Use of anti-virus products with WebLogic

Similar Messages

• Anti virus scan with avast

  this is the result!
  what actions do i need to take????

  This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an attacker who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
  All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files. The recognition database is automatically updated once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders. In most cases, there’s no benefit from any other automated protection against malware.
  Starting with OS X 10.7.5, there is another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications that are downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Applications certified in this way haven't actually been tested by Apple (unless they come from the Mac App Store), but you can be sure that they haven't been modified by anyone other than the developer, and his identity is known, so he could be held responsible if he knowingly released malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe. Note, however, that there are some caveats concerning Gatekeeper:
  It doesn't apply to software that comes packaged as an installer. Treat all third-party installers with caution.
  It can be disabled or overridden by the user.
  It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
  It only applies to applications downloaded from the network. Software installed from a CD or other media is not checked.
  For more information about Gatekeeper, see this Apple Support article. 
  Notwithstanding the above, the most effective defense against malware attacks is your own intelligence. All known malware on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. If you're smarter than the malware attacker thinks you are, you won't be duped. That means, primarily, that you never install software from an untrustworthy source. How do you know a source is untrustworthy?
  Any website that prompts you to install a “codec,” “plug-in,” or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
  A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. [Some reputable websites did legitimately warn users who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.]
  “Cracked” copies of commercial software downloaded from a bittorrent are likely to be infected.
  Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. No intermediary is acceptable.
  Java on the network (not to be confused with JavaScript, to which it's not related) is always a potential weak spot in the security of any operating system. If a Java web plugin is not installed, don't install it unless you really need it. If it is installed, you should disable it (not JavaScript) in your web browsers. Few websites have Java content nowadays, so you won’t be missing much. This setting is mandatory in OS X 10.5.8 or earlier, because Java in those obsolete versions has known security flaws that make it unsafe to use on the Internet. The flaws will never be fixed. Regardless of version, experience has shown that Java can never be fully trusted, even if no vulnerabilities are publicly known at the moment.
  Follow these guidelines, and you’ll be as safe from malware as you can reasonably be.
  Never install any commercial "anti-virus" products for the Mac, as they all do more harm than good. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.

• How to use clamav anti-virus for Red Hat linux

  I wanted to know how to use clamAV anti-virus solution for RHEL 5.X. I tried to find it online but the information does not seem consolidated. I wanted to understand how to install and use it to scan the system.
  Requesting a reply to my query.
  Regards

  Moderator Action:
  This question has no relationship whatsoever with functionality involving anything "Oracle".
  You should ask your Red Hat Linux questions at a Red Hat support forum.
  Thread is now locked because it is outside the scope of this forum discussion space.

• Question:  Do I need to run and anti virus program with MAC OSX Lion? Have heard different opinions! If so what would you recommend? Was looking at Sophos. Does anyone have any experience with this? Thanks

  Question:  Do I need to run and anti virus program with MAC OSX Lion? Have heard different opinions! If so what would you recommend? Was looking at Sophos. Does anyone have any experience with this? Thanks

  Do I need to run and anti virus program with MAC OSX Lion? Have heard different opinions!
  You will continue to hear different opinions here, where thoughts range everywhere between "anti-virus software is the evil spawn of Satan" to "anyone not running anti-virus software is a fool."
  Truth is, this is still a very personal decision on a Mac. Depending on circumstances, it is still very easily possible to stay safe without using anti-virus software, but circumstances and personal preferences vary widely. Besides which, anti-virus software cannot even remotely provide you a guarantee of protection!
  To learn how to stay safe (with or without anti-virus software), and how to decide whether to use anti-virus software, see my Mac Malware Guide.

• This is my first mac - what is the anti virus protocol with a mac?

  this is my first mac - what is the anti virus protocol with a mac

  Try using ClamXav 2.2.4. If you are not now using a hardware router I highly recommend you do so. Preferably use Ethernet for your local network. If you use wireless be sure it's protected by using WPA2 security.
  Use your head and don't download something when you don't know what it is, what it does, or where it's from. Stay off of unknown websites and don't click links if you think you're not sure what will happen.

• My wife is now working from home on her MacBook, her employer is requiring that she use an anti virus package.  Any recommendations?

  My wife is now working from home on her MacBook, her employer is requiring that she use an anti virus package.  Any recommendations?

  She may want some details from the employer before making a choice that is consistent with the employer's reasoning for the policy as applicable to this situation.
  1) Is the employer trying to safeguard the Windows network from Windows threats that might be introduced by the operation and interactivity of the Mac?
  Or
  2) Is the employer more concerned with safeguarding the work files and system health of the Mac(s)?
  AV software for Mac's have varying degrees of effectivness in either of these categories. ClamXav, I think is more effective at protecting the Mac, and even then its worth is questionable by some. Questionable only insofar as one might consider resource managment (CPU load and disk space) weighed against the actual threats posed to a Mac for which it would be effective.
  I think if you are installing an AV to protect the Windows network, then one might opt for software more adept at that.
  If on the other hand, the employer's requirement is nothing more than blind policy decision, then ClamXav is indeed the best choice, as it is particularly known for being low in resource overhead.

• Please would you stop bundling Anti-Virus software with Adobe Reader?

  I would be really grateful if Adobe would stop bundling Anti-Virus software with the Adobe Reader updates. Pre-selecting  the (download - Anti virus software) check-box in the dialogue box smacks of sharp practice. I have nothing against Anti-Virus software, but I want to take control of the process, not have Adobe make important choices for me: it really is very unprofessional.

  This is a user forum; you have to put your request to Adobe.
  Having said that, you can avoid bundled software by downloading the installer from http://get.adobe.com/reader/enterprise/
  Updates/patches are best downloaded by navigating the FTP site ftp://ftp.adobe.com/pub/adobe/reader/

• Using log4j v.1.2 with Weblogic 7.0

  I try to use logging pissibilities of Log4j with Weblogic 7.0 using com.bea.logging.WeblogicAppender
  class from logtoolkit.jar.
  When I use Weblogic's version of Log4j (v. 1.1.3), all is OK. When I try to use
  current version of Log4j (v.1.2.6), I receive java.lang.NoSuchFieldError: priority
  at com.bea.logging.WeblogicAppender.append(Unknown Source)
       at org.apache.log4j.AppenderSkeleton.doAppend(AppenderSkeleton.java:221)
       at org.apache.log4j.helpers.AppenderAttachableImpl.appendLoopOnAppenders(AppenderAttachableImpl.java:57)
       at org.apache.log4j.Category.callAppenders(Category.java:187)
       at org.apache.log4j.Category.forcedLog(Category.java:372)
       at org.apache.log4j.Category.info(Category.java:674)
       at com.mydomain.framework.log.Log4JLogger.logInfo(Log4JLogger.java:73)
  There is configuration file:
  <log4j:configuration>
  <appender name="WeblogicAppender" class="com.bea.logging.WeblogicAppender">
       <layout class="org.apache.log4j.PatternLayout"></layout>
  </appender>
  <root>
  <priority value ="debug" />
  <appender-ref ref="WeblogicAppender"/>
  </root>
  </log4j:configuration>
  Does anybody know this problem?

  Try changing "priority" to "level".
  Kevin

• Poture Validation of anti-virus products

  Hi all
  I have recently setup set up NAC framework to support dot1x for wireless and wired clients. My ACS appliance is successfully authentication users via eap-fast using personal and machine certs and it successfully posture checks that the users are using the correct CTA client, windows OS with correct patches.
  But for the life of me I cannot work out how to set up my ACS NAP posture validation rules to check Symantec's Anti-virus version 10 and check the current dat file.
  I have researched to the point where I think I have to upload NAC attributes to ACS appliance but not sure how. Setting up NAP posture rules to check against Cisco or Windows software is not that difficult and was well documented, but how to posture check a 3rd party software application is not well documented.
  The url I have been looking at is
  http://www.cisco.com/en/US/products/sw/secursw/ps2086/products_user_guide_chapter09186a00802335eb.html#wp366304
  I'm just not 100% sure I'm on the right track here??
  If anyone knows or has info how to setup NAP to posture check against 3rd party vendor software (like Symantec?s anti-virus) , I'd love to read up more about it.
  One last question, if I am on the right track here, would I setup a posture validation rule for Symantec by just duplicating the rule I have for checking my CTA client ?
  e.g rule
  Cisco:PA:PA-NAME = Symantec Anti-Virus
  and
  Cisco:PA:PA-Version >= X.X.X
  and
  Cisco:PA:Machine-Posture-State >= 1
  Brain bender 
  Thanks all
  Dale

  Hi,
  Have you installed the Symantec NAC Posture Plugin (Symantec Client Security Posture Plug-in
  ) ? You can find this MSI installer on the Symantec CD. This plugin provides an interface to CTA for checking the status of Symantec AV and its parameters as CTA has no way for directly getting this status from the Symantec Application.
  In most cases the Symantec AV attributes are already pre-loaded on the ACS. You can verify this by making sure that you see the System Token named "Symantec:AV".
  After completing the above steps then define a posture validation rule using
  1. Symantec:AV:Protection-Enabled (Healthy for a value of "1" and Quarantine\etc else.)
  2. Symantec:AV:Dat-Version (You will have to manually specify the minimum acceptable version (E.g. 2007.05.1... ) to declare a System Healthy).
  You probably will have to keep updating the 2 above to keep the minimum version in line with the latest available. A workaround to this is to use another 3rd party AV which relies on an external AV server to get this version dynamically (E.g. Trend Micro). In this case ACS doesn't make the decision but forwards the credentials to the external AV. Symantec support for NAC is very limited and i don't see that improving considering they have their own NAC solution to market.
  Thanks,
  Naman

• Should I use an anti-virus on my MacBook? If so, which one?  Thanks.

  Anybody there?

  Yes, we're here!
  Before you decide to install any AV software on your computer, you should do a little reading first and then decide on what you may (and may not) want to use.
  Take a visit to Thomas Reed's "The Safe Mac" website and read his Mac Malware Guide. Then take a look at his anti-virus detection guides, part one and part two.
  Only you can be certain if you need malware/virus software. If you tend to be wise about what you download, what to look for in possibly infected emails, etc., then it's unlikely that you need anything. If you tend to 'compute precariously then you may need AV software.
  Good luck,
  Clinton

• Using StoneBeat WebCluster load balancing with WebLogic

            Hi,
            I have done some testing of WebLogic Server with my company's StoneBeat WebCluster
            distributed load balancing software. This might be one more option to consider
            as a load balancing solution for WLS. It is advanced in the sense that load balancing
            is really dynamic, there are no single-points of failure (distributed architecture)
            and there is a very good, configurable test subsystem that runs on each cluster
            node to check for overload situations, HW/OS failures, ...
            In the initial testing, the WebCluster load balancing works with WebLogic replication,
            although there are some cases that need mroe consideration (please see below).
            I had to get a patch to WLS6SP1 on NT to make WLS' multicast work when there are
            several NICs on the cluster nodes.
            However, there is one case which causes problems:
            - I have 3 cluster nodes
            - P: 2, S: 3 (SessionServlet = 1)
            - 2: offline - P: 3, S: 1 (SessionServlet = 2; WebCluster randomly selected a
            new node to handle the connection)
            - 2: online - P: 2, S: ? (SessionServlet = 3, WebCluster redistributes the load
            when a node goes online)
            - 2: offline
            - P: 3, S: 1 (__SessionServlet = 1__) NB!
            The log messages show that when node 2 comes back online it retrieves the replica
            from the secondary (node 1) and not from the primary (node 3). After a while (5-6
            minutes), node 3 tries to update the replica on node 1. Node 1 considers this
            a stale update request and removes the Primary 16... (node name) and then the
            secondary for 16... (the replicated object). Then there's a message (still on
            node 1) that it is unable to find object 16... Back on node 3 the primary for
            16... is removed.
            From the WLS6 documentation (under the discussion of using replication with external
            HW load balancing solutions) I thought that this case would have been handled:
            - it is stated that after the failure of a node, if the HWLB box sends the next
            request to a node where there is no replica, WLS is able to retrieve the replica
            - to be fair, this is what happens: when node 2 came back online, it retrieved
            the replica from node 1 (the secondary) - I suppose that there is an assumption
            that if a request arrives to a node without a replica, the primary __must have
            failed__
            Is there any way to get around this problem?
            Admittedly, WebCluster has a problem in that the stickyness of connections is
            not perfect: - when a node goes online, a connection that was correctly persisted
            (based on either source-ip or source-network address) may be moved to a new node
            since the load is redistributed. Our load balancing is very dynamic, but doesn't
            maintain a list of who is connected to which node when resistribution takes place
            Regards,
            Frank Olsen
            Stonesoft
            

  Rick,
  You may want to look at the Alteon and F5 configuration we have on edocs.
  Take a look at the following URLs for a possible solution
  http://edocs.bea.com/wls/docs61/cluster/alteon.html#591902
  http://edocs.bea.com/wls/docs61/cluster/bigip.html#591902
  Chuck Nelson
  DRE
  BEA Technical Support

• Problems using 4096 bit SSL certificate with WebLogic Apache 2.2 plug-in

  Hi,
  'm using WebLogic 9.2 MP3 and Apache HTTP Server (version 2.2) Plug-In. For security reasons, I have SSL installed on both Apache and WebLogic. So Apache must communicate with WebLogic via https.
  I get the following error when attempting to access WebLogic via Apache:
  Internet Explorer cannot display the webpage
  These are the last lines in wlproxy log:
  Fri Feb 26 14:08:59 2010 <71212672221392> INFO: SSL is configured
  Fri Feb 26 14:08:59 2010 <71212672221392> SSL Main Context not set. Calling InitSSL
  Fri Feb 26 14:08:59 2010 <71212672221331> INFO: Initializing SSL library
  I've found that the problem is caused by using a 4096 bit intermediate cert. When I include this 4096 bit cert in the file referenced by plugin parameter "TrustedCAFile", it is unable to load it. I've tested 4096 bit certs from a few different certificate authorities, and consistently see this problem, so I know the problem is not related to the specific certificate. If I use a 2048 bit intermediate certificate, everything works perfectly fine.
  Do you know if there are limitations to the certificate length that the plug-in can use?

  Yes 4096 bit Certificates are not supported by the plugin.
  You can use up to 2048 bit.
  There is a Bug which clearly mentions it.
  I dont remember the Bug Number, but an Oracle Support person will be able to tell you.
  Hope this helps.
  Faisal Khan
  Edited by: Faisal Khan on Feb 27, 2010 2:08 PM

• Do I need an anti-virus system with Firefox

  Do to down load anti-virus program to search on Firefox

  Firefox is a web browser as it does not come with a antivirus or a firewall.

• Has anyone used savos anti virus for mac

  I have been seeing a bit on the net that Apple Macs are being targeted by hackers.
  I have seen the program Savos, anti virus & free root kit remover.

  Most would say no, that macs do not need anti virus programs.  They are subject to malware, however the user has to be tricked into intalling it.  Unless you have a Windows partition, I personally wouldn't recommend wasting your money on an anti virus program.  You can read this: http://www.reedcorner.net/guides/macvirus/#needav to help you with your decision.

• I use norton anti virus and it has login help for most sites i could use it effectively with firefox earlier version but with firefox 4 the same is not available sttaing firefox is not compatiable with norton anti virus kindly clarify

  firefox 4 is not compatible with norton antivirus program. i need a solution for this
  mohan

  Symantec need to update their Firefox add-ons so that they are compatible with Firefox 4. They have indicated that for Norton 360 they plan to release an update to Norton 360 to support Firefox 4 in early May - http://us.norton.com/support/kb/web_view.jsp?wv_type=public_web&docurl=20100720113635EN&ln=en_US
  I do not know about the time scale for updates for other Norton products. Pending the update by Symantec, if you want to use the Norton add-ons you will need to downgrade to Firefox 3.6.
  The core Norton components such as antivirus and firewall will still work, it will just be the add-ons that are not currently compatible.
  To downgrade to Firefox 3.6 first uninstall Firefox 4, but do not select the option to "Remove my Firefox personal data". If you select that option it will delete your bookmarks, passwords and other user data.
  You can then install the latest version of Firefox 3.6 available from http://www.mozilla.com/en-US/firefox/all-older.html - it will automatically use your current bookmarks, passwords etc.
  To avoid possible problems with downgrading, I recommend going to your profile folder and deleting the following files if they exist - extensions.cache, extensions.rdf, extensions.ini, extensions.sqlite and localstore.rdf. Deleting these files will force Firefox to rebuild the list of installed extensions, checking their compatibility, and reset toolbar customizations.
  For details of how to find your profile folder see https://support.mozilla.com/kb/Profiles