Plugin Whitelisting

Some enterprises only want allow the use of plugins and extensions that are on an allow list. This ensures that the administrator knows what plugins are in use so that they can be patched, and allows an amount of functional testing before full deployment. They don't want to be in a state where users install useful-sounding plugins that, for example, sends sensitive data out to the cloud or to a malicious third party. Unfortunately I'm struggling to implement a configuration to deny all plugins and extensions apart from a specified list (which a user can then choose to manually disable or enable). Are the three options below viable or is there some other route:
I can prevent the installation of plugins with this configuration:
lockPref("xpinstall.enabled", 0);
I can get plugins to default to disabled whenever the browser starts:
lockPref("plugin.default.state", 0);
lockPref("plugin.defaultXpi.state", 0);
I can enable and disable individual plugins:
// Enable Flash as it's in a sandbox
lockPref("plugin.state.flash", 2);
// Disable Java unless required
lockPref("plugin.state.java", 0);
lockPref("plugin.state.npdeployjava1", 0);

Please also see: [http://kb.mozillazine.org/Locking_preferences]
Make sure it is not obsolete: [https://developer.mozilla.org/en-US/docs/Archive/Mozilla/Automatic_Mozilla_Configurator/Locked_config_settings]
What trouble are you running into specifically here?

Similar Messages

Whitelist for Adobe Reader 10 and 11 Web Plugin?

We need to have PDFs open in IE automatically for a list of domains and websites where employees need this function to work to do their job, but we don't want Adobe Reader integration with the browser triggered by random websites on the Internet due to malware that uses this function to infect computers.
How can this be done?

Can you try this next: navigate to C:\Program Files\Adobe\Reader 11.0\Reader (if you have Reader XI installed), or C:\Program Files (x86)\Adobe\Reader 11.0\Reader (Reader XI on 64-bit Windows), and double-click on Eula.exe, then accept the license agreement.
Does that fix the problem?

Firefox 22 Silent Add-ons/Plugins/Extensions Installation

We're a Windows 7 x86 shop and we're finally upgrading from Firefox 3.6. I just need a little help finalizing the customizations for our Firefox 22 install.
Our requests don't differ greatly from others (no automatic updates, no plugin checks, set default home page, no Firefox sync etc.) and all that seems to be working so far. I ran the install on a machine that did not have a previous version of Firefox and found it largely behaving the way I expected it to.
However two things stand out:
On initial launch I'm seeing a 'checking compatibility of addons' screen. It doesn't ask me to do anything and disappears after a few seconds, but this worries me that it *might* complain about a plugin a user installed when we go through the upgrade process.
- Can this 'check' be avoided?
- Is it really doing anything? (eg: checking for blacklisted addons/extensions? etc)
- What's the worst that could happen here?
In the registry (HKLM\Software\Mozilla\Firefox\Extensions) I have two entries created by 2 other applications on the workstation each of which pointing to their respective extension/addon/plugin directory (e.g.: C:\Program Files\Application\some_directory). When properly installed, one is listed as an Extension, the other a Plugin. On the first launch after installation, I see two 'Install Add-on' tabs prompting me to approve each the installation. Seeing as these extensions are allowed/trusted and required, I want Firefox to accept them without prompting the user. Now, I'm aware of two key elements that largely govern this (and their subtle differences) but I can't seem to get this to work right:
extensions.autoDisableScopes
extensions.enabledScopes
With the former set to 0 and the latter 15 I relaunch FF and while I don't get the tabs, when I go to test them, it doesn't work. Furthermore, the Plugin is listed under Extensions which probably shoud not be.
- What am I doing wrong?
- How can I allow/trust/whitelist or otherwise automatically approve the installation of either specific add-ons, or add-ons within a specific location?
Please, correct me if I'm doing something wrong, or if there's a better way (e.g.: GPO's) to apply global settings for all users. I'm hoping to avoid a solution that requires installing a third-party plug-in
Any advice is greatly appreciated.
Install/upgrade process consists these key files:
Firefox Setup 22.0.exe - The installer
install.cmd - Script that runs the installer and does other things:
runs installer with the following switches: /INI=custom.ini
creates "%ProgramFiles%\Mozilla Firefox\browser\defaults\profile\chrome" (if missing)
copies userChrome.css into the above directory
creates "%ProgramFiles%\Mozilla Firefox\browser\defaults\preferences" (if missing)
copies local-settings.js into the above directory
copies Mozilla.cfg into "%ProgramFiles%\Mozilla Firefox\"
copies override.ini into "%ProgramFiles%\Mozilla Firefox\browser\"
custom.ini :
MaintenanceService=false
userChrome.css :
// Disable Firefox Sync
#sync-setup, #sync-status-button, #BrowserPreferences radio[label="Sync"] {display:none!important;}
#sync-setup-appmenu,#sync-syncnowitem-appmenu, #sync-setup, #sync-status-button, #BrowserPreferences radio[label="Sync"] {display:none!important;}
menu[label="Tools"] menuitem[label="Sync Now"], #sync-button, #sync-setup-appmenu, #sync-syncnowitem-appmenu, #sync-setup, #sync-status-button, #BrowserPreferences radio[label="Sync"] {display:none!important;}
local-settings.js :
pref("general.config.obscure_value", 0);
pref("general.config.filename", "mozilla.cfg");
Override.ini :
[XRE]
EnableProfileMigrator=False
EnableExtensionManager=True
[Crash Reporter]
Enabled=False
Mozilla.cfg :
// This preference allows to suppress all UI update prompting.
defaultPref("app.update.silent", true);
// This preference disables the background service that installs updates
defaultPref("app.update.service.enabled", false);
// This preference indicates that the rights notification has already been shown.
defaultPref("browser.rights.3.shown", true);
defaultPref("browser.rights.override", true);
// Disable automatic check for updates to search plugins
defaultPref("browser.search.update", false);
// Do not perform system default browser check on startup
defaultPref("browser.shell.checkDefaultBrowser", false);
// Sets URL of homepage or pope (|) separated list of URL's to open in tabs
defaultPref("browser.startup.homepage", "http://our-intranet/");
// Was suggested to use this instead of the above - don't understand why
//defaultPref("browser.startup.homepage", "data:text/plain,browser.startup.homepage=http://our-intranet/");
// The last browser version (milestone) this profile was loaded with. If it differs from the current version, pref is changed to current version.
defaultPref("browser.startup.homepage_override.mstone", "ignore");
// Disable check extension for browser compatibility on upgrade/install.
defaultPref("extensions.checkCompatibility", false);
// Disable checks that extensions provide secure updates.
defaultPref("extensions.checkUpdateSecurity", false);
// The last version of the browser to successfully load extensions. Used to determine whether or not to disable extensions due to possible incompatibilities.
defaultPref("extensions.lastAppVersion", "100.0.0");
// Not sure if this still applies today
defaultPref("extensions.lastPlatformVersion", "100.0.0");
// An Attempt at Disabling Firefox sync
defaultPref("services.sync.autoconnect", false);
defaultPref("services.sync.clients.lastSync", "0");
defaultPref("services.sync.clients.lastSyncLocal", "0");
defaultPref("services.sync.engine.addons", false);
defaultPref("services.sync.engine.apps", false);
defaultPref("services.sync.engine.bookmarks", false);
defaultPref("services.sync.engine.history", false);
defaultPref("services.sync.engine.passwords", false);
defaultPref("services.sync.engine.prefs", false);
defaultPref("services.sync.engine.prefs.modified", false);
defaultPref("services.sync.engine.tabs", false);
defaultPref("services.sync.globalScore", 0);
defaultPref("services.sync.migrated", true);
defaultPref("services.sync.nextSync", 0);
defaultPref("services.sync.tabs.lastSync", "0");
defaultPref("services.sync.tabs.lastSyncLocal", "0");
// Disabled Add-on manager pop-up window post addon/extension installation
defaultPref("extensions.newAddons", false);
// Disable automatic download and installation of available updates
defaultPref("extensions.update.autoUpdate", false);
// Diable automatic checking of updates at the specified interval
defaultPref("extensions.update.autoUpdateEnabled", false);
// Disable checking for extension updates
defaultPref("extensions.update.enabled", false);
// Determines how often to check the update URL for updates.
defaultPref("extensions.update.interval", 1273520281);
// Disable addon control wizard
defaultPref("extensions.shownSelectionUI", true);
// A comma-and-space-delimited list of URIs with which to automatically authenticate via NTLM (Windows domain logon).
defaultPref("network.automatic-ntlm-auth.trusted-uris", "a,bunch,of,servers,urls,and,unc,paths");
// Indicates whether some cookie preferences — previously stored in deprecated preferences — have been migrated to current preferences.
defaultPref("network.cookie.prefsMigrated", true);
// A comma-and-space-delimited list of sites that are permitted to engage in SPNEGO authentication with the browser.
defaultPref("network.negotiate-auth.trusted-uris", "a,bunch,of,servers,urls,and,unc,paths");
// Not sure if this still applies today
defaultPref("privacy.sanitize.migrateFx3Prefs", true);
// Disable telemetry (usage statistics) to Mozilla HQ
defaultPref("toolkit.telemetry.prompted", 2);
defaultPref("toolkit.telemetry.rejected", true);
defaultPref("toolkit.telemetry.enabled", false);
// A comma-separated list of sites to automatically add to the extensions whitelist.
defaultPref("xpinstall.whitelist.add", "");
// Not sure what these are but are baked into installation
defaultPref("xpinstall.whitelist.add.180", "");
defaultPref("xpinstall.whitelist.add.36", "");
// Allow access to specific network locations
defaultPref("capability.policy.policynames", "policy1, policy2, ..., policyX");
defaultPref("capability.policy.policy1.checkloaduri.enabled", "allAccess");
defaultPref("capability.policy.policy1.sites","http://site1 http://site1/site http://site2");
defaultPref("capability.policy.policy2.checkloaduri.enabled", "allAccess");
defaultPref("capability.policy.policy2.sites","\\unc\path");
defaultPref("capability.policy.policyX.checkloaduri.enabled", "allAccess");
defaultPref("capability.policy.policyX.sites","whatever");
// Disables built in PDF viewer
defaultPref("pdfjs.disabled",true);
// Disables Health Report Uploads
defaultPref("datareporting.healthreport.uploadEnabled",false);
// Disables Health Reporting Completely
defaultPref("datareporting.healthreport.service.enabled",false);
// Disabled Plugin Check
defaultPref("plugin.scan.plid.all",false);
defaultPref("plugins.update.url","");

try the 15 - 15 option, see in the above link you gave us :
http://mike.kaply.com/2012/02/21/understanding-add-on-scopes/
the : Add-ons are only disabled by default '''if they were not explicitly installed by the user'''. '''So if an external application places an add-on into the user’s profile directory, it is disabled by default'''.
(it is in extensions.autoDisableScopes area )

Wiki whitelist.plist not working here's the script and steps taken

1. whitelist.plist created according to instructions in wiki admin manual.
2. file placed in: /Library/Application Support/Apple/WikiServer/
3. File permissions set to allow _teamsserver access like other files in directory.
4. Webserver restarted.
5. Attempt to add <head> tag to wiki fails. Code is stripped out after save.
6. Has anyone got this working? I can't find any syntax errors in the file and I've tried the suggestion from another post to place the file in: /etc/wikid
Here's the contents of whitelist.plist
I don't know what else I can do to make it work. Any help is appreciated.
I've pasted the code below:
<?xml version="1.0" encoding="UTF-8"?>
<!DOCTYPE plist PUBLIC "-//Apple Computer//DTD PLIST 1.0//EN" "http://www.apple.com/DTDs/PropertyList-1.0.dtd">
<plist version="1.0">
<dict>
<key>protocols</key>
<array>
<string>file</string>
<string>afp</string>
<string>feed</string>
<string>feeds</string>
<string>fax</string>
<string>ftp</string>
<string>gopher</string>
<string>http</string>
<string>https</string>
<string>itms</string>
<string>itpc</string>
<string>ldap</string>
<string>mailto</string>
<string>news</string>
<string>nfs</string>
<string>nntp</string>
<string>rdar</string>
<string>rtsp</string>
<string>sip</string>
<string>sips</string>
<string>sftp</string>
<string>smb</string>
<string>ssh</string>
<string>svn</string>
<string>svn+ssh</string>
<string>tel</string>
<string>telnet</string>
<string>vnc</string>
<string>webcal</string>
<string>xmpp</string>
</array>
<key>styles</key>
<array>
<string>font-style</string>
<string>font-weight</string>
<string>text-decoration</string>
</array>
<key>tags</key>
<dict>
<key>all</key>
<array>
<string>style</string>
<string>class</string>
<string>title</string>
</array>
<key>a</key>
<array>
<string>href</string>
<string>name</string>
<string>rel</string>
</array>
<key>blockquote</key>
<array>
<string>cite</string>
</array>
<key>body</key>
<array/>
<key>br</key>
<array/>
<key>caption</key>
<array/>
<key>dd</key>
<array/>
<key>div</key>
<array/>
<key>dl</key>
<array/>
<key>dt</key>
<array/>
<key>em</key>
<array/>
<key>h1</key>
<array/>
<key>h2</key>
<array/>
<key>h3</key>
<array/>
<key>h4</key>
<array/>
<key>h5</key>
<array/>
<key>h6</key>
<array/>
<key>head</key>
<array>
<string>title</string>
<string>base</string>
<string>link</string>
<string>meta</string>
</array>
<key>html</key>
<array/>
<key>img</key>
<array>
<string>src</string>
<string>alt</string>
<string>name</string>
<string>width</string>
<string>height</string>
<string>longdesc</string>
</array>
<key>li</key>
<array/>
<key>node</key>
<array/>
<key>object</key>
<array>
<string>classid</string>
<string>width</string>
<string>height</string>
<string>codebase</string>
</array>
<key>ol</key>
<array/>
<key>p</key>
<array/>
<key>param</key>
<array>
<string>name</string>
<string>value</string>
</array>
<key>pre</key>
<array/>
<key>q</key>
<array>
<string>cite</string>
</array>
<key>span</key>
<array/>
<key>strong</key>
<array/>
<key>table</key>
<array/>
<key>tbody</key>
<array/>
<key>td</key>
<array>
<string>colspan</string>
<string>rowspan</string>
</array>
<key>tfoot</key>
<array/>
<key>th</key>
<array>
<string>colspan</string>
<string>rowspan</string>
</array>
<key>thead</key>
<array/>
<key>tr</key>
<array/>
<key>ul</key>
<array/>
</dict>
</dict>
</plist>

Ok. Found some more stuff. It appears that, as of 10.6.2, you can't have this in your whitelist: :
<key>protocols</key>
<key>styles</key>
What's missing? Even if you have nothing to add to an area you must have the array tags e.g.
<key>protocols</key>
<array/>
<key>styles</key>
<array/>
The problem is that the Wiki just fails if there is any problem with your whitelist, with no warning. To see the fault you have to look in the console log. There you will see something like this, which indicates a faulty whitelist file:
8/01/10 10:34:00 AM com.apple.wikid[4416] Traceback (most recent call last):
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/caldavd/lib/python/twisted/application/app.py", line 689, in run
8/01/10 10:34:00 AM com.apple.wikid[4416] config.parseOptions()
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/caldavd/lib/python/twisted/application/app.py", line 669, in parseOptions
8/01/10 10:34:00 AM com.apple.wikid[4416] usage.Options.parseOptions(self, options)
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/caldavd/lib/python/twisted/python/usage.py", line 226, in parseOptions
8/01/10 10:34:00 AM com.apple.wikid[4416] for (cmd, short, parser, doc) in self.subCommands:
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/caldavd/lib/python/twisted/application/app.py", line 679, in subCommands
8/01/10 10:34:00 AM com.apple.wikid[4416] for plug in plugins:
8/01/10 10:34:00 AM com.apple.wikid[4416] --- <exception caught here> ---
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/caldavd/lib/python/twisted/plugin.py", line 204, in getPlugins
8/01/10 10:34:00 AM com.apple.wikid[4416] adapted = interface(plugin, None)
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/System/Library/Frameworks/Python.framework/Versions/2.6/Extras/lib/python/zop e/interface/interface.py", line 625, in callconform
8/01/10 10:34:00 AM com.apple.wikid[4416] return conform(self)
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/caldavd/lib/python/twisted/plugin.py", line 68, in _conform_
8/01/10 10:34:00 AM com.apple.wikid[4416] return self.load()
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/caldavd/lib/python/twisted/plugin.py", line 63, in load
8/01/10 10:34:00 AM com.apple.wikid[4416] return namedAny(self.dropin.moduleName + '.' + self.name)
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/caldavd/lib/python/twisted/python/reflect.py", line 462, in namedAny
8/01/10 10:34:00 AM com.apple.wikid[4416] topLevelPackage = _importAndCheckStack(trialname)
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/caldavd/lib/python/twisted/python/reflect.py", line 398, in _importAndCheckStack
8/01/10 10:34:00 AM com.apple.wikid[4416] return _import_(importName)
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/wikid/lib/python/twisted/plugins/wikid.py", line 9, in <module>
8/01/10 10:34:00 AM com.apple.wikid[4416] from apple_utilities.tap import WikiServiceMaker
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/wikid/lib/python/apple_utilities/tap.py", line 25, in <module>
8/01/10 10:34:00 AM com.apple.wikid[4416] from apple_utilities import SettingsManager, Authentication
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/wikid/lib/python/apple_utilities/SettingsManager.py", line 916, in <module>
8/01/10 10:34:00 AM com.apple.wikid[4416] globalSettings = SettingsManager(defaultConfigFilePath)
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/wikid/lib/python/apple_utilities/SettingsManager.py", line 151, in _init_
8/01/10 10:34:00 AM com.apple.wikid[4416] whitelist = WhitelistContentFilter.WhitelistContentFilter(userWhitelistPath, self.data['wiki']['whitelist'])
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/usr/share/wikid/lib/python/apple_wlt/WhitelistContentFilter.py", line 120, in _init_
8/01/10 10:34:00 AM com.apple.wikid[4416] systemPlist = plistlib.readPlist(systemWhitelistFileLoc)
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/plistli b.py", line 78, in readPlist
8/01/10 10:34:00 AM com.apple.wikid[4416] rootObject = p.parse(pathOrFile)
8/01/10 10:34:00 AM com.apple.wikid[4416] File "/System/Library/Frameworks/Python.framework/Versions/2.6/lib/python2.6/plistli b.py", line 405, in parse
8/01/10 10:34:00 AM com.apple.wikid[4416] parser.ParseFile(fileobj)
Message was edited by: John Holley NZ

My plugin is not working when "out-of-process plugins" ("OOPP") is enabled

Plugin is working fine with FF3.0 but it is not working with FF4.0 and above. The reason I found out is in about:config dom.ipc.enabled is set to true. This means it whitelists the plugins to run in a plugin container.
When I disabled the dom.ipc.plugins.enabled to false, I observed that plugin is working fine.
I also tested by adding a separate entry dom.ipc.plugins.enabled.plugin.so to false and changed dom.ipc.plugins.enabled back to true. still it is working fine.
This plugin is using NPAPIs.
I couldn't figure out why the plugin behavior changes when it is running as a part of FF and running as a separate process.
Thanks in advance for your help.

Plugin is working fine with FF3.0 but it is not working with FF4.0 and above. The reason I found out is in about:config dom.ipc.enabled is set to true. This means it whitelists the plugins to run in a plugin container.
When I disabled the dom.ipc.plugins.enabled to false, I observed that plugin is working fine.
I also tested by adding a separate entry dom.ipc.plugins.enabled.plugin.so to false and changed dom.ipc.plugins.enabled back to true. still it is working fine.
This plugin is using NPAPIs.
I couldn't figure out why the plugin behavior changes when it is running as a part of FF and running as a separate process.
Thanks in advance for your help.

Auto-whitelist

Greetings,
not sure how many people still run 10.4 mail systems. but what the heck
I have a mail server that has been running spammassassin for years. pumping SA learn and running spamtrainer.
recently i received OS and postfix error messages regarding insufficient storage space although i had 30gig of room on the drive.
During a clone operation i discovered a very large Auto-whitelist file in /var/clamav/.spamassassin
i don't remember setting Auto-Whitelist 1
mylocal.cf doesn't mention AutoWhitelist
and my amavisd.conf has it commented out .
#$saautowhitelist = 0; # turn on AWL (default: false)
# Bayesian Auto Learn
auto_learn 1
# Safe Reporting
safe_reporting 0
# Full/Terse Reporting
usetersereport 0
# Subject Tag
subject_tag * Warning: Junk Mail *
# Rewrite the Subject
rewrite_subject 0
# Use Bayesian Filtering
use_bayes 1
# OK locals
ok_locales en
# OK languages
ok_languages en fr de ja
# Required hits to be marked as spam
required_hits 5
I ran a test message through SA, i did not see anything referencing Auto-Whitelist.
here is debug ::: ::
}mx1:/var/clamav root# spamassassin -D < /private/var/root/Documents/Message1.rtf
debug: SpamAssassin version 3.0.1
debug: Score set 0 chosen.
debug: running in taint mode? yes
debug: Running in taint mode, removing unsafe env vars, and resetting PATH
debug: PATH included '/bin', keeping.
debug: PATH included '/sbin', keeping.
debug: PATH included '/usr/bin', keeping.
debug: PATH included '/usr/sbin', keeping.
debug: Final PATH set to: /bin:/sbin:/usr/bin:/usr/sbin
debug: using "/etc/mail/spamassassin/init.pre" for site rules init.pre
debug: config: read file /etc/mail/spamassassin/init.pre
debug: using "//usr/share/spamassassin" for default rules dir
debug: config: read file //usr/share/spamassassin/10_misc.cf
debug: config: read file //usr/share/spamassassin/20antiratware.cf
debug: config: read file //usr/share/spamassassin/20bodytests.cf
debug: config: read file //usr/share/spamassassin/20_compensate.cf
debug: config: read file //usr/share/spamassassin/20dnsbltests.cf
debug: config: read file //usr/share/spamassassin/20_drugs.cf
debug: config: read file //usr/share/spamassassin/20fake_helotests.cf
debug: config: read file //usr/share/spamassassin/20headtests.cf
debug: config: read file //usr/share/spamassassin/20htmltests.cf
debug: config: read file //usr/share/spamassassin/20metatests.cf
debug: config: read file //usr/share/spamassassin/20_phrases.cf
debug: config: read file //usr/share/spamassassin/20_****.cf
debug: config: read file //usr/share/spamassassin/20_ratware.cf
debug: config: read file //usr/share/spamassassin/20uritests.cf
debug: config: read file //usr/share/spamassassin/23_bayes.cf
debug: config: read file //usr/share/spamassassin/25body_testses.cf
debug: config: read file //usr/share/spamassassin/25body_testspl.cf
debug: config: read file //usr/share/spamassassin/25_hashcash.cf
debug: config: read file //usr/share/spamassassin/25head_testses.cf
debug: config: read file //usr/share/spamassassin/25head_testspl.cf
debug: config: read file //usr/share/spamassassin/25_spf.cf
debug: config: read file //usr/share/spamassassin/25_uribl.cf
debug: config: read file //usr/share/spamassassin/30textde.cf
debug: config: read file //usr/share/spamassassin/30textes.cf
debug: config: read file //usr/share/spamassassin/30textfr.cf
debug: config: read file //usr/share/spamassassin/30textit.cf
debug: config: read file //usr/share/spamassassin/30textnl.cf
debug: config: read file //usr/share/spamassassin/30textpl.cf
debug: config: read file //usr/share/spamassassin/30textsk.cf
debug: config: read file //usr/share/spamassassin/50_scores.cf
debug: config: read file //usr/share/spamassassin/60_whitelist.cf
debug: using "//etc/mail/spamassassin" for site rules dir
debug: config: read file //etc/mail/spamassassin/local.cf
debug: using "/private/var/root/.spamassassin" for user state dir
debug: using "/private/var/root/.spamassassin/user_prefs" for user prefs file
debug: config: read file /private/var/root/.spamassassin/user_prefs
debug: plugin: loading Mail::SpamAssassin::Plugin::URIDNSBL from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840)
debug: plugin: loading Mail::SpamAssassin::Plugin::Hashcash from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70)
debug: plugin: loading Mail::SpamAssassin::Plugin::SPF from @INC
debug: plugin: registered Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4)
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70) implements 'parse_config'
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) inhibited further callbacks
debug: config: SpamAssassin failed to parse line, skipping: auto_learn 1
debug: config: SpamAssassin failed to parse line, skipping: safe_reporting 0
debug: config: SpamAssassin failed to parse line, skipping: usetersereport 0
debug: config: SpamAssassin failed to parse line, skipping: subject_tag * Warning: Junk Mail *
debug: config: SpamAssassin failed to parse line, skipping: rewrite_subject 0
debug: using "/private/var/root/.spamassassin" for user state dir
debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_toks
debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 3
debug: using "/private/var/root/.spamassassin" for user state dir
debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200
debug: bayes: 17114 untie-ing
debug: bayes: 17114 untie-ing db_toks
debug: bayes: 17114 untie-ing db_seen
debug: Score set 1 chosen.
debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_toks
debug: bayes: 17114 tie-ing to DB file R/O /private/var/root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 3
debug: bayes: Not available for scanning, only 0 spam(s) in Bayes DB < 200
debug: bayes: 17114 untie-ing
debug: bayes: 17114 untie-ing db_toks
debug: bayes: 17114 untie-ing db_seen
debug: metadata: X-Spam-Relays-Trusted:
debug: metadata: X-Spam-Relays-Untrusted:
debug: ---- MIME PARSER START ----
debug: main message type: text/plain
debug: parsing normal part
debug: added part, type: text/plain
debug: ---- MIME PARSER END ----
debug: decoding: no encoding detected
debug: Loading languages file...
debug: Can't determine language uniquely enough
debug: metadata: X-Languages:
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'parsed_metadata'
debug: is Net::DNS::Resolver available? yes
debug: Net::DNS version: 0.66
debug: trying (3) sun.com...
debug: looking up NS for 'sun.com'
debug: NS lookup of sun.com succeeded => Dns available (set dns_available to hardcode)
debug: is DNS available? 1
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: URIDNSBL: domains to query: beth.k12.pa.us hetnet.nl aim.com
debug: all '*From' addrs:
debug: Running tests for priority: 0
debug: running header regexp tests; score so far=0
debug: registering glue method for checkhashcash_doublespend (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70))
debug: registering glue method for checkfor_spf_helopass (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: SPF: message was delivered entirely via trusted relays, not required
debug: registering glue method for checkhashcashvalue (Mail::SpamAssassin::Plugin::Hashcash=HASH(0x1a8be70))
debug: all '*To' addrs:
debug: registering glue method for checkfor_spfsoftfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: SPF: message was delivered entirely via trusted relays, not required
debug: registering glue method for checkfor_spfpass (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: registering glue method for checkfor_spf_helosoftfail (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: registering glue method for checkfor_spf_helofail (Mail::SpamAssassin::Plugin::SPF=HASH(0x1af36a4))
debug: running body-text per-line regexp tests; score so far=-2.801
debug: running uri tests; score so far=-2.801
debug: registering glue method for check_uridnsbl (Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840))
debug: Razor2 is not available
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'check_tick'
debug: URIDNSBL: query for hetnet.nl took 1 seconds to look up (multi.surbl.org.:hetnet.nl)
debug: URIDNSBL: query for aim.com took 1 seconds to look up (multi.surbl.org.:aim.com)
debug: URIDNSBL: query for beth.k12.pa.us took 1 seconds to look up (multi.surbl.org.:beth.k12.pa.us)
debug: URIDNSBL: queries completed: 6 started: 8
debug: URIDNSBL: queries active: at Mon Mar 8 18:06:35 2010
debug: running raw-body-text per-line regexp tests; score so far=-2.801
debug: running full-text regexp tests; score so far=-2.801
debug: Razor2 is not available
debug: Current PATH is: /bin:/sbin:/usr/bin:/usr/sbin
debug: Pyzor is not available: pyzor not found
debug: DCCifd is not available: no r/w dccifd socket found.
debug: DCC is not available: no executable dccproc found.
debug: Running tests for priority: 500
debug: plugin: Mail::SpamAssassin::Plugin::URIDNSBL=HASH(0x1924840) implements 'checkpostdnsbl'
debug: URIDNSBL: queries completed: 8 started: 8
debug: URIDNSBL: queries active: at Mon Mar 8 18:06:35 2010
debug: waiting 2 seconds for URIDNSBL lookups to complete
debug: URIDNSBL: queries completed: 0 started: 0
debug: URIDNSBL: queries active: DNSBL=8 at Mon Mar 8 18:06:35 2010
debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:132.51.12.64)
debug: URIDNSBL: query for beth.k12.pa.us took 2 seconds to look up (sbl.spamhaus.org.:2.96.96.209)
debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:80.73.200.207)
debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:107.1.236.64)
debug: URIDNSBL: query for hetnet.nl took 2 seconds to look up (sbl.spamhaus.org.:34.63.75.213)
debug: URIDNSBL: query for hetnet.nl took 2 seconds to look up (sbl.spamhaus.org.:69.63.75.213)
debug: URIDNSBL: query for aim.com took 2 seconds to look up (sbl.spamhaus.org.:232.157.188.205)
debug: URIDNSBL: query for beth.k12.pa.us took 2 seconds to look up (sbl.spamhaus.org.:20.3.172.207)
debug: URIDNSBL: queries completed: 8 started: 0
debug: URIDNSBL: queries active: at Mon Mar 8 18:06:36 2010
debug: done waiting for URIDNSBL lookups to complete
debug: running meta tests; score so far=-2.801
debug: running header regexp tests; score so far=-1.231
debug: running body-text per-line regexp tests; score so far=-1.231
debug: running uri tests; score so far=-1.231
debug: running raw-body-text per-line regexp tests; score so far=-1.231
debug: running full-text regexp tests; score so far=-1.231
debug: Running tests for priority: 1000
debug: running meta tests; score so far=-1.231
debug: running header regexp tests; score so far=-1.231
debug: running body-text per-line regexp tests; score so far=-1.231
debug: running uri tests; score so far=-1.231
debug: running raw-body-text per-line regexp tests; score so far=-1.231
debug: running full-text regexp tests; score so far=-1.231
debug: auto-learn: currently using scoreset 1.
debug: auto-learn: message score: -1.231, computed score for autolearn: -1.231
debug: auto-learn? ham=0.1, spam=12, body-points=0, head-points=-2.801, learned-points=0
debug: auto-learn? yes, ham (-1.231 < 0.1)
debug: Learning Ham
debug: all '*From' addrs:
debug: all '*To' addrs:
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: uri found: mailto:[email protected]
debug: lock: 17114 created /private/var/root/.spamassassin/bayes.lock.mx1.beth.k12.pa.us.17114
debug: lock: 17114 trying to get lock on /private/var/root/.spamassassin/bayes with 0 retries
debug: lock: 17114 link to /private/var/root/.spamassassin/bayes.lock: link ok
debug: bayes: 17114 tie-ing to DB file R/W /private/var/root/.spamassassin/bayes_toks
debug: bayes: 17114 tie-ing to DB file R/W /private/var/root/.spamassassin/bayes_seen
debug: bayes: found bayes db version 3
debug: ebd3a443815ae7214b74ef30dfb2c5524e3adf7a@sa_generated: already learnt correctly, not learning twice
debug: bayes: 17114 untie-ing
debug: bayes: 17114 untie-ing db_toks
debug: bayes: 17114 untie-ing db_seen
debug: bayes: files locked, now unlocking lock
debug: unlock: 17114 unlink /private/var/root/.spamassassin/bayes.lock
debug: is spam? score=-1.231 required=5
debug: tests=ALLTRUSTED,MISSING_DATE,MISSINGSUBJECT
debug: subtests=_UNUSABLEMSGID
X-Spam-Checker-Version: SpamAssassin 3.0.1 (2004-10-22) on mx1.beth.k12.pa.us
X-Spam-Level:
X-Spam-Status: No, score=-1.2 required=5.0 tests=ALLTRUSTED,MISSINGDATE,
MISSING_SUBJECT autolearn=unavailable version=3.0.1
\f0\fs24 \cf0 Return-Path: <[email protected]>\
Received: from murder ([unix socket]) by bragg.beth.k12.pa.us (Cyrus v2.2.12-OS X 10.4.8) with LMTPA; Sun, 07 Mar 2010 22:32:43 -0500\
Received: from smtp3.beth.k12.pa.us (smtp3.beth.k12.pa.us [10.135.1.13]) by bragg.beth.k12.pa.us (Postfix) with ESMTP id 3D3F02CE4B19 for <[email protected]>; Sun, 7 Mar 2010 22:32:43 -0500 (EST)\
Received: from localhost (mx1.beth.k12.pa.us [10.135.1.6]) by smtp3.beth.k12.pa.us (Postfix) with ESMTP id 7E5EB2425D0C for <[email protected]>; Sun, 7 Mar 2010 22:32:07 -0500 (EST)\
Received: from mx1.beth.k12.pa.us ([127.0.0.1]) by localhost (mx1.beth.k12.pa.us [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 11329-05 for <[email protected]>; Sun, 7 Mar 2010 19:32:06 -0800 (PST)\
Received: from mail2.beth.k12.pa.us (mail2.beth.k12.pa.us [192.227.0.10]) by mx1.beth.k12.pa.us (Postfix) with ESMTP id 9DDDFCF9E5 for <[email protected]>; Sun, 7 Mar 2010 19:32:06 -0800 (PST)\
Received: from cpsmtpb-ews07.kpnxchange.com (cpsmtpb-ews07.kpnxchange.com [213.75.39.10]) by mail2.beth.k12.pa.us (Postfix) with ESMTP id 36E83E51479 for <[email protected]>; Sun, 7 Mar 2010 22:32:05 -0500 (EST)\
Received: from cpbrm-ews29.kpnxchange.com ([10.94.84.160]) by cpsmtpb-ews07.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 8 Mar 2010 04:32:05 +0100\
Received: from CPSMTPM-EML04.kpnxchange.com ([213.75.39.74]) by cpbrm-ews29.kpnxchange.com with Microsoft SMTPSVC(6.0.3790.3959); Mon, 8 Mar 2010 04:32:04 +0100\
Received: from localhost ([10.94.77.199]) by CPSMTPM-EML04.kpnxchange.com with Microsoft SMTPSVC(7.0.6001.18000); Mon, 8 Mar 2010 04:32:04 +0100\
X-Sieve: CMU Sieve 2.2\
Content-Class: urn:content-classes:message\
Mime-Version: 1.0\
Content-Type: multipart/alternative; boundary="----=_NextPart_00101CABE6F.E8E7FFDB"\
X-Mimeole: Produced By Microsoft Exchange V6.5\
Message-Id: <[email protected]>\
X-Ms-Has-Attach: \
X-Ms-Tnef-Correlator: \
Thread-Topic: EU INT LOTTO\
Thread-Index: Acqbc/3PXjmnUcQsGeSny2PogEEg==\
X-Originalarrivaltime: 08 Mar 2010 03:32:04.0493 (UTC) FILETIME=[EC150BD0:01CABE6F]\
X-Recipientdomain: beth.k12.pa.us\
X-Spam-Status: No, hits=4.117 tagged_above=-999 required=5 tests=BAYES_50, HTML5060, HTML_MESSAGE, MIMEQP_LONGLINE, NOREALNAME, SUBJALLCAPS, UNDISC_RECIPS, UPPERCASE5075\
X-Spam-Level: **\
EU INT LOTTO\
YOUR EMAIL ID HAS WON \'db1,000,000.00, IN THE FIRST CATEGORY, ALL THE E-MAIL ADDRESSES WERE SELECTED THROUGH ELECTRONIC BALLOTING SYSTEM OF INTERNET E-MAIL USERS, FROM WHICH YOUR E-MAIL ADDRESS CAME OUT AS THE WINNING COUPON.\
Clarification and procedure Contact: [email protected]\
Tel:\'ca\'ca\'ca\'ca +31-630-861-292\'ca\'ca\'ca\'ca\'ca\'ca\'ca\'ca \
Miss. Gillian Rowland \
Qualification winning Number [EU/ILO-564/003/008] \
Expiring date is 19th of March, 2010.\
All response should be send Via Email: [email protected]\
}mx1:/var/clamav root#

postfix receives the mail, then passes it to amavisd.
amavisd decides what scanners to use (clamav/spamassassin and possibly others) and performs the scan
amavisd might not scan the messages if certain criteria are met (size too large, white list, etc), this is all configurable in amavisd.conf. For example, the size threshold by default may be too small, so messages with large graphics may not be scanned.
after amavis processes the message, depending on the config of amavis, certain actions are performed (add headers, discard, reject, bounce, etc).
then amavisd passes the mail back to postfix
postfix delivers any deliverable mail to cyrus/dovecot and/or processes and bounce/rejection.
a rejection doesn't work in the above scenario because it's already been accepted by postfix.
best to discard.
if you would like to learn more about the flow and logic, look at the amavisd config file
/etc/amavisd.conf
and check out the docs
http://www.ijs.si/software/amavisd/
Jeff

[SOLVED]epiphany 3.12.0 - plugins?

Hello,
As you may know, extensions.gnome.org is offering an "automatic" way to install extensions of gnome-shell, but when trying to use it on Arch/epiphany 3.12.0, I get this:
We cannot detect a running copy of GNOME on this system, so some parts of the interface may be disabled. See our troubleshooting entry for more information.
If you are using GNOME 3.4 or newer and installation still doesn't work, check to make sure that the "GNOME Shell Integration" plugin is installed and enabled in your browser preferences. Some browsers have a feature, click-to-play, which make it so the plugin cannot start without user intervention. Make sure that either http://extensions.gnome.org is whitelisted for the click-to-play feature, or click-to-play is turned off entirely. Check your browser's help for more details.
I asked the gnome developers, and they said epiphany may be missing the plugins
Is there a way to install this plugin from pacman, or it's not supported?
Edit: Nevermind, after installing firefox somehow it all works.
Last edited by lucian80 (2014-03-31 21:26:28)

KlipperKyle wrote:Same here on my gazp8. Thank you, sir, for the good news.
I spoke too soon. When I resume, my Ethernet device mysteriously disappears after several seconds. It will not show in ifconfig, and "ifconfig <device name> up" complains about a nonexistent device. This only happens on kernel 3.12.
@siliconmeadow, will you please confirm whether you experience the same issue?
After poking through "journalctl -b", I found enp3s0f2 started normally (20:53:11), but a few seconds later (20:53:17) the carrier was mysteriously turned off. Then, ntpd deleted the ethernet interface. See <http://sprunge.us/QdeU>.
And when using ifconfig to try to bring the Ethernet device back up: (Note: Wifi works. It's only Ethernet that dies.)
kyle@wopr ~ $ ifconfig
lo: flags=73<UP,LOOPBACK,RUNNING> mtu 65536
inet 127.0.0.1 netmask 255.0.0.0
inet6 ::1 prefixlen 128 scopeid 0x10<host>
loop txqueuelen 0 (Local Loopback)
RX packets 208 bytes 15856 (15.4 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 208 bytes 15856 (15.4 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
wlp2s0: flags=4163<UP,BROADCAST,RUNNING,MULTICAST> mtu 1500
inet 192.168.1.110 netmask 255.255.255.0 broadcast 192.168.1.255
inet6 fe80::6236:ddff:fec1:cd98 prefixlen 64 scopeid 0x20<link>
ether xx:xx:xx:xx:xx:xx txqueuelen 1000 (Ethernet)
RX packets 219 bytes 36427 (35.5 KiB)
RX errors 0 dropped 0 overruns 0 frame 0
TX packets 199 bytes 132154 (129.0 KiB)
TX errors 0 dropped 0 overruns 0 carrier 0 collisions 0
kyle@wopr ~ $ sudo ifconfig enp3s0f2 up
[sudo] password for kyle:
enp3s0f2: ERROR while getting interface flags: No such device
kyle@wopr ~ :( $
Note: MAC addresses are masked.

Reader X, whitelist problem.

I am using a Whitelist, and in the AdbeReaderBroker.log here is an excerpt of what error I am getting.
[03:29/15:03:41] Adding custom policy: EVENTS_ALLOW_ANY = Gl*
[03:29/15:03:41] OpenEvent: STATUS_ACCESS_DENIED
[03:29/15:03:41] name: Global\CLR_PerfMon_StartEnumEvent
[03:29/15:03:41] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:29/15:03:41] OpenEvent: STATUS_ACCESS_DENIED
I have EVENTS_ALLOW_ANY = Gl* in my ProtectedModeWhitelistConfig.txt file. I don't know if this makes a difference, but the plugin is am creating an Active-X control that is made in VB.NET. I am pretty sure that the event that is trying to be opened is at the .NET layer for Performance Counter information. The Active-X Control is registered on the System.

I am using a Whitelist, and in the AdbeReaderBroker.log here is an excerpt of what error I am getting.
[03:29/15:03:41] Adding custom policy: EVENTS_ALLOW_ANY = Gl*
[03:29/15:03:41] OpenEvent: STATUS_ACCESS_DENIED
[03:29/15:03:41] name: Global\CLR_PerfMon_StartEnumEvent
[03:29/15:03:41] Consider modifying policy using these policy rules: EVENTS_ALLOW_ANY
[03:29/15:03:41] OpenEvent: STATUS_ACCESS_DENIED
I have EVENTS_ALLOW_ANY = Gl* in my ProtectedModeWhitelistConfig.txt file. I don't know if this makes a difference, but the plugin is am creating an Active-X control that is made in VB.NET. I am pretty sure that the event that is trying to be opened is at the .NET layer for Performance Counter information. The Active-X Control is registered on the System.

Is there a way to disable plugins globally, but enable them on a per-site basis?

Is there a way in Firefox to globally disable plugins and allow only certain sites to run them (i.e., a whitelist)? I've tried working with CAPS, but it doesn't seem to be able to turn off <embed> or <object> tags, only certain aspects of JavaScript. I know about FlashBlock, but I've heard it's easy to circumvent and isn't meant for security. NoScript has this ability, and it's great for my own PC, but I'm looking for something more simple that I can use on the PCs of my friends and relatives.

No, not in the basic Firefox build, and I haven't seen an extension with those features that is simple enough for the "average user" to use.
Flashblock only blocks Flash, Shockwave, and Authorware. Plugins like Java, Silverlight, and other aren't blocked by Flashblock. There is one manual control extension for JavaScript, Java, Flash, and Silverlight - Quick Java - https://addons.mozilla.org/en-US/firefox/addon/1237/ - but there is no "whitelist", only toolbar /statusbar buttons to toggle those plugins on/off.
As you mentioned, NoScript has features to block specific plugins from running automatically, and also has a "whitelist" so those plugins will run automatically on "trusted" websites, but getting the NoScript "whitelist" set up is a continuing job. It can be a frustrating extension to use for even "above-average users".
I use NoScript on my Windows desktop PC's as it is intended to be used - allowing JavaScript per domain / website by "allowing" or "temporarily allowing", but on my Linux netbook ''(900MHz processor and only 1GB of RAM)'' I have it set to ''Allow Scripts Globally'', so I don't have to allow JavaScript for each domain on every website I visit. When I first got that netbook I ran for a few months without blocking anything, but after Firefox getting stalled by too many unnecessary plugin presentations I installed Flashblock. After a few weeks I realized that Flashblock wasn't blocking enough of the plugins that were causing problems, so I switched to NoScript with ''Allow Scripts Globally'' selected. IMO, Linux is much less of a target than Windows PC's are as far as exploits and Malware are concerned.

Plugin-container process using 50+% CPU

There is some process called plugin-container initiated by firefox/thunderbird that sometimes uses 50% or more CPU.
Someone has this problem too?
Thanks in advance.

You can also try a Firefox plugin called flashblock. I think it's also available in the AUR. It requires a single click to allow flash, and you can whitelist certain sites.
You might also look at Adblock Plus.

Citrix HDX Flash redirection plugin installer not working

Hi,
We have been trying to install the Citrix Flash redirection plugin (Products - XenDesktop - Download Flash Plugin - Citrix) but it is not working.
When the installer begins after download, it starts to retrieve the install and then the windows goes blank (below)
I ran a debug install as a previous thread suggested and have pasted the comments below. We have tried this in numerous machines, different Operating systems on different networks, all with the same outcome. (the file path has been altered by me, below)
Memory Initialized (Maximum)
===============================================================================
Host Version: 3.5.4.26
"C:\xxxxx\xxxxxxxxxxxxx\Desktop\install_flashplayer15x32_mssd_aaa_aih.exe" /debug -Elevated
System: Windows NT version 6.2.9200.0
Added url to whitelist (localhost).
Added url to whitelist (solidstatenetworks.com).
Added url to whitelist (snxd.com).
Added read only registry path to whitelist (machine\Software\Microsoft\Internet Explorer\).
Added common name to whitelist (Solid State Networks I, LLC).
Added common name to whitelist (Adobe Systems Incorporated).
Extracting skin file (/app.config.xml)
Added url to whitelist (get.adobe.com).
Added url to whitelist (get2.adobe.com).
Added url to whitelist (aihdownload.adobe.com).
Added url to whitelist (airdownload.adobe.com).
Added url to whitelist (ardownload.adobe.com).
Added url to whitelist (download.macromedia.com).
Added url to whitelist (fpdownload.macromedia.com).
Added url to whitelist (fpdownload2.macromedia.com).
Added url to whitelist (fpdownload.adobe.com).
Added url to whitelist (fpdownload2.adobe.com).
Added url to whitelist (platformdl.adobe.com).
Added url to whitelist (platformdl-stage.corp.adobe.com).
Added url to whitelist (wwwimages.adobe.com).
Added url to whitelist (wwwimages.stage.adobe.com).
Added url to whitelist (dlmping.adobe.com).
Added url to whitelist (dlmping2.adobe.com).
Added url to whitelist (dlmping3.adobe.com).
Added url to whitelist (dlmping4.adobe.com).
Added url to whitelist (get3.adobe.com).
Added url to whitelist (get3.stage.adobe.com).
Added url to whitelist (adobetag.com).
Added url to whitelist (promotion.adobe.com).
Added read only registry path to whitelist (machine\SYSTEM\CurrentControlSet\Control\Session Manager\Environment\).
Added read only registry path to whitelist (machine\SOFTWARE\Microsoft\Windows NT\CurrentVersion\).
Added read only registry path to whitelist (machine\SOFTWARE\Microsoft\Windows\CurrentVersion\Uninstall\).
Added read only registry path to whitelist (machine\SOFTWARE\Wow6432Node\Microsoft\Windows\CurrentVersion\Uninstall\).
Added read only registry path to whitelist (user\SOFTWARE\Microsoft\Windows\Shell\Associations\UrlAssociations\).
Added read only registry path to whitelist (root\http\shell\open\command\).
Added read only registry path to whitelist (root\https\shell\open\command\).
Added read only registry path to whitelist (root\.htm\).
Added read only registry path to whitelist (root\.html\).
Added read only registry path to whitelist (root\IE.HTTP\shell\open\command\).
Added read only registry path to whitelist (root\FirefoxURL\shell\open\command\).
Added read only registry path to whitelist (root\SafariURL\shell\open\command\).
Added read only registry path to whitelist (root\ChromeHTML\shell\open\command\).
Added read only registry path to whitelist (machine\SOFTWARE\Microsoft\Windows\CurrentVersion\App Paths\).
Added read only registry path to whitelist (machine\SOFTWARE\Macromedia\).
Added read only registry path to whitelist (user\SOFTWARE\Macromedia\).
Added read/write registry path to whitelist (machine\SOFTWARE\Adobe\Setup\Reader\).
Added read/write registry path to whitelist (machine\SOFTWARE\Wow6432Node\Adobe\Setup\Reader\).
Added common name to whitelist (Adobe Systems, Incorporated).
189 active MIME types
WebServer thread running
WebServer Listening on 127.0.0.1:63006
Browser cache flushed (0 removed) (851 checked) (0.01 seconds)
Browser: IE 9.11.9600.17498
Extracting skin file (mainwindow.config.xml)
Response code set [/mainwindow.html:200:0]
Accept queue size of (2)
Response code set [/images/icon-blank.gif:200:0]
Response code set [/mainwindow.css:200:0]
Accept queue size of (2)
Response code set [/compact.min.js:200:0]
Response code set [/images/icon-complete.gif:200:0]
Response code set [/images/icon-complete-error.gif:200:0]
Accept queue size of (2)
Response code set [/images/logo-adobe.gif:200:0]
Response code set [/images/bg-close-program.png:200:0]
Accept queue size of (2)
Response code set [/images/bg-download-bar-empty.png:200:0]
Response code set [/images/bg-header-error.gif:200:0]
Response code set [/images/bg-download-bar-full.png:200:0]
Discovering default browser...
Default browser: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
Skin version: 2.0.2.13
Document ready triggered
Extracting skin file (locale/en-us.json)
Extracting skin file (workflow.json)
Unable to extract skin file (locale/en.json)
Unable to extract skin file (locale/ie.json)
Accept queue size of (2)
Response code set [/images/button-left.png:200:0]
Response code set [/images/button-center.png:200:0]
Response code set [/images/button-right.png:200:0]
Extracting skin file (interop/downloader.dll)
Loading interop library (C:\Users\Ed_LO\AppData\Local\Adobe\AIH.e8ca43f5ad5cdca8a0c1d77b352fe6e414532d67\download er.dll) (3.5.4.26)
Memory Initialized (Maximum)
===============================================================================
Downloader Version: 3.5.4.26
Solid Core v0.82 () in use (S11)
Cwd [C:\xxxxxx\xxxxxxx\Desktop\] [EC:F4:BB:09:82:BA]
Torrent Agent: -SC0082-
Torrent Agent: -SD354Q-
Starting manager thread
Manager state changing from (Idle) to (Start)
Manager state changing from (Start) to (Process)
Response code set [/environment.json:200:224]
macroEnvironment (macro) (1305): adding macro WorkflowUrl=https://get.adobe.com/flashplayer/webservices/aih/
macroEnvironment (macro) (1305): adding macro InstallType=install
macroEnvironment (macro) (1305): adding macro InstallName=flashplayer15
macroEnvironment (macro) (1305): adding macro InstallSite=live
macroEnvironment (macro) (1305): adding macro CompletionPageUrl=https://get.adobe.com/flashplayer/completion/aih/
mergeWorkflow (merge) (5EAA): retrieving https://get.adobe.com/flashplayer/webservices/aih/?language=en-IE&currentFilename=install_ flashplayer15x32_mssd_aaa_aih.exe&builtinName=flashplayer15&type=install&site=live
installProducts (products) (5781): primary product
installProducts (products) (5781): preparing sitecatalyst ping
installProducts (products) (5781): primary product
Unable to open file [C:\Users\Ed_LO\Desktop\install_flashplayer15x32_mssd_aaa_aih.exe][00008000](2 : 00000002)
installProducts (products) (5781): sitecatalyst offerCount 0
installProducts (products) (5781): sitecatalyst siteCatalystOffers 0
installProducts (products) (5781): sitecatalyst siteCatalystAcceptedOffers 0
installProducts (products) (5781): sitecatalyst primaryProductExitCode -1
installProducts (products) (5781): sitecatalyst primaryProductIsComplete false
installProducts (products) (5781): sitecatalyst primaryProductSiteCatalystCode
installProducts (products) (5781): sitecatalyst pageName ACDC_FP_AIH_Launched
installProducts (products) (5781): sitecatalyst channel ACDC_FlashPlayer
installProducts (products) (5781): sitecatalyst prop1 AIH
installProducts (products) (5781): sitecatalyst prop2 ACDC Downloads
installProducts (products) (5781): sitecatalyst prop3 get.adobe.com
installProducts (products) (5781): sitecatalyst prop4 en
installProducts (products) (5781): sitecatalyst prop5 en:undefined
installProducts (products) (5781): sitecatalyst products ;FlashPlayer_AIH
installProducts (products) (5781): sitecatalyst eVar73 ACDC_FlashPlayer
installProducts (products) (5781): sitecatalyst eVar74
installProducts (products) (5781): sitecatalyst events event96
installProducts (products) (5781): completion page url https://get.adobe.com/flashplayer/completion/aih/
installProducts (products) (5781): preparing sitecatalyst ping
installProducts (products) (5781): primary product
Unable to open file [C:\Users\Ed_LO\Desktop\install_flashplayer15x32_mssd_aaa_aih.exe][00008000](2 : 00000002)
installProducts (products) (5781): sitecatalyst offer results (isDual false oLen 0):
installProducts (products) (5781): sitecatalyst installedCode failedCode offerCode
installProducts (products) (5781): sitecatalyst allInstalled true allFailed true
installProducts (products) (5781): sitecatalyst numInstalled 0 numFailed 0
installProducts (products) (5781): sitecatalyst offerCount 0
installProducts (products) (5781): sitecatalyst offerCount 0
installProducts (products) (5781): sitecatalyst siteCatalystOffers 0
installProducts (products) (5781): sitecatalyst siteCatalystAcceptedOffers 0
installProducts (products) (5781): sitecatalyst primaryProductExitCode -1
installProducts (products) (5781): sitecatalyst primaryProductIsComplete false
installProducts (products) (5781): sitecatalyst primaryProductSiteCatalystCode
installProducts (products) (5781): sitecatalyst pageName ACDC_FP_AIH_Unknown_Reason_exitcode=-1
installProducts (products) (5781): sitecatalyst channel ACDC_FlashPlayer
installProducts (products) (5781): sitecatalyst prop1 AIH
installProducts (products) (5781): sitecatalyst prop2 ACDC Downloads
installProducts (products) (5781): sitecatalyst prop3 get.adobe.com
installProducts (products) (5781): sitecatalyst prop4 en
installProducts (products) (5781): sitecatalyst prop5 en:acdc_fp_aih_launched
installProducts (products) (5781): sitecatalyst products ;FlashPlayer_AIH
installProducts (products) (5781): sitecatalyst eVar73 ACDC_FlashPlayer
installProducts (products) (5781): sitecatalyst eVar74
installProducts (products) (5781): sitecatalyst events
actions not defined for (products) in (installProducts)
Notification center caught unhandled exception: Unable to get property 'length' of undefined or null reference
completion page url https://get.adobe.com/flashplayer/completion/aih/?exitcode=-1
Launching browser..
Command: "C:\Program Files (x86)\Google\Chrome\Application\chrome.exe" -- "%1"
Executable: C:\Program Files (x86)\Google\Chrome\Application\chrome.exe
Arguments: -- "https://get.adobe.com/flashplayer/completion/aih/?exitcode=-1"
Manager state changing from (Process) to (Stop)
Manager state changing from (Stop) to (Stopping)
Manager state changing from (Stopping) to (Shutdown)
Storage active (0/10):
-- Member Unused
-- Member Unused
-- Member Unused
-- Member Unused
-- Member Unused
-- Member Unused
-- Member Unused
-- Member Unused
-- Member Unused
-- Member Unused
Manager state changing from (Shutdown) to (Idle)
Manager thread shut down successful
Maximum Memory in use (230 / 661k)
===============================================================================
WebServer thread shut down successful
Browser cache flushed (0 removed) (866 checked) (0.06 seconds)
Maximum Memory in use (1137 / 5413k)
===============================================================================

Hi Jack,
The link Citrix has on their page for the Flash Player installer is incorrect. This has been escalated and Citrix will be contacted about this matter.
To download the Plugin Citrix is using, go to http://get.adobe.com/flashplayer/otherversions, select your Windows OS version and then select 'FP 16 for Firefox - NPAPI'.
Maria

Reader X Security Sandbox - adding exceptions (plugin)

The "Inside Adobe Reader X protected mode" articles briefly mention that the Sandbox should be programmatically configurable (using AddRule()).
Also the reader X SDK should contain some sample code for adding rules, but I don't see the example anywhere. Searching the whole SDK for terms like "broker", "sandbox" or "addrule" also doesn't find anything.
How to configure the security sandbox to allow writing to a specific location in the registry (under HKCU)?
How to configure the security sandbox to allow writing to a specific directory on the filesystem?

I've read ur post on your blog and replied to it but i didn't see my reply being posted.
The issue with us is that whenever we open Adobe Reader our plugin opens "myApp.exe".
with protected mode on, it gives an exception: shell execute exeception cannot launch "myApp.exe" (something like that)
and in the protected mode Log on, i can see that we need to use the whitelist policy " process_All_exec"
using that pointing to our "myApp.exe" this removes the initial error but tries to open "myApp.exe" from C:\Windows\sytem32 which is weird because "myApp.exe" is in programFiles.
and in your blog i read something dangerous "The general rule seems to be: don’t try to talk to other processes " if so, why do we have process_all_exec ?
i am kinda turning in looops in all the forums... and no real solution, no samples..

[svn:osmf:] 13604: Update build-config files for sample plugins.

Revision: 13604
Revision: 13604
Author:   [email protected]
Date:     2010-01-18 17:09:32 -0800 (Mon, 18 Jan 2010)
Log Message:
Update build-config files for sample plugins.
Modified Paths:
    osmf/trunk/apps/samples/plugins/AkamaiPluginSample/AkamaiPluginSample-build-config.xml
    osmf/trunk/apps/samples/plugins/MASTSample/MASTSample-build-config.xml

Thanks Brian. I would certainly appreciate the maintenance and documentation of some of these. The one that most comes to mind is the OSMFTest suite. This would be valuable if only so that developers have some idea of the coverage that's going on under the hood. It would also help for diagnosing what's going on when behavior is not as expected. I was pleased that when I figured out how to compile this directory, I could see that there were 1109 tests, all of which passed except for one that failed due to not being on my local security whitelist.

Reader X plugin error only on XP?

My company has a Reader X / XI plugin that worked fine when we built it with VS2005, but recently updated the project to VS2010, and now it throws a Class not registered com exception when it loads, but only on Windows XP (32 bit). Works fine on Windows 7 (64 bit).
The code that throws is loading a COM object that is a DLL in our install directory that is registered on installation of our product. The code to do the registration is identical for Win7/WinXP. The registration in the registry appears to be identical (except for paths etc) on both machines.
We create a whitelist file on install, and set the registry FeatureLockDown/bWhiteListConfig value to 1. As I said, it works fine on Win7, and the code is identical (other than correcting the paths as necessary) for WinXP. This same code worked fine when we were building with VS2005.
Here's the whitelist file contents:
; Files Section
FILES_ALLOW_ANY = C:\Program Files\<our_install_dir>\*
FILES_ALLOW_ANY = %appdata%\<our_app_dir>\*
FILES_ALLOW_ANY = C:\Documents and Settings\<user>\Local Settings\Application Data\<our_app_dir>\*
; Processes
PROCESS_ALL_EXEC = C:\Program Files\<our_install_dir>\*
PROCESS_ALL_EXEC = %appdata%\<our_app_dir>\*
PROCESS_ALL_EXEC = C:\Documents and Settings\<user>\Local Settings\Application Data\<our_app_dir>\*
; Registry
REG_ALLOW_ANY = HKEY_LOCAL_MACHINE\Software\Adobe*
; Mutants
MUTANT_ALLOW_ANY = ms*
MUTANT_ALLOW_ANY = ol*
///// the DLL name we're trying to load starts with Ta
MUTANT_ALLOW_ANY = Ta*
; Sections
SECTION_ALLOW_ANY = ms*
SECTION_ALLOW_ANY = local*
; Events Section
EVENTS_ALLOW_ANY = ms*
EVENTS_ALLOW_ANY = gl*
EVENTS_ALLOW_ANY = _fc*
; Named Pipes Section
SECTION_ALLOW_ANY = ms*
; Dirs Section
FILES_ALLOW_DIR_ANY = C:\Program Files\<our_install_dir>\*
FILES_ALLOW_DIR_ANY = %appdata%\<our_app_dir>\*
FILES_ALLOW_DIR_ANY = C:\Documents and Settings\<user>\Local Settings\Application Data\<our_app_dir>\*
Any help would be much appreciated.

You mean the Microsoft Visual C++ 2010 redistributable? Yes, that gets installed. (v10.0.40219 on the test machine I'm working on).
Also, I didn't specify, but it is WinXP SP3 (32 bit).
Also, just to note, it's a COM interop that I'm trying to load, for a .Net 4 DLL (.Net 4 is installed). Just in case that matters, or triggers a thought. The plugin itself is obviously still C++.
Message was edited by: NateFinch

Activate plugins for all users on a web-site

Hello,
Is there a way to activate or whitelist plugins for a specific web-site, for all users on a Windows computer? Each time a user logs in and visits the site, they have to click three prompts to enable content. Aside from being annoying, most folks aren't that tech-savvy to understand what is going on and that they need to do it. All they want is for their content to run in the browser.
Thanks

There are plugin.state prefs for each plugin.
*plugin.state (0:Never Activate; 1:Ask to Activate; 2:Always Activate)
You can use a mozilla.cfg file in the Firefox program folder to lock prefs or specify new (default) values.
Place a local-settings.js file in the defaults\pref folder where also the channel-prefs.js file is located to specify using mozilla.cfg.
pref("general.config.filename", "mozilla.cfg");
pref("general.config.obscure_value", 0);
These functions can be used in the mozilla.cfg file:
defaultPref(); // set new default value
pref(); // set pref, allow changes in current session
lockPref(); // lock pref, disallow changes
See:
*http://kb.mozillazine.org/Locking_preferences
*http://mike.kaply.com/2012/03/16/customizing-firefox-autoconfig-files/
*http://mike.kaply.com/2014/01/08/can-firefox-do-this/

Plugin Whitelisting

Similar Messages

Maybe you are looking for