp-server.8
* /usr/local/man/man8/ssh-keysign.8
* /usr/local/man/man8/ssh-rand-helper.8
* /usr/local/man/man8/sshd.8
* /usr/local/sbin 
* /usr/local/sbin/sshd
* /usr/local/share/Ssh.bin 

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y
## Checking for setuid/setgid programs.

Installing openssh as 

## Installing part 1 of 1.
/usr/local/bin/scp
/usr/local/bin/sftp
/usr/local/bin/ssh
/usr/local/bin/ssh-add
/usr/local/bin/ssh-agent
/usr/local/bin/ssh-keygen
/usr/local/bin/ssh-keyscan
/usr/local/doc/openssh/CREDITS
/usr/local/doc/openssh/ChangeLog
/usr/local/doc/openssh/INSTALL
/usr/local/doc/openssh/LICENCE
/usr/local/doc/openssh/OVERVIEW
/usr/local/doc/openssh/README
/usr/local/doc/openssh/README.dns
/usr/local/doc/openssh/README.platform
/usr/local/doc/openssh/README.privsep
/usr/local/doc/openssh/README.smartcard
/usr/local/doc/openssh/README.tun
/usr/local/doc/openssh/TODO
/usr/local/doc/openssh/WARNING.RNG
/usr/local/doc/openssh/contrib/Makefile
/usr/local/doc/openssh/contrib/README
/usr/local/doc/openssh/contrib/aix/README
/usr/local/doc/openssh/contrib/aix/buildbff.sh
/usr/local/doc/openssh/contrib/aix/inventory.sh
/usr/local/doc/openssh/contrib/aix/pam.conf
/usr/local/doc/openssh/contrib/caldera/openssh.spec
/usr/local/doc/openssh/contrib/caldera/ssh-host-keygen
/usr/local/doc/openssh/contrib/caldera/sshd.init
/usr/local/doc/openssh/contrib/caldera/sshd.pam
/usr/local/doc/openssh/contrib/cygwin/Makefile
/usr/local/doc/openssh/contrib/cygwin/README
/usr/local/doc/openssh/contrib/cygwin/ssh-host-config
/usr/local/doc/openssh/contrib/cygwin/ssh-user-config
/usr/local/doc/openssh/contrib/findssl.sh
/usr/local/doc/openssh/contrib/gnome-ssh-askpass1.c
/usr/local/doc/openssh/contrib/gnome-ssh-askpass2.c
/usr/local/doc/openssh/contrib/hpux/README
/usr/local/doc/openssh/contrib/hpux/egd
/usr/local/doc/openssh/contrib/hpux/egd.rc
/usr/local/doc/openssh/contrib/hpux/sshd
/usr/local/doc/openssh/contrib/hpux/sshd.rc
/usr/local/doc/openssh/contrib/redhat/gnome-ssh-askpass.csh
/usr/local/doc/openssh/contrib/redhat/gnome-ssh-askpass.sh
/usr/local/doc/openssh/contrib/redhat/openssh.spec
/usr/local/doc/openssh/contrib/redhat/sshd.init
/usr/local/doc/openssh/contrib/redhat/sshd.init.old
/usr/local/doc/openssh/contrib/redhat/sshd.pam
/usr/local/doc/openssh/contrib/redhat/sshd.pam.old
/usr/local/doc/openssh/contrib/solaris/README
/usr/local/doc/openssh/contrib/ssh-copy-id
/usr/local/doc/openssh/contrib/ssh-copy-id.1
/usr/local/doc/openssh/contrib/sshd.pam.freebsd
/usr/local/doc/openssh/contrib/sshd.pam.generic
/usr/local/doc/openssh/contrib/suse/openssh.spec
/usr/local/doc/openssh/contrib/suse/rc.config.sshd
/usr/local/doc/openssh/contrib/suse/rc.sshd
/usr/local/doc/openssh/contrib/suse/sysconfig.ssh
/usr/local/etc/moduli
/usr/local/etc/ssh_config
/usr/local/etc/sshd_config
/usr/local/libexec/sftp-server
/usr/local/libexec/ssh-keysign
/usr/local/libexec/ssh-rand-helper
/usr/local/man/man1/scp.1
/usr/local/man/man1/sftp.1
/usr/local/man/man1/ssh-add.1
/usr/local/man/man1/ssh-agent.1
/usr/local/man/man1/ssh-keygen.1
/usr/local/man/man1/ssh-keyscan.1
/usr/local/man/man1/ssh.1
/usr/local/man/man5/ssh_config.5
/usr/local/man/man5/sshd_config.5
/usr/local/man/man8/sftp-server.8
/usr/local/man/man8/ssh-keysign.8
/usr/local/man/man8/ssh-rand-helper.8
/usr/local/man/man8/sshd.8
/usr/local/sbin/sshd
/usr/local/share/Ssh.bin 
[ verifying class  ]

Installation of <SMCosh471> was successful.

When I tried to run ssh afterwards, though, I got an error message.

# ssh -v
ld.so.1: ssh: fatal: libz.so: open failed: No such file or directory
Killed

According to information I found at Re: OpenSSH 3.7.1p1, that occurs when OpenSSH has been compiled with a shared libz and the ssh binary can't find libz on the target system. The suggested solution was to put libz on the target system or rebuild the source code with a static library. At Minimizing the Solaris Operating Environment for Security: Updated for Solaris 9 Operating Environment, I found libz.so.1 associated with the SUNWzlib package, which has a description of "The Zip compression library".

At Very nice OpenSSH 4.3p2 packages for 8,9,10, I found a reference to someone building packages for Solaris 8, 9, and 10 which are built against the static version of zlib (1.2.3), so SUNWzlib is no longer required. Those packages are available from http://firewallworks.com/downloads/unsupported/Solaris-sparc/

I decided to download zlib-1.2.3 from the Sunfreeware site instead. The package contains zlib compression libraries - installs in /usr/local. This package has both libz.a and libz.so libraries. The package requires that libgcc_s.so.1 be in /usr/local/lib. This can be done by installing libgcc-3.3 or gcc or higher. This package contains the patch for the security vulnerability described, for example, in USN-148-1 zlib vulnerability.

I installed that package.

# pkgadd -d ./zlib-1.2.3-sol7-sparc-local

The following packages are available:
  1  SMCzlib     zlib
                 (sparc) 1.2.3

Select package(s) you wish to process (or 'all' to process
all packages). (default: all) [?,??,q]: 1

Processing package instance <SMCzlib> from </tmp/zlib-1.2.3-sol7-sparc-local>

zlib
(sparc) 1.2.3
Jean-loup Gailly
Using  as the package base directory.
## Processing package information.
## Processing system information.
   6 package pathnames are already properly installed.
## Verifying disk space requirements.
## Checking for conflicts with packages already installed.

The following files are already installed on the system and are being
used by another package:
* /usr/local/include/zconf.h
* /usr/local/include/zlib.h
* /usr/local/lib/libz.a

* - conflict with a file which does not belong to any package.

Do you want to install these conflicting files [y,n,?,q] y
## Checking for setuid/setgid programs.

Installing zlib as 

## Installing part 1 of 1.
/usr/local/bin/minigzip
/usr/local/doc/zlib/ChangeLog
/usr/local/doc/zlib/FAQ
/usr/local/doc/zlib/INDEX
/usr/local/doc/zlib/README
/usr/local/doc/zlib/algorithm.txt
/usr/local/doc/zlib/contrib/README.contrib
/usr/local/doc/zlib/contrib/ada/buffer_demo.adb
/usr/local/doc/zlib/contrib/ada/mtest.adb
/usr/local/doc/zlib/contrib/ada/read.adb
/usr/local/doc/zlib/contrib/ada/readme.txt
/usr/local/doc/zlib/contrib/ada/test.adb
/usr/local/doc/zlib/contrib/ada/zlib-streams.adb
/usr/local/doc/zlib/contrib/ada/zlib-streams.ads
/usr/local/doc/zlib/contrib/ada/zlib-thin.adb
/usr/local/doc/zlib/contrib/ada/zlib-thin.ads
/usr/local/doc/zlib/contrib/ada/zlib.adb
/usr/local/doc/zlib/contrib/ada/zlib.ads
/usr/local/doc/zlib/contrib/ada/zlib.gpr
/usr/local/doc/zlib/contrib/asm586/README.586
/usr/local/doc/zlib/contrib/asm586/match.S
/usr/local/doc/zlib/contrib/asm686/README.686
/usr/local/doc/zlib/contrib/asm686/match.S
/usr/local/doc/zlib/contrib/blast/Makefile
/usr/local/doc/zlib/contrib/blast/README
/usr/local/doc/zlib/contrib/blast/blast.c
/usr/local/doc/zlib/contrib/blast/blast.h
/usr/local/doc/zlib/contrib/blast/test.pk
/usr/local/doc/zlib/contrib/blast/test.txt
/usr/local/doc/zlib/contrib/delphi/ZLib.pas
/usr/local/doc/zlib/contrib/delphi/ZLibConst.pas
/usr/local/doc/zlib/contrib/delphi/readme.txt
/usr/local/doc/zlib/contrib/delphi/zlibd32.mak
/usr/local/doc/zlib/contrib/dotzlib/DotZLib.build
/usr/local/doc/zlib/contrib/dotzlib/DotZLib.chm
/usr/local/doc/zlib/contrib/dotzlib/DotZLib.sln
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/AssemblyInfo.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/ChecksumImpl.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/CircularBuffer.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/CodecBase.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/Deflater.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/DotZLib.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/DotZLib.csproj
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/GZipStream.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/Inflater.cs
/usr/local/doc/zlib/contrib/dotzlib/DotZLib/UnitTests.cs
/usr/local/doc/zlib/contrib/dotzlib/LICENSE_1_0.txt
/usr/local/doc/zlib/contrib/dotzlib/readme.txt
/usr/local/doc/zlib/contrib/infback9/README
/usr/local/doc/zlib/contrib/infback9/infback9.c
/usr/local/doc/zlib/contrib/infback9/infback9.h
/usr/local/doc/zlib/contrib/infback9/inffix9.h
/usr/local/doc/zlib/contrib/infback9/inflate9.h
/usr/local/doc/zlib/contrib/infback9/inftree9.c
/usr/local/doc/zlib/contrib/infback9/inftree9.h
/usr/local/doc/zlib/contrib/inflate86/inffas86.c
/usr/local/doc/zlib/contrib/inflate86/inffast.S
/usr/local/doc/zlib/contrib/iostream/test.cpp
/usr/local/doc/zlib/contrib/iostream/zfstream.cpp
/usr/local/doc/zlib/contrib/iostream/zfstream.h
/usr/local/doc/zlib/contrib/iostream2/zstream.h
/usr/local/doc/zlib/contrib/iostream2/zstream_test.cpp
/usr/local/doc/zlib/contrib/iostream3/README
/usr/local/doc/zlib/contrib/iostream3/TODO
/usr/local/doc/zlib/contrib/iostream3/test.cc
/usr/local/doc/zlib/contrib/iostream3/zfstream.cc
/usr/local/doc/zlib/contrib/iostream3/zfstream.h
/usr/local/doc/zlib/contrib/masm686/match.asm
/usr/local/doc/zlib/contrib/masmx64/bld_ml64.bat
/usr/local/doc/zlib/contrib/masmx64/gvmat64.asm
/usr/local/doc/zlib/contrib/masmx64/gvmat64.obj
/usr/local/doc/zlib/contrib/masmx64/inffas8664.c
/usr/local/doc/zlib/contrib/masmx64/inffasx64.asm
/usr/local/doc/zlib/contrib/masmx64/inffasx64.obj
/usr/local/doc/zlib/contrib/masmx64/readme.txt
/usr/local/doc/zlib/contrib/masmx86/bld_ml32.bat
/usr/local/doc/zlib/contrib/masmx86/gvmat32.asm
/usr/local/doc/zlib/contrib/masmx86/gvmat32.obj
/usr/local/doc/zlib/contrib/masmx86/gvmat32c.c
/usr/local/doc/zlib/contrib/masmx86/inffas32.asm
/usr/local/doc/zlib/contrib/masmx86/inffas32.obj
/usr/local/doc/zlib/contrib/masmx86/mkasm.bat
/usr/local/doc/zlib/contrib/masmx86/readme.txt
/usr/local/doc/zlib/contrib/minizip/ChangeLogUnzip
/usr/local/doc/zlib/contrib/minizip/Makefile
/usr/local/doc/zlib/contrib/minizip/crypt.h
/usr/local/doc/zlib/contrib/minizip/ioapi.c
/usr/local/doc/zlib/contrib/minizip/ioapi.h
/usr/local/doc/zlib/contrib/minizip/iowin32.c
/usr/local/doc/zlib/contrib/minizip/iowin32.h
/usr/local/doc/zlib/contrib/minizip/miniunz.c
/usr/local/doc/zlib/contrib/minizip/minizip.c
/usr/local/doc/zlib/contrib/minizip/mztools.c
/usr/local/doc/zlib/contrib/minizip/mztools.h
/usr/local/doc/zlib/contrib/minizip/unzip.c
/usr/local/doc/zlib/contrib/minizip/unzip.h
/usr/local/doc/zlib/contrib/minizip/zip.c
/usr/local/doc/zlib/contrib/minizip/zip.h
/usr/local/doc/zlib/contrib/pascal/example.pas
/usr/local/doc/zlib/contrib/pascal/readme.txt
/usr/local/doc/zlib/contrib/pascal/zlibd32.mak
/usr/local/doc/zlib/contrib/pascal/zlibpas.pas
/usr/local/doc/zlib/contrib/puff/Makefile
/usr/local/doc/zlib/contrib/puff/README
/usr/local/doc/zlib/contrib/puff/puff.c
/usr/local/doc/zlib/contrib/puff/puff.h
/usr/local/doc/zlib/contrib/puff/zeros.raw
/usr/local/doc/zlib/contrib/testzlib/testzlib.c
/usr/local/doc/zlib/contrib/testzlib/testzlib.txt
/usr/local/doc/zlib/contrib/untgz/Makefile
/usr/local/doc/zlib/contrib/untgz/Makefile.msc
/usr/local/doc/zlib/contrib/untgz/untgz.c
/usr/local/doc/zlib/contrib/vstudio/readme.txt
/usr/local/doc/zlib/contrib/vstudio/vc7/miniunz.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc7/minizip.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc7/testzlib.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc7/zlib.rc
/usr/local/doc/zlib/contrib/vstudio/vc7/zlibstat.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc7/zlibvc.def
/usr/local/doc/zlib/contrib/vstudio/vc7/zlibvc.sln
/usr/local/doc/zlib/contrib/vstudio/vc7/zlibvc.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc8/miniunz.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc8/minizip.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc8/testzlib.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc8/testzlibdll.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc8/zlib.rc
/usr/local/doc/zlib/contrib/vstudio/vc8/zlibstat.vcproj
/usr/local/doc/zlib/contrib/vstudio/vc8/zlibvc.def
/usr/local/doc/zlib/contrib/vstudio/vc8/zlibvc.sln
/usr/local/doc/zlib/contrib/vstudio/vc8/zlibvc.vcproj
/usr/local/doc/zlib/example.c
/usr/local/include/zconf.h
/usr/local/include/zlib.h
/usr/local/lib/libz.a
/usr/local/lib/libz.so 
/usr/local/lib/libz.so.1 
/usr/local/lib/libz.so.1.2.3
/usr/local/man/man3/zlib.3
[ verifying class  ]

Installation of <SMCzlib> was successful.

I was then able to run ssh and could see that the new version was in use.

# ssh -v
OpenSSH_4.7p1, OpenSSL 0.9.8e 23 Feb 2007

Zlib was listed as a requirement for OpenSSH 4.7.1; I thought it was already present and hadn't bothered to check before installing that version of OpenSSH.

I then tried to restart the sshd daemon. I created a file /tmp.ssh_restart, which I made executable with chmod 700 ssh_restart, with the following commands:

/etc/init.d/sshd stop
sleep 10
/etc/init.d/sshd start

I then set it to run in the background, hoping I wouldn't lose SSH access to the system, since I was trying to restart the SSH daemon from a remote location.

# /tmp/ssh_restart &
16314
# Stopping sshd
Starting sshd
Privilege separation user sshd does not exist

It did not restart. Though I remained connected, I could not establish new ssh connections.

# ssh -v 127.0.0.1
OpenSSH_4.7p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: connect to address 127.0.0.1 port 22: Connection refused
ssh: connect to host 127.0.0.1 port 22: Connection refused

I resolved the "privilege separation" problem by creating an sshd group and account on the system.

# groupadd -g 74 sshd
UX: groupadd: WARNING: gid 74 is reserved.

# useradd -u 74 -g 74 -c "Privilege-separated SSH" -d /var/empty/sshd -s /bin/false sshd
UX: useradd: WARNING: uid 74 is reserved.

I then reran the /tmp/ssh_restart script.

# /tmp/ssh &
22647
#
# Starting sshd

When I then tried connecting to the system via SSH, I could see that the new 4.7.1 version was running.

# ssh -v 127.0.0.1
OpenSSH_4.7p1, OpenSSL 0.9.8e 23 Feb 2007
debug1: Reading configuration data /usr/local/etc/ssh_config
debug1: Connecting to 127.0.0.1 [127.0.0.1] port 22.
debug1: Connection established.
debug1: permanently_set_uid: 0/1
debug1: identity file /.ssh/identity type -1
debug1: identity file /.ssh/id_rsa type -1
debug1: identity file /.ssh/id_dsa type -1
debug1: Remote protocol version 1.99, remote software version OpenSSH_4.7

References:

1. Re: OpenSSH 3.7.1p1
   By: Scott Burch
   Date: September 26, 2003
   MARC: Mailing list ARChives



2. Minimizing the Solaris Operating Environment for Security: Updated for Solaris 9 Operating Environment
   By: Sun Microsystems
   Date: February 7, 2003
   informIT



3. Installation - Very nice OpenSSH 4.3p2 packages for 8,9,10
   By DTF
   Date: November 11, 2004
   Sun Developer Network (SDN) Forums



4. Privilege separation user sshd does not exist
   By: perh
   Date: March 16, 2004
   UNIXguide.net



5. FC4-Starting sshd: Privilege separation user sshd does not exist FAILED
   By: kiranherekar
   Date: December 23, 2005
   LinuxQuestions.org

[/os/unix/solaris/network] permanent link

I shut down the original MUSH using the @shutdown command while logged into the MUSH as god. I then ran ./Backup from the command line.

$ ./Backup
Creating flatfile ./backups/moondreaming.1007-1558
Loaded module: comsys
Loaded module: mail
Using gdbm file: ./data/moondreaming.gdbm
Reading ........
Input: TinyMUSH-3 version 1: Zone Link GDBM AtrName AtrKey Parent AtrMoney ExtFlags MoreFlags Powers QuotedStr TypedQuotas Timestamps VisualAttrs
Output: TinyMUSH-3 version 1: Zone Link Parent ExtFlags MoreFlags Powers QuotedStr TypedQuotas Timestamps VisualAttrs
Writing ........
Cleaned 1600 attributes (now 1376): 222 deleted, 186 renumbered (96 objects and 463 individual attrs touched).
Creating database archive ./backups/moondreaming.1007-1558.tar.gz
./backups/moondreaming.1007-1558
./data/mod_comsys.db
./data/mod_mail.db

I changed the working directory to the one containing the existing MUSH directory and then copied that directory and its subdirectories recursively.

$ cp -p -r moondreaming sailormoon

I then made the current working directory the one for the new MUSH.

$ cd sailormoon

I then edited mush.config in that directory. I changed the GAMENAME line to match the name of the new MUSH. I left the OWNER line the same, since the owner was the same person in this case.

GAMENAME=sailormoon

I then renamed the old conf file to match the new MUSH name and deleted the log and pid files from the other MUSH. The pid file contains the process id for the other MUSH process. A new one will be assigned the first time the new MUSH is run. If the pid file is not deleted, when you run Startmush it will state that the MUSH is already running.

$ mv moondreaming.conf sailormoon.conf
$ rm moondreaming.log*
$ rm moondreaming.pid

I also deleted the db directories that came from the other MUSH's directory.

$ rm -f -r db-*

I edited the new sailormoon.conf file I renamed to set the port for the new MUSH and its new name, changing the lines below within it.

crash_database  moondreaming.db.CRASH
gdbm_database   moondreaming.gdbm

port 7676
mud_name MoonDreamingMUSH

The new MUSH must listen on a different port than the existing MUSH and one that is not in use by any other application. You can use netstat -a | grep 9999 substituting the port number you've picked instead of 9999 to see whether an application is listening on that port. If no other process is listening on that port, at least at the time you run the command, you see the command prompt returned, but nothing else. Only the root account can use a port less than 1024; ports below that number are considered to be "reserved".

I changed the working directory to the data directory and renamed the old gdbm file to use the name associated with the new MUSH. I deleted the FLAT and KILLED files associated with the other MUSH.

$ cd data
$ ls
mod_comsys.db      mod_mail.db      moondreaming.FLAT  moondreaming.KILLED
mod_comsys.db.old  mod_mail.db.old  moondreaming.gdbm
$ mv moondreaming.gdbm sailormoon.gdbm
$ rm moondreaming.FLAT
$ rm moondreaming.KILLED

I then moved up to the main diectory for the MUSH and removed all of the backup files from the other MUSH, which are in the backups directory.

$ cd ..
$ ls
moondreaming.0310-2131.tar.gz  moondreaming.0316-1729.tar.gz
moondreaming.0315-1900.tar.gz  moondreaming.1007-1416.tar.gz
$ rm backups/*

I then ran ./Startmush

$ ./Startmush
./Startmush: line 83: [: : integer expression expected
Indexing help.txt
1004 topics indexed
Indexing mushman.txt
395 topics indexed
Indexing news.txt
...
62 topics indexed
Indexing plushelp.txt
line 4: line too long
line 9: line too long
line 142: line too long
line 229: line too long
line 254: line too long
line 282: line too long
line 655: line too long
line 680: line too long
line 880: line too long
42 topics indexed
Indexing qhelp.txt
18 topics indexed
Indexing wizhelp.txt
379 topics indexed
Indexing wiznews.txt
1 topics indexed
Checking for database files and creating backups of old files.
tail: sailormoon.log: No such file or directory
Saving old comsys module db.
Saving old mail module db.
ls: sailormoon.log.*: No such file or directory
No previous game log.
Log cleanup done.
Process 19086
071007.164045 TinyMUSH INI/START: Starting: TinyMUSH version 3.1 patchlevel 4 #1 [10/11/2006]
071007.164045 TinyMUSH INI/START: Build date: Sat Mar 10 21:25:06 EST 2007
071007.164045 TinyMUSH INI/START: Build info: ./configure
            gcc   -g  -I./gdbm-1.8.0
071007.164045 TinyMUSH CNF/MOD  : Loaded module: comsys
071007.164045 TinyMUSH CNF/MOD  : Loaded module: mail
071007.164045 SailorMoonMUSH INI/LOAD : Using gdbm file: sailormoon.gdbm
071007.164045 SailorMoonMUSH INI/LOAD : Loading object structures.
071007.164045 SailorMoonMUSH INI/LOAD : Loading db: data/mod_mail.db
071007.164045 SailorMoonMUSH INI/LOAD : Loading db: data/mod_comsys.db
071007.164045 SailorMoonMUSH INI/LOAD : Load complete.
071007.164045 SailorMoonMUSH CFG/UPDAT: God(#1) entered config directive: money_name_singular with args 'Moon Coin'. Status: Success.
071007.164045 SailorMoonMUSH CFG/UPDAT: God(#1) entered config directive: money_name_plural with args 'Moon Coins'. Status: Success.
071007.164045 SailorMoonMUSH INI/LOAD : Startup processing complete.
071007.164045 SailorMoonMUSH NET/SLAVE: DNS lookup slave started on fd 1
071007.164045 SailorMoonMUSH INI/LOAD : Cleanup completed.

Don't worry about the "integer expression expected", the first time the Startmush is run for the MUSH; it won't appear the next time you use Startmush.

After the MUSH loaded, I logged in as god and changed the password.

@password oldpassword=newpassword
Password changed.

[/gaming/tinymush] permanent link

[ More Info ]

[/os/windows/xp] permanent link

When I hit enter for "OK", I then received the following error message:

Internal Error 36000

An internal inconsistency has been detected
If this problem persists, contact Symantec Technical Support
at http://service.symantec.com


		[  OK  ]

When I hit enter, I saw the following:

ABORT: 12020, Write to CD/DVD disc failed

ABORT: 36000, A generalException occurred

[/os/windows/utilities/backup/ghost] permanent link

I found a script posted on TechRepublic at CPU Utilization Script¹. I modified the script so that I could specify the time interval between CPU utilization checks through an argument to the script when it is run. The modified script is available at CPU_Use.vbs ².

The script can be run with csript /nologo CPU_Use.vbs or alternatively cscript /nologo CPU_Use num where "num" is the number of seconds to wait between CPU checks, e.g. csript /nologo CPU_Use 300 to check every 5 minutes.

The output is placed in C:\Processor.log; the output location can be changed by modifying the value of the strLogFile variable in the script. Output will look similar to the following:

9/22/2007       09:43
9/22/2007       09:48   19
9/22/2007       09:53   17
9/22/2007       09:58   17
9/22/2007       10:03   35
9/22/2007       10:08   14
9/22/2007       10:13   15

The first two columns list the date and time the script was run while the third lists the CPU utilization at the time the script was executed. There is no value for CPU utilization for the first entry in the log.

The script requires Windows XP or later. It will not run on Windows 2000. If it is run on Windows 2000, you will see CPU_Use.vbs(48, 1) Microsoft VBScript runtime error: ActiveX component can't create object: 'WbemScripting.Swbemrefresher' ^{3, 4}

Most of the systems I support are Windows XP systems, so the script will still be useful to me, but I can't check the system I wanted to check in this case, since that system is a Windows 2000 system.

References:

1. CPU Utilization Script
   By: neilb
   Posted: January 4, 2006
   TechRepublic
2. CPU_Use.vbs
   By: Jim Cameron (modifications to script written by neilb)
   MoonPoint Support
3. ActiveX component can't create object: 'WbemScripting.Swbemrefresh
   Posted By: Daniel
   Date: April 19, 2005
   Ureader.com - Microsoft community
4. SWbemRefresher Object
   Microsoft Developer Network

[/languages/vbs] permanent link

1. Click on Start.
2. Select Printers and Faxes.
3. Right-click on the printer, in this case SAVIN C3535 PCL 6, and select Properties
4. Click on the Accessories tab.
5. Check Tray 3 (LCT) and Finisher SR3020

   

6. Click on the Paper Size Settings tab.
7. Select Tray 1 under Input Tray.
8. For Paper Size, select Letter (8.5" x 11") then click on Update
9. For Tray 2, select 11" x 17" as the paper size and click on Update.
10. For Tray 3 (LCT), select 8.5" x 11" as the paper size then click on Update.

    

11. Click on OK.

[/os/windows/printers] permanent link

1. Click on File.
2. Select Print.
3. Check Reverse pages.



4. Click on OK.

References:

1. Options in the Print dialog box
   Adobe Systems Incorporated

[/os/windows/software/pdf] permanent link

1. Go to Active Directory Users and Computers.
2. Select the account for the user who left and right click on it.
3. Select Properites.
4. Under the Exchange General tab, click on the Delivery Options button.
5. Click on the Modify button at the Delivery Options window that opens.
6. In the "Enter object name to select" field, type the account name of the user to whom email should be forwarded, e.g. jsmith.
7. Click on the Check names button to verify the account name and then click on OK when it has been verified.
8. Click on OK again to close the Delivery Options window.
9. Click on OK to close the Properties window.

If you need to forward email to an external address instead of an internal Exchange address, see Forwarding an Exchange User's Email to an External Address.

References:

1. Forwarding an Exchange User's Email to an External Address
   November 5, 2006
   MoonPoint Support
2. Redirect mail from old staff and reply to senders with new instructions
   November 11, 2005
   TechRepublic

[/network/email/exchange] permanent link

Aug 16 23:37:57 frostdragon sendmail[3738]: l7H3ak69003738: collect: premature EOM: unexpected close
Aug 16 23:37:57 frostdragon sendmail[3738]: l7H3ak69003738: collect: unexpected close on connection from mail6.tcusa.com, sender=<orders@example.com>

I had also been receiving reports from others that sending even small messages sometimes takes a long time. A couple of times when I checked the number of SMTP connections to the server with netstat -a | grep smtp | wc -l, I found over 60 connections from other email servers. Previously, I would find that there would usually be no more than a dozen such connections at any give time. And, if I connected to the SMTP port with telnet mail.example.com 25, I would sometimes see fairly slow responses.

In searching for information on the problem, I found Sendmail ‘collect: premature EOM: unexpected close’ solution . The author was encountering the same problem, which he traced to the use of a defunct DNSBL, relays.ordb.org. Like the author, I have been using relays.ordb for a long time to block incoming spam to the server. In the /etc/mail/sendmail.mc file on the server, I have the following line.

FEATURE(`dnsbl', `relays.ordb.org', `"550 Mail from " $`'&{client_addr} " refused due to sending server misconfiguration - see http://www.ordb.org/faq/\#why_rejected"')dnl

I removed the above line from /etc/mail/sendmail.mc, but added another DNSBL in its place, the Abusive Hosts Blocking List (AHBL), which I found listed at HOWTO: Sendmail tips for Ensim, by adding the following line to /etc/mail/sendmail.mc.

FEATURE(dnsbl,`dnsbl.ahbl.org', `"550 Host is on the AHBL - Please see [url]http://www.ahbl.org/tools/lookup.php?ip=[/url]"$&{client_addr}')dnl

I then took the following steps to update sendmail's configuration information so that it no longer checks the relays.ordb.org blocklist, but uses the AHBL list instead.

1. I issued the command below
   
   m4 /etc/mail/sendmail.mc > /etc/mail/sendmail.cf
   
   
2. I then stopped and restarted sendmail with the command below
   
   /etc/init.d/sendmail restart

According to DNS Blacklist ORDB.org is shutting down the relays.ordb.org DNSBL has been shut down since December 18, 2006. When I tried pinging it, I don't get a response and an nslookup on the name returns an error message as well.

# nslookup relays.ordb.org
Note:  nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead.  Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
;; connection timed out; no servers could be reached

I'm using 5 other blocklists as well, so I checked all of them by pinging them to ensure that no other blocklists that I am using have disappeared. I got responses for all of them, but that just verifies that a system is functioning at the address pinged. To check whether a system is actually functiong as a DNSBL at that address, you should issue use the nslookup, host, or dig commands to query the system using a query in the form 2.0.0.127.blacklist.example.com. All of the commands should result in the address 127.0.0.2 being displayed as the IP address for the query. This is because DNSBL's normally work by storing the IP address of systems to be blocked as reversed mappings so that queries are submitted akin to how you would do a reverse lookup for an in-addr.arpa query (see Chapter 9: Howto Create a DNSBL (DNS Black List), if you wish further details on how DNSBL's work). Since the convention is for DNSBL's to always have the address 127.0.0.2 in the list, querying for that address allows for easy testing. E.g. for AHBL, I could use 2.0.0.127.dnsbl.ahbl.org with nslookup, host, or dig.

# nslookup 2.0.0.127.dnsbl.ahbl.org
Note:  nslookup is deprecated and may be removed from future releases.
Consider using the `dig' or `host' programs instead.  Run nslookup with
the `-sil[ent]' option to prevent this message from appearing.
Server:         207.233.128.10
Address:        207.233.128.10#53

Non-authoritative answer:
Name:   2.0.0.127.dnsbl.ahbl.org
Address: 127.0.0.2

# host  2.0.0.127.dnsbl.ahbl.org
2.0.0.127.dnsbl.ahbl.org has address 127.0.0.2

# dig +short  2.0.0.127.dnsbl.ahbl.org
127.0.0.2

Note: this won't work for all DNSBL's, e.g. performing an nslookup for 2.0.0.127.dnsrbl.swinog.ch returns ** server can't find 2.0.0.127.dnsrbl.swinog.ch: NXDOMAIN, even though the DNSBL is working.

For checking whether a particular IP address is in one of the blacklists, you would reverse the address and then put a period and the name of the blacklist after it when issuing an nslookup, host, or dig query. E.g., if I wanted to find out whether the addresses 62.30.35.75 and 62.30.35.76 are in the Composite Blocking List (CBL), I could use the commands below.

# host 75.35.30.62.cbl.abuseat.org
75.35.30.62.cbl.abuseat.org has address 127.0.0.2
# host 76.35.30.62.cbl.abuseat.org
Host 76.35.30.62.cbl.abuseat.org not found: 3(NXDOMAIN)

From the results, I see that the first address is in the CBL DNSBL, but the second address is not in the blacklist.

Checking other blacklists, aka blocklists, I'm using by querying for the presence of 127.0.0.2 in the lists, I found that opm.blitzed.org is no longer functioning either.

# host 2.0.0.127.opm.blitzed.org
;; connection timed out; no servers could be reached

At OPM status, I learned that opm.blitzed.org has also been shut down. It was shut down in May 2006. Details on the shutdown have been posted at [opm-announce] opm.blitzed.org has shut down.

So I removed the line below from /etc/mail/sendmail.mc.

FEATURE(`dnsbl', `opm.blitzed.org', `"550 Mail from " $`'&{client_addr} " refused - see http://opm.blitzed.org"')dnl

After verifying all of the other blacklists I was using in sendmail.mc still worked, I then rebuilt the sendmail.cf file with the m4 command as above and then restarted sendmail again.

References:

1. Sendmail ‘collect: premature EOM: unexpected close’ solution
   Posted by plattapuss on February 28th, 2007
   Out of Control Image
2. DNSBL
   Wikipedia, the free encyclopedia
3. Abusive Hosts Blocking List
4. HOWTO: Sendmail tips for Ensim
   Posted By: pblinux
   Posted: December 1, 2003
   The Planet Forums
5. DNS Blacklist ORDB.org is shutting down
   Article ID: KBID002925
   GFI Knowledge Base
6. Chapter 9: Howto Create a DNSBL (DNS Black List)
   ZyTrax, Inc.
7. Composite Blocking List
8. OPM Status
   Blitzed Wiki
9. [opm-announce] opm.blitzed.org has shut down
   Posted By: Andy Smith grifferz at blitzed.org
   Posted: May 7, 2006
   lists.blitzed.org Mailing Lists

[/network/email/sendmail] permanent link

# svcs | grep 'named'
# nslookup cisco.com
;; connection timed out; no servers could be reached

# cat /etc/resolv.conf
domain example.com
nameserver 127.0.0.1

I could run named to start the named daemon again, so that I could resolve names, but I wanted it to start automatically when the system boots. To do so, I created the file /etc/init.d/named with the following lines in the file:

#!/sbin/sh
#
# named
#

case "$1" in
  start)
        # Start daemon.
        echo "Starting named"
        /usr/sbin/named
        ;;
   stop)
       # Stop daemon.
       echo "Shutting down named"
       pkill named
       ;;
*)
        echo "Usage: $0 { start | stop }"
        exit 1
        ;;
esac

exit 0

I then changed the group ownership for the file to sys to make it consistent with the other files in that directory and made it executable.

# chgrp sys /etc/init.d/named
# chmod 744 /etc/init.d/named
# ls -l /etc/init.d/named
-rwxr--r--   1 root     sys          284 Aug 17 20:07 /etc/init.d/named

To have it start automatically, I also needed to add it to /etc/init.d/rc3.d. You need to prefix the name with "S" and then a number to have it start automatically. You will see other files with names beginning with Sxx where "xx" is some number. You must pick a number that is different from any already used. I picked the next higher number, 91, in this case.

# cp -p /etc/init.d/named /etc/rc3.d/S91named

When you reboot, you can check that the service is running with the ps or svcs commands or do an nslookup .

# ps -ef | grep named
    root   537     1   0 20:42:16 ?           0:00 /usr/sbin/named
# svcs | grep named
legacy_run     20:42:18 lrc:/etc/rc3_d/S91named
# nslookup cisco.com
Server:         127.0.0.1
Address:        127.0.0.1#53

Non-authoritative answer:
Name:   cisco.com
Address: 198.133.219.25

References:

1. Configuring a Solaris System as a DNS Server
   MoonPoint Support
2. Building and configuring BIND 9 in a chroot jail
   By Steve Friedl
   Unixwiz.net - Software Consulting Central

[/os/unix/solaris] permanent link

[/os/unix/solaris] permanent link

[ More Info ]

[/os/windows/utilities/backup/ghost] permanent link

# mii-tool
eth0: no autonegotiation, 10baseT-HD, link ok

From the above output from the command on a Linux system, I can see that the Ethernet device, eth0, is not using autonegotiation to determine its speed and is set to 10 Mbs half duplex.

If you want more details for Ethernet devices in the system, you can use -v or --verbose as a parameter to the command.

# mii-tool -v
eth0: no autonegotiation, 10baseT-HD, link ok
  product info: vendor 00:10:18, model 23 rev 7
  basic mode:   autonegotiation enabled
  basic status: autonegotiation complete, link ok
  capabilities: 100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD
  advertising:  100baseTx-FD 100baseTx-HD 10baseT-FD 10baseT-HD flow-control

From the above, I can see that eth0, though it is set for a 10baseT connection, i.e. 10 Mbs, can support a 100baseTx, i.e. 100 Mbs, connection.

The device is capable of the following port speeds:

mii-tool manpage

References:

1. B.5. mii-tool
   Guide to IP Layer Network Administration with Linux

[/os/unix/commands] permanent link

[ More Info ]

[/network/email/clients/outlook-express] permanent link

I didn't know how to check the expiration date until I found instructions for checking the expiration at Renew SSL certificate in RedHat 9. Sugree, the author of that webpage, suggested running the command openssl x509 -in sendmail.pem -text | grep Not. The instructions were written for a RedHat 9 system. When I ran the command, I saw the following results.

# cd /usr/share/ssl/certs
[root@frostdragon certs]# openssl x509 -in sendmail.pem -text | grep Not
    Not Before: Nov  9 21:26:57 2003 GMT
    Not After : Nov  8 21:26:57 2004 GMT

The author then recommended using the command openssl x509 -in sendmail.pem -text | grep Subject. It produced the following results on my server.

[root@frostdragon certs]# openssl x509 -in sendmail.pem -text | grep Subject
Subject: C=US, ST=Maryland, L=Annapolis, O=MoonPoint, CN=frostdragon.com/emailAddress=support_999@frostdragon.com
Subject Public Key Info:
    X509v3 Subject Key Identifier:

The information above will be needed when you generate a new certificate. I deleted the /usr/share/ssl/certs/sendmail.pem file and generated a new one with make sendmail.pem, which I ran from /usr/share/ssl/certs. The bold text items are the responses I entered to queries and repeat the information I saw when I ran openssl x509 -in sendmail.pem -text | grep Subject.

[root@frostdragon certs]# make sendmail.pem
umask 77 ; \
PEM1=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
PEM2=`/bin/mktemp /tmp/openssl.XXXXXX` ; \
/usr/bin/openssl req -newkey rsa:1024 -keyout $PEM1 -nodes -x509 -days 365 -out $PEM2 ; \
cat $PEM1 >  sendmail.pem ; \
echo ""    >> sendmail.pem ; \
cat $PEM2 >> sendmail.pem ; \
rm -f $PEM1 $PEM2
Generating a 1024 bit RSA private key
...........++++++
..............................................++++++
writing new private key to '/tmp/openssl.Ipeqjd'
-----
You are about to be asked to enter information that will be incorporated
into your certificate request.
What you are about to enter is what is called a Distinguished Name or a DN.
There are quite a few fields but you can leave some blank
For some fields there will be a default value,
If you enter '.', the field will be left blank.
-----
Country Name (2 letter code) [GB]:US
State or Province Name (full name) [Berkshire]:Maryland
Locality Name (eg, city) [Newbury]:Annapolis
Organization Name (eg, company) [My Company Ltd]:MoonPoint
Organizational Unit Name (eg, section) []:
Common Name (eg, your name or your server's hostname) []:frostdragon.com
Email Address []:support_999@frostdragon.com

When I then checked the expiration of the sendmail.pem certificate, I saw the following.

[root@frostdragon certs]# openssl x509 -in sendmail.pem -text | grep Not
    Not Before: Aug  8 02:41:22 2007 GMT
    Not After : Aug  7 02:41:22 2008 GMT

So now I've got a certificate that is good for another year.

References:

1. Transport Layer Security
   Wikipedia, the free encyclopedia
2. Renew SSL certificate in RedHat 9
   By Sugree
   howforge.com | Share Know-How

[/network/email/sendmail/tls] permanent link

[ More Info ]

[/os/windows/utilities/backup/ghost] permanent link

• AIX
• A/UX
• DG/UX
• FreeBSD
• HP-UX
• IRIX
• Linux
• Mac OS X
• NCR Unix
• NetBSD
• OpenBSD
• Reliant
• SCO OpenServer
• Solaris
• SunOS 4
• Tru64
• Ultrix
• UNICOS

[/os/unix] permanent link

[ More Info ]

[/network/arp] permanent link

For anyone having video display problems, there is a flowchart, Troubleshooting a Video Adapter and Computer Monitor by Morris Rosenthal that lists steps you can take to isolate the problem.

[/hardware/pc/video] permanent link

1. Start the text-based MySQL client
   
   $ mysql -u testacct -p
   
   The -u testacct parameter specifies that the client should be started using the account named testacct, while the -p parameter indicates that the system should prompt you for the password.



2. At the mysql> prompt, enter the command use dbname;, where dbname is the database name. If you don't know the name of the database, you can see a list of available databases with the show databases; command.



3. Use the alter table command to modify the appropriate table. If you need to see a list of tables in the database, you can use the show tables; command. E.g. to add a column, delivered, which will hold a delivery date for a shipment, to the table requests, you could use the command below:
   
   ALTER TABLE requests ADD delivered DATE;
   
   That would put the new column at the end of the existing columns. If you want to add the column after a specific column, you can specify that column with AFTER colname. E.g., suppose I wish to add the column delivered after the column orderdate. I could use the command below:
   
   ALTER TABLE requests ADD delivered DATE AFTER orderdate;
   
   If you don't know the names of the existing columns, you can use the command SHOW COLUMNS FROM dbname;. E.g., if the table is named requests, I could use the command below:
   
   mysql> show columns from requests;

References:

1. Add a column to an existing MySQL table
   Created: February 8, 2004
   Updated: July 17, 2004
   tech-recipes

[/software/database/mysql] permanent link

QuarkXPress 7.0 - Setup

QuarkXpress 7.0 requires that your computer is running Windows XP or Windows 2003 OK

I found numerous people complaining about the same problem at Cannot install Quark installer 7.2 on VISTA. The solution listed on that page was to download the 30-day evaluation version of QuarkXPress 7.2 installer. Unfortunately, Quark forces you to register to download the installer. It doesn't matter that you may haver registered with them previously. You will have to register again. Then you have to wait for an email message with a link in it to download the software. Although the evaulation version is labeled as an "evaluation version", it is fully functional and will accpet the 7.0 validation code. The link to download the software is http://www.quark.com/products/xpress/evaluate/demos.cfm.

Quark states at Updating to QuarkXPress 7.2 on a computer running Windows Vista which DOES NOT HAVE a version of QuarkXPress installed that "Before trying to use QuarkXPress 7.2 after installing it, please be sure to run the QuarkXPress license transfer function (Help> Transfer QuarkXPress License) on your old computer and follow the steps provided."

To transfer the license, take the following steps in QuarkXPress:

1. Click on Help
2. Click on Transfer QuarkXPress license

References:

1. Cannot install Quark installer 7.2 on VISTA
   First Posting: April 5, 2007
   Quark Forums
2. Microsoft Windows Vista Support
   Date: 2007
   Quark, Inc.
3. Updating to QuarkXPress 7.2 on a computer running Windows Vista which DOES NOT HAVE a version of QuarkXPress installed.
   Date: 2007
   Quark, Inc.

[/os/windows/software/quarkxpress] permanent link

1. Click on View.
2. Select Page Break Preview.
3. When you see the "You can adjust where the page breaks are by clicking and dragging them with your mouse" window, click on the OK button.
4. Click on the WordArt button, which is represented by a blue "A" tilted slightly to the right, in the Drawing toolbar at the bottom of the Excel window. If you don't see this toolbar, click on View, select Toolbars and check Drawing by selecting it.
5. When prompted to pick a WordArt style, pick the one at the top left corner of the rows of different styles, which will give you a simple outline style.
6. Click on OK.
7. Pick the font and the size you want for it or accept the default values, then type the text you want in the "Text" field, e.g. "Paid" to have that word as the "watermark".
8. Click on OK.
9. You will then see the word appear as an outline off to the right of the spreadsheet with small sqaures along the edge of the text that serve as handles where you can grab the text. You can click in the middle of the text to grab it and then hold down the left mouse button and drag it where you want to place it on the spreadsheet. You can also grab the text at one of the squares along one of the sides with the cursor and stretch it to make it larger, if you wish. On the WordArt toolbar there is also a "Free Rotate" button, which is represented by a curved arrow. You can use it to rotate the text by clicking on that button and then grabbing one of the corners of the text.
10. The watermark may obscure some of the text on the spreadsheet when you've placed it where you want it. To fix that problem, right click on the watermark text and choose "Format WordArt". You can change the color of the fill and the line color. I left the fill color as white, but checked "semitransparent" and changed the line color to gray.

    

11. You can go to View and select Normal View now, if you want to better see how the page looks with the watermark on it.
12. If you only have a one-page spreadsheet, you are finished. If you have multiple pages, right-click on the watermark, choose Copy. Then go to other pages and choose Edit and Paste.

[/os/windows/office/excel] permanent link

[ More Info ]

[/os/windows/xp] permanent link

When I looked at bandwidth utilization at the SMTP server end with bwmon, I saw that almost all the available bandwidth was being consumed. When I checked to see what type of traffic was involved using IPTraf and pkstat, I saw that email traffic, i.e. connections to port 25 on the server, was consuming the bandwidth. A netstat -a | grep smtp command showed a lot of connections to the SMTP port, which is port 25. When I counted them with netstat -a | grep smtp | wc -l, I found there were 51 connections, which is far more than I would normally see to the server.

To try to get more information on that traffic, I installed ngrep. The author's description of the tool is listed below:

ngrep strives to provide most of GNU grep's common features, applying them to the network layer. ngrep is a pcap-aware tool that will allow you to specify extended regular or hexadecimal expressions to match against data payloads of packets. It currently recognizes IPv4/6, TCP, UDP, ICMPv4/6, IGMP and Raw across Ethernet, PPP, SLIP, FDDI, Token Ring and null interfaces, and understands BPF filter logic in the same fashion as more common packet sniffing tools, such as tcpdump and snoop.

To see the "from" and "to" addresses being used in the transmissions, I used the command ngrep -i 'rcpt to|mail from' tcp port smtp, The -i option tells ngrep to ignore the case of characters when looking for pattern matches. The 'rcpt to|mail from' tells it to look for either rcpt to or mail from, which are the commands sent to an email server to specify the recipient and the sender of an email message. SMTP transmissions use the TCP, so the tcp parameter specifies that protocol and the smtp specifies that the SMTP port, port 25 is the one to monitor. Note: you will need to run the command as root or you will get the message "no suitable device found: Operation not permitted".

The command showed the followng output:

# ngrep -i 'rcpt to|mail from' tcp port smtp
interface: eth0 (66.22.186.48/255.255.255.240)
filter: (ip) and ( tcp port smtp )
match: rcpt to|mail from
###############
T 59.172.123.117:1625 -> 66.22.186.53:25 [AP]
  MAIL FROM: <kvocqcbrxzqxqs@fdvwiqrprdewt.logicbest.com>..
####
T 59.172.123.117:1625 -> 66.22.186.53:25 [AP]
  RCPT TO:<janesmith@moonpoint.com>..
###########################
T 216.188.126.165:57486 -> 66.22.186.53:25 [AP]
  MAIL FROM:<175419_VMTA12778-angel=MOONPOINT.COM@DPCTECHNOLOGIES.NET> BODY=8
  BITMIME..RCPT TO:<angelica1@MOONPOINT.COM>..DATA..
#############################
T 66.115.129.69:4852 -> 66.22.186.53:25 [AP]
  MAIL FROM:<>..
##
T 66.115.129.69:4852 -> 66.22.186.53:25 [AP]
  RCPT TO:<moonpointm@moonpoint.com>..

Most of the traffic had invalid "rcpt to" addresses, i.e. there was no such email address on the server. Many of the messages had no "mail from" address. The "mail from" and "rcpt to" addresses are for the "envelope" of the message, i.e., they aren't necessarily the same as the "from" and "to" addresses a recipient would see when viewing the message in an email client. Instead, they are part of the SMTP transmission protocol. An email server will use the "rcpt to" value to route a message to the appropriate mailbox.

While I was checking on the issue, the bandwidth utilization dropped back down to normal and I didn't take any further action.

References:

1. Bandwidth Monitoring on a Linux System
   Date: September 15, 2004
   MoonPoint Support


2. Using pktstat to Monitor Network Traffic
   Date: December 13, 2006
   MoonPoint Support


3. ngrep - network grep
   By: Jordan Ritter
   Date: November 18, 2006
   SourceForge.net


4. The MAIL, RCPT, and DATA verbs
   By D. J. Bernstein
   D.J. Bernstein - Mathematics and compuer science


5. ngrep RPM for Red Hat, CentOS, and Fedora
   By: Dag Wiiers
   DAG: Field Commander Wieers

[/network/tools/ngrep] permanent link

I'm not surprised that the Pentagon sees hundreds of attacks a day, but It is hard for me to believe that taking 1,500 systems offline had no impact on department operations. Sure employees could still deal with email via their BlackBerry's, but, even if the systems were used solely for administrative purposes, I would expect the employees would be hampered by a lack of access to spreadsheets, presenations, and other documents normally used in an office environment. Hopefully, the attackers didn't glean sensitive data from any of those systems.

I was surprised by Mr. Gates response when he was asked if his own e-mail account was affected. He responded "I don't do e-mail. I'm a very low-tech person." I understand that for his generation (he's 63 years old) email may not be as much a part of the fabric of business life as for younger Americans, but I was surprised to hear him state he doesn't use it at all, especially since his prior position was president of Texas A&M University.

[/security/attacks] permanent link

I also found information from Symantec at "Italy Under Attack: Mpack Gang Strikes Again!, after reading the eWeek article. There is another Symantec article titled MPack, Packed Full of Badness. I also located an ars technica article posted earlier today at " Security researchers uncover massive attack on Italian web sites, which had much more detail than the eWeek article.

According to that article the MPack software being used on compromised web servers "provides would-be malware installers with a complete package that can be installed on any web server that runs PHP with an SQL database." So that sounds like it can be used against both Apache web server software running on a variety of platforms, including Linux and Windows, as well as Microsoft's IIS web server software, since PHP along with MySQL or Microsoft's own SQL server software may be running on such systems. The article further states "The compromised web sites attempt to use exploits in unpatched versions of Internet Explorer, QuickTime, Windows 2000, Firefox, WinZip, and Opera, in order to install malware packages on end users' computers."

[/security/attacks] permanent link

[ More Info ]

[/network/email/exchange] permanent link

For instance, sometimes I use superscripts in a document to link to a reference. Normally a link will be underlined, which will look slightly odd. E.g., if I link back to the reference ¹, I used for this blog entry, the number "1" has an underline below it. If I don't want it to appear I can use the HTML code below.

<a href="http://www.pageresource.com/html/link3.htm" style="text-decoration:none"><sup>1</sup></a>

Using that code the reference ¹ superscrpt is not underlined.

If you don't want any URLs in the webpage underlined, you can add the following code to the head section of the HTML for the webpage.

<STYLE type="text/css">
<!--
A { text-decoration:none }
-->
</STYLE>

With the above code placed between your <HEAD> and </HEAD> tags, you can code your links as you normally would, but none of them will be underlined. The style sheet in the head section will make them all non-underlined.

[/network/web/html] permanent link

[ More Info ]

[/network/email/exchange] permanent link

I found that message tracking was not enabled on the Exchange server, so I needed to turn it on to try to figure out what was happening.

[ More Info ]

[/network/email/exchange] permanent link

[/network/email/mailing_list] permanent link

$ tcpdump
tcpdump: (no devices found) /dev/bpf0: Permission denied

I don't know the root password for the system, but my account has administrator privileges on the system. Without knowing the root password, though, I could not su to the root account. Fortunately, I found a solution at Ethereal "Turbo Charged", where Olivier Biot posted a solution, which I qoute below:

Do a "sudo chown Gurue /dev/bpf*" (or whatever your login name is on your Mac). Once you've done that, you can (at least until the machine is rebooted) run Ethereal or Tethereal or tcpdump or... as yourself, rather than as root. (Mac OS X's "/dev" is implemented with devfs, so the special files aren't persistent across reboots, and it's an older devfs so it can't be configured to set up particular devices with particular owners and permissions, so any ownership or permission changes you make don't survive across reboots.)

I checked the existing permissions on /dev/bpf* files first.

$ ls -l /dev/bpf*
crw-------  1 root  wheel   23,   0 12 Jun 18:32 /dev/bpf0
crw-------  1 root  wheel   23,   1 12 Jun 15:30 /dev/bpf1
crw-------  1 root  wheel   23,   2 12 Jun 15:30 /dev/bpf2
crw-------  1 root  wheel   23,   3 12 Jun 15:30 /dev/bpf3

I then used changed the permissions on just /dev/bpf0. I was prompted for a password when I used sudo chown myacct /dev/bpf0 and was able to change the permissions when I entered my password.

$ sudo chown jdoe /dev/bpf0

We trust you have received the usual lecture from the local System
Administrator. It usually boils down to these two things:

        #1) Respect the privacy of others.
        #2) Think before you type.

Password:

I was then able to run tcpdump. When I disconnected and reconnected, I received the message tcpdump: (no devices found) /dev/bpf1: Permission denied when I tried running tcpdump again, so I changed the permission on /dev/bpf1 as well. I could have used sudo chown jdoe /dev/bpf* initially to change the permissions on all the /dev/bpf* files. Since I very infrequently need to run tcpdump on this system, it doesn't matter to me that I will have to reset the permissions on the files again whenever the system is rebooted.

[/os/os-x] permanent link

# ./find-recipients.pl wendyvi21@alltel.net /var/log/maillog
Found 2 messages from wendyvi21@alltel.net in /var/log/maillog

Message recipients

Time            Message ID     Status        Recipient
----------------------------------------------------------------
Jun 10 07:58:02 l5ABupmb001042 Rejected      kittycat321@moonpoint.com
Jun 10 08:05:03 l5AC3omb001081 Sent          kittycat321@moonpoint.com

When I checked the /var/log/maillog file for those two message IDs, I found that the first message had been blocked by the Spam and Open-Relay Blocking System (SORBS) blocklist. SORBS is a DNS Blacklist (DNSBL).

The message that was rejected was from ispmxmta05-srv.windstream.net [166.102.165.166], while the one that was accepted was from ispmxmta09-srv.windstream.net [166.102.165.170].

When I checked the SORBS list, it appeared that the 166.102.165.166 had been there for at least a week due to SORBS detecting spam orginating from the email server at that address.

But when I looked up the other IP address, 166.102.165.170, it appeared it was also in the SORBS blocklist.

When I queried the SORBS database through the SORBS Database Lookup webpage, it appeared both addresses were present in the SORBS blocklist, yet when I used blq to query the SORBS blocklist, I found only the first .166 address listed and not the .170 address, which was consistent with Sendmail's rejection of the first message, but not the second one.

# ./blq sorbs 166.102.165.166
166.102.165.166 ispmxmta05-srv.windstream.net : dnsbl.sorbs.net : BLOCKED
# ./blq sorbs 166.102.165.170
166.102.165.170 ispmxmta09-srv.windstream.net : dnsbl.sorbs.net : ok

I received another report from a Hotmail sender that she was finding email rejected as well. I went through the same process as above. Again the SORBS website database query seemed to indicate that both addresses would be blocked, but using blq showed only one was blocked, which matched the entries I found in today's maillog file with the first message from the sender being rejected and the second accepted. The first was from bay0-omc2-s36.bay0.hotmail.com [65.54.246.172] and the second from bay0-omc2-s37.bay0.hotmail.com [65.54.246.173].

When performing a database check via the website, I saw the following for the IP address from which a message was rejected:

But I also saw the following for the IP address of the server from which a message was accepted:

Again, the information returned didn't seem to be consisttent with what a blq query returned:

# ./blq sorbs 65.54.246.172
65.54.246.172 bay0-omc2-s36.bay0.hotmail.com : dnsbl.sorbs.net : BLOCKED
# ./blq sorbs 65.54.246.173
65.54.246.173 bay0-omc2-s37.bay0.hotmail.com : dnsbl.sorbs.net : ok

So the results I obtained through the website query don't seem to accurately reflect what will be blocked, if I interpret seeing "Currently active and flagged to be published in DNS" appearing in a red block as an indication the address is in the blocklist as one to be blocked.

[/network/email/spam/blocklists] permanent link

A comparison of Drupal and Mambo can also be found at Leading Open Source CMS: Mambo versus Drupal - A Comprehensive Comparison. That article references a more comprehensive comparison of Drupal and Mambo, Drupal VS. Mambo written for Xaneon Development, a company which developed Mambo extensions.

References:

1. The CMS Matrix
2. Leading Open Source CMS: Mambo versus Drupal - A Comprehensive Comparison
   By Angsuman Chakraborty
   September 13, 2005
   Simple Thoughts - Simple solutions for complex problems
3. Drupal VS. Mambo
   Originally written for Xaneon Development by Arto Bendiken
   Submitted: January 12, 2006
   Xaneon Development

[/network/web/cms] permanent link

[/os/os-x] permanent link

[/os/os-x] permanent link

To prevent the addition of a footer to messages, from the main mailman administration page for the list, I clicked on [Non-digest options] The text below appeared in the "Footer added to mail sent to regular list members" field.

_______________________________________________
%(real_name)s mailing list
%(real_name)s@%(host_name)s
%(web_page_url)slistinfo%(cgiext)s/%(_internal_name)s

The information listed has the following meaning.

msg_footer (nondigest): Footer added to mail sent to regular list members

Text appended to the bottom of every immediately-delivery message. This text can include Python format strings which are resolved against list attributes. The list of substitutions allowed are:

• real_name - The `pretty' name of the list; usually the list name with capitalization.
• list_name - The name by which the list is identified in URLs, where case is significant. (For backwards compability, _internal_name is equivalent.)
• host_name - The fully qualified domain name that the list server runs on.
• web_page_url - The base URL for Mailman. This can be appended with, e.g. listinfo/%(internal_name)s to yield the listinfo page for the mailing list.
• description - The brief description of the mailing list.
• info - The full description of the mailing list.
• cgiext - The extension added to CGI scripts.

Since the list owner did not want any footer being sent with messages, I removed all of the text from that field.

I also went to the digest options page and for the "Header added to every digest" field, I removed all of the text in that field.

References:

1. [Mailman-Users] Why are footers sent as attachments?
   Posted: January 29, 2006
   The Mailman-Users Archives
2. 4.39. HELP! Mailman is munging HTML & MIME-formatted messages before they are sent out? (problems with Mailman 2.1.x footers)
   Mailman FAQ Wizard

[/network/email/mailing_list/mailman] permanent link

By default, most email clients don't display the message headers, but if you view the message headers for a message, you will see the "sender" header that Mailman adds. Viewing Message Headers in Outlook 2002 explains how to view those headers in Outlook

References:

1. Why do posts appear to be from listname-bounces@mailman.u.washington.edu?
   Author: R. Skiver Thompson
   August 2004
   Frequently Asked Questions About Mailman
2. Viewing Message Headers in Outlook 2002
   December 16, 2004
   MoonPoint Support

[/network/email/mailing_list/mailman] permanent link

I've been using SORBS as a blocklist for quite awhile, but I have encountered problems many times due to the fact that AOL, Hotmail, EarthLink, and email servers from some other large Internet Service Providers (ISPs) tend to get on the SORBS list frequently and stay there for a long time. I've contacted AOL and EarthLink support previously when I found one or more of their email servers were on the SORBS blocklist. I've found that, though the support personnel with which I communicated understand that their company employs blocklists or other means of blocking spam, they never seem to understand that other email providers may employ similar means. I've never been successful in getting the support personnel I've communicated with at AOL or EarthLink to take any action and usually it doesn't appear that they even understand the problem; I usually just get canned responses about how to stop their service from blocking email rather than any response indicating that they understand the problem is with email going from their systems to other systems (See SORBS Blocking AOL and EarthLink Servers and Report of SORBS listing to EarthLink).

I've found reports by others using SORBS of similar problems with email from Hotmail addresses (see Hotmail on sorbs?!?).

I understand that SORBS policy charging server owners to remove systems does drastically lessen the chances that systems will be removed quickly. I've considered removing the SORBS list from the blocklists I employ to reduce the deluge of spam in users' mailboxes, but it does block thousands of spam messages daily on my server, so I haven't taken that step yet. Usually, I add the sender's email address to the /etc/mail/access list used by Sendmail to keep email from particular senders being checked against the blocklists I employ.

In this case, though, I don't want any email addressed to the mailing list to be checked against a blocklist to preclude this problem. The Mailman mailing list software won't allow any email to the mailing list unless the "from" address is for a member of the mailing list, so I don't need the additional blocklist check.

Fortunately Sendmail, which is the software that handles email on the server, does allow you to specify that email to particular "to" addresses will always be accepted and won't be checked against DNSBL's. You can allow email to a particular address to bypass the blocklist checks by editing /etc/mail/access. Place a line similar to the following in that file:

To:jsmith@example.com         OK

The line above would ensure that email addressed to jsmith@example.com would not be checked against any blocklists employed on the email server.

After editing /etc/mail/access, you need to recreate the access database with a command similar to the following:

makemap hash /etc/mail/access </etc/mail/access

Once I added the mailing list address, I was able to send email to that address from the Hotmail account without worrying that the Hotmail email server used to transmit the messages might be on the SORBS blocklist or another blocklist I'm employing to limit spam.

References:

1. Spam and Open-Relay Blocking System
2. DNSBL
   Wikipedia, the free encyclopedia
3. SORBS Blocking AOL and EarthLink Servers
   April 23, 2006
   MoonPoint Support
4. Report of SORBS listing to EarthLink
   April 23, 2006
   MoonPoint Support
5. Hotmail on sorbs?!?
   Posted: September 21, 2005
   ReadList.com - Threaded Mailing List Reader
6. Sendmail cf/README - Anti-Spam Configuration Control
   sendmail.org

[/network/email/mailing_list] permanent link

# rpm -qa | grep -i yum

The Yum Download webpage listed the requirements for the latest version of Yum, version 3.2.0, as python 2.4+ and rpm 4.3 and above. I checked the version of the python and rpm packages on the system, but found they were not at the required versions.

# rpm -q --last rpm python
rpm-4.2-0.69                                  Sat 08 Nov 2003 02:37:24 PM EST
python-2.2.2-26                               Sat 08 Nov 2003 02:37:22 PM EST

Instead I needed to get a much earlier version, 2.0.8, which only required python 2.1+ and rpm 4.1.1-4.3.1. After downloading the rpm file, I installed it with rpm --install yum-2.0.8-1.noarch.rpm. I then checked for updates for the system with yum check-update.

An update was available for tcpdump among other utilities. An rpm -q --last tcpdump command showed the following information for the version already installed on the system:

tcpdump-3.7.2-1.9.1                           Sat 08 Nov 2003 08:39:55 PM EST

# yum install tcpdump
Gathering header information file(s) from server(s)
Server: Red Hat Linux 9 - i386 - Base
Server: Red Hat Linux 9 - Updates
Finding updated packages
Downloading needed headers
Resolving dependencies
Dependencies resolved
I will do the following:
[update: tcpdump 14:3.7.2-7.9.1.i386]
Is this ok [y/N]: y
Downloading Packages
Getting tcpdump-3.7.2-7.9.1.i386.rpm
retrygrab() failed for:
  http://mirror.dulug.duke.edu/pub/yum-repository/redhat/updates/9//x86/i386/tcpdump-3.7.2-7.9.1.i386.rpm
  Executing failover method
failover: out of servers to try
Error getting file http://mirror.dulug.duke.edu/pub/yum-repository/redhat/updates/9//x86/i386/tcpdump-3.7.2-7.9.1.i386.rpm
[Errno 4] IOError: HTTP Error 404: Not Found

When I checked the Duke University wepage at http://mirror.dulug.duke.edu/pub/yum-repository/redhat/updates/9/x86/, I found it had only one file in that directory. So I needed to add another repository for updates to software for RedHat 9 systems. I found a list of such sites at http://fedoralegacy.org/download/fedoralegacy-mirrors.php. Many of those I checked in the US also no longer had the files available for download. But the DataPipe one at http://mirror.datapipe.net/fedoralegacy/ did still have files available.

I added the following line to the updates section of /etc/yum.conf

baseurl=http://mirror.datapipe.net/fedoralegacy/redhat/9/updates/i386/

The yum.conf file now has the following information in it:

[main]
cachedir=/var/cache/yum
debuglevel=2
logfile=/var/log/yum.log
pkgpolicy=newest
distroverpkg=redhat-release
tolerant=1
exactarch=1

[base]
name=Red Hat Linux $releasever - $basearch - Base
baseurl=http://mirror.dulug.duke.edu/pub/yum-repository/redhat/$releasever/$basearch/


[updates]
name=Red Hat Linux $releasever - Updates
baseurl=http://mirror.dulug.duke.edu/pub/yum-repository/redhat/updates/$releasever/
baseurl=http://mirror.datapipe.net/fedoralegacy/redhat/9/updates/i386/

I then ran yum install tcpdump again and this time was able to update tcpdump. Checking the version of the rpm installed afterwards, I saw the following:

# rpm -q --last tcpdump
tcpdump-3.7.2-7.9.4.legacy                    Sat 09 Jun 2007 05:08:22 PM EDT

References:

1. Yellow Dog Updater (YUM)
   Linux@DUKE
2. RPM Package Manager
   Wikipedia, the free encyclopedia
3. RedHat 9 Updates - Using Fedora Legacy
4. Mirror sites by country
   The Fedora Legacy Project

[/os/unix/linux/sysmgmt] permanent link

On an Apple system running the OS-X operating system, you can configure the Mail program to prompt before downloading messages that are above a specified size. To do so, take the following steps:

1. Open the Mail program.
2. Click on Mail on the program's menubar.
3. Select Preferences.
4. Click on the Advanced tab.
5. Place a value in the "Prompt me to skip messages over [   ] KB" field. E.g. to skip messages over 50 MB in size you could put 51200 in the field (50 megabytes x 1024 kilobytes/megabyte = 51,200 KB).
6. You can then close the Preferences window choosing Save when prompted as to whether you wish to save the changes you have made.

[/os/os-x] permanent link

tar -cvf example.tar $(find . -name "*.php")

The find command will find all of the PHP files and pass them to the tar command. You can see that all of the PHP files are in the tar backup file, example.tar with the command below:

tar -tvf example.tar

You can add HTML files to the backup using the -u option for tar to update the archive file as below:

tar -uvf example.tar $(find . -name "*.html")

References:

1. tar find ssh
   May 2004
   Computing.Net

[/os/unix/commands] permanent link

The options specified above are as follows:

-p <port ranges>
       This option specifies what ports you want to query.

-P0    Do  not  try  and  ping hosts at all before scanning them.  This
       allows the scanning of  networks  that  don't allow  ICMP  echo
       requests  (or  responses) through their firewall. 

-sT    TCP connect() scan: This is the most basic form of TCP scanning.
       The connect() system call provided by your operating  system  is
       used  to  open  a  connection  to  every interesting port on the
       machine. If the port is listening, connect() will succeed,
       otherwise  the  port  isn't reachable. One strong advantage to this
       technique is that you don/t need  any  special  privileges.  Any
       user on most UNIX boxes is free to use this call.

For a list of other ports used by Oracle, you can check Which TCP/UDP port or ports does 'oracle' use?

References:

1. Which TCP/UDP port or ports does 'oracle' use?
   SecureTrust TCP/UDP Port Search Lookup Tool

[/network/Internet/IP/ports] permanent link

Since I don't use sed often, but sometimes need to use it to delete blank lines, such as the many that occur in the membership list, I thought I would put a note to myself here on the syntax for the sed command to remove blank lines from a file:

cat filename | sed -e '/^$/d' > newfilename

[/os/unix/programs/utilities] permanent link

I reported the spoofed site at the following phishing report wepbages:

[/security/scams/phishing/commercebank] permanent link

I corrected the problem by deleting the inbox.msf file for his account. The inbox.msf file indexes the messages in the inbox.

The inbox.msf file can be found at the following location:

C:\Documents and Settings\<userid>\Application Data\Mozilla\Profiles\<account_name>\7q0bwoem.slt\Mail\<email_server>

In this case, that directory was similar to the following:

C:\Documents and Settings\jsmith\Application Data\Mozilla\Profiles\Joseph M. Smith\7q0bwoem.slt\Mail\jmsmith.com

Netscape should be closed when you delete the inbox.msf file. After I deleted the file and reopened Netscape, it took quite a while before the contents of the inbox were visible in Netscape again. The user had a large 2 GB inbox with 1,462 messages in it (I have about 38,000 in my own inbox) and it apparently took quite some time to rebuild the index file for all of those messages. I had to wait over 15 minutes before Netscape displayed the list of messages in the inbox. The inbox.msf file was appearing as 0 bytes in size during that process.

After the inbox.msf file was rebuilt, I right-clicked on "inbox" in Netscape and chose "compact this folder", which also took a long time to complete, because of the size of the inbox.

References:

1. Netscape 7.0 mail corrupt inbox, need to delete?
   Posted: August 21, 2006
   SillyDog701 Message Centre

[/network/email/clients/netscape] permanent link

## book_nook mailing list
book_nook:              "|/var/mailman/mail/mailman post book_nook"
book_nook-admin:        "|/var/mailman/mail/mailman admin book_nook"
book_nook-bounces:      "|/var/mailman/mail/mailman bounces book_nook"
book_nook-confirm:      "|/var/mailman/mail/mailman confirm book_nook"
book_nook-join:         "|/var/mailman/mail/mailman join book_nook"
book_nook-leave:        "|/var/mailman/mail/mailman leave book_nook"
book_nook-owner:        "|/var/mailman/mail/mailman owner book_nook"
book_nook-request:      "|/var/mailman/mail/mailman request book_nook"
book_nook-subscribe:    "|/var/mailman/mail/mailman subscribe book_nook"
book_nook-unsubscribe:  "|/var/mailman/mail/mailman unsubscribe book_nook"

I then added an email address to the list with the option to send a welcome message checked. But the welcome message was never sent. After doing a little checking, I discovered I needed to create a crontab entry for mailman ¹ .

On my RedHat Linux system, the file to be submitted for the cronjob is /var/mailman/cron/crontab.in, but may be in /usr/local/mailman/cron on other systems ²

At the end of the crontab.in file, I saw the following lines:

# At 3:27am every night, regenerate the gzip'd archive file.  Only
# turn this on if the internal archiver is used and
# GZIP_ARCHIVE_TXT_FILES is false in mm_cfg.py
27 3 * * * /usr/bin/python -S /var/mailman/cron/nightly_gzip

There was no GZIP_ARCHIVE_TXT_FILES entry in /var/mailman/Mailman/mm_cfg.py, so I commented out the entry in crontab.in. Since I don't need to gate news from a news server to mail, I also commented out the entry for that function by putting a "#" in front of it.

# Every 5 mins, try to gate news to mail.  You can comment this one out
# if you don't want to allow gating, or don't have any going on right now,
# or want to exclusively use a callback strategy instead of polling.
0,5,10,15,20,25,30,35,40,45,50,55 * * * * /usr/bin/python -S /var/mailman/cron/gate_news

I then submitted the cronjob for mailman with crontab -u mailman /var/mailman/cron/crontab.in.

References:

1. [Mailman-Users] Not sending password reminders, subscription confirmations
   By Helmut Schneider
   July 13, 2006
   mail.python.org Mailing Lists
2. Mailman - a mailing list manager
   The FreeBSD Diary

[/network/email/mailing_list/mailman] permanent link

# cat /var/log/htdig
FATAL ERROR:Compressor::get_vals invalid comptype
FATAL ERROR at file:WordBitCompress.cc line:827 !!!
/usr/bin/rundig: line 36: 23767 Segmentation fault      $BINDIR/htdig -i $opts $
stats $alt
/usr/bin/rundig: line 81: 24766 Segmentation fault      /usr/bin/htfuzzy $opts m
etaphone
/usr/bin/rundig: line 82: 24767 Segmentation fault      /usr/bin/htfuzzy $opts s
oundex

I included a search feature on each page of the blog that uses Fletcher Penney's find plugin to allow a search of the blog for information. Underneath the search box there is an "Advanced Search" link that provides more advanced search capabilities. Clicking on it will display the same blog page as was visible before, but with advanced search options visible. This was resulting in ht://Dig returning the same page multiple times whenever I used it to search the entire site (the Find plugin only searches the blog while I have htdig search the entire site).

I thought I might reduce the extraneous results for htdig queries, reduce the time to index the site when running rundig, and possibly elimininate the "FATAL ERROR:Compressor::get_vals invalid comptype" error message by having htdig exclude the "Advanced Search" links when indexing the site. Since that link on pages always includes "advanced_search=1" in the link URL, I edited the htdig configuration file for the website, which is /etc/htdig_support.conf in this case, and added "advanced_search=1" to the exclude_urls list. So I now have the following line in that conf file (the "/cgi-bin/ .cgi" was there by default):

exclude_urls:           /cgi-bin/ .cgi advanced_search=1

I also added some file extensions to the list of filetypes htdig should exclude from its indexing process. I added ".mp3 .img .iso .dat .dll .scr" to the bad_extensions section, so I now have the following in that list:

bad_extensions:         .wav .gz .z .sit .au .zip .tar .hqx .exe .com .gif \
        .jpg .jpeg .aiff .class .map .ram .tgz .bin .rpm .mpg .mov .avi .css \
        .cab .png .rar .mp3 .img .iso .dat .dll .scr

There is no need for htdig to index binary files. It will only take more time for htdig to index the site if they aren't excluded and greatly increase the changes htdig will fail while indexing the site. If you store other types of music or movie files on a site, you should add them to the bad_extensions list, if you use htdig.

When I reran rundig with the command /usr/bin/rundig -c /etc/htdig_support.conf >/var/log/htdig 2>&1, it did not fail this time and when I performed htdig searches of the site, I didn't get results returned that were duplicates due to the Blosxom Find plugin's "Advanced Search" links.

References:

1. RE: [htdig] Segfault indexing a site with 3.2.0b2
   May 23 2000
   ht://Dig 3.x list archive


2. Error in zlib Compressor for WordDB
   July 30, 2002
   web.htdig.devel


3. FindPlugin
   Author: Fletcher T. Penney

[/network/web/tools/search] permanent link

1. Click on Start.


2. Select All Programs.


3. Select Microsoft Exchange.


4. Select System Manager.


5. Click on the "+" to the left of Connectors to expand the list of connectors.


6. Right-click on POP3 Connector Manager and select Properties.





7. Click on the Add button.


8. Complete the fields in the POP3 Mailbox window.

   

   .

   E-mail server	The address of the POP3 email server, e.g. example.com
   Port	Most POP3 servers listen on TCP port 110, so in most cases you would have no need to change the default value of 110
   User name	The user name on the POP3 server.
   Password	The password of the user account on the POP3 server.
   Confirm Password	The password of the user account on the POP3 server.
   Log on using Secure Password Authentication	Specifies whether to log on using encrypted authentication credentials each time the Microsoft Connector for POP3 Mailboxes downloads POP3 e-mail. Some ISPs require that you use Secure Password Authentication (SPA). It is recommended that you select this option if your ISP supports it but does not require you use it.
   Mailbox type	For a mailbox that holds an individual's email, the mailbox type should be "User Mailbox"
   Exchange mailbox	The user's exhange mailbox

9. Click on OK.


10. Click on the Schduling tab.



11. The default check interval is once per hour. You can make that more frequent, e.g. 0 hours and 15 minutes to check every 15 minutes, which is the most frequent interval allowed.


12. Click on OK again to close the POP3 Connector Manager Properties window.


13. Click on File then Exit to exit the System Manager window.

References:

1. Connecting Microsoft Exchange Server to a POP3 Account
   Updated: September 6, 2006
   Slipstick Systems
2. Microsoft Exchange Connector for POP3 Mailboxes
   For Small Business Server 4.5
   Updated: May 1, 2001
   Microsoft Corporation

[/network/email/exchange] permanent link

1. Click on Start.
2. Click on Settings (This step doesn't apply under Windows Vista).
3. Select Control Panel.
4. Double-click on System.
5. Click on the Hardware tab (This step doesn't apply under Windows Vista).
6. Click on Device Manager.
7. Click on the "+" to the left of Network Adapters
8. Select the relevant network adapter by right-clicking on it and choosing Properties.
9. Click on the Advanced tab.

You also need to set the system's BIOS to support WOL. To do so, take the following steps, which are specific to the Dell Precision 380's BIOS.

1. Reboot the system and, as soon as the system begings to reboot, hit the F2 key to go into the BIOS Setup.
2. Use the cursor key to go down to Power Management and hit the Enter key to view the options within it.
3. Go down to "Remote Wake Up" and hit the Enter key.
4. Use the right cursor key to move to the On button, which should turn green. The factory default setting is Off.
5. Hit the Enter key.
6. Hit the Esc key to exit Setup.
7. Use the tab or right cursor key to choose Save/Exit and hit the Enter key to reboot.

[/network/wol] permanent link

./configure
make
make install

I needed to find all email messages in my inbox with the phrase "subnet by subnet", so I issued the following command:

mboxgrep -o subnetinfo "subnet by subnet" /var/mail/jimc

The -o mailboxname creates an output file with the name mailboxname.

[/os/unix/solaris] permanent link

[ More Info ]

[/os/windows/software/security/monitoring/activity_monitor] permanent link

I wanted to be able to double-click on the drive serial number in the "External" form and have the "HDD" form open with the record displayed with the corresponding serial number, so that I could view all of the information on the particular hard disk drive within the drive enclosure that I had selected in the "External" form. I used the following procedure to be able to do so.

1. In the drive serial number field of the "external" form, I right-clicked and chose Properties.
2. Scrolled down to the "On Dbl Click" field.
3. I clicked on the button with "..." on it.
4. I chose Macro Builder and clicked on OK.
5. I gave it a name of OpenHDD and clicked on OK.
6. For Action, I chose OpenForm.
7. In the Form Name field, I put in HDD, the name of the form that displays information on the hard disk drives.
8. For View, I selected Form.
9. For Where Condition, I clicked on the "..." button and chose Tables then the HDD table beneath it.
10. I then selected Serial Number in the next column and double-clicked on <Value> in the last column, which gave me [HDD]![Serial Number] in the Expression Builder field.
11. I then clicked on the equal button to add = at the end of the expression and then added Forms![External]![Serial Number] giving me [HDD]![Serial Number] = Forms![External]![Drive SN] .
12. I then clicked on OK
13. For the Comment field, which is to the right of the Action field, I put "Open HDD form to drive corresponding to External drive SN"
14. I then closed the Expression Builder window, saving the macro.
15. I then closed the Properties window that was open for the Drive SN field.

I was then able to click on the drive serial number field in the External form and have the HDD form open displaying the information on the hard disk drive within the enclosure.

[/software/database/access] permanent link

1. Click on the Apple icon on the top left hand corner of the screen, which will display a menu of options.


2. Select System Preferences


3. Under the Internet & Network grouping, click on Sharing


4. Click on the lock icon at the bottom left-hand side of the sreen to make changes, if the lock is in the locked position.


5. Click on Windows Sharing, which is under the Services section, so that it has a checkmark next to it.


6. Click on the Enable Accounts button.


7. Select the accounts for which you wish to provide access by clicking on them, so that there is a checkmark in the "on" column for those accounts that should be able to access the system through "Windows Sharing". You will be prompted to enter the password for each account for which you have enabled this access.


8. Click on the Done button.


9. Close the window by clicking on the "X" in the upper left-hand corner of the window.

[/os/os-x] permanent link

1. Double-click on Macintosh HD


2. Double-click on the Applications folder.


3. Double-click on the Utilities folder.


4. Double-click on Terminal.

[/os/os-x] permanent link

1. Click on the Apple icon on the top left hand corner of the screen, which will display a menu of options.
2. Select System Preferences
3. Under the Internet & Network grouping, click on Sharing
4. Click on Remote Login, which is under the Services section.
5. Close the window by clicking on the "X" in the upper left-hand corner of the window.

[/os/os-x] permanent link

1. Click on the Apple icon on the top left hand corner of the screen, which will display a menu of options.


2. Select System Preferences


3. Under the System grouping, click on Accounts


4. Click on the lock icon at the lower left-hand corner of the window.


5. When prompted for an administrator's name and password type those in the relevant fields.


6. Click on the plus sign, i.e. the "+" above the now open lock icon.
7. Provide a name in the name field, e.g. John Smith and then a short name, e.g. john (you will use the short name if logging in by SSH). Then put in the password and retype the same password in the Verify field. Click on the "Allow user to administer this computer", if the person should have administrative privileges on the system.


8. Click on the Create Account button.


9. Close the window by clicking on the "X" in the upper left-hand corner of the window.

[/os/os-x] permanent link

1. Click on the Apple icon on the top left hand corner of the screen, which will display a menu of options.


2. Select System Preferences


3. Under the Internet & Network grouping, click on Sharing


4. Type the computer name you wish to use in the Computer Name field.


5. Close the window by clicking on the "X" in the upper left-hand corner of the window.

[/os/os-x] permanent link

FunWeb
FunWebProducts
MyWay.MyWebSearch
MyWebSearch
TagASaurus
Zlob.VideoAccessActiveXObject

I also found that the popup ad was appearing whenever Internet Explorer was opened. When Interenet Explorer was opened it would go immediately to http://aprotectservice.com/, which would result in a dubious W32.Myzor.FK@yf virus warning appearing.

[ More Info ]

[/security/spyware/funwebproducts] permanent link

[ More Info ]

[/os/windows/software/remote-control/rdp] permanent link

A family member has many fruit trees on GoPets from which she harvests fruit regularly. However, whenever she put the fruit in her inventory, GoPets would randomly crash. Sometimes it would crash after she put only 1 piece of fruit in her inventory. At other times, she could put 3 or 4 pieces of fruit in her inventory before it crashed. And sometimes even 10 or more pieces of fruit in her inventory. Upgrading the driver for the NVIDIA video card stopped those crashes altogether.

When she was in Second Life, her avatar would continually turn to the right, as if she was clicking the arrow to turn to the right. The only way she could stop the behavior was to switch to full-screen mode, which she preferred not to do. Updating the video driver resolved that problem, also.

For anyone experiencing either problem, you can check the version of the driver for the video adapter in your system by the following steps on a Windows XP system:

1. Click on Start.


2. Click on Settings. If you don't see Settings, look for Control Panel instead.


3. Click on Control Panel.


4. Within the Control Panel, double-click on System.


5. Click on the Hardware tab.


6. Click on the Device Manager button.


7. Double-click on Display Adapters to expand the list of display adapters.


8. Right-click on a display adapter (for most systems there will be only 1) and choose Properties.


9. Click on the Driver tab. You should then see the driver provider, driver date, and driver version listed.


10. You can then click on Cancel and close the window.

If you are experiencing any of the above problems a driver update may help. If your system has an NVIDIA adapter, you can get the latest drvier from the NVIDIA software download webpage.

[/os/windows/software/games] permanent link

When she clicked on OK, another error window appeared.

Error

Failed to initialize the rendering engine.: 0 OK

Clicking OK on that window closed the application.

When she started Second Life the message "detecting hardware" appeared followed by the error window below.

I had turned video acceleration off for the Nvidia graphics adapter when Paint Shop Pro 9 would not start with it turned on. To turn it back on I tried the following steps.

1. Right-click on desktop.
2. Select Properties.
3. Click on Settings.
4. Click on the Advanced button.

But then the following message appeared.

I clicked on the Troubleshoot tab instead, clicked on the hardware acceleration slider and dragged it down to the "Full" end. GoPets and Second Life then started when I tried to open them. Paint Shop Pro 9 wouldn't start again, though. It hung while starting up (see Paint Shop Pro Hangs at Startup).

I checked the version of the driver installed for the NVIDIA GeForce 6150 LE through the device manager. I saw the following.

I went to the NVIDIA software download page. I didn't find a driver listed specifically for the NVIDIA GeForce 6150 LE adapter, but I found that the GeForce 6 Series driver supports the GeForce 6150 LE adapter.

The "Driver Installation Hints" for the new driver stated the following.

Before installing new drivers make sure you uninstall all NVIDIA display drivers from the Windows Control Panel. Browse to the Start Menu > Windows Control Panel > Add/Remove Programs and search for "NVIDIA Windows Display Drivers" or "NVIDIA Display Drivers" and select remove.

I removed the existing NVIDIA drivers through "Add or Remove Programs". I chose to "Remove all NVIDIA drivers, including Display". I also opted to remove the nView profiles. After rebooting, GoPets, Second Life, and Paint Shop Pro 9 all started without problems.

[/os/windows/software/games] permanent link

1. Click on Start.
2. Select Run.
3. Type regedit
4. Click on Ok.
5. Navigate to HKEY_CLASSES_ROOT\lnkfile.
6. On the right side of the window, right-click on IsShortcut and choose Delete.

Remember, you must be careful when editing the registry. Mistakes in editing registry entries can cause significant problems.

As an alternative to the above method, you can use this shortcut-arrow-removal.reg registry file, which will delete the IsShortcut key from the registry. Download the file (you can right-click on the link and choose "download", "save link target as", or whatever your browser ues to initiate a download) and then, once it is downloaded, double-click on the file on your system. When prompted "Are you sure you want to add the information in shortcut-arrow-removal.reg to the registry?", select "Yes". That action will result in the key being removed; the prompt about adding information is just the default message that appears whenever you click on a .reg file.

References:

1. Remove shortcut arrow from desktop icons
   Free PC Tech Support - Guides and FAQs

[/os/windows/registry] permanent link

I suggested reinstalling StardDock Central and then uninstalling the various modules, such as WindowBlinds from within it. After reinstalling StarDock Central and then opening StarDock Central, right-clicking on the various packages and choosing "uninstall" would not uninstall the packages.

Trying to uninstall IconPackager produced the message below.

Trying to uninstall WindowBlinds produced a similar message

On one of the StarDock Forums, there was a posting Uninstall Problem Gives me an error where someone reported a problem uninstalling WindowBlinds to which a respondent suggested running a "zapper" program from StarDock to uninstall StarDock applications. The ODNT Component Zapper is available from Downloads at the Stardock site.

Stardock describes it as a "Utility program that can be used to unload or remove Object Desktop components (like if an install.log file is missing). Warning: this will delete any installed skins/themes for the component when used to uninstall that component."

I ran the program and chose "Select All" to remove all Object Desktop components.

A window popped up showing the applications to be removed, but the list was so long I couldn't see the buttons at the bottom and there was no scrollbar. But, since the default response button was "Yes", hitting the enter key resulted in an attempt to zap the programs, but then I saw "odnt_zapper.exe has encountered a problem and needs to close. We are sorry for any inconvenience." However when I restarted the ODNT Component Zapper, I didn't see any applications listed to remove this time under the Uninstall tab. But under the Unload tab, I saw WebBlinds listed. I chose to unload it by selecting it and then clicking on Apply.

I then clicked on Start, Control Panel, and then Add or Remove Programs, chose Stardock Central, and then Change/Remove to remove it from the system.

The C:\Program Files\Stardock folder remained, so I attempted to manually delete it. When I tried deleting it, I saw the message "Renaming, moving or deleting 'Stardock' could make some programs not work. Are you sure you want to do this?" I chose "No" and rebooted, thinking perhaps a DLL file associated with the program might still be loaded in memory. I got the same message after rebooting when I tried uninstalling it again, but this time I chose "Yes" to proceed with the uninstall

1. Uninstall Problem Gives me an error
   By kid4christ
   Posted December 10, 2005
   Stardock Forums

[/os/windows/software/themes] permanent link

[ More Info ]

[/os/windows/software/graphics/corel/psp] permanent link

You've Got Mail Wav File

[/network/email/squirrelmail] permanent link

[/security/scams/phishing/paypal] permanent link

To do so on Windows XP system, e.g a Windows XP Home or Media Center Edition system, take the following steps:

1. Log into the system as the administrator.


2. Click on Start.


3. Click on Control Panel.


4. Double-click on User Accounts.


5. Double-click on the account to which you wish to grant administrator access.


6. Click on Change the account type.
   


7. Change the account type from Limited to Computer Administrator.


8. Click on the Change Account Type button.


9. Logoff as administrator and logon under the user account.

You can then follow the same procedure after you have installed the software to change the account type back to Limited.

[/os/windows/xp] permanent link

The recipient doesn't have a PayPal account. Whoever created the spam message probably sent it to thousands of people with no way of knowing how many of those recipients might have PayPal accounts.

I checked the online directory for the university today and sent another message regarding the spoofed site; this time I sent the message to the chair of the School of Design at the university plus email addresses for people who appeared to be IT people at the university, and some general contact addresses. Hopefully, one of them can get the spoofed webpages removed and take action that will result in the perpetrator being apprehended and disciplined.

[/security/scams/phishing/paypal] permanent link

Going to http://mic.polyu.edu.hk/ instead, I found the following information for the site:

I reported the spoofed site to to the contact address listed for the Hong Kong Polytechnic University. The webserver being used to host the spoofed PayPal site apparently belongs to the Multimedia Innovation Centre School of Design at that university. I also reported this phishing attempt to PayPal via the PayPal Report Fake Site/Spoofwebpage. And I reported the spoofed site at the following phishing report wepbages:

[/security/scams/phishing/paypal] permanent link

With Gmail, you can send and receive messages up to 10 megabytes (MB) in size. However, the precise amount allowable will depend on the attachment. When you add an attachment, the size of a file may increase because transport encodings are automatically added. (Transport encodings are the information that allows your message to be safely sent and read.) This means that in some cases, attachments that are 6 to 10MB in size may push the total message size above 10MB. When this happens, Gmail displays a warning that your message exceeds the 10MB limit.

Microsoft offers a free email service Hotmail, which provides 1,000 MB (1 GB) of free storage for email. That service currently has a 10 MB limit on attachments. I have successfully sent a message with a 10 MB attachment to a test Hotmail account I maintain.

Hotmail also has the following restrictions currently:

• You can send a maximum of 250 messages per day.
• You can send a message to a maximum of 50 e-mail addresses at the same time. These addresses can be distributed among the To, Cc, and Bcc lines, or they can all be on one line.
• You can send messages up to 10 MB each, including attachments.

[/network/email/free] permanent link

When I opened ClamWin today to see if new virus definitions would result in the file no longer being reported as infected, I saw the message "You have not yet downloaded Virus Definitions Database. Would you like to download it now?" I chose "Yes". ClamWin appeared to download new definitions, but when I selected the file the Scan button was grayed out. I closed and reopened ClamWin. Again I got the message stating that I had not yet downloaded virus definitions. I chose to download them again, but the results were the same. When I exited from the program, right-clicked on the file to scan and chose "Scan with ClamWin Free Antivirus", I saw the message "Virus Definitions Database Not Found! Please download it now."

So I checked the ClamWin website. I found there was a new version, 0.90.1.1 The site had the following information on the new version:

Wednesday, 11 April 2007
This quick-fix release addresses the "Missing Virus Database" Error. Also it includes couple of bug fixes:

• Fixed file creation errors during scanning of OLE and MSI files
• Added description message when a "Can't Open File" error occurs
• Setup now installs virus definitions database

I installed the new version. I was then able to scan opera.exe and it now reports that the file is uninfected. Previously ClamWin 0.90.1 was reporting that laplink.exe was also infected. It reported that file was infected with Trojan.Mybot-7604. I felt then that there was a fairly high probabability that the report was another false positive. When I scanned the file with the new version of ClamWin with current virus definitions, that file is now reported as uninfected as well.

[/security/antivirus/clamav] permanent link

[ More Info ]

[/os/unix/commands] permanent link

# The name is in all uppercase letters. Leave the first letter of
# each part of the name in upper case, but put all the others in lowercase
$name =~ tr/A-Z/a-z/;
$name =~ s/([a-z]+)\s([a-z]+)/\u$1 \u$2/;

The first line changes all uppercase letters to lowercase. The next line looks for the first part of the name, which is stored in $1. There is then a space followed by the last name, which is stored in $2. Using the substitute command, the first letter of $1 is changed to uppercase as is the first letter of $2.

The [a-z] instructs Perl to look for an occurrence of any letter from "a" to "z". The + afterwards indicates that Perl should look for 1 or more occurrences of any letter between "a" and "z". Enclosing the [a-z]+ between ( and ) instructs Perl to store what if finds, i.e. the first name in this case, in a variable $1. The \s tells it to look for a whitespace character, i.e. a space in this case, and then the next ([a-z]+) will find all of the letters for the last name and store it in a variable $2 The \u changes the following letter to uppercase for $1, which is the first name. The \u$2 then changes the first letter of $2 , which is the last name to uppercase.

[/languages/perl] permanent link

When I checked the firewall openings with the netsh firewall show state command, I didn't see anything unusual.

C:\>netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile                           = Domain
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = Windows Firewall
Remote admin mode                 = Enable

Ports currently open on all network interfaces:
Port   Protocol  Version  Program
-------------------------------------------------------------------
135    TCP       IPv4     (null)
137    UDP       IPv4     (null)
139    TCP       IPv4     (null)
138    UDP       IPv4     (null)
9370   UDP       IPv4     C:\Program Files\Logitech\Desktop Messenger\8876480\Pr
ogram\LogitechDesktopMessenger.exe
3389   TCP       IPv4     (null)
445    TCP       IPv4     (null)
22     TCP       IPv4     C:\Program Files\Network\OpenSSH\usr\sbin\sshd.exe

Nor did I see anything unusual when I issued the command netsh firewall show portopening.

C:\>netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
22022  TCP       Enable   OpenSSH
139    TCP       Enable   NetBIOS Session Service
445    TCP       Enable   SMB over TCP
137    UDP       Enable   NetBIOS Name Service
138    UDP       Enable   NetBIOS Datagram Service
3389   TCP       Enable   Remote Desktop

Port configuration for Standard profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
139    TCP       Enable   NetBIOS Session Service
445    TCP       Enable   SMB over TCP
137    UDP       Enable   NetBIOS Name Service
138    UDP       Enable   NetBIOS Datagram Service
3389   TCP       Enable   Remote Desktop

However, when I went to the GUI for configuring the firewall to correct an mistake I noticed in the firewall configuration, I saw DwnMaster listed. I didn't know what that program was nor why it needed a firewall rule.

Double-clicking on DwnMaster showed that the program associated with the firewall rule was syst.exe in C:\WINDOWS\Temp.

When I checked to see if syst.exe was running, I didn't see evidence of it running.

C:\>tasklist /fi "imagename eq syst.exe"
INFO: No tasks running with the specified criteria.

And when I checked for the existence of the file, however, though I found it, it was only zero bytes in length. I am presuming that it was nullified during an antivirus or antispyware scan of the system.

C:\>dir c:\windows\temp\syst.exe
 Volume in drive C has no label.
 Volume Serial Number is 909B-3E78

 Directory of c:\windows\temp

02/02/2007  03:32 AM                 0 syst.exe
               1 File(s)              0 bytes
               0 Dir(s)  57,556,082,688 bytes free

Looking at the "allowed programs" list for the firewall, I noticed another unusual entry, C:\win.com.

C:\>netsh firewall show allowedprogram


Allowed programs configuration for Domain profile:
Mode     Name / Program
-------------------------------------------------------------------
Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable   DwnMaster / C:\WINDOWS\Temp\syst.exe
Enable   TCP / C:\WIN.COM
Enable   Logitech Desktop Messenger / C:\Program Files\Logitech\Desktop Messenge
r\8876480\Program\LogitechDesktopMessenger.exe

Allowed programs configuration for Standard profile:
Mode     Name / Program
-------------------------------------------------------------------
Enable   restorea0 / c:\windows\system32\restorea0.exe
Enable   Remote Assistance / C:\WINDOWS\system32\sessmgr.exe
Enable   Logitech Desktop Messenger / C:\Program Files\Logitech\Desktop Messenge
r\8876480\Program\LogitechDesktopMessenger.exe

The name given to it was TCP, apparently in an attempt to make it less likely to stand out as possible malware.

But I wouldn't expect to find a win.com file in the root directory of a Windows XP system.

It was also a zero byte file when I checked for its existence, however, so may also have been nullified by a previous scan of the system with antivirus or antispyware software.

C:\>dir c:\win.com
 Volume in drive C has no label.
 Volume Serial Number is 909B-3E78

 Directory of c:\

02/09/2007  02:47 AM                 0 WIN.COM
               1 File(s)              0 bytes
               0 Dir(s)  57,555,771,392 bytes free

Another allowed program that looked suspicious was restorea0 in c:\windows\system32\. But when I looked for it, I did not see it on the system. So it may have been removed completely by antivirus or antispyware software previously. At FKIYY.EXE Spyware Remove, I found it listed as one of many alternative names associated with malware detected by Prevx.

At SYST.EXE Spyware Remove, Prevx lists syst.exe as being associated with Trojan Downloader Small yt. At WIN.COM Spyware Remove, win.com is linked to Adware Virtumonde

[/os/windows/xp/firewall] permanent link

C:\>tasklist /fi "imagename eq rtvscan.exe"

Image Name                   PID Session Name     Session#    Mem Usage
========================= ====== ================ ======== ============
Rtvscan.exe                 1784 Console                 0      9,736 K

From the above information, I can see that rtvscan.exe is running on the system and that it has process ID (PID) 1794. I can verify that the process with PID 1784 is listening on port 2967 on the system using the netstat command.

C:\>netstat -ano | find "1784"
UDP    0.0.0.0:1061           *:*                                    1784
UDP    0.0.0.0:2967           *:*                                    1784

You can create a firewall rule to allow the server to communicate with the client using the instructions at Configuring Windows XP Firewall for Symantec Antivirus Client through either a GUI or the command line. An example using the command line is shown below. The example below presumes the server's IP address is 192.168.0.33.

C:\>netsh firewall set portopening protocol = UDP port = 2967 name = "Symantec A
ntiVirus Client Management" mode = ENABLE scope = CUSTOM 192.168.0.33
Ok.

You can verify the firewall now has the appropriate port opening with the netsh firewall show portopening command.

C:\>netsh firewall show portopening

Port configuration for Domain profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
10280  UDP       Enable   Windows Media Connect
10281  UDP       Enable   Windows Media Connect
10282  UDP       Enable   Windows Media Connect
10283  UDP       Enable   Windows Media Connect
10284  UDP       Enable   Windows Media Connect
10243  TCP       Enable   Windows Media Connect
22     TCP       Enable   OpenSSH
2967   UDP       Enable   Symantec AntiVirus Client Management
139    TCP       Enable   NetBIOS Session Service
445    TCP       Enable   SMB over TCP
137    UDP       Enable   NetBIOS Name Service
138    UDP       Enable   NetBIOS Datagram Service
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP

Port configuration for Standard profile:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
10280  UDP       Enable   Windows Media Connect
10281  UDP       Enable   Windows Media Connect
10282  UDP       Enable   Windows Media Connect
10283  UDP       Enable   Windows Media Connect
10284  UDP       Enable   Windows Media Connect
10243  TCP       Enable   Windows Media Connect
139    TCP       Enable   NetBIOS Session Service
445    TCP       Enable   SMB over TCP
137    UDP       Enable   NetBIOS Name Service
138    UDP       Enable   NetBIOS Datagram Service
1900   UDP       Enable   SSDP Component of UPnP Framework
2869   TCP       Enable   UPnP Framework over TCP
3389   TCP       Enable   Remote Desktop

Port configuration for Local Area Connection:
Port   Protocol  Mode     Name
-------------------------------------------------------------------
3389   TCP       Enable   Remote Desktop

Or, alternatively, you can use the netsh firewall show state command.

C:\>netsh firewall show state

Firewall status:
-------------------------------------------------------------------
Profile                           = Domain
Operational mode                  = Enable
Exception mode                    = Enable
Multicast/broadcast response mode = Enable
Notification mode                 = Enable
Group policy version              = Windows Firewall
Remote admin mode                 = Enable

Ports currently open on all network interfaces:
Port   Protocol  Version  Program
-------------------------------------------------------------------
10243  TCP       IPv4     (null)
10280  UDP       IPv4     (null)
10281  UDP       IPv4     (null)
10282  UDP       IPv4     (null)
10283  UDP       IPv4     (null)
10284  UDP       IPv4     (null)
135    TCP       IPv4     (null)
137    UDP       IPv4     (null)
139    TCP       IPv4     (null)
138    UDP       IPv4     (null)
3389   TCP       IPv4     (null)
445    TCP       IPv4     (null)
22     TCP       IPv4     C:\Program Files\Network\OpenSSH\usr\sbin\sshd.exe
1562   TCP       IPv4     C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2869   TCP       IPv4     (null)
1900   UDP       IPv4     C:\WINDOWS\SYSTEM32\SVCHOST.EXE
2967   UDP       IPv4     C:\Program Files\Symantec_Client_Security\Symantec Ant
iVirus\Rtvscan.exe

Additional ports open on Local Area Connection:
Port   Protocol  Version
-------------------------------------------------------------------
3389   TCP       Any

The netsh firewall show state command will show you what program is listening on the port. In this case it shows that Rtvscan.exe is listening on port 2967

References:

1. Configuring Windows XP Firewall for Symantec Antivirus Client
   Written: May 30, 2005
   MoonPoint Support

[/security/antivirus/symantec/SAV-Firewall] permanent link

Checking the definitions timestamp in ClamWin, I saw the following:

ClamAV 0.90.1
Protecting from 107238 Viruses
Virus DB Version: (main: 42, daily: 3049)
Updated: 18:49 08 Apr 2007

I found someone else reporting the same problem on a ClamWin support forum at False Positives. And I found a post, Opera.exe: Trojan.Bifrose-495 FOUND, on an Opera community forum site, where someone posted that ClamAV reported "Trojan.Bifrose-495 FOUND" for opera.exe, though in his case it appeared he had version 7 of Opera on his system. He submitted opera.exe from his system to VirusTotal, which provides a free service allowing you to upload a file for analysis by many different antivirus programs. Only ClamAV and Fortinet identified the file as being suspicious. The other 27 antivirus scanners used by VirusTotal reported it was uninfected. ClamWin is a Windows implementation of ClamAV.

There was also another posting, Trojan.Bifrose-495? in a ClamWin forum where someone stated that ClamWin 0.88.7 reported the same infection for his copy of opera.exe. One of the ClamWin developers, sherpya, responded that it was a false positive. That person also submitted his copy to VirusTotal. The result was the same for him, with only ClamAV reporting the file as infected and Fortinet labelling it as "suspicious".

I found someone else reporting that ClamWin reported Opera was infected with Trojan.Bifrose-495 at Cleaning up a trojan, but the poster didn't appear to consider the possibility that the report may have been a false positive.

I submitted the opera.exe file from my system to VirusTotal also. One of the ClamWin developer's referred the person who posted at False Positives on the ClamWin forum to How can I report a virus that ClamWin doesn't recognise? Or a false positive?, which also suggests submitting the file to VirusTotal , if you suspect that ClamWin is reporting a false positive. The file was scanned by 23 antivirus programs. Only ClamAv and Fortinet reported an issue with the file. ClamAv reported it found "Trojan.Bifrose-495", while Fortinet reported the file as "suspicious".

I also submitted the file to Jotti's Malware Scan, which also provides a free virus scanning service. Of the 17 antivirus programs it uses, only ClamAv reported the file as infected with ClamAv reporting "Found Trojan.Bifrose-495". It scanned the file with Fortinet as well, but reported for Fortinet that "Found nothing" (see report ).

I did submit the file using the on-line form at ClamAV Virus Database as a false positive.

So what does Trojan.Bifrose-495 do? I don't know and could not find any information on it via a Google search. Though I really like ClamWin and ClamAV, using them on many systems, one major advantage I see to a program like Symantec's antivirus software, aside from real-time scanning, is that Symantec will provide you with details on how most of the viruses it identifies work. By looking at the provided details, you can determine, if your system was infected, what the virus or trojan may have done and what other indicators of the infection you should expect to find on the system. ClamAV and thus ClamWin, which is built on ClamAV, provide no virus encyclopedia you can use for reference. If this wasn't a false positive I would certainly like to know how the virus or trojan operates, not just a name for it. Does it allow someone to take remote control of the infected system? Does it send out spam from the system, delete or corrupt files, etc.?

I normally use ClamWin as an adjunct to other antivirus software on a system and don't want real-time scanning capability from it, but really would like to have further details on any infections found. I have found ClamWin identifies malware other antivirus programs sometimes miss and am very appreciative of the work done by the developers for both ClamAV and ClamWin, but, whenever they report an infected file, I often have to submit the file to VirusTotal or Jotti's Malware Scan to attempt to figure out the potential harm that may have been caused by an infection. I look at the names used for the infection by other antivirus programs that also report the submitted file is infected. I then look check virus encyclopedias they may provide or do further searching of the web using the names they use for the malware.

Details for the file I submitted:

The modification date listed on the file when I right-clicked on it and chose Properties was March 24, 2006. I installed Opera 8.54 on the system on April 15, 2006, so the modification date listed is several weeks prior to the software being installed on the system.

I also scanned the file with BitDefender 8 Free Edition, which had virus definitions of April 8, 2007, which is today's date, and Symantec AntiVirus Corporate Edition 8, which had virus definitions from April 4, 2007. Both of those antivirus programs were on the system where I ran the ClamAV scan. Both reported the file was uninfected, so I'm fairly confident at this point that ClamAV's report of the file as infected was a false positive.

References:

1. False Positives
   Posted February 11, 2006
   ClamWin Free Antivirus Support and Discussion Forums


2. Opera.exe: Trojan.Bifrose-495 FOUND
   Posted: December 20, 2006
   Forums - Opera Community


3. Trojan.Bifrose-495?
   January 5, 2007
   ClamWin Free Antivirus Support and Discussion Forums


4. Cleaning up a trojan
   December 21, 2006
   WebDeveloper.com Forum

[/security/antivirus/clamav] permanent link

I upgraded ClamWin on a system from version 0.88.4 to 0.90.1, set it to scan all of drive C on the system and then went to bed.

When I checked the results 9 hours later, I was surprised to find ClamWin still running. I also saw lots of error messages similar to the following:

LibClamAV Error: ERROR: failed to create file: c:\docume~1\admini~\locals~1
\temp/clamav-b3e9e513a21a2f87d6834aa7fb84676.00000530.clamtmp/
_becaa_r_ndoaa_geiaa_cemaa_r_behaa_feiaa_heeaa_kdbaa_idhaa_idpaa_ldg
aa_ldoaa_idjaa_D_ideaa_idjaa_ldmaa_

On the Clamwin support forums, I found several references to the problem. At ERROR: failed to create file, shepya, one of the ClamWin developers, responded on November 12 that the problem was due to the OLE2 unpacker that is used by ClamWin attempting to unpack CAB files, but encountering problems when doing so, since the files inside the CAB file have seemingly random names and unpacking them with the OLE2 unpacker would lead to new files being created with the same name as existing files, if ClamWin didn't stop unpacking the files and produce the error message instead. Sherpya stated in his response that ClamWin first tries to unpack the CAB files with a CAB unpacker, but for Installshield CAB files, since Installshield CAB files are not supported, it then passes the file on to the OLE2 unpacker, which can't properly unpack the CAB files. Shepya states the problem is due to Microsoft using the same file signature for both CAB and OLE2 files. File Extension for .CAB also indicates that InstallShield CAB files are not compatible with Microsoft CAB files.

Shepya further stated in a December 11, 2006 posting in the same thread that "since the cab code skips the archive, so it's passed to the ole2 code that doesn't pick the correct filenames to extract and since there are a lof of garbage in file names, clamav tries to sanitize it by replacing invalid chars by a _, this causes a lot of name clashes, but I preferred to warn instead of silent ignoring." ClamWin is using ClamAV for virus scanning; it is a Windows implementation for ClamAV.

There is another thread on the topic at Scan Write Errors. Sherpya states in that one that "m$ decided to make .msi files like ole2 container just like office document, but really they are a sort of cab archives."

And in response to the LIBCLAM AV error posting on April 4, 2007 by cebo, sherpya responds that "these messages are harmless, they will be removed on next release." I certainly hope there is an improvement with the next release.

Previously, when I started ClamWin on this system before going to bed, it would be finished when I checked it in the morning. When I checked the system at 9:00 A.M. after starting it around 11:00 P.M. the previous night, I found the CPU utilization was at about 100%. ClamWin was using over half the CPU time, but Spy Sweeper was also using a considerable amount of CPU time. I stopped Spy Sweeper. Then ClamWin was getting almost all of the CPU time, with the Task Manager showing its CPU utilization fluctuating between 90% and 97%, yet it still did not complete until 7:00 P.M., almost 20 hours after I started it.

I also saw the error message LibClamAV Error: Message is not un uuencoded form during the scan.

References:

1. ClamWin


2. ERROR: failed to create file:
   Posted: November 6, 2006
   ClamWin Free Antivirus Support and Discussion Forums


3. Scan Write Errors
   Posted: October 11, 2006
   ClamWin Free Antivirus Support and Discussion Forums


4. Cabinet (file format)
   Wikipedia, the free encyclopedia


5. File Extension for .CAB
   FILExt


6. Object Linking and Embedding
   Wikipedia, the free encyclopedia


7. LIBCLAM AV error
   Posted: Wednesday, April 4, 2007
   ClamWin Free Antivirus Support and Discussion Forums

[/security/antivirus/clamav] permanent link

You can exclude ClamWin's quarantine directory from being scanned by ClamWin by following the steps listed in Excluding the Quarantine Directory from a ClamWin scan.

[/security/antivirus/clamav] permanent link

RFC's document the protcols on the Internet. The precursor to today's Internet was the ARPANET, which was developed for the United States Department of Defense. The first RFCs were published in 1969 for the ARPANET. At first researchers distributed hard copies of the RFCs among themselves, but in December of 1969 they began distributing them using the ARPANET itself.

References:

1. April 7, 1969: Birth of That Thing We Call the Internet
   By Tony Long
   Wired News
2. Request for Comments
   Wikipedia, the free encyclopedia
3. ARPANET
   Wikipedia, the free encyclopedia
4. RFC 1 Title: Host Software
   By Steve Crocker
   IETF Tools

[/network/Internet] permanent link

<?
$email = "yourname@example.com";
if( eregi("googlebot", $_SERVER['HTTP_USER_AGENT']) )
{ 
    mail($email, "Googlebot Alert", 
            "Google just indexed your following page: " .
            $_SERVER['REQUEST_URI']); 
}
?>

You will, of course, need to replace yourname@example.com with your own email address.

On a Linux or Unix system, you can issue the following commands to see how many requests for pages on your site today have come from a Googlebot visit to your site.

grep "$(date +"%d/%b/%Y")" access.log | grep -i "googlebot" | wc -l

You will need to substitute the name and location of the log file that tracks access to your site for access.log.

The $(date +"%d/%b/%Y") tells grep to look for occurrences of the current date in the form dd/mmm/YYYY, e.g. 03/Apr/2007 . In my Apache log files, entries appear similar to the one below.

66.249.66.147 - - [03/Apr/2007:09:10:42 -0400] "GET /robots.txt HTTP/1.1" 200 146

If the date is formatted in a different manner in your log file, you will need to adjust the format accordingly. You can obtain information on formatting the date with man date.

If you don't have IP addresses translated to a FQDN, e.g. if your log file records 66.249.66.147 instead of crawl-66-249-66-147.googlebot.com, which is the case for my log file, then you will need to look for the IP address range that is used by Googlebot. Googlebot's and Mediapartners-google's IP indicates that 66.249.71.x appears to be assigned to Googlebot, though reverse name lookups only work up to 66.249.71.208. You can use the following commands to search for the Googlebot IP address range 66.249.71.1 to 66.249.71.255.

grep "$(date +"%d/%b/%Y")" access.log | grep -i '66.249.66.' | wc -l

The Googlebot's and Mediapartners-google's IP article mentions that Google uses a separate bot that checks pages with Google AdSense ads on them. So, if you have Google AdSense ads on your site, then both the main Googlebot bot and the MediaPartners-Google bot will probably visit your site. The author of that article states he has seen the following IP addresses used for the Mediapartners-Google bot.

References:

1. Googlebot Alert
   By Philipp Lenssen
   June 23, 2004
   Google Blogoscoped
2. Googlebot's and Mediapartners-google's IP
   By Tim Johansson
   gurka.se
3. FQDN
   Wikipedia, the free encyclopedia
4. Internet bot
   Wikipedia, the free encyclopedia

[/network/web/search] permanent link

[ More Info ]

[/video/youtube] permanent link

[ More Info ]

[/os/unix/solaris] permanent link

[ More Info ]

[/network/web/search] permanent link

Fortunately, I was able to find information on how to easily resolve my problem at Command Line Printer Control in Windows 2000 / XP. All I had to do to add a printer from the administrator account while still remaining logged into my user account was the following:

1. Open Windows Explorer and navigate to C:\WINDOWS\system32.
2. Right-click on cmd.exe while holding down a shift key, then select Run as.
3. Select "The following user", put in the userid for the administrator account for the system, e.g. SystemName\administrator, for user name and its password, then click on OK.
4. At the command prompt window that opens, enter the following command:
   
   RUNDLL32 PRINTUI.DLL,PrintUIEntry /il

That will run the Add Printer Wizard from the administrator account, allowing you to add a printer port.

Note: The capitalization of PrintUIEntry is important. If you don't use PrintUIEntry, but, instead used printUIEntry, you would get the error message below:

Error in printui.dll
Missing entry:printUIEntry

The /il parameter is also case sensitive.

References:

1. Command Line Printer Control in Windows 2000 / XP
   Rob van der Woude's Scripting Pages

[/os/windows/printers] permanent link

1. After editing the plushelp.txt file, within the directory where the plushelp file is located, issue the following command to rebuild the plushelp index file:
   
   ./mkindx plushelp.txt plushelp.indx
   
   Alternatively, you could run ../Index to rebuild all index files.
2. Within the MUSH, issue the command @readcache

References:

1. TinyMUSH 3: The Home Page
   sourceforge.net
2. MUSH
   Wikipedia, the free encyclopedia
3. root/releases/1.50/11/README
   PennMUSH

[/gaming/tinymush] permanent link

For analyzing the log files for information on VPN logins through the SBS 2003 server, Microsoft offers the iasparse tool, which can be found on Disc # 2 of the installation CDs. But the shareware tool, IAS Log Viewer, is better at displaying the data in a more manageable fashion.

[ More Info ]

[/os/windows/server2003] permanent link

If you are seeing a lot of unexpected symbols when you are composing an email message in Outlook 2003, such as the ones shown below, then you may have accidentally turned on the display of nonprinting characters.

You may be seeing ¶ symbols at the end of each paragraph. Those are called "para symbols" or "pilcrow signs". You may also see symbols. Those downwards arrows that turn a 90-degree corner leftwards indicate line breaks or carriage returns in your text. These carriage return arrows should appear wherever you've hit the return key when composing a message. You will also see small raised dots between words, i.e. "He took his vorpal sword". The character simply means that there is a space there.

If Outlook is configured to use Microsoft Word to edit your email messages, those characters are embedded in your documents, but are normally invisible to you. Displaying them can help some users when formatting their documents.

You can toggle their display on or off by clicking on the ¶ symbol that you should see in the toolbar menu at the top of your message composition window. You can also toggle the display of these characters on or off by hitting the Ctrl, Shift, and "8" keys, i.e. Ctrl then asterisk, simultaneously. And, if those characters have suddenly appeared in your documents when you don't want them there, it is likely because you inadvertently hit the Ctrl key while hitting Shift+8 to get an asterisk symbol.

References:

1. What do all those funny marks, like the dots between the words in my document, and the square bullets in the left margin, mean?
   Frequently Asked Questions - Microsoft Word MVP FAQ Site
   Article contributed by Suzanne Barnhill and Dave Rado
2. Turning Display of Paragraph Markers On and Off in Microsoft Word
   MoonPoint Support
3. List of XML and HTML character entity references
   Wikipedia, the free encyclopedia

[/os/windows/office/outlook] permanent link

[ More Info ]

[/gaming/tinymush] permanent link

find . -name "*.php" -exec grep "noindex" {} /dev/null \;

In this case I want to find all of the PHP files where I have included the string "noindex" in a META tag.

References:

1. Greg Hinkel's UNIX Tip of the Week for March 3, 1996

[/os/unix/commands] permanent link

[ More Info ]

[/hardware/printer/hp] permanent link

I don't want ClamWin to scan its own quarantine directory and report infections for items it quarantined during previous scans. To avoid that result, you can take the following steps (instructions written for ClamWin 0.90, but should apply to other versions as well):

1. Open ClamWin.
2. Click on Tools and select Preferences.
3. Click on the Advanced tab.
4. Put --exclude-dir=".clamwin\\quarantine" in the Additional Clamscan Command Line Parameters field. Note: you must use two backslashes after "clamwin", because ClamWin treats the entry as a regular expression. In a regular expression, a backslash, "\", has special significance, so you need to "escape" that special significance by putting another backslash in front of any backslash you need to use.

If you wish to exclude multiple directories, you can use multiple --exclude-dir commands separated by spaces, e.g. --exclude-dir=".clamwin\\quarantine" --exclude-dir="BitDefender8\\Quarantine".

To exclude individual files, you can use the exclude command, e.g. exclude="test.exe".

[/security/antivirus/clamav] permanent link

# svcs | grep tftp
#

I removed the "#" from the following line in /etc/inetd.conf:

tftp    dgram   udp6    wait    root    /usr/sbin/in.tftpd      in.tftpd -s /tftpboot

I then ran inetdconv.

# inetconv
inetconv: Notice: Service manifest for 100235/1 already generated as /var/svc/manifest/network/rpc/100235_1-rpc_ticotsord.xml, skipped
inetconv: Notice: Service manifest for 100083/1 already generated as /var/svc/manifest/network/rpc/100083_1-rpc_tcp.xml, skipped
inetconv: Notice: Service manifest for 100068/2-5 already generated as /var/svc/manifest/network/rpc/100068_2-5-rpc_udp.xml, skipped
tftp -> /var/svc/manifest/network/tftp-udp6.xml
Importing tftp-udp6.xml ...Done

When I then checked to ensure the system was functioning as a TFTP server, I found it was functioning as one.

# netstat -a | grep tftp
      *.tftp                                Idle
      *.tftp                                                        Idle
# svcs | grep tftp
online         16:21:53 svc:/network/tftp/udp6:default
# netstat -a | grep tftp
      *.tftp                                Idle
      *.tftp                                                        Idle

You can disable the TFTP service with inetadm -d svc:/network/tftp/udp6 and re-enable it with inetadm -e svc:/network/tftp/udp6.

Create a /tftpboot directory where files can be placed to be downloaded by tftp clients.

# mkdir /tftpboot

For further information on the TFTP service, you can use the man command man tftpd.

References:

1. Enabling tftpd in Solaris 10
   By Lasse Østerild
   October 11, 2005
   unixzone.dk

[/os/unix/solaris] permanent link

The message attempted to trick PayPal users to going to a spoofed PayPal website to confirm the addition of an email address to a user's PayPal account. In reality, the link in the message would take the victim to http://sv1.melbhosting.com.au/%7Eforcast/index.html, which would redirect him to http://bourke.pcpro.net.au/icons/.pay/pal/index.html. There he would see a website mimicking the PayPal site where he would be prompted for his PayPal userid and password. If he entered a userid and password, he would see a form asking for personal information, including a credit card number.

I reported the spoofed site at 10:33 A.M. using PayPal's Contact Us - Protections/Privacy/Security - Report Fake Site/Spoof form. I also reported the site to the Phishing Incident Reporting and Termination (PIRT) Squad at 10:48 A.M. At 11:15 A.M. the webpage to which the link pointed, http://sv1.melbhosting.com.au/%7Eforcast/index.html was removed from the webserver on which it resided, resulting in a "HTTP 404 - File not found" message, but the spoofed PayPal site at bourke.pcpro.net.au was still accessible.

[/security/scams/phishing/paypal] permanent link

Fortunately, I had selected the option to have Dell preconfigure the system for Wake On Lan (WOL) support in the BIOS when her company purchased the system. Wake On Lan support allows one to restart a computer that has been shut down by sending a "Magic Packet" to the Media Access Control (MAC) address of the network card in a computer to "wakeup" the computer, i.e. power on and boot up the computer.

This can occur when the system is still providing power to the Ethernet controller in the system. Most modern computers with a network connection provided through the motherboard support this functionality. The functionality is also present in motherboards that support the PCI 2.2 standard when a PCI 2.2 network adapter is used. In other cases, when WOL support is provided through the motherboard, the motherboard must have a WAKEUP-LINK header onboard and connected to the network card via a special 3-pin cable. Wake on LAN must also be enabled in the Power Management section of the systems's BIOS. It may also be necessary to configure the computer to reserve power for the network card when the system is shut down.

To wake a shut down system, you need a program that can send the Magic Packet to the MAC address of the target system. You also need to know the MAC address of the target system. In this case I use Norton Ghost to backup the systems on the LAN and Norton Ghost provided me with the MAC address.

There are quite a few free programs that provide WOL capabilities. You can find many listed in the Wikipedia Wake-on-Lan article on the topic. I used the free utility provided by MATCODE at http://www.matcode.com/wol.htm.

To use the MATCODe WOL utility, mc-wol.exe, you simply download the utility and then run it with mc-wol <MAC Address>, e.g. as shown below.

C:\Program Files\Network\WOL>mc-wol 00:13:72:3B:4A:B6

WakeOnLAN v1.0 Copyright (c)2001, MATCODE Software.
Web: http://www.matcode.com
Author: Vitaly Evseenko, ve@matcode.com
Sending "Magic Packet" to 00:13:72:3b:4a:b6 - Success!

Once I ran the program, I was able to ping the IP address of the target system shortly afterwards to verify the system was back up.

If you need to obtain the MAC address of a system you can ping it and then look in the ARP table on the system from which you ran the ping, with arp -a to find the relevant entry. Or you can use the MATCODE, MCGETMAC.EXE utility available from the same URL as the MC-WOL.EXE utility or from the links listed below.

C:\Program Files\Network\WOL>mcgetmac 192.168.0.15

Get MAC v1.0 Copyright (c)2001, MATCODE Software.
Web: http://www.matcode.com
Author: Vitaly Evseenko, ve@matcode.com

Name: js.example.com
IP address: 192.168.0.15
Ethernet MAC address: 00:13:72:3B:4A:B6

Press any key ...

References:

1. Wake-On-Lan
   MATCODE
2. Wake-on-LAN
   Wikipedia
3. MAC address
   Wikipedia
4. Conventional PCI 2.2
   PCI-SIG

[/network/wol] permanent link

If you want to replace "Life's but a walking" with "Life's but a walking shadow" you can use :s/Life's but a walking/& shadow/. The ampersand, in the pattern to be substituted in place of the prior one, references the previously found match.

[/software/editors/vi] permanent link

To use the utility, you can enter LoggedOn.vbs at the command line while in the directory where the file is located. A small window will open prompting you for the name of the computer to query.

You will see the logged on user displayed in a small Windows Script Host window as shown below:

If no one is logged on to the system, you will see "null" displayed in the small Windows Script Host window that opens.

If you want the logged on user information displayed in a form that you can copy and paste into a document, you can use cscript /nologo LoggedOn instead. The results will then be displayed on the command line as below:

If no one is logged into the system, you will see "null" displayed on the command line.

If the system can't be queried, you won't see an error message. Instead, you won't see anything displayed.

Information on other utilities to display the logged on user can be found at Who Is Logged On?.

LoggedOn.vbs
LoggedOn.zip

References:

1. List User Logged On To A Remote Computer
   By Cheyenne Harden
   LazyNetworkAdmin.com
2. Who Is Logged On?
   MoonPoint Support

[/languages/vbs/sysadmin] permanent link

[ More Info ]

[/network/email/exchange] permanent link

Error updating database. Could not save the new database on the hard drive.
An error occurred when trying to open the file for writing.
Filename: 'system\bazooka_db.bdb'
Current Working Directory: C:\Program Files\Security\Spyware\Bazooka Scanner\
System error message: Access is denied.

C++ exception: ios::failbit set

Could not update the database. Please check the following:
1. Are you connected to the Internet?
2. Maybe it was a temporary error. Please try again later.

You can also update the database manually. Would you like to have instructions 
how to update it manually?

When I checked the properties of the Bazooka database, bazooka_db.bdb, which is under the system directory of the Bazooka installation folder, by right-clicking on the file and selecting Properties, I found it was marked as "read-only". I unchecked the read-only option and then was able to update the database.

[/security/spyware/bazooka] permanent link