Continuous scan for ARD clients

Similar Messages

• Network printers drop for wireless clients

  I am having a serious problem with my Airport N. My Epson CF11NF (a laser all-in-one which is connected via ethernet to the Airport) is continuously disappearing for wireless clients. All the wired machines can see and print fine, but the printer becomes invisible for wireless clients. The problem is resolved by unplugging and plugging back in the Airport, but I am having to do this more than once a day, which is not acceptable.
  Has anyone experienced this problem? Any advice on what is going on? Should I return the Airport? The wireless clients are all running OSX 10.5.1. The wired clients are all running OSX 10.4. Could this be the issue?

  Others are having similar issues and symptoms, however, I've seen no solutions yet. My Airport Extreme disappears also but access to the internet is unaffected. I can also still access my iMac from my MacBook (iMac still shows up in Finder as a shared volume), however, once the AEBS drops from view I can no longer access printers on the network. (One connected to a networked PC and the other connected to the AEBS.) Both Macs are running Leopard.
  Anyway here's a link that others are using to discuss these issues. Good Luck. http://discussions.apple.com/thread.jspa?threadID=1197872

• Unable to access Scan IP from clients!

  Dear All,
  I am posting this question again, I am still struck here. I cant access my Database 11gR2 on Linux from clients like toad, using scan IP address.
  I have struggled a lot but couldnt find anything helping me.
  Kindly help. This is the status of my database currently:
  Output of crsctl status resource -t is
  ora.etisldb.db
  1 ONLINE ONLINE racnode1 Open
  2 ONLINE ONLINE racnode2 Open
  SQL> select name, enabled from dba_services;
  NAME ENA
  SYS$BACKGROUND NO
  SYS$USERS NO
  etisldbXDB NO
  etisldb NO
  Status of listener from one of the RAC node
  LSNRCTL> status
  Connecting to (DESCRIPTION=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER)))
  STATUS of the LISTENER
  Alias LISTENER
  Version TNSLSNR for Linux: Version 11.2.0.1.0 - Production
  Start Date 19-MAR-2012 16:47:06
  Uptime 0 days 18 hr. 55 min. 5 sec
  Trace Level off
  Security ON: Local OS Authentication
  SNMP OFF
  Listener Parameter File /u01/app/11.2.0/grid/network/admin/listener.ora
  Listener Log File /u01/app/grid/diag/tnslsnr/racnode1/listener/alert/log.xml
  Listening Endpoints Summary...
  (DESCRIPTION=(ADDRESS=(PROTOCOL=ipc)(KEY=LISTENER)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=10.168.20.31)(PORT=1521)))
  (DESCRIPTION=(ADDRESS=(PROTOCOL=tcp)(HOST=10.168.20.32)(PORT=1521)))
  Services Summary...
  Service "+ASM" has 1 instance(s).
  Instance "+ASM1", status READY, has 1 handler(s) for this service...
  Service "etisldb" has 2 instance(s).
  Instance "etisldb1", status UNKNOWN, has 1 handler(s) for this service...
  Instance "etisldb1", status READY, has 1 handler(s) for this service...
  Service "etisldbXDB" has 1 instance(s).
  Instance "etisldb1", status READY, has 1 handler(s) for this service...
  The command completed successfully
  [grid@racnode1 ~]$ srvctl status scan_listener
  SCAN Listener LISTENER_SCAN1 is enabled
  SCAN listener LISTENER_SCAN1 is running on node racnode1
  vi /etc/hosts
  # Single Client Access Name (SCAN)
  10.168.20.29 etisldb-scan
  [grid@racnode1 ~]$ srvctl config scan_listener
  SCAN Listener LISTENER_SCAN1 exists. Port: TCP:1521
  When I run srvctl status service -d etisldb (I think this is where the problem lies)
  It shows nothing, not even error.
  My Service Name is etisldb and instance name is etisldb1
  # tnsnames.ora Network Configuration File: /u01/app/oracle/product/11.2.0/dbhome_1/network/admin/tnsnames.ora
  # Generated by Oracle configuration tools.
  tnsnames.ora
  ETISLDB =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 10.168.20.29)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)
  (SERVICE_NAME = etisldb)
  etisldb1 =
  (DESCRIPTION =
  (ADDRESS = (PROTOCOL = TCP)(HOST = 10.168.20.29)(PORT = 1521))
  (CONNECT_DATA =
  (SERVER = DEDICATED)(SERVICE_NAME = etisldb)
  (INSTANCE_NAME = etisldb1)
  listener.ora
  LISTENER=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER)))) # line added by Agent
  LISTENER_SCAN1=(DESCRIPTION=(ADDRESS_LIST=(ADDRESS=(PROTOCOL=IPC)(KEY=LISTENER_SCAN1)))) # line added by Agent
  ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER_SCAN1=ON # line added by Agent
  ENABLE_GLOBAL_DYNAMIC_ENDPOINT_LISTENER=ON # line added by Agent
  SID_LIST_LISTENER =
  (SID_LIST =
  (SID_DESC =
  (GLOBAL_DBNAME = etisldb)
  (ORACLE_HOME = /u01/app/11.2.0/grid)
  (SID_NAME = etisldb1)
  SID_LIST_LISTENER_SCAN1 =
  (SID_LIST =
  (SID_DESC =
  (GLOBAL_DBNAME = etisldb)
  (ORACLE_HOME = /u01/app/11.2.0/grid)
  (SID_NAME = etisldb1)
  Still I am unable to access RAC when i give service as RACDB and IP 10.168.20.29. If you require any other information kindly let me know.
  Kindly Help,
  Imran

  Hi Imran,
  If you are going to use SCAN for serious client connectivity , then it should be registered with the DNS .
  Putting SCAN name in /etc/hosts file will only provide you a workaround during installation.
  If you don't have a DNS setup , then use tns entries with VIP names.
  If you want to use SCAN for client connections, then
  1. configure SCAN in DNS and make sure nslookup scan-name resolves to 3 IPs
  2. Use SCAN name rather than IP for HOST in your tnsnames, jdbc URL . Currently you've set IP in your tnsnames , (HOST = 10.168.20.29 )
  3. Now, set REMOTE_LISTENER = scan-name:port on all nodes so that SCAN listener can handover the client connections to the least loaded local listeners.

• Windows client for ARD?

  I'm looking in to how to establish a remote desktop connection from Windows to Macs with the stipulation that we not use VNC so I'm wondering if a Windows client for ARD exists.
  If not, does anyone have a suggestion for doing RDC from Windows to Mac. I can already do it going from Mac to Windows using MS's client or the open source CoRD, but I'm really hitting dead-ends trying to figure out how to go the other way.

  To continue what Templeton Peck said, most any VNC client will work. I personally prefer UltraVNC, and I use that to control 5 different Windows machines from my Mac. While you don't get all the advanced options like sharing clipboards, waking/shutting down, collecting reports etc... You still get full access to the remote Windows machine as you do when you connect to a Mac in ARD.

• I'm trying to publish an ebook using iAuthor for a client.  We're asked to 'Sign in to iTunes Connect' using the Apple ID a continues to be regected

  I'm trying to publish an ebook using iAuthor for a client.  We've been through the systems check and we have all the meta data, screen shots and preview files ready to go. We're asked to 'Sign in to iTunes Connect' using the Apple ID a continues to be rejected - the message that comes up is: YouApple Id or password was entered incorrectly. We've been thought the process (via the link Forgot?) of resetting the password, but still no luck. Help please.

  Have you got a developer account, not just a normal Apple ID?
  https://developer.apple.com/support/resources/itunes-connect.html

• Remote Desktop repeatedly installs ARD Client for standard users...

  ARD 3.2 running on OS 10.5.4 on MacBook Core2Duos...
  These are machines imaged from an asr disk image...
  No issues with admin users...
  Every time Remote Desktop is launched by a standard user, a admin user name / password is required and the Apple Remote Desktop Clint is reinstalled. After, ARD runs normally until it is quit and relaunched, even without a user logout...
  Making the standard user an admin user resolves the issue. The issue returns when the admin right are removed from the user...
  Have run permission repairs, removed and reinstalled Remote Desktop, manually checked permissions, etc...
  It appears that from the standard user perspective, the ARD Client software needs to be updated. ...
  Any ideas out there? I have to deploy these machines NOW and I am running out of ideas on this...
  Thank you! Les

  Dave,
  Thank you for the ideas. While you are pretty much correct in what you have said, these are unfortunately not my issue(s). I wish they were!
  1) ARD will run fine for a standard user (at least it did in Tiger) as long as it is properly setup and licensed by an admin user ahead of time (especially the entry of the license code). This I have done, and the license code is recognized just fine. I too thought of the promote / demote idea and have tried it. While promoted, it launches fine for the user, but upon demotion goes back to reinstalling the ARD Agent at each launch of the program (this install process does not run while the user is promoted)...
  2) The systems are from the same disk image. However, I have given system its own unique, valid, legally purchased serial number. Though the program is loaded on the image, it has been installed only. It is not run or licensed on the master, only on the end-user client machines...
  It appears to me that from the standard user perspective, the system thinks that the ARD Agent needs to be updated. I have verified with the PackageMaker SnapShot utility that the ARD Agent and its related files are being installed when this happens, and they appear to be the only thing being installed. The Remote Desktop Admin program itself seems to be fine.
  Does anybody know exactly what happens at the file system lever when Remote Desktop is launched? I am thinking my standard user is lacking access to a particular file or directory or right, and I am sure I could quickly find it if I new what to trace. Watching fs_usage has yielded lots of information, but nothing that has helped...
  I have also removed and reinstalled Remote Desktop to no avail. Disabled all ACLs on the file system, placed known-good receipts and run permission repairs, and forced chmod -R 777 down the path of everything I can find with the names Remote Desktop, ARD, etc...
  I am a little worried at this point that the issue is created by the imaging process something like the question marks in docks in the latter updates of 10.4. I have seen similar issues come up (launching apps under Rosetta being one) with users' LaunchServices property lists after moving their home directories from one volume to another, making the issue very hard to track down, as they reside in files that do not contain the name of the app being affected...
  Any further ideas would be much appreciated!
  Les

• Suddenly my imac will not open e-mail attachments. It scans for viruses. I hit continue and nothing happens.

  Suddenly my imac will not open e-mail attachments.  It scans for viruses.  When I hit "continue", nothing happens.

  The problem most likely is the antivirus application. My recommendation would be following the developers instructions, uninstall the application. Most antivirus applications tend to create more problems than they solve. The best thing you can do for your system is to run Software Update frequently and let Apple's security handle any issues. I'd also strongly recommend you carefully read Thomas Reed's Mac Malware Guide.

• ARD client for iPhone & iPad

  is there a ARD client for these either of these two devices to connect to my iMac?

  Not ARD, exactly, but there are several VNC clients you can connect to your iMac with. The RealVNC app handles connections to 10.7+ machines better than other VNC apps, in my experience.

• SCCM 2012 Secondary site client's are not doing hardware scan for more than 30 days

  Hi, 
  On our SCCM environment around 2500 active clients mapped for particular secondary site not performed hardware scan for more than 30 days. Can anyone provide suggestion how to fix this. 
  Regards,
  Madhan

  Yes i confirmed it is listing correct MP and software scan is working fine. we have around 8500 machines connected to that site buy only 3000 machines are having this issue. anyone has faced this issue ?
  Only 5000 Computers are supported by a secondary site.
  http://technet.microsoft.com/en-us/library/gg682077.aspx#BKMK_SupConfigClientNumbers
  Garth Jones | My blogs: Enhansoft and
  Old Blog site | Twitter:
  @GarthMJ

• Ports for ARD

  In the wake of recent reports about wild exploits in VNC protocol we are upgrading security to require SSH or other encrypted access as a prerequisite.
  I'm looking to reduce the overhead on the our Macs by dumping OSXvnc and simply using 10.3's ARD to go along with the native SSH.
  The latest VNC exploit has increased the scans on port 5900 dramatically (our logs have recorded a 500% increase in just one week including simultaneous scans of 22 AND 5900). Therefore we are looking to continue using non-standard ports that we'd used under OSXvnc (590x range and others in the 64xxx range).
  While changing the port SSHD listens to is a breeze, I cannot find any documentation about editing the ports. I've even seen some posts that suggest ARD is permanently married to 5900 for observe and control. True?
  What's the straight scoop?

  The ARD client is hard-coded to port 5900 and cannot be changed by any means I've seen. If this is becoming an issue for you, submit feedback to Apple so that they are aware of the security concern.

• ClamAV fails to scan for viruses in emails [CLAWS MAIL]

  I've recently switched from Thunderbird to Claws Mail and ran into one small, but annoying, problem.
  I want to use ClamAV + the clamav extension for claws mail to scan for viruses, however it does seem to have permission problems.
  clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
  Scanning error:
  /home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
  Here's my clamd.conf:
  ## Please read the clamd.conf(5) manual before editing this file.
  # Comment or remove the line below.
  #Example
  # Uncomment this option to enable logging.
  # LogFile must be writable for the user running daemon.
  # A full path is required.
  # Default: disabled
  LogFile /var/log/clamav/clamd.log
  # By default the log file is locked for writing - the lock protects against
  # running clamd multiple times (if want to run another clamd, please
  # copy the configuration file, change the LogFile variable, and run
  # the daemon with --config-file option).
  # This option disables log file locking.
  # Default: no
  #LogFileUnlock yes
  # Maximum size of the log file.
  # Value of 0 disables the limit.
  # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
  # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
  # in bytes just don't use modifiers.
  # Default: 1M
  #LogFileMaxSize 2M
  # Log time with each message.
  # Default: no
  LogTime yes
  # Also log clean files. Useful in debugging but drastically increases the
  # log size.
  # Default: no
  #LogClean yes
  # Use system logger (can work together with LogFile).
  # Default: no
  #LogSyslog yes
  # Specify the type of syslog messages - please refer to 'man syslog'
  # for facility names.
  # Default: LOG_LOCAL6
  #LogFacility LOG_MAIL
  # Enable verbose logging.
  # Default: no
  #LogVerbose yes
  # Log additional information about the infected file, such as its
  # size and hash, together with the virus name.
  #ExtendedDetectionInfo yes
  # This option allows you to save a process identifier of the listening
  # daemon (main thread).
  # Default: disabled
  PidFile /run/clamav/clamd.pid
  # Optional path to the global temporary directory.
  # Default: system specific (usually /tmp or /var/tmp).
  TemporaryDirectory /tmp
  # Path to the database directory.
  # Default: hardcoded (depends on installation options)
  DatabaseDirectory /var/lib/clamav
  # Only load the official signatures published by the ClamAV project.
  # Default: no
  OfficialDatabaseOnly yes
  # The daemon can work in local mode, network mode or both.
  # Due to security reasons we recommend the local mode.
  # Path to a local socket file the daemon will listen on.
  # Default: disabled (must be specified by a user)
  LocalSocket /var/lib/clamav/clamd.sock
  # Sets the group ownership on the unix socket.
  # Default: disabled (the primary group of the user running clamd)
  LocalSocketGroup clamav
  # Sets the permissions on the unix socket to the specified mode.
  # Default: disabled (socket is world accessible)
  #LocalSocketMode 660
  # Remove stale socket after unclean shutdown.
  # Default: yes
  #FixStaleSocket yes
  # TCP port address.
  # Default: no
  #TCPSocket 3310
  # TCP address.
  # By default we bind to INADDR_ANY, probably not wise.
  # Enable the following to provide some degree of protection
  # from the outside world.
  # Default: no
  #TCPAddr 127.0.0.1
  # Maximum length the queue of pending connections may grow to.
  # Default: 200
  #MaxConnectionQueueLength 30
  # Clamd uses FTP-like protocol to receive data from remote clients.
  # If you are using clamav-milter to balance load between remote clamd daemons
  # on firewall servers you may need to tune the options below.
  # Close the connection when the data size limit is exceeded.
  # The value should match your MTA's limit for a maximum attachment size.
  # Default: 25M
  #StreamMaxLength 10M
  # Limit port range.
  # Default: 1024
  #StreamMinPort 30000
  # Default: 2048
  #StreamMaxPort 32000
  # Maximum number of threads running at the same time.
  # Default: 10
  #MaxThreads 20
  # Waiting for data from a client socket will timeout after this time (seconds).
  # Default: 120
  #ReadTimeout 300
  # This option specifies the time (in seconds) after which clamd should
  # timeout if a client doesn't provide any initial command after connecting.
  # Default: 5
  #CommandReadTimeout 5
  # This option specifies how long to wait (in miliseconds) if the send buffer is full.
  # Keep this value low to prevent clamd hanging
  # Default: 500
  #SendBufTimeout 200
  # Maximum number of queued items (including those being processed by MaxThreads threads)
  # It is recommended to have this value at least twice MaxThreads if possible.
  # WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
  # the following condition should hold:
  # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
  # Default: 100
  #MaxQueue 200
  # Waiting for a new job will timeout after this time (seconds).
  # Default: 30
  #IdleTimeout 60
  # Don't scan files and directories matching regex
  # This directive can be used multiple times
  # Default: scan all
  #ExcludePath ^/proc/
  #ExcludePath ^/sys/
  # Maximum depth directories are scanned at.
  # Default: 15
  #MaxDirectoryRecursion 20
  # Follow directory symlinks.
  # Default: no
  #FollowDirectorySymlinks yes
  # Follow regular file symlinks.
  # Default: no
  #FollowFileSymlinks yes
  # Scan files and directories on other filesystems.
  # Default: yes
  #CrossFilesystems yes
  # Perform a database check.
  # Default: 600 (10 min)
  #SelfCheck 600
  # Execute a command when virus is found. In the command string %v will
  # be replaced with the virus name.
  # Default: no
  #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
  # Run as another user (clamd must be started by root for this option to work)
  # Default: don't drop privileges
  User clamav
  # Initialize supplementary group access (clamd must be started by root).
  # Default: no
  #AllowSupplementaryGroups no
  # Stop daemon when libclamav reports out of memory condition.
  #ExitOnOOM yes
  # Don't fork into background.
  # Default: no
  #Foreground yes
  # Enable debug messages in libclamav.
  # Default: no
  #Debug yes
  # Do not remove temporary files (for debug purposes).
  # Default: no
  #LeaveTemporaryFiles yes
  # Detect Possibly Unwanted Applications.
  # Default: no
  #DetectPUA yes
  # Exclude a specific PUA category. This directive can be used multiple times.
  # See http://www.clamav.net/support/pua for the complete list of PUA
  # categories.
  # Default: Load all categories (if DetectPUA is activated)
  #ExcludePUA NetTool
  #ExcludePUA PWTool
  # Only include a specific PUA category. This directive can be used multiple
  # times.
  # Default: Load all categories (if DetectPUA is activated)
  #IncludePUA Spy
  #IncludePUA Scanner
  #IncludePUA RAT
  # In some cases (eg. complex malware, exploits in graphic files, and others),
  # ClamAV uses special algorithms to provide accurate detection. This option
  # controls the algorithmic detection.
  # Default: yes
  #AlgorithmicDetection yes
  ## Executable files
  # PE stands for Portable Executable - it's an executable file format used
  # in all 32 and 64-bit versions of Windows operating systems. This option allows
  # ClamAV to perform a deeper analysis of executable files and it's also
  # required for decompression of popular executable packers such as UPX, FSG,
  # and Petite. If you turn off this option, the original files will still be
  # scanned, but without additional processing.
  # Default: yes
  #ScanPE yes
  # Executable and Linking Format is a standard format for UN*X executables.
  # This option allows you to control the scanning of ELF files.
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  # Default: yes
  #ScanELF yes
  # With this option clamav will try to detect broken executables (both PE and
  # ELF) and mark them as Broken.Executable.
  # Default: no
  #DetectBrokenExecutables yes
  ## Documents
  # This option enables scanning of OLE2 files, such as Microsoft Office
  # documents and .msi files.
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  # Default: yes
  #ScanOLE2 yes
  # With this option enabled OLE2 files with VBA macros, which were not
  # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
  # Default: no
  #OLE2BlockMacros no
  # This option enables scanning within PDF files.
  # If you turn off this option, the original files will still be scanned, but
  # without decoding and additional processing.
  # Default: yes
  #ScanPDF yes
  ## Mail files
  # Enable internal e-mail scanner.
  # If you turn off this option, the original files will still be scanned, but
  # without parsing individual messages/attachments.
  # Default: yes
  #ScanMail yes
  # Scan RFC1341 messages split over many emails.
  # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
  # WARNING: This option may open your system to a DoS attack.
  # Never use it on loaded servers.
  # Default: no
  #ScanPartialMessages yes
  # With this option enabled ClamAV will try to detect phishing attempts by using
  # signatures.
  # Default: yes
  #PhishingSignatures yes
  # Scan URLs found in mails for phishing attempts using heuristics.
  # Default: yes
  #PhishingScanURLs yes
  # Always block SSL mismatches in URLs, even if the URL isn't in the database.
  # This can lead to false positives.
  # Default: no
  #PhishingAlwaysBlockSSLMismatch no
  # Always block cloaked URLs, even if URL isn't in database.
  # This can lead to false positives.
  # Default: no
  #PhishingAlwaysBlockCloak no
  # Allow heuristic match to take precedence.
  # When enabled, if a heuristic scan (such as phishingScan) detects
  # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
  # scan-time.
  # When disabled, virus/phish detected by heuristic scans will be reported only at
  # the end of a scan. If an archive contains both a heuristically detected
  # virus/phish, and a real malware, the real malware will be reported
  # Keep this disabled if you intend to handle "*.Heuristics.*" viruses
  # differently from "real" malware.
  # If a non-heuristically-detected virus (signature-based) is found first,
  # the scan is interrupted immediately, regardless of this config option.
  # Default: no
  #HeuristicScanPrecedence yes
  ## Data Loss Prevention (DLP)
  # Enable the DLP module
  # Default: No
  #StructuredDataDetection yes
  # This option sets the lowest number of Credit Card numbers found in a file
  # to generate a detect.
  # Default: 3
  #StructuredMinCreditCardCount 5
  # This option sets the lowest number of Social Security Numbers found
  # in a file to generate a detect.
  # Default: 3
  #StructuredMinSSNCount 5
  # With this option enabled the DLP module will search for valid
  # SSNs formatted as xxx-yy-zzzz
  # Default: yes
  #StructuredSSNFormatNormal yes
  # With this option enabled the DLP module will search for valid
  # SSNs formatted as xxxyyzzzz
  # Default: no
  #StructuredSSNFormatStripped yes
  ## HTML
  # Perform HTML normalisation and decryption of MS Script Encoder code.
  # Default: yes
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  #ScanHTML yes
  ## Archives
  # ClamAV can scan within archives and compressed files.
  # If you turn off this option, the original files will still be scanned, but
  # without unpacking and additional processing.
  # Default: yes
  #ScanArchive yes
  # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
  # Default: no
  #ArchiveBlockEncrypted no
  ## Limits
  # The options below protect your system against Denial of Service attacks
  # using archive bombs.
  # This option sets the maximum amount of data to be scanned for each input file.
  # Archives and other containers are recursively extracted and scanned up to this
  # value.
  # Value of 0 disables the limit
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 100M
  #MaxScanSize 150M
  # Files larger than this limit won't be scanned. Affects the input file itself
  # as well as files contained inside it (when the input file is an archive, a
  # document or some other kind of container).
  # Value of 0 disables the limit.
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 25M
  #MaxFileSize 30M
  # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
  # file, all files within it will also be scanned. This options specifies how
  # deeply the process should be continued.
  # Note: setting this limit too high may result in severe damage to the system.
  # Default: 16
  #MaxRecursion 10
  # Number of files to be scanned within an archive, a document, or any other
  # container file.
  # Value of 0 disables the limit.
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 10000
  #MaxFiles 15000
  ## Clamuko settings
  # Enable Clamuko. Dazuko must be configured and running. Clamuko supports
  # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
  # is the preferred option. For more information please visit www.dazuko.org
  # Default: no
  #ClamukoScanOnAccess yes
  # The number of scanner threads that will be started (DazukoFS only).
  # Having multiple scanner threads allows Clamuko to serve multiple
  # processes simultaneously. This is particularly beneficial on SMP machines.
  # Default: 3
  #ClamukoScannerCount 3
  # Don't scan files larger than ClamukoMaxFileSize
  # Value of 0 disables the limit.
  # Default: 5M
  #ClamukoMaxFileSize 10M
  # Set access mask for Clamuko (Dazuko only).
  # Default: no
  #ClamukoScanOnOpen yes
  #ClamukoScanOnClose yes
  #ClamukoScanOnExec yes
  # Set the include paths (all files inside them will be scanned). You can have
  # multiple ClamukoIncludePath directives but each directory must be added
  # in a seperate line. (Dazuko only)
  # Default: disabled
  #ClamukoIncludePath /home
  #ClamukoIncludePath /students
  # Set the exclude paths. All subdirectories are also excluded. (Dazuko only)
  # Default: disabled
  #ClamukoExcludePath /home/bofh
  # With this option you can whitelist specific UIDs. Processes with these UIDs
  # will be able to access all files.
  # This option can be used multiple times (one per line).
  # Default: disabled
  #ClamukoExcludeUID 0
  # With this option enabled ClamAV will load bytecode from the database.
  # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
  # Default: yes
  #Bytecode yes
  # Set bytecode security level.
  # Possible values:
  # None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
  # This value is only available if clamav was built with --enable-debug!
  # TrustSigned - trust bytecode loaded from signed .c[lv]d files,
  # insert runtime safety checks for bytecode loaded from other sources
  # Paranoid - don't trust any bytecode, insert runtime checks for all
  # Recommended: TrustSigned, because bytecode in .cvd files already has these checks
  # Note that by default only signed bytecode is loaded, currently you can only
  # load unsigned bytecode in --enable-debug mode.
  # Default: TrustSigned
  #BytecodeSecurity TrustSigned
  # Set bytecode timeout in miliseconds.
  # Default: 5000
  # BytecodeTimeout 1000
  My freshclam.conf:
  ## Please read the freshclam.conf(5) manual before editing this file.
  # Comment or remove the line below.
  #Example
  # Path to the database directory.
  # WARNING: It must match clamd.conf's directive!
  # Default: hardcoded (depends on installation options)
  #DatabaseDirectory /var/lib/clamav
  # Path to the log file (make sure it has proper permissions)
  # Default: disabled
  UpdateLogFile /var/log/clamav/freshclam.log
  # Maximum size of the log file.
  # Value of 0 disables the limit.
  # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
  # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
  # in bytes just don't use modifiers.
  # Default: 1M
  #LogFileMaxSize 2M
  # Log time with each message.
  # Default: no
  #LogTime yes
  # Enable verbose logging.
  # Default: no
  #LogVerbose yes
  # Use system logger (can work together with UpdateLogFile).
  # Default: no
  #LogSyslog yes
  # Specify the type of syslog messages - please refer to 'man syslog'
  # for facility names.
  # Default: LOG_LOCAL6
  #LogFacility LOG_MAIL
  # This option allows you to save the process identifier of the daemon
  # Default: disabled
  #PidFile /var/run/freshclam.pid
  # By default when started freshclam drops privileges and switches to the
  # "clamav" user. This directive allows you to change the database owner.
  # Default: clamav (may depend on installation options)
  #DatabaseOwner clamav
  # Initialize supplementary group access (freshclam must be started by root).
  # Default: no
  #AllowSupplementaryGroups yes
  # Use DNS to verify virus database version. Freshclam uses DNS TXT records
  # to verify database and software versions. With this directive you can change
  # the database verification domain.
  # WARNING: Do not touch it unless you're configuring freshclam to use your
  # own database verification domain.
  # Default: current.cvd.clamav.net
  #DNSDatabaseInfo current.cvd.clamav.net
  # Uncomment the following line and replace XY with your country
  # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
  # You can use db.XY.ipv6.clamav.net for IPv6 connections.
  #DatabaseMirror db.XY.clamav.net
  # database.clamav.net is a round-robin record which points to our most
  # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
  # not working. DO NOT TOUCH the following line unless you know what you
  # are doing.
  DatabaseMirror database.clamav.net
  # How many attempts to make before giving up.
  # Default: 3 (per mirror)
  #MaxAttempts 5
  # With this option you can control scripted updates. It's highly recommended
  # to keep it enabled.
  # Default: yes
  #ScriptedUpdates yes
  # By default freshclam will keep the local databases (.cld) uncompressed to
  # make their handling faster. With this option you can enable the compression;
  # the change will take effect with the next database update.
  # Default: no
  #CompressLocalDatabase no
  # With this option you can provide custom sources (http:// or file://) for
  # database files. This option can be used multiple times.
  # Default: no custom URLs
  #DatabaseCustomURL http://myserver.com/mysigs.ndb
  #DatabaseCustomURL file:///mnt/nfs/local.hdb
  # Number of database checks per day.
  # Default: 12 (every two hours)
  #Checks 24
  # Proxy settings
  # Default: disabled
  #HTTPProxyServer myproxy.com
  #HTTPProxyPort 1234
  #HTTPProxyUsername myusername
  #HTTPProxyPassword mypass
  # If your servers are behind a firewall/proxy which applies User-Agent
  # filtering you can use this option to force the use of a different
  # User-Agent header.
  # Default: clamav/version_number
  #HTTPUserAgent SomeUserAgentIdString
  # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
  # multi-homed systems.
  # Default: Use OS'es default outgoing IP address.
  #LocalIPAddress aaa.bbb.ccc.ddd
  # Send the RELOAD command to clamd.
  # Default: no
  NotifyClamd /etc/clamav/clamd.conf
  # Run command after successful database update.
  # Default: disabled
  #OnUpdateExecute command
  # Run command when database update process fails.
  # Default: disabled
  #OnErrorExecute command
  # Run command when freshclam reports outdated version.
  # In the command string %v will be replaced by the new version number.
  # Default: disabled
  #OnOutdatedExecute command
  # Don't fork into background.
  # Default: no
  #Foreground yes
  # Enable debug messages in libclamav.
  # Default: no
  #Debug yes
  # Timeout in seconds when connecting to database server.
  # Default: 30
  #ConnectTimeout 60
  # Timeout in seconds when reading from database server.
  # Default: 30
  #ReceiveTimeout 60
  # With this option enabled, freshclam will attempt to load new
  # databases into memory to make sure they are properly handled
  # by libclamav before replacing the old ones.
  # Default: yes
  #TestDatabases yes
  # When enabled freshclam will submit statistics to the ClamAV Project about
  # the latest virus detections in your environment. The ClamAV maintainers
  # will then use this data to determine what types of malware are the most
  # detected in the field and in what geographic area they are.
  # Freshclam will connect to clamd in order to get recent statistics.
  # Default: no
  #SubmitDetectionStats /path/to/clamd.conf
  # Country of origin of malware/detection statistics (for statistical
  # purposes only). The statistics collector at ClamAV.net will look up
  # your IP address to determine the geographical origin of the malware
  # reported by your installation. If this installation is mainly used to
  # scan data which comes from a different location, please enable this
  # option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
  # of the country of origin.
  # Default: disabled
  #DetectionStatsCountry country-code
  # This option enables support for our "Personal Statistics" service.
  # When this option is enabled, the information on malware detected by
  # your clamd installation is made available to you through our website.
  # To get your HostID, log on http://www.stats.clamav.net and add a new
  # host to your host list. Once you have the HostID, uncomment this option
  # and paste the HostID here. As soon as your freshclam starts submitting
  # information to our stats collecting service, you will be able to view
  # the statistics of this clamd installation by logging into
  # http://www.stats.clamav.net with the same credentials you used to
  # generate the HostID. For more information refer to:
  # http://www.clamav.net/support/faq/faq-cctts/
  # This feature requires SubmitDetectionStats to be enabled.
  # Default: disabled
  #DetectionStatsHostID unique-id
  # This option enables support for Google Safe Browsing. When activated for
  # the first time, freshclam will download a new database file (safebrowsing.cvd)
  # which will be automatically loaded by clamd and clamscan during the next
  # reload, provided that the heuristic phishing detection is turned on. This
  # database includes information about websites that may be phishing sites or
  # possible sources of malware. When using this option, it's mandatory to run
  # freshclam at least every 30 minutes.
  # Freshclam uses the ClamAV's mirror infrastructure to distribute the
  # database and its updates but all the contents are provided under Google's
  # terms of use. See http://code.google.com/support/bin/answer.py?answer=70015
  # and http://safebrowsing.clamav.net for more information.
  # Default: disabled
  #SafeBrowsing yes
  # This option enables downloading of bytecode.cvd, which includes additional
  # detection mechanisms and improvements to the ClamAV engine.
  # Default: enabled
  #Bytecode yes
  # Download an additional 3rd party signature database distributed through
  # the ClamAV mirrors. Here you can find a list of available databases:
  # http://www.clamav.net/download/cvd/3rdparty
  # This option can be used multiple times.
  #ExtraDatabase dbname1
  #ExtraDatabase dbname2
  Any help is much appreciated.

  MatejLach wrote:
  clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
  Scanning error:
  /home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
  Seems like a permissions error to me... maybe check the actual file it is attempting to scan... I know it is in your home folder, but just to be sure, you might want to check that everything is sane.

• How do you set up Port Forwarding for ARD 2.2 in AEB N?

  Help,
  I'm a novice at Apple Remote Desktop (ARD) - not an IT guy, so it has to be pretty basic and detailed.
  How do you set up Port Forwarding for ARD 2.2 on the Apple Airport Extreme BS router, 802.11 N. I have one at each end of the internet connection. At one end I have an Airport Extreme N router with 2 macs and eventually 1 windows XP machine (if I can) that I would like to be able to connect to over the interenet (the clients) and at the other end, I have a Mac with ARD 2.2 installed also with an Airport Extreme N router. Note: Both routers use Static IP addresses and all computers use static IP's internally not through DHCP. What are the settings or directions to do this.
  I have read and printed out the directions for Configuration of ARD 3.0 that are posted many times in the ARD discusion group, but it uses a Linksys router ( http://www.starkpr.com/ard.htm posted by Dave Sawyer). The Mac router is different, particularly with the place to set a Private IP address. I'm not sure about alot of things, but especially about the Private IP address, what number do I set it to, the one that is in my Network connections list? It automatically changes to a different number in AE N setup for Port Forwarding (by one) as if it is not suppose to the same?????
  Are there any directions available that are as straight forward for the Airport Extreme N router, as the one's that are listed here for the Linksys Router's? ( http://www.starkpr.com/ard.htm )
  Any and All help will be greatly appreciated.
  P.S. I know I should have 3.0 but bought 2.2 just weeks before 3.0 came out and they would not give me an upgrade price, so I'm waiting for 4.0 to upgrade.
  Thanks,
  Jim

  Try the following for each AirPort Extreme ...
  AEBSn - Port Mapping Setup
  To setup port mapping on an 802.11n AirPort Extreme Base Station (AEBSn), either connect to the AEBSn's wireless network or temporarily connect directly, using an Ethernet cable, to one of the LAN port of the AEBSn, and then use the AirPort Utility, in Manual Setup, to make these settings:
  1. Reserve a DHCP-provided IP address for the host device.
  Internet > DHCP tab
  o On the DHCP tab, click the "+" (Add) button to enter DHCP Reservations.
  o Description: <enter the desired description of the host device>
  o Reserve address by: MAC Address
  o Click Continue.
  o MAC Address: <enter the MAC (what Apple calls Ethernet ID if you are using wired or AirPort ID if wireless) hardware address of the host computer>
  o IPv4 Address: <enter the desired IP address>
  o Click Done.
  2. Setup Port Mapping on the AEBSn.
  Advanced > Port Mapping tab
  o Click the "+" (Add) button
  o Service: <choose the appropriate service from the Service pop-up menu>
  o Public UDP Port(s): 3283
  o Public TCP Port(s): 3283
  o Private IP Address: <enter the IP address of the host server>
  o Private UDP Port(s): 3283
  o Private TCP Port(s): 3283
  o Click "Continue"
  o Click the "+" (Add) button
  o Service: <choose the appropriate service from the Service pop-up menu>
  o Public UDP Port(s):
  o Public TCP Port(s): 5900
  o Private IP Address: <enter the IP address of the host server>
  o Private UDP Port(s):
  o Private TCP Port(s): 5900
  o Click "Continue"
  o Click the "+" (Add) button
  o Service: <choose the appropriate service from the Service pop-up menu>
  o Public UDP Port(s):
  o Public TCP Port(s): 5988
  o Private IP Address: <enter the IP address of the host server>
  o Private UDP Port(s):
  o Private TCP Port(s): 5988
  o Click "Continue"
  (ref: "Well Known" TCP and UDP ports used by Apple software products)

• Network Protocol Documentation for ARD or ANA?

  Is anyone aware of any documentation on the network protocols used by ARD? I have plenty of docs on RFB/VNC, but Apple is doing something more with ARD than standard RFB. It looks like they are still making some use of Apple Network Assistant (UDP port 3283) protocol and clearly performing other tasks that aren't part of the RFB standards. Could anyone point to any documentation for this?
  I'm trying to develop some utilities that will make working with ARD in a multi-thousand Mac environment a bit more tolerable. I'm not very interested in remote desktop control; this is about asset management and patch management. Once you have more than a couple-thousand Macs in ARD, it seems to slow to a crawl.
  For example, we have a very large number of large (21-bit) subnets, and the ARD scanner takes forever to scan them. I've written a small utility that will scan a subnet in seconds, and provide a text file containing only active computers that are Macs. This output loads into ARD much, much faster. I did this after discovering that a UDP packet sent to port 3283 will cause a Mac to respond with its name, ethernet address, etc. I'm trying to figure out what else is in that response packet, and what more I can do. I'd rather have an ARD API that allows me to add/remove computers into ARD (anyone?) but that appears to be the one area that Apple forgot. I'm still new to the Mac world, so I could have missed any number of things. Pointers would be welcome.
  Thanks!

  Ok, I've figured out why I dropped the AppleScript route. The ARD dictionary command to "add" a computer to a list appears to require a computer descriptor for a machine that is already in ARD. So, doesn't look like it can actually add a computer to ARD via that route.
  Regarding import from file:
  I've used the scanner to scan IP addresses from a text file that is the output from my utility. While manual, this does work. I then have to "add" the computers to the "All Computer" list manually, specifying the credentials. This has been my process to date. Better than nothing, but very manually intensive. It also appears that the scanner is limited to scanning only the first 4096 addresses from a text file, we have about 20x that number of Macs.
  I have not tried writing a plist from my utility and importing directly (bypassing the scanner). I'll give that a shot. Assuming this works, it might take one manual step out of the process. Still not sure if I can automate list import any further.
  I'd still like to find some protocol-level documentation so that I can improve the precision of my scanner utility. I'd like to verify my credentials on each system discovered, and verify that the ARD client-upgrade is an authorized task before going to the trouble of adding them into ARD only to find these problems later. So far, a significant percentage of my Macs are still running ARD 2.x and 1.x so the upgrade process is important. On a related note, it doesn't look like the "Upgrade Client" task can be relegated to the local task server. Wonder why...
  Thanks again.

• ARD Client Doesn't Show When Using Scanner and Network Range

  All-
  When I use the Scanner in ARD3 to scan a remote Network Range over the internet, the ARD client that I KNOW EXISTS in that same IP range DOES NOT show up (other ARD clients that I'm not interested in do show up, but not the specific ARD client I need to observe/control).
  If I then call the user at the remote ARD client on the telephone, and have them give me their IP address (using www.whatismyip.com, for example), I can use the Scanner in ARD3 to "find" the ARD client and add it to my All Computers list. Process: change the popup box to read "Network Address" instead of "Network Range" and set the IP address field to the address provided by the user.
  Why doesn't the remote ARD client show up when I scan for it using a Network Range in ARD3? Obviously, I don't want to have to call up each user every time I need to perform maintenance/control a client to get their (dynamic) IP address.
  I could use dynamic DNS, but that's overkill. If I know (from experience) that my ARD clients are in IP ranges X, Y, and Z, then I SHOULD be able to simply scan for them (or so I thought).
  Any help appreceated.

  Updated to ARD3.1 (admin and clients), but that did not solve the issue.
  Let me try to restate the problem:
  The ARD client is out of state/across the country (i.e., different sub-net) using a dynamically assigned IP adddress. I can (for now) connect to that ARD client successfully, and perform all ARD functions (that I've tried so far) becasue I know (for now) that client's IP address (I called and spoke with the user who used www.whatismyip.com to give me their IP address). So what's the problem, you ask?
  Some time in the future, that same ARD client will have a new, dynamically assigned IP address. I'd like to be able to connect to that client without having to call on the telephone and ask the user what IP address they have been assigned now.
  My thinking was that I could make a pretty good guess at their IP address (based on their old IP address, and the way Cable and Telco ISPs allocate/lease IP addresses). For example, if their current dynamic IP address is 999.888.777.45, I could guess that a subsequent dynamically assigned IP address would be in the range 999.888.777.2 to 999.888.777.255. With ARD, I could simply scan that range of network addresses using the Scanner and quickly find the ARD client I want.
  I tried to do just that, and the ARD scanner did not find my client when I scanned the network range that the ARD client was actually in. It showed other ARD clients (that I do not administer, own, or want to hack into), but not the one I do want to observe/control/maintain (and have a legal right to). Somewhat paradoxically, when I used the Scanner to find the same ARD client by specific IP address, there was no problem.
  Why doesn't the ARD Scanner "see" the ARD client when scanning the network range?

• Slow to View ARD Client List in Scanner

  I have one ARD site where it takes quite a few minutes for it to find the ARD clients on the Scanner and display htnem.
  In all my other sites it happens really quickly.
  This is the only site where I am running it from a XServe.
  Why could it be taking soo long to display and find the clients?

  Hi James,
  '"This topic has been archived - replies are not allowed.*'
  "What does this mean,..."
  Most posts are eventually, "archived". What that means is, that if there are no additional responses in the Threads they reside in, the Topics will get continually pushed down on the Topics list. After a certain amount of time, maybe 2 to 6 months, the Threads will be locked, so no responses can be entered. But the Threads will not disappear.
  Threads in heavily trafficked Forums, may be archived more rapidly than those in areas, with less activity.
  The Topics, will show the Alias of the creator, in the Author field of a main forum page, but eventually, readers will have to keep going to the succeeding pages to view them.
  If someone were to do a Discussions Search, using these parameters:
  Restrict by Category or Forum: All Categories
  Restrict by Date Range: All
  Restrict by Username: Alias of  Discussions member
  all of that member's posts, created since about 11/13/05, would be found.
  ali b