Fully patched SBS failiing PCI scan for MS10-070

Similar Messages

• How to recognize patch code I in scan for ISIS macro of ODC

  Hi all,
  I am using SCAN for ISIS macro in my ODC for autocommit in which there are only 3 patch code available : patch II, patch III and patch T.
  But I wanted to detect patch I by ODC.
  Is it possible?? If yes then what changes should I do in macro??
  Any help is highly appreciated.
  Thanks in advance.

  Hi all,
  I am using SCAN for ISIS macro in my ODC for autocommit in which there are only 3 patch code available : patch II, patch III and patch T.
  But I wanted to detect patch I by ODC.
  Is it possible?? If yes then what changes should I do in macro??
  Any help is highly appreciated.
  Thanks in advance.

• PCI Scan

  Good Morning All
  One of our sites just failed a PCI scan for not blocking ICMP type 13 and 14 packets (timestamp). The firm that conducted the scan also is asking us to turn off IDS and allow unrestricted access to their external IP address. I am inclined to deny this and cannot understand why this will help. Anyone have any similar experiences with this ?
  Thanks in advance. Bud....

  Bud
  While I feel that ICMP type 13 and 14 (timestamp and timestamp reply) are not so very dangerous, I also appreciate the Security perspective that says the less you reveal about your devices (especially to outsiders) the more secure you are. I would hope that the timestamp issue was not the only reason that the site failed the PCI scan. I would probably go ahead and block these ICMP messages - especially on any outward facing routers.
  I would really ask them about the request to turn off IDS - which strikes me as asking you to take a step backwards in terms of security.
  And I would suggest to them that a IPSec VPN connection from their site to your site would be a much more prudent solution than just granting unrestricted access from their address space.
  HTH
  Rick

• PCI scan fails, claiming MS10-070 vulnerability

  We have a site running on Azure Websites that's failing a PCI compliance scan by Trustwave because they claim that the server does not have the patches applied for the MS10-070 padding oracle vulnerability.
  Their "evidence" for this is that the resource tokens (query string d values) from webresource.axd and scriptresource.axd calls, when decoded from base64 back to binary, have a block size of 8 bytes (number of bytes in the token is always divisible
  by 8).  Apparently on patched systems the tokens are supposed to end up with something other than an 8-byte block size though I can't find the evidence for claiming this.
  I understand the vulnerability had nothing to do with the length of the tokens but existed because the server would throw an exception and return an error code when fed bad padding data. They are not testing to see if this happens; they're just looking at the
  token length.
  I have these questions:
  1. Is there something from Microsoft that I can give to them to assure them that the Azure Website platform is not running without this critical software patch from 4 years ago? The site is configured to use .NET 4.5.
  2. What is the basis for their test using block length of the token? Can anyone explain why it is or isn't a valid test? I've checked with some in-house Web servers that are definitely patched and they return tokens with 8-byte blocks as well.

  I am getting in touch with Trustwave to figure out how their scanner checks for this patch and will follow up here when we hear from them. FYI, this is not the only one showing a false positive on their scans. (https://social.msdn.microsoft.com/Forums/en-US/75d25599-442b-44b5-a22c-cd2965aa2727/pci-compliance-azure-websites-cve20146321?forum=windowsazurewebsitespreview&prof=required)

• I am running XP SP2 fully patched. I recently upgraded to 3.6.3 and since then, clicking on an icon that normally would open another windows (for example, a printer-friendly version of the current web page), nothing happens. In these situations, I have be

  I am running XP SP2 fully patched. I recently upgraded to 3.6.3 and since then, clicking on an icon that normally would open another windows (for example, a printer-friendly version of the current web page), nothing happens. In these situations, I have been forced to go to IE or Crome in order to accomplish what I need to do. Very frustrating. Also clicking in the slider area has no effect. "Page Up" and "Page Down" keys work. Holding down left mouse button on slider works. Also very frustrating. Can someone help
  == This happened ==
  A few times a week
  == Upgraded to 3.6.3.

  Many thanks.
  With those symptoms, I'd try the following document:
  Apple software on Windows: May see performance issues and blank iTunes Store
  (If there's a SpeedBit LSP showing up in Autoruns, it's usually best to just uninstall your SpeedBit Video Accelerator.)

• Password prompts - Exchange 2013 RTM vs. [Outlook 2007 & Outlook 2010] - Fully patched

  Exchange 2013 RTM  - Multi-Tenant
  ExternalClientAuthenticationMethod : Ntlm
  InternalClientAuthenticationMethod : Ntlm
  IISAuthenticationMethods           : {Basic, Ntlm, Negotiate}
  Clients using Outlook Anywhere only, not Exchange domain members.
  1. Windows XP SP3 (fully patched), Outlook 2007 SP3 + Nov 2012 Patch - When launching Outlook prompts for password only once.
  2. Windows 7 (fully patched), Outlook 2010 (fully patched) - When launching Outlook doesn't prompt for password.
  I'm aware of this:
  http://support.microsoft.com/kb/956531
  The goal - Eliminate issue with password prompts for Windows XP.
  Any chance resolving this? CU install? Anything else?
  Thanks.
  Memento Mori

  Hi,
  Based on my experience, the credential issue is mostly likely caused by authentication method.
  And I recommend the following troubleshooting:
  1. Change LmCompatibilityLevel on the windows XP client to a value of 2 or 3:
  a. Click Start, click Run, type regedit in the Open box, and then press ENTER.
  b. Locate and then click the following registry subkey:
  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa\
  c. In the pane on the right side, double-click lmcompatibilitylevel.
  d. In the Value data box, type a value of 2 or 3 that is appropriate for your environment, and then click OK.
  e. Exit Registry Editor.
  f. Restart your computer
  2. Reset the windows credential store.
  If you have any question, please feel free to let me know. 
  Thanks,
  Angela Shi
  TechNet Community Support

• Cannot Scan For Errors or Format iPod

  I see alot of ppl are having the same problems that I am having with my own iPod. This is very discouraging. We are getting ripped off by Apple, big time.
  I have tried EVERYTHING suggested that I can find, and my iPod still does not work.
  My drivers are all up to date, the .dll files are registered, and my Windows fully recongnizes my iPod. I've rolled back to an older version of iTunes even, and it still will not restore my iPod. Nothing I do seems to matter.
  I tried several times to scan my iPod for bad sectors and nothing happens. It will not scan.
  I also tried that format thing and when the format comes up, the one page someone on here recommended to look at says you should select a file called FAT32 and then Format. I have no FAT32 file anywhere. When the format box comes up, all it says in the drop down at the top is 74 GB and the bottom 2 drop downs are empty, followed by a 3rd field that is empty, then the buttons to start the Format. It absolutely will not format or anything.
  I can only get my iPod to come up on Windows if I put it into disk mode. If I don't put it into disk mode, it will constantly show the Apple logo screen and keep shutting itself off and turning back on. I can hear the hard drive in it constantly clicking as well.
  What do I do with this thing??? Is there any other solution?

  Hi, thanks for responding. I actually found out that I can scan for devices, but the problem is with pairing. I've started a new thread with my current problem here: https://bbs.archlinux.org/viewtopic.php?id=184560
  So far I haven't been able to find any help -- I've tried mailing #bluez-users mailing list but I'm not sure if that list is active any more. I've also tried on irc in #bluez and #bluez-users, and on superuser.com.

• Trying to install dot net 3.5 on 2 fully patched 2012 standard server

  I have tried the dism method as well as the alternate source to the wim and the sxs folder but it always ends up with error 0x800f081f as the source is no good. I tried the offline installer which fails while running the dism command
  I need this to test out the system center service manager

  so the issue is definetly the fully patched
  I just loaded up a fresh install of 2012 standard and dotnet installed with no issues pointing to the same source
  this is the same process for the fully patched servers but they are fully patched and don't work
  so i'm wondering if the update rollup makes the original dvd useless
  if that is the case where do I get the sxs directory for the applied update rollup?
  i'll try uninstalling the update rollup and post back whenafter testing

• Pci compliance for very small biz using mac and ipad

  I run a very SMALL business. We have one MacBook an iPad and an iPhone. We run everything through a second party merchant card processor/software (mindbody). However, according to the PCI compliance survey I just finished, I am supposed to run quarterly internal scans for vulnerabilities. Does antivirus software do this?
  Also, what firewall settings do I need on my mac to be PCI compliant?
  I know this may be a very simple question, but the PCI survey assumes everyone has an IT department with a ton of policies and procedures. Trying to figure out how to be compliant as a super small business without all that infrastructure.

  Anti-virus software would not do PCI vulnerability scanning. You need specialized software to do that. Unfortunately, I cannot recommend specific software. My wife's small business was wrestling with PCI issues some time ago, and they're currently not doing any kind of internal scans. I don't know why not. They do get scanned externally periodically, to look for vulnerabilities in their setup that could allow people outside their network to gain access.
  PCI compliance is a scam anyway. It doesn't prevent the numerous breaches that so many high-profile companies have been facing lately, and you can bet they're dotting their i's and crossing their t's with respect to PCI compliance. They have the budget to do so.
  Your Mac should not need the firewall on. That shouldn't affect PCI compliance, if the Mac is properly configured and does not have any services open in System Preferences -> Sharing.

• Continuous scan for ARD clients

  Hi. I need to find all the Macs on our campus and and set them all to point to a specific task server. I can scan for them inside of ARD, but the problem is it just gets a snapshot of the network at that exact moment. Also, when you repeat the scan all the computers it found disappear and are replaced with a new snapshot. What I would like to do is have it loop a scan and keep everything that it has found in the list. Is there any way to do that? Also, is there any way to set a default username/password and have it automatically add computers that it finds to a list?

  Dear Dave
  Thanks a lot for your help. It's really great getting answers and advice in discussion groups by dedicated people.
  I finally manage to get all my ARD Clients fully accessible. My mistake was that I was to much concentrated on the Client setup and not to my own ARD admin workstation. The essential thing was that on the router belonging to my ARD admin station I had to open and map/forward the ports 3283 and 5900 too. And as soon as i did it worked.
  A pritty nasty thing I could have solved earlier by reading the ARD Admin Guide on page 49 more carefully.
  Thanks, Andy

• PCI Card for a new SSD. Good Idea?

  Just upgragraded my 2009 MP (processor 3.33, video card, Ram). Just got a new 256 Samsung SSD wich is going below the optical drive. Did a search here about PCIe card for the drive and found that there's good and bad about it. Found this model model (Velocity solo x2). Is there one specific brand more suitable? or just make it simple and install the ssd below the optical drive.
  Thanks

  The 2008 only has two 16x PCIe slots and the Sonnet Tempo Pro should be in the #2.
  Even gpu's do not do as well as later models in performance, and some PCIe cards only supported booting in a 2009 or later.
  Installing Mac OS to Sonnet Tempo I am sure you have read of the issues and how to get around it, is even on Sonnettech.com
  Even though it 'tests' as xyz MB/sec in the real world the system is fine on SATA2 and in non-RAID setups. The 0.1ns seeks and latency and higher IO for reads. Someone did some thorough tests of different SSDs, different PCIe cards and the synthetic benchmarks. And concluded there was no real difference to the system and work load whether the system was on SATA2, but could be work performance using PCIE for other uses.
  Generally I find this to be helpful start: www.macperformanceguide.com on perfomance
  Putting scratch and graphic libraries for Aperture/Lightroom and others on a SSD and on a separarte bus helped. Even helps having iPhoto on SSD and the photo library folder on another drive - so you aren't read and write to same.
  SoftRAID 4 - using 3 drives in a mirror but it uses "stripped reads" seems like it is fast, simple, less overhead and most people just never get idea of using more than two drives in a mirror, but it works great and makes it easy to pull one for backup. SoftRAID also does a better threaded background rebuild, and during idle time scans its drives for errors and bad or weak sectors. A lifesaver. 
  Even using the optical bay for the system might be perfect and then using the Tempo Pro for other uses.
  With system's and SSD's and stripped, then of course a couple restore images and run DU against the array with TRIM enabled on a weekly basis, something, especially if the array is getting hammered as scratch. Tests though show those SSDs can take huge TBs of punishment day after day, but I have seen my own and read of too many errors.

• Scan for and connect to networks from an openbox pipe menu (netcfg)

  So the other day when i was using wifi-select (awesome tool) to connect to a friends hot-spot, i realized "hey! this would be great as an openbox pipe menu."  i'm fairly decent in bash and i knew both netcfg and wifi-select were in bash so why not rewrite it that way?
  Wifi-Pipe
  A simplified version of wifi-select which will scan for networks and populate an openbox right-click menu item with available networks.  displays security type and signal strength.  click on a network to connect via netcfg the same way wifi-select does it.
  zenity is used to ask for a password and notify of a bad connection.  one can optionally remove the netcfg profile if the connection fails.
  What's needed
  -- you have to be using netcfg to manage your wireless
  -- you have to install zenity
  -- you have to save the script as ~/.config/openbox/wifi-pipe and make it executable:
  chmod +x ~/.config/openbox/wifi-pipe
  -- you have to add a sudoers entry to allow passwordless sudo on this script and netcfg (!)
  USERNAME ALL=(ALL) NOPASSWD: /usr/bin/netcfg
  USERNAME ALL=(ALL) NOPASSWD: /home/USERNAME/.config/openbox/wifi-pipe
  -- you have to adjust  ~/.config/openbox/menu.xml like so:
  <menu id="root-menu" label="Openbox 3">
  <menu id="pipe-wifi" label="Wifi" execute="sudo /home/USERNAME/.config/openbox/wifi-pipe INTERFACE" />
  <menu id="term-menu"/>
  <item label="Run...">
  <action name="Execute">
  <command>gmrun</command>
  </action>
  </item>
  where USERNAME is you and INTERFACE is probably wlan0 or similar
  openbox --reconfigure and you should be good to go.
  The script
  #!/bin/bash
  # pbrisbin 2009
  # simplified version of wifi-select designed to output as an openbox pipe menu
  # required:
  # netcfg
  # zenity
  # NOPASSWD entries for this and netcfg through visudo
  # the following in menu.xml:
  # <menu id="pipe-wifi" label="Wifi" execute="sudo /path/to/wifi.pipe interface"/>
  # the idea is to run this script once to scan/print, then again immediately to connect.
  # therefore, if you scan but don't connect, a temp file is left in /tmp. the next scan
  # will overwrite it, and the next connect will remove it.
  # source this just to get PROFILE_DIR
  . /usr/lib/network/network
  [ -z "$PROFILE_DIR" ] && PROFILE_DIR='/etc/network.d/'
  # awk code for parsing iwlist output
  # putting it here removes the wifi-select dependency
  # and allows for my own tweaking
  # prints a list "essid=security=quality_as_percentage"
  PARSER='
  BEGIN { FS=":"; OFS="="; }
  /\<Cell/ { if (essid) print essid, security, quality[2]/quality[3]*100; security="none" }
  /\<ESSID:/ { essid=substr($2, 2, length($2) - 2) } # discard quotes
  /\<Quality=/ { split($1, quality, "[=/]") }
  /\<Encryption key:on/ { security="wep" }
  /\<IE:.*WPA.*/ { security="wpa" }
  END { if (essid) print essid, security, quality[2]/quality[3]*100 }
  errorout() {
  echo "<openbox_pipe_menu>"
  echo "<item label=\"$1\" />"
  echo "</openbox_pipe_menu>"
  exit 1
  create_profile() {
  ESSID="$1"; INTERFACE="$2"; SECURITY="$3"; KEY="$4"
  PROFILE_FILE="$PROFILE_DIR$ESSID"
  cat > "$PROFILE_FILE" << END_OF_PROFILE
  CONNECTION="wireless"
  ESSID="$ESSID"
  INTERFACE="$INTERFACE"
  DESCRIPTION="Automatically generated profile"
  SCAN="yes"
  IP="dhcp"
  TIMEOUT="10"
  SECURITY="$SECURITY"
  END_OF_PROFILE
  # i think wifi-select should adopt these perms too...
  if [ -n "$KEY" ]; then
  echo "KEY=\"$KEY\"" >> "$PROFILE_FILE"
  chmod 600 "$PROFILE_FILE"
  else
  chmod 644 "$PROFILE_FILE"
  fi
  print_menu() {
  # scan for networks
  iwlist $INTERFACE scan 2>/dev/null | awk "$PARSER" | sort -t= -nrk3 > /tmp/networks.tmp
  # exit if none found
  if [ ! -s /tmp/networks.tmp ]; then
  rm /tmp/networks.tmp
  errorout "no networks found."
  fi
  # otherwise print the menu
  local IFS='='
  echo "<openbox_pipe_menu>"
  while read ESSID SECURITY QUALITY; do
  echo "<item label=\"$ESSID ($SECURITY) ${QUALITY/.*/}%\">" # trim decimals
  echo " <action name=\"Execute\">"
  echo " <command>sudo $0 $INTERFACE connect \"$ESSID\"</command>"
  echo " </action>"
  echo "</item>"
  done < /tmp/networks.tmp
  echo "</openbox_pipe_menu>"
  connect() {
  # check for an existing profile
  PROFILE_FILE="$(grep -REl "ESSID=[\"']?$ESSID[\"']?" "$PROFILE_DIR" | grep -v '~$' | head -n1)"
  # if found use it, else create a new profile
  if [ -n "$PROFILE_FILE" ]; then
  PROFILE=$(basename "$PROFILE_FILE")
  else
  PROFILE="$ESSID"
  SECURITY="$(awk -F '=' "/$ESSID/"'{print $2}' /tmp/networks.tmp | head -n1)"
  # ask for the security key if needed
  if [ "$SECURITY" != "none" ]; then
  KEY="$(zenity --entry --title="Authentication" --text="Please enter $SECURITY key for $ESSID" --hide-text)"
  fi
  # create the new profile
  create_profile "$ESSID" "$INTERFACE" "$SECURITY" "$KEY"
  fi
  # connect
  netcfg2 "$PROFILE" >/tmp/output.tmp
  # if failed, ask about removal of created profile
  if [ $? -ne 0 ]; then
  zenity --question \
  --title="Connection failed" \
  --text="$(grep -Eo "[\-\>]\ .*$" /tmp/output.tmp) \n Remove $PROFILE_FILE?" \
  --ok-label="Remove profile"
  [ $? -eq 0 ] && rm $PROFILE_FILE
  fi
  rm /tmp/output.tmp
  rm /tmp/networks.tmp
  [ $(id -u) -ne 0 ] && errorout "root access required."
  [ -z "$1" ] && errorout "usage: $0 [interface]"
  INTERFACE="$1"; shift
  # i added a sleep if we need to explicitly bring it up
  # b/c youll get "no networks found" when you scan right away
  # this only happens if we aren't up already
  if ! ifconfig | grep -q $INTERFACE; then
  ifconfig $INTERFACE up &>/dev/null || errorout "$INTERFACE not up"
  while ! ifconfig | grep -q $INTERFACE; do sleep 1; done
  fi
  if [ "$1" = "connect" ]; then
  ESSID="$2"
  connect
  else
  print_menu
  fi
  Screenshots
  removed -- Hi-res shots available on my site
  NOTE - i have not tested this extensively but it was working for me in most cases.  any updates/fixes will be edited right into this original post.  enjoy!
  UPDATE - 10/24/2009: i moved the awk statement from wifi-select directly into the script.  this did two things: wifi-select is no longer needed on the system, and i could tweak the awk statement to be more accurate.  it now prints a true percentange.  iwlist prints something like Quality=17/70 and the original awk statement would just output 17 as the quality.  i changed to print (17/70)*100 then bash trims the decimals so you get a true percentage.
  Last edited by brisbin33 (2010-05-09 01:28:20)

  froli wrote:
  I think the script's not working ... When I type
  sh wifi-pipe
  in a term it returns nothing
  well, just to be sure you're doing it right...
  he above is only an adjustment to the OB script's print_menu() function, it's not an entire script to itself.  so, if the original OB script shows output for you with
  sh ./wifi-pipe
  then using the above pint_menu() function (with all the other supporting code) should also show output, (only really only changes the echo's so they print the info in the pekwm format).
  oh, and if neither version shows output when you rut it in a term, then you've got other issues... ;P
  here's an entire [untested] pekwm script:
  #!/bin/bash
  # pbrisbin 2009
  # simplified version of wifi-select designed to output as an pekwm pipe menu
  # required:
  # netcfg
  # zenity
  # NOPASSWD entries for this and netcfg through visudo
  # the following in pekwm config file:
  # SubMenu = "WiFi" {
  # Entry = { Actions = "Dynamic /path/to/wifi-pipe" }
  # the idea is to run this script once to scan/print, then again immediately to connect.
  # therefore, if you scan but don't connect, a temp file is left in /tmp. the next scan
  # will overwrite it, and the next connect will remove it.
  # source this to get PROFILE_DIR and SUBR_DIR
  . /usr/lib/network/network
  errorout() {
  echo "Dynamic {"
  echo " Entry = \"$1\""
  echo "}"
  exit 1
  create_profile() {
  ESSID="$1"; INTERFACE="$2"; SECURITY="$3"; KEY="$4"
  PROFILE_FILE="$PROFILE_DIR$ESSID"
  cat > "$PROFILE_FILE" << END_OF_PROFILE
  CONNECTION="wireless"
  ESSID="$ESSID"
  INTERFACE="$INTERFACE"
  DESCRIPTION="Automatically generated profile"
  SCAN="yes"
  IP="dhcp"
  TIMEOUT="10"
  SECURITY="$SECURITY"
  END_OF_PROFILE
  # i think wifi-select should adopt these perms too...
  if [ -n "$KEY" ]; then
  echo "KEY=\"$KEY\"" >> "$PROFILE_FILE"
  chmod 600 "$PROFILE_FILE"
  else
  chmod 644 "$PROFILE_FILE"
  fi
  print_menu() {
  # scan for networks
  iwlist $INTERFACE scan 2>/dev/null | awk -f $SUBR_DIR/parse-iwlist.awk | sort -t= -nrk3 > /tmp/networks.tmp
  # exit if none found
  if [ ! -s /tmp/networks.tmp ]; then
  rm /tmp/networks.tmp
  errorout "no networks found."
  fi
  # otherwise print the menu
  echo "Dynamic {"
  IFS='='
  cat /tmp/networks.tmp | while read ESSID SECURITY QUALITY; do
  echo "Entry = \"$ESSID ($SECURITY) $QUALITY%\" {"
  echo " Actions = \"Exec sudo $0 $INTERFACE connect \\\"$ESSID\\\"\"</command>"
  echo "}"
  done
  unset IFS
  echo "}"
  connect() {
  # check for an existing profile
  PROFILE_FILE="$(grep -REl "ESSID=[\"']?$ESSID[\"']?" "$PROFILE_DIR" | grep -v '~$' | head -n1)"
  # if found use it, else create a new profile
  if [ -n "$PROFILE_FILE" ]; then
  PROFILE=$(basename "$PROFILE_FILE")
  else
  PROFILE="$ESSID"
  SECURITY="$(awk -F '=' "/$ESSID/"'{print $2}' /tmp/networks.tmp | head -n1)"
  # ask for the security key if needed
  if [ "$SECURITY" != "none" ]; then
  KEY="$(zenity --entry --title="Authentication" --text="Please enter $SECURITY key for $ESSID" --hide-text)"
  fi
  # create the new profile
  create_profile "$ESSID" "$INTERFACE" "$SECURITY" "$KEY"
  fi
  # connect
  netcfg2 "$PROFILE" >/tmp/output.tmp
  # if failed, ask about removal of created profile
  if [ $? -ne 0 ]; then
  zenity --question \
  --title="Connection failed" \
  --text="$(grep -Eo "[\-\>]\ .*$" /tmp/output.tmp) \n Remove $PROFILE_FILE?" \
  --ok-label="Remove profile"
  [ $? -eq 0 ] && rm $PROFILE_FILE
  fi
  rm /tmp/output.tmp
  rm /tmp/networks.tmp
  [ $(id -u) -ne 0 ] && errorout "root access required."
  [ -z "$1" ] && errorout "usage: $0 [interface]"
  INTERFACE="$1"; shift
  # i added a sleep if we need to explicitly bring it up
  # b/c youll get "no networks found" when you scan right away
  # this only happens if we aren't up already
  if ! ifconfig | grep -q $INTERFACE; then
  ifconfig $INTERFACE up &>/dev/null || errorout "$INTERFACE not up"
  sleep 3
  fi
  if [ "$1" = "connect" ]; then
  ESSID="$2"
  connect
  else
  print_menu
  fi
  exit 0

• ClamAV fails to scan for viruses in emails [CLAWS MAIL]

  I've recently switched from Thunderbird to Claws Mail and ran into one small, but annoying, problem.
  I want to use ClamAV + the clamav extension for claws mail to scan for viruses, however it does seem to have permission problems.
  clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
  Scanning error:
  /home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
  Here's my clamd.conf:
  ## Please read the clamd.conf(5) manual before editing this file.
  # Comment or remove the line below.
  #Example
  # Uncomment this option to enable logging.
  # LogFile must be writable for the user running daemon.
  # A full path is required.
  # Default: disabled
  LogFile /var/log/clamav/clamd.log
  # By default the log file is locked for writing - the lock protects against
  # running clamd multiple times (if want to run another clamd, please
  # copy the configuration file, change the LogFile variable, and run
  # the daemon with --config-file option).
  # This option disables log file locking.
  # Default: no
  #LogFileUnlock yes
  # Maximum size of the log file.
  # Value of 0 disables the limit.
  # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
  # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
  # in bytes just don't use modifiers.
  # Default: 1M
  #LogFileMaxSize 2M
  # Log time with each message.
  # Default: no
  LogTime yes
  # Also log clean files. Useful in debugging but drastically increases the
  # log size.
  # Default: no
  #LogClean yes
  # Use system logger (can work together with LogFile).
  # Default: no
  #LogSyslog yes
  # Specify the type of syslog messages - please refer to 'man syslog'
  # for facility names.
  # Default: LOG_LOCAL6
  #LogFacility LOG_MAIL
  # Enable verbose logging.
  # Default: no
  #LogVerbose yes
  # Log additional information about the infected file, such as its
  # size and hash, together with the virus name.
  #ExtendedDetectionInfo yes
  # This option allows you to save a process identifier of the listening
  # daemon (main thread).
  # Default: disabled
  PidFile /run/clamav/clamd.pid
  # Optional path to the global temporary directory.
  # Default: system specific (usually /tmp or /var/tmp).
  TemporaryDirectory /tmp
  # Path to the database directory.
  # Default: hardcoded (depends on installation options)
  DatabaseDirectory /var/lib/clamav
  # Only load the official signatures published by the ClamAV project.
  # Default: no
  OfficialDatabaseOnly yes
  # The daemon can work in local mode, network mode or both.
  # Due to security reasons we recommend the local mode.
  # Path to a local socket file the daemon will listen on.
  # Default: disabled (must be specified by a user)
  LocalSocket /var/lib/clamav/clamd.sock
  # Sets the group ownership on the unix socket.
  # Default: disabled (the primary group of the user running clamd)
  LocalSocketGroup clamav
  # Sets the permissions on the unix socket to the specified mode.
  # Default: disabled (socket is world accessible)
  #LocalSocketMode 660
  # Remove stale socket after unclean shutdown.
  # Default: yes
  #FixStaleSocket yes
  # TCP port address.
  # Default: no
  #TCPSocket 3310
  # TCP address.
  # By default we bind to INADDR_ANY, probably not wise.
  # Enable the following to provide some degree of protection
  # from the outside world.
  # Default: no
  #TCPAddr 127.0.0.1
  # Maximum length the queue of pending connections may grow to.
  # Default: 200
  #MaxConnectionQueueLength 30
  # Clamd uses FTP-like protocol to receive data from remote clients.
  # If you are using clamav-milter to balance load between remote clamd daemons
  # on firewall servers you may need to tune the options below.
  # Close the connection when the data size limit is exceeded.
  # The value should match your MTA's limit for a maximum attachment size.
  # Default: 25M
  #StreamMaxLength 10M
  # Limit port range.
  # Default: 1024
  #StreamMinPort 30000
  # Default: 2048
  #StreamMaxPort 32000
  # Maximum number of threads running at the same time.
  # Default: 10
  #MaxThreads 20
  # Waiting for data from a client socket will timeout after this time (seconds).
  # Default: 120
  #ReadTimeout 300
  # This option specifies the time (in seconds) after which clamd should
  # timeout if a client doesn't provide any initial command after connecting.
  # Default: 5
  #CommandReadTimeout 5
  # This option specifies how long to wait (in miliseconds) if the send buffer is full.
  # Keep this value low to prevent clamd hanging
  # Default: 500
  #SendBufTimeout 200
  # Maximum number of queued items (including those being processed by MaxThreads threads)
  # It is recommended to have this value at least twice MaxThreads if possible.
  # WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
  # the following condition should hold:
  # MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
  # Default: 100
  #MaxQueue 200
  # Waiting for a new job will timeout after this time (seconds).
  # Default: 30
  #IdleTimeout 60
  # Don't scan files and directories matching regex
  # This directive can be used multiple times
  # Default: scan all
  #ExcludePath ^/proc/
  #ExcludePath ^/sys/
  # Maximum depth directories are scanned at.
  # Default: 15
  #MaxDirectoryRecursion 20
  # Follow directory symlinks.
  # Default: no
  #FollowDirectorySymlinks yes
  # Follow regular file symlinks.
  # Default: no
  #FollowFileSymlinks yes
  # Scan files and directories on other filesystems.
  # Default: yes
  #CrossFilesystems yes
  # Perform a database check.
  # Default: 600 (10 min)
  #SelfCheck 600
  # Execute a command when virus is found. In the command string %v will
  # be replaced with the virus name.
  # Default: no
  #VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
  # Run as another user (clamd must be started by root for this option to work)
  # Default: don't drop privileges
  User clamav
  # Initialize supplementary group access (clamd must be started by root).
  # Default: no
  #AllowSupplementaryGroups no
  # Stop daemon when libclamav reports out of memory condition.
  #ExitOnOOM yes
  # Don't fork into background.
  # Default: no
  #Foreground yes
  # Enable debug messages in libclamav.
  # Default: no
  #Debug yes
  # Do not remove temporary files (for debug purposes).
  # Default: no
  #LeaveTemporaryFiles yes
  # Detect Possibly Unwanted Applications.
  # Default: no
  #DetectPUA yes
  # Exclude a specific PUA category. This directive can be used multiple times.
  # See http://www.clamav.net/support/pua for the complete list of PUA
  # categories.
  # Default: Load all categories (if DetectPUA is activated)
  #ExcludePUA NetTool
  #ExcludePUA PWTool
  # Only include a specific PUA category. This directive can be used multiple
  # times.
  # Default: Load all categories (if DetectPUA is activated)
  #IncludePUA Spy
  #IncludePUA Scanner
  #IncludePUA RAT
  # In some cases (eg. complex malware, exploits in graphic files, and others),
  # ClamAV uses special algorithms to provide accurate detection. This option
  # controls the algorithmic detection.
  # Default: yes
  #AlgorithmicDetection yes
  ## Executable files
  # PE stands for Portable Executable - it's an executable file format used
  # in all 32 and 64-bit versions of Windows operating systems. This option allows
  # ClamAV to perform a deeper analysis of executable files and it's also
  # required for decompression of popular executable packers such as UPX, FSG,
  # and Petite. If you turn off this option, the original files will still be
  # scanned, but without additional processing.
  # Default: yes
  #ScanPE yes
  # Executable and Linking Format is a standard format for UN*X executables.
  # This option allows you to control the scanning of ELF files.
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  # Default: yes
  #ScanELF yes
  # With this option clamav will try to detect broken executables (both PE and
  # ELF) and mark them as Broken.Executable.
  # Default: no
  #DetectBrokenExecutables yes
  ## Documents
  # This option enables scanning of OLE2 files, such as Microsoft Office
  # documents and .msi files.
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  # Default: yes
  #ScanOLE2 yes
  # With this option enabled OLE2 files with VBA macros, which were not
  # detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
  # Default: no
  #OLE2BlockMacros no
  # This option enables scanning within PDF files.
  # If you turn off this option, the original files will still be scanned, but
  # without decoding and additional processing.
  # Default: yes
  #ScanPDF yes
  ## Mail files
  # Enable internal e-mail scanner.
  # If you turn off this option, the original files will still be scanned, but
  # without parsing individual messages/attachments.
  # Default: yes
  #ScanMail yes
  # Scan RFC1341 messages split over many emails.
  # You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
  # WARNING: This option may open your system to a DoS attack.
  # Never use it on loaded servers.
  # Default: no
  #ScanPartialMessages yes
  # With this option enabled ClamAV will try to detect phishing attempts by using
  # signatures.
  # Default: yes
  #PhishingSignatures yes
  # Scan URLs found in mails for phishing attempts using heuristics.
  # Default: yes
  #PhishingScanURLs yes
  # Always block SSL mismatches in URLs, even if the URL isn't in the database.
  # This can lead to false positives.
  # Default: no
  #PhishingAlwaysBlockSSLMismatch no
  # Always block cloaked URLs, even if URL isn't in database.
  # This can lead to false positives.
  # Default: no
  #PhishingAlwaysBlockCloak no
  # Allow heuristic match to take precedence.
  # When enabled, if a heuristic scan (such as phishingScan) detects
  # a possible virus/phish it will stop scan immediately. Recommended, saves CPU
  # scan-time.
  # When disabled, virus/phish detected by heuristic scans will be reported only at
  # the end of a scan. If an archive contains both a heuristically detected
  # virus/phish, and a real malware, the real malware will be reported
  # Keep this disabled if you intend to handle "*.Heuristics.*" viruses
  # differently from "real" malware.
  # If a non-heuristically-detected virus (signature-based) is found first,
  # the scan is interrupted immediately, regardless of this config option.
  # Default: no
  #HeuristicScanPrecedence yes
  ## Data Loss Prevention (DLP)
  # Enable the DLP module
  # Default: No
  #StructuredDataDetection yes
  # This option sets the lowest number of Credit Card numbers found in a file
  # to generate a detect.
  # Default: 3
  #StructuredMinCreditCardCount 5
  # This option sets the lowest number of Social Security Numbers found
  # in a file to generate a detect.
  # Default: 3
  #StructuredMinSSNCount 5
  # With this option enabled the DLP module will search for valid
  # SSNs formatted as xxx-yy-zzzz
  # Default: yes
  #StructuredSSNFormatNormal yes
  # With this option enabled the DLP module will search for valid
  # SSNs formatted as xxxyyzzzz
  # Default: no
  #StructuredSSNFormatStripped yes
  ## HTML
  # Perform HTML normalisation and decryption of MS Script Encoder code.
  # Default: yes
  # If you turn off this option, the original files will still be scanned, but
  # without additional processing.
  #ScanHTML yes
  ## Archives
  # ClamAV can scan within archives and compressed files.
  # If you turn off this option, the original files will still be scanned, but
  # without unpacking and additional processing.
  # Default: yes
  #ScanArchive yes
  # Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
  # Default: no
  #ArchiveBlockEncrypted no
  ## Limits
  # The options below protect your system against Denial of Service attacks
  # using archive bombs.
  # This option sets the maximum amount of data to be scanned for each input file.
  # Archives and other containers are recursively extracted and scanned up to this
  # value.
  # Value of 0 disables the limit
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 100M
  #MaxScanSize 150M
  # Files larger than this limit won't be scanned. Affects the input file itself
  # as well as files contained inside it (when the input file is an archive, a
  # document or some other kind of container).
  # Value of 0 disables the limit.
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 25M
  #MaxFileSize 30M
  # Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
  # file, all files within it will also be scanned. This options specifies how
  # deeply the process should be continued.
  # Note: setting this limit too high may result in severe damage to the system.
  # Default: 16
  #MaxRecursion 10
  # Number of files to be scanned within an archive, a document, or any other
  # container file.
  # Value of 0 disables the limit.
  # Note: disabling this limit or setting it too high may result in severe damage
  # to the system.
  # Default: 10000
  #MaxFiles 15000
  ## Clamuko settings
  # Enable Clamuko. Dazuko must be configured and running. Clamuko supports
  # both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
  # is the preferred option. For more information please visit www.dazuko.org
  # Default: no
  #ClamukoScanOnAccess yes
  # The number of scanner threads that will be started (DazukoFS only).
  # Having multiple scanner threads allows Clamuko to serve multiple
  # processes simultaneously. This is particularly beneficial on SMP machines.
  # Default: 3
  #ClamukoScannerCount 3
  # Don't scan files larger than ClamukoMaxFileSize
  # Value of 0 disables the limit.
  # Default: 5M
  #ClamukoMaxFileSize 10M
  # Set access mask for Clamuko (Dazuko only).
  # Default: no
  #ClamukoScanOnOpen yes
  #ClamukoScanOnClose yes
  #ClamukoScanOnExec yes
  # Set the include paths (all files inside them will be scanned). You can have
  # multiple ClamukoIncludePath directives but each directory must be added
  # in a seperate line. (Dazuko only)
  # Default: disabled
  #ClamukoIncludePath /home
  #ClamukoIncludePath /students
  # Set the exclude paths. All subdirectories are also excluded. (Dazuko only)
  # Default: disabled
  #ClamukoExcludePath /home/bofh
  # With this option you can whitelist specific UIDs. Processes with these UIDs
  # will be able to access all files.
  # This option can be used multiple times (one per line).
  # Default: disabled
  #ClamukoExcludeUID 0
  # With this option enabled ClamAV will load bytecode from the database.
  # It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
  # Default: yes
  #Bytecode yes
  # Set bytecode security level.
  # Possible values:
  # None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
  # This value is only available if clamav was built with --enable-debug!
  # TrustSigned - trust bytecode loaded from signed .c[lv]d files,
  # insert runtime safety checks for bytecode loaded from other sources
  # Paranoid - don't trust any bytecode, insert runtime checks for all
  # Recommended: TrustSigned, because bytecode in .cvd files already has these checks
  # Note that by default only signed bytecode is loaded, currently you can only
  # load unsigned bytecode in --enable-debug mode.
  # Default: TrustSigned
  #BytecodeSecurity TrustSigned
  # Set bytecode timeout in miliseconds.
  # Default: 5000
  # BytecodeTimeout 1000
  My freshclam.conf:
  ## Please read the freshclam.conf(5) manual before editing this file.
  # Comment or remove the line below.
  #Example
  # Path to the database directory.
  # WARNING: It must match clamd.conf's directive!
  # Default: hardcoded (depends on installation options)
  #DatabaseDirectory /var/lib/clamav
  # Path to the log file (make sure it has proper permissions)
  # Default: disabled
  UpdateLogFile /var/log/clamav/freshclam.log
  # Maximum size of the log file.
  # Value of 0 disables the limit.
  # You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
  # and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
  # in bytes just don't use modifiers.
  # Default: 1M
  #LogFileMaxSize 2M
  # Log time with each message.
  # Default: no
  #LogTime yes
  # Enable verbose logging.
  # Default: no
  #LogVerbose yes
  # Use system logger (can work together with UpdateLogFile).
  # Default: no
  #LogSyslog yes
  # Specify the type of syslog messages - please refer to 'man syslog'
  # for facility names.
  # Default: LOG_LOCAL6
  #LogFacility LOG_MAIL
  # This option allows you to save the process identifier of the daemon
  # Default: disabled
  #PidFile /var/run/freshclam.pid
  # By default when started freshclam drops privileges and switches to the
  # "clamav" user. This directive allows you to change the database owner.
  # Default: clamav (may depend on installation options)
  #DatabaseOwner clamav
  # Initialize supplementary group access (freshclam must be started by root).
  # Default: no
  #AllowSupplementaryGroups yes
  # Use DNS to verify virus database version. Freshclam uses DNS TXT records
  # to verify database and software versions. With this directive you can change
  # the database verification domain.
  # WARNING: Do not touch it unless you're configuring freshclam to use your
  # own database verification domain.
  # Default: current.cvd.clamav.net
  #DNSDatabaseInfo current.cvd.clamav.net
  # Uncomment the following line and replace XY with your country
  # code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
  # You can use db.XY.ipv6.clamav.net for IPv6 connections.
  #DatabaseMirror db.XY.clamav.net
  # database.clamav.net is a round-robin record which points to our most
  # reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
  # not working. DO NOT TOUCH the following line unless you know what you
  # are doing.
  DatabaseMirror database.clamav.net
  # How many attempts to make before giving up.
  # Default: 3 (per mirror)
  #MaxAttempts 5
  # With this option you can control scripted updates. It's highly recommended
  # to keep it enabled.
  # Default: yes
  #ScriptedUpdates yes
  # By default freshclam will keep the local databases (.cld) uncompressed to
  # make their handling faster. With this option you can enable the compression;
  # the change will take effect with the next database update.
  # Default: no
  #CompressLocalDatabase no
  # With this option you can provide custom sources (http:// or file://) for
  # database files. This option can be used multiple times.
  # Default: no custom URLs
  #DatabaseCustomURL http://myserver.com/mysigs.ndb
  #DatabaseCustomURL file:///mnt/nfs/local.hdb
  # Number of database checks per day.
  # Default: 12 (every two hours)
  #Checks 24
  # Proxy settings
  # Default: disabled
  #HTTPProxyServer myproxy.com
  #HTTPProxyPort 1234
  #HTTPProxyUsername myusername
  #HTTPProxyPassword mypass
  # If your servers are behind a firewall/proxy which applies User-Agent
  # filtering you can use this option to force the use of a different
  # User-Agent header.
  # Default: clamav/version_number
  #HTTPUserAgent SomeUserAgentIdString
  # Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
  # multi-homed systems.
  # Default: Use OS'es default outgoing IP address.
  #LocalIPAddress aaa.bbb.ccc.ddd
  # Send the RELOAD command to clamd.
  # Default: no
  NotifyClamd /etc/clamav/clamd.conf
  # Run command after successful database update.
  # Default: disabled
  #OnUpdateExecute command
  # Run command when database update process fails.
  # Default: disabled
  #OnErrorExecute command
  # Run command when freshclam reports outdated version.
  # In the command string %v will be replaced by the new version number.
  # Default: disabled
  #OnOutdatedExecute command
  # Don't fork into background.
  # Default: no
  #Foreground yes
  # Enable debug messages in libclamav.
  # Default: no
  #Debug yes
  # Timeout in seconds when connecting to database server.
  # Default: 30
  #ConnectTimeout 60
  # Timeout in seconds when reading from database server.
  # Default: 30
  #ReceiveTimeout 60
  # With this option enabled, freshclam will attempt to load new
  # databases into memory to make sure they are properly handled
  # by libclamav before replacing the old ones.
  # Default: yes
  #TestDatabases yes
  # When enabled freshclam will submit statistics to the ClamAV Project about
  # the latest virus detections in your environment. The ClamAV maintainers
  # will then use this data to determine what types of malware are the most
  # detected in the field and in what geographic area they are.
  # Freshclam will connect to clamd in order to get recent statistics.
  # Default: no
  #SubmitDetectionStats /path/to/clamd.conf
  # Country of origin of malware/detection statistics (for statistical
  # purposes only). The statistics collector at ClamAV.net will look up
  # your IP address to determine the geographical origin of the malware
  # reported by your installation. If this installation is mainly used to
  # scan data which comes from a different location, please enable this
  # option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
  # of the country of origin.
  # Default: disabled
  #DetectionStatsCountry country-code
  # This option enables support for our "Personal Statistics" service.
  # When this option is enabled, the information on malware detected by
  # your clamd installation is made available to you through our website.
  # To get your HostID, log on http://www.stats.clamav.net and add a new
  # host to your host list. Once you have the HostID, uncomment this option
  # and paste the HostID here. As soon as your freshclam starts submitting
  # information to our stats collecting service, you will be able to view
  # the statistics of this clamd installation by logging into
  # http://www.stats.clamav.net with the same credentials you used to
  # generate the HostID. For more information refer to:
  # http://www.clamav.net/support/faq/faq-cctts/
  # This feature requires SubmitDetectionStats to be enabled.
  # Default: disabled
  #DetectionStatsHostID unique-id
  # This option enables support for Google Safe Browsing. When activated for
  # the first time, freshclam will download a new database file (safebrowsing.cvd)
  # which will be automatically loaded by clamd and clamscan during the next
  # reload, provided that the heuristic phishing detection is turned on. This
  # database includes information about websites that may be phishing sites or
  # possible sources of malware. When using this option, it's mandatory to run
  # freshclam at least every 30 minutes.
  # Freshclam uses the ClamAV's mirror infrastructure to distribute the
  # database and its updates but all the contents are provided under Google's
  # terms of use. See http://code.google.com/support/bin/answer.py?answer=70015
  # and http://safebrowsing.clamav.net for more information.
  # Default: disabled
  #SafeBrowsing yes
  # This option enables downloading of bytecode.cvd, which includes additional
  # detection mechanisms and improvements to the ClamAV engine.
  # Default: enabled
  #Bytecode yes
  # Download an additional 3rd party signature database distributed through
  # the ClamAV mirrors. Here you can find a list of available databases:
  # http://www.clamav.net/download/cvd/3rdparty
  # This option can be used multiple times.
  #ExtraDatabase dbname1
  #ExtraDatabase dbname2
  Any help is much appreciated.

  MatejLach wrote:
  clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
  Scanning error:
  /home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
  Seems like a permissions error to me... maybe check the actual file it is attempting to scan... I know it is in your home folder, but just to be sure, you might want to check that everything is sane.

• My iPhone won't allow me to scan for any network and won't even pick up on any wifi networks near by. How do I fix this?

  My iPhone 4s won't allow me to scan for any networks and won't even pull up wifi networks near by. How do I fix this?

  Settings > General > Network > Reset Network Settings.
  If that does not resolve the issue...
  Basic troubleshooting from the User's Guide is reset, restart, restore (first from backup then as new).  Has any of this been tried?

• I would appreciate it if someone could advise me as to the optimum resolution, dimensions and dpi for actual photographic slides that I am scanning for use in a Keynote Presentation, that will be projected in a large auditorium.  I realize that most proje

  I would appreciate it if someone could advise me as to the optimum resolution, dimensions and dpi for actual photographic slides that I am scanning for use in a Keynote Presentation, that will be projected in a large auditorium. I realize that most projectors in auditoriums that I will be using have 1024 x 1200 pixels, and possibly 1600 x 1200. There is no reference to this issue in the Keynote Tutorial supplied by Apple, and I have never found a definitive answer to this issue online (although there may be one).
              Here’s my question: When scanning my photographic slides, what setting, from 72 dpi to 300 dpi, would result in the best image quality and use up the most efficient amount of space? 
              Here’s what two different photo slide scanning service suppliers have told me: 
  Supplier No. 1 tells me that they can scan slides to a size of 1544 x 1024 pixels, at 72 dpi, which will be 763 KB, and they refer to this as low resolution (a JPEG). However, I noticed when I looked at these scanned slides, the size of the slides varied, with a maximum of 1.8 MB. This supplier says that the dpi doesn’t matter when it comes to the quality of the final digital image, that it is the dimensions that matter.  They say that if they scanned a slide to a higher resolution (2048 x 3072), they would still scan it at 72 dpi.
  Supplier No. 2: They tell me that in order to have a high quality image made from a photographic slide (starting with a 35 mm slide, in all cases), I need to have a “1280 pixel dimension slide, a JPEG, at 300 dpi, that is 8 MB per image.” However, this supplier also offers, on its list of services, a “Standard Resolution JPEG (4MB file/image – 3088 x 2048), as well as a “High Resolution JPEG (8 MB file/image – 3088x2048).
  I will be presenting my Keynotes with my MacBook Pro, and will not have a chance to try out the presentations in advance, since the lecture location is far from my home, so that is not an option. 
  I do not want to use up more memory than necessary on my laptop.  I also want to have the best quality image. 
  One more question: When scanning images myself, on my own scanner, for my Keynote presentations, would I be better off scanning them as JPEGs or TIFFs? I have been told that a TIFF is better because it is less compressed. 
  Any enlightenment on this subject would be appreciated.
  Thank you.

  When it comes to Keynote, I try and start with a presentation that's 1680 x 1050 preset or something in that range.  Most projectors that you'll get at a conference won't project much higher than that and if they run at a lower resolution, it's better to have the device downsize your Keynote.  Anything is better than having the projector try and upsize your presentation... you work hard to make it look good, and it's mangled by some tired Epson projector.
  As far as slides go, scan them in at 150 dpi or better, and make them at least the dimensions of your presentation.  Keynote is really only wanting 72dpi, but I do them at 150, just in case I need to print out the presentation as a handout later, and having the pix at 150 dpi gives me a little help with their quality on a printer.
  You'd probably have to drop in the 150 versions again if you output the Keynote to .pdf or Word or something, but at least you have the option.
  And Gary's right (above) go ahead and scan them as TIFFs.  Sooner or later you'll want to do something else with these slides (like make something for an iPad or the like) and having them as TIFFs keeps your presentation looking good.
  Finally, and this is a big one, get to the location for your presentation ahead of time if you can, and plug the laptop in and see what you get.  There's always connection problems. Don't let the AV bonehead tell you everything will work just fine ('... I don't have any adapters for a Mac...') .  See it for yourself... you're the one that's standing up there.  Unless it's your boss, then you better be really sure it works.