Using ARD for scanning remote computers for Virus

This might be way out, but does anyone know of a unix command or something that can be sent remotely to remove viruses from Mac desktops using ARD. We have a few viruses that although are not effecting our macs are being send to Windows users and they then have to deal with the virus.
Thanks

There is no direct command for virus checking in UNIX, so no, not as such unless you know specifically what files needed to be removed in which case standard UNIX rm commands would work. Otherwise you'd have to have a virus application on the Mac that could be run via command line, and I don't know of any unless perhaps ClamXav does (the underlying ClamAV engine is command-line based but I'm not sure if ClamXav still allows access).

Similar Messages

Best Practice Advice - Using ARD for Inventorying System Resources Info

Hello All,
I hope this is the place I can post a question like this. If not please direct me if there is another location for a topic of this nature.
We are in the process of utilizing ARD reporting for all the Macs in our district (3500 +/- a few here and there). I am looking for advice and would like some best practices ideas for a project like this. ANY and ALL advice is welcome. Scheduling reports, utilizing a task server as opposed to the Admin workstation, etc. I figured I could always learn from those with experience rather than trying to reinvent the wheel. Thanks for your time.

hey, i am also intrested in any tips. we are gearing up to use ARD for all of our macs current and future.
i am having a hard time with entering the user/pass for each machine, is there and eaiser way to do so? we dont have nearly as many macs running as you do but its still a pain to do each one over and over. any hints? or am i doing it wrong?
thanks
-wilt

Using ARD from an outside/offsite location...

Is ARD the right solution to use if I want to access my computers when I'm on the road and away from the office? It's a Home office network of four computers. If this is not the ideal solution, what would work best for this application? We can upgrade to 10.4.6+ if necessary. Been trying to figure this out for over a year now. Looking forward to your help and advice. Thank you all! With Respect, Donnie Dixon.
G4/867DP-MDD Mac OS X (10.3.9)

ARD can be configured to connect through routers, but it is difficult to set up, and if you try to change the port it listens on, that is several degrees more complex. It's really designed to manage a bunch of systems located on one network in one place...it works fine that way. If your school or lab is basically in one place, ARD will work fine, or if you have multiple locations, you can buy an ARD admin for each location.
But, for connecting between networks or through routers where port forwarding is an issue, Timbuktu is a better solution. The smart sysadmin has many tools on hir or her belts, ARD, Timbuktu, VNC, etc. FWIW, we use ARD for administering our lab machines, and have Timbuktu on all the server and admin machines, since we may need to access those from other locations.

Scan Portaldocuments for viruses using an external product.

Hello,
I'm in search for a possibility to automatically scan uploaded documents on the server for viruses using an external anti-virus product.
When anybody has experience in this area and could share it with me that would be great.
Kind regards,
Niels de Bruijn

Hi Niels: I agree with Fortunato. Since the documents are saved as database objects, a traditional virus scanner isn't going to do the trick. Expanding on his idea, if you are willing to use Oracle's WebDAV client called Oracle Drive rather than the inherent client built into Windows, you can actually map portal as a network drive where folder=pagegroups and pages and files =items on each page. You can then use any virus scanner just like it was a "normal" network drive. If you want to scan the files before they are uploaded to portal, the only solution I can envision would be using a custom file upload procedure probably in Java and scanning the file there before it is even added to the portal repository.
The Oracle Drive download link is at the bottom of: http://www.oracle.com/technology/software/htdocs/devlic.html?url=http://www.oracle.com/technology/software/products/cs/htdocs/clientsoft.html
Rgds/Mark M.

While using Firefox, a site popped up and said it was Firefox scanning for viruses. It then said I had dangerous viruses and should download a security program. Is this for real? The site was update32.escmce.ce.ms

While using Firefox, a site popped up and said it was Firefox scanning for viruses. It then said I had dangerous viruses and should download a security program. Is this for real? The site was update32.escmce.ce.ms I googled this site and it does not exist. Now, I am worried about the security on my computer.

If you're running under Windows, I suggest you download and install Microsoft's Security Essentials. It protects against these types of attacks and tends to find stuff that other anti-virus scanners don't find. You're system could be infected because of that bogus, evil anti-virus scan. Install and run the software while in safe mode.

ClamAV fails to scan for viruses in emails [CLAWS MAIL]

I've recently switched from Thunderbird to Claws Mail and ran into one small, but annoying, problem.
I want to use ClamAV + the clamav extension for claws mail to scan for viruses, however it does seem to have permission problems.
clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
Scanning error:
/home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
Here's my clamd.conf:
## Please read the clamd.conf(5) manual before editing this file.
# Comment or remove the line below.
#Example
# Uncomment this option to enable logging.
# LogFile must be writable for the user running daemon.
# A full path is required.
# Default: disabled
LogFile /var/log/clamav/clamd.log
# By default the log file is locked for writing - the lock protects against
# running clamd multiple times (if want to run another clamd, please
# copy the configuration file, change the LogFile variable, and run
# the daemon with --config-file option).
# This option disables log file locking.
# Default: no
#LogFileUnlock yes
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes). To specify the size
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M
# Log time with each message.
# Default: no
LogTime yes
# Also log clean files. Useful in debugging but drastically increases the
# log size.
# Default: no
#LogClean yes
# Use system logger (can work together with LogFile).
# Default: no
#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# Enable verbose logging.
# Default: no
#LogVerbose yes
# Log additional information about the infected file, such as its
# size and hash, together with the virus name.
#ExtendedDetectionInfo yes
# This option allows you to save a process identifier of the listening
# daemon (main thread).
# Default: disabled
PidFile /run/clamav/clamd.pid
# Optional path to the global temporary directory.
# Default: system specific (usually /tmp or /var/tmp).
TemporaryDirectory /tmp
# Path to the database directory.
# Default: hardcoded (depends on installation options)
DatabaseDirectory /var/lib/clamav
# Only load the official signatures published by the ClamAV project.
# Default: no
OfficialDatabaseOnly yes
# The daemon can work in local mode, network mode or both.
# Due to security reasons we recommend the local mode.
# Path to a local socket file the daemon will listen on.
# Default: disabled (must be specified by a user)
LocalSocket /var/lib/clamav/clamd.sock
# Sets the group ownership on the unix socket.
# Default: disabled (the primary group of the user running clamd)
LocalSocketGroup clamav
# Sets the permissions on the unix socket to the specified mode.
# Default: disabled (socket is world accessible)
#LocalSocketMode 660
# Remove stale socket after unclean shutdown.
# Default: yes
#FixStaleSocket yes
# TCP port address.
# Default: no
#TCPSocket 3310
# TCP address.
# By default we bind to INADDR_ANY, probably not wise.
# Enable the following to provide some degree of protection
# from the outside world.
# Default: no
#TCPAddr 127.0.0.1
# Maximum length the queue of pending connections may grow to.
# Default: 200
#MaxConnectionQueueLength 30
# Clamd uses FTP-like protocol to receive data from remote clients.
# If you are using clamav-milter to balance load between remote clamd daemons
# on firewall servers you may need to tune the options below.
# Close the connection when the data size limit is exceeded.
# The value should match your MTA's limit for a maximum attachment size.
# Default: 25M
#StreamMaxLength 10M
# Limit port range.
# Default: 1024
#StreamMinPort 30000
# Default: 2048
#StreamMaxPort 32000
# Maximum number of threads running at the same time.
# Default: 10
#MaxThreads 20
# Waiting for data from a client socket will timeout after this time (seconds).
# Default: 120
#ReadTimeout 300
# This option specifies the time (in seconds) after which clamd should
# timeout if a client doesn't provide any initial command after connecting.
# Default: 5
#CommandReadTimeout 5
# This option specifies how long to wait (in miliseconds) if the send buffer is full.
# Keep this value low to prevent clamd hanging
# Default: 500
#SendBufTimeout 200
# Maximum number of queued items (including those being processed by MaxThreads threads)
# It is recommended to have this value at least twice MaxThreads if possible.
# WARNING: you shouldn't increase this too much to avoid running out of file descriptors,
# the following condition should hold:
# MaxThreads*MaxRecursion + (MaxQueue - MaxThreads) + 6< RLIMIT_NOFILE (usual max is 1024)
# Default: 100
#MaxQueue 200
# Waiting for a new job will timeout after this time (seconds).
# Default: 30
#IdleTimeout 60
# Don't scan files and directories matching regex
# This directive can be used multiple times
# Default: scan all
#ExcludePath ^/proc/
#ExcludePath ^/sys/
# Maximum depth directories are scanned at.
# Default: 15
#MaxDirectoryRecursion 20
# Follow directory symlinks.
# Default: no
#FollowDirectorySymlinks yes
# Follow regular file symlinks.
# Default: no
#FollowFileSymlinks yes
# Scan files and directories on other filesystems.
# Default: yes
#CrossFilesystems yes
# Perform a database check.
# Default: 600 (10 min)
#SelfCheck 600
# Execute a command when virus is found. In the command string %v will
# be replaced with the virus name.
# Default: no
#VirusEvent /usr/local/bin/send_sms 123456789 "VIRUS ALERT: %v"
# Run as another user (clamd must be started by root for this option to work)
# Default: don't drop privileges
User clamav
# Initialize supplementary group access (clamd must be started by root).
# Default: no
#AllowSupplementaryGroups no
# Stop daemon when libclamav reports out of memory condition.
#ExitOnOOM yes
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Do not remove temporary files (for debug purposes).
# Default: no
#LeaveTemporaryFiles yes
# Detect Possibly Unwanted Applications.
# Default: no
#DetectPUA yes
# Exclude a specific PUA category. This directive can be used multiple times.
# See http://www.clamav.net/support/pua for the complete list of PUA
# categories.
# Default: Load all categories (if DetectPUA is activated)
#ExcludePUA NetTool
#ExcludePUA PWTool
# Only include a specific PUA category. This directive can be used multiple
# times.
# Default: Load all categories (if DetectPUA is activated)
#IncludePUA Spy
#IncludePUA Scanner
#IncludePUA RAT
# In some cases (eg. complex malware, exploits in graphic files, and others),
# ClamAV uses special algorithms to provide accurate detection. This option
# controls the algorithmic detection.
# Default: yes
#AlgorithmicDetection yes
## Executable files
# PE stands for Portable Executable - it's an executable file format used
# in all 32 and 64-bit versions of Windows operating systems. This option allows
# ClamAV to perform a deeper analysis of executable files and it's also
# required for decompression of popular executable packers such as UPX, FSG,
# and Petite. If you turn off this option, the original files will still be
# scanned, but without additional processing.
# Default: yes
#ScanPE yes
# Executable and Linking Format is a standard format for UN*X executables.
# This option allows you to control the scanning of ELF files.
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
# Default: yes
#ScanELF yes
# With this option clamav will try to detect broken executables (both PE and
# ELF) and mark them as Broken.Executable.
# Default: no
#DetectBrokenExecutables yes
## Documents
# This option enables scanning of OLE2 files, such as Microsoft Office
# documents and .msi files.
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
# Default: yes
#ScanOLE2 yes
# With this option enabled OLE2 files with VBA macros, which were not
# detected by signatures will be marked as "Heuristics.OLE2.ContainsMacros".
# Default: no
#OLE2BlockMacros no
# This option enables scanning within PDF files.
# If you turn off this option, the original files will still be scanned, but
# without decoding and additional processing.
# Default: yes
#ScanPDF yes
## Mail files
# Enable internal e-mail scanner.
# If you turn off this option, the original files will still be scanned, but
# without parsing individual messages/attachments.
# Default: yes
#ScanMail yes
# Scan RFC1341 messages split over many emails.
# You will need to periodically clean up $TemporaryDirectory/clamav-partial directory.
# WARNING: This option may open your system to a DoS attack.
# Never use it on loaded servers.
# Default: no
#ScanPartialMessages yes
# With this option enabled ClamAV will try to detect phishing attempts by using
# signatures.
# Default: yes
#PhishingSignatures yes
# Scan URLs found in mails for phishing attempts using heuristics.
# Default: yes
#PhishingScanURLs yes
# Always block SSL mismatches in URLs, even if the URL isn't in the database.
# This can lead to false positives.
# Default: no
#PhishingAlwaysBlockSSLMismatch no
# Always block cloaked URLs, even if URL isn't in database.
# This can lead to false positives.
# Default: no
#PhishingAlwaysBlockCloak no
# Allow heuristic match to take precedence.
# When enabled, if a heuristic scan (such as phishingScan) detects
# a possible virus/phish it will stop scan immediately. Recommended, saves CPU
# scan-time.
# When disabled, virus/phish detected by heuristic scans will be reported only at
# the end of a scan. If an archive contains both a heuristically detected
# virus/phish, and a real malware, the real malware will be reported
# Keep this disabled if you intend to handle "*.Heuristics.*" viruses
# differently from "real" malware.
# If a non-heuristically-detected virus (signature-based) is found first,
# the scan is interrupted immediately, regardless of this config option.
# Default: no
#HeuristicScanPrecedence yes
## Data Loss Prevention (DLP)
# Enable the DLP module
# Default: No
#StructuredDataDetection yes
# This option sets the lowest number of Credit Card numbers found in a file
# to generate a detect.
# Default: 3
#StructuredMinCreditCardCount 5
# This option sets the lowest number of Social Security Numbers found
# in a file to generate a detect.
# Default: 3
#StructuredMinSSNCount 5
# With this option enabled the DLP module will search for valid
# SSNs formatted as xxx-yy-zzzz
# Default: yes
#StructuredSSNFormatNormal yes
# With this option enabled the DLP module will search for valid
# SSNs formatted as xxxyyzzzz
# Default: no
#StructuredSSNFormatStripped yes
## HTML
# Perform HTML normalisation and decryption of MS Script Encoder code.
# Default: yes
# If you turn off this option, the original files will still be scanned, but
# without additional processing.
#ScanHTML yes
## Archives
# ClamAV can scan within archives and compressed files.
# If you turn off this option, the original files will still be scanned, but
# without unpacking and additional processing.
# Default: yes
#ScanArchive yes
# Mark encrypted archives as viruses (Encrypted.Zip, Encrypted.RAR).
# Default: no
#ArchiveBlockEncrypted no
## Limits
# The options below protect your system against Denial of Service attacks
# using archive bombs.
# This option sets the maximum amount of data to be scanned for each input file.
# Archives and other containers are recursively extracted and scanned up to this
# value.
# Value of 0 disables the limit
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 100M
#MaxScanSize 150M
# Files larger than this limit won't be scanned. Affects the input file itself
# as well as files contained inside it (when the input file is an archive, a
# document or some other kind of container).
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 25M
#MaxFileSize 30M
# Nested archives are scanned recursively, e.g. if a Zip archive contains a RAR
# file, all files within it will also be scanned. This options specifies how
# deeply the process should be continued.
# Note: setting this limit too high may result in severe damage to the system.
# Default: 16
#MaxRecursion 10
# Number of files to be scanned within an archive, a document, or any other
# container file.
# Value of 0 disables the limit.
# Note: disabling this limit or setting it too high may result in severe damage
# to the system.
# Default: 10000
#MaxFiles 15000
## Clamuko settings
# Enable Clamuko. Dazuko must be configured and running. Clamuko supports
# both Dazuko (/dev/dazuko) and DazukoFS (/dev/dazukofs.ctrl). DazukoFS
# is the preferred option. For more information please visit www.dazuko.org
# Default: no
#ClamukoScanOnAccess yes
# The number of scanner threads that will be started (DazukoFS only).
# Having multiple scanner threads allows Clamuko to serve multiple
# processes simultaneously. This is particularly beneficial on SMP machines.
# Default: 3
#ClamukoScannerCount 3
# Don't scan files larger than ClamukoMaxFileSize
# Value of 0 disables the limit.
# Default: 5M
#ClamukoMaxFileSize 10M
# Set access mask for Clamuko (Dazuko only).
# Default: no
#ClamukoScanOnOpen yes
#ClamukoScanOnClose yes
#ClamukoScanOnExec yes
# Set the include paths (all files inside them will be scanned). You can have
# multiple ClamukoIncludePath directives but each directory must be added
# in a seperate line. (Dazuko only)
# Default: disabled
#ClamukoIncludePath /home
#ClamukoIncludePath /students
# Set the exclude paths. All subdirectories are also excluded. (Dazuko only)
# Default: disabled
#ClamukoExcludePath /home/bofh
# With this option you can whitelist specific UIDs. Processes with these UIDs
# will be able to access all files.
# This option can be used multiple times (one per line).
# Default: disabled
#ClamukoExcludeUID 0
# With this option enabled ClamAV will load bytecode from the database.
# It is highly recommended you keep this option on, otherwise you'll miss detections for many new viruses.
# Default: yes
#Bytecode yes
# Set bytecode security level.
# Possible values:
# None - no security at all, meant for debugging. DO NOT USE THIS ON PRODUCTION SYSTEMS
# This value is only available if clamav was built with --enable-debug!
# TrustSigned - trust bytecode loaded from signed .c[lv]d files,
# insert runtime safety checks for bytecode loaded from other sources
# Paranoid - don't trust any bytecode, insert runtime checks for all
# Recommended: TrustSigned, because bytecode in .cvd files already has these checks
# Note that by default only signed bytecode is loaded, currently you can only
# load unsigned bytecode in --enable-debug mode.
# Default: TrustSigned
#BytecodeSecurity TrustSigned
# Set bytecode timeout in miliseconds.
# Default: 5000
# BytecodeTimeout 1000
My freshclam.conf:
## Please read the freshclam.conf(5) manual before editing this file.
# Comment or remove the line below.
#Example
# Path to the database directory.
# WARNING: It must match clamd.conf's directive!
# Default: hardcoded (depends on installation options)
#DatabaseDirectory /var/lib/clamav
# Path to the log file (make sure it has proper permissions)
# Default: disabled
UpdateLogFile /var/log/clamav/freshclam.log
# Maximum size of the log file.
# Value of 0 disables the limit.
# You may use 'M' or 'm' for megabytes (1M = 1m = 1048576 bytes)
# and 'K' or 'k' for kilobytes (1K = 1k = 1024 bytes).
# in bytes just don't use modifiers.
# Default: 1M
#LogFileMaxSize 2M
# Log time with each message.
# Default: no
#LogTime yes
# Enable verbose logging.
# Default: no
#LogVerbose yes
# Use system logger (can work together with UpdateLogFile).
# Default: no
#LogSyslog yes
# Specify the type of syslog messages - please refer to 'man syslog'
# for facility names.
# Default: LOG_LOCAL6
#LogFacility LOG_MAIL
# This option allows you to save the process identifier of the daemon
# Default: disabled
#PidFile /var/run/freshclam.pid
# By default when started freshclam drops privileges and switches to the
# "clamav" user. This directive allows you to change the database owner.
# Default: clamav (may depend on installation options)
#DatabaseOwner clamav
# Initialize supplementary group access (freshclam must be started by root).
# Default: no
#AllowSupplementaryGroups yes
# Use DNS to verify virus database version. Freshclam uses DNS TXT records
# to verify database and software versions. With this directive you can change
# the database verification domain.
# WARNING: Do not touch it unless you're configuring freshclam to use your
# own database verification domain.
# Default: current.cvd.clamav.net
#DNSDatabaseInfo current.cvd.clamav.net
# Uncomment the following line and replace XY with your country
# code. See http://www.iana.org/cctld/cctld-whois.htm for the full list.
# You can use db.XY.ipv6.clamav.net for IPv6 connections.
#DatabaseMirror db.XY.clamav.net
# database.clamav.net is a round-robin record which points to our most
# reliable mirrors. It's used as a fall back in case db.XY.clamav.net is
# not working. DO NOT TOUCH the following line unless you know what you
# are doing.
DatabaseMirror database.clamav.net
# How many attempts to make before giving up.
# Default: 3 (per mirror)
#MaxAttempts 5
# With this option you can control scripted updates. It's highly recommended
# to keep it enabled.
# Default: yes
#ScriptedUpdates yes
# By default freshclam will keep the local databases (.cld) uncompressed to
# make their handling faster. With this option you can enable the compression;
# the change will take effect with the next database update.
# Default: no
#CompressLocalDatabase no
# With this option you can provide custom sources (http:// or file://) for
# database files. This option can be used multiple times.
# Default: no custom URLs
#DatabaseCustomURL http://myserver.com/mysigs.ndb
#DatabaseCustomURL file:///mnt/nfs/local.hdb
# Number of database checks per day.
# Default: 12 (every two hours)
#Checks 24
# Proxy settings
# Default: disabled
#HTTPProxyServer myproxy.com
#HTTPProxyPort 1234
#HTTPProxyUsername myusername
#HTTPProxyPassword mypass
# If your servers are behind a firewall/proxy which applies User-Agent
# filtering you can use this option to force the use of a different
# User-Agent header.
# Default: clamav/version_number
#HTTPUserAgent SomeUserAgentIdString
# Use aaa.bbb.ccc.ddd as client address for downloading databases. Useful for
# multi-homed systems.
# Default: Use OS'es default outgoing IP address.
#LocalIPAddress aaa.bbb.ccc.ddd
# Send the RELOAD command to clamd.
# Default: no
NotifyClamd /etc/clamav/clamd.conf
# Run command after successful database update.
# Default: disabled
#OnUpdateExecute command
# Run command when database update process fails.
# Default: disabled
#OnErrorExecute command
# Run command when freshclam reports outdated version.
# In the command string %v will be replaced by the new version number.
# Default: disabled
#OnOutdatedExecute command
# Don't fork into background.
# Default: no
#Foreground yes
# Enable debug messages in libclamav.
# Default: no
#Debug yes
# Timeout in seconds when connecting to database server.
# Default: 30
#ConnectTimeout 60
# Timeout in seconds when reading from database server.
# Default: 30
#ReceiveTimeout 60
# With this option enabled, freshclam will attempt to load new
# databases into memory to make sure they are properly handled
# by libclamav before replacing the old ones.
# Default: yes
#TestDatabases yes
# When enabled freshclam will submit statistics to the ClamAV Project about
# the latest virus detections in your environment. The ClamAV maintainers
# will then use this data to determine what types of malware are the most
# detected in the field and in what geographic area they are.
# Freshclam will connect to clamd in order to get recent statistics.
# Default: no
#SubmitDetectionStats /path/to/clamd.conf
# Country of origin of malware/detection statistics (for statistical
# purposes only). The statistics collector at ClamAV.net will look up
# your IP address to determine the geographical origin of the malware
# reported by your installation. If this installation is mainly used to
# scan data which comes from a different location, please enable this
# option and enter a two-letter code (see http://www.iana.org/domains/root/db/)
# of the country of origin.
# Default: disabled
#DetectionStatsCountry country-code
# This option enables support for our "Personal Statistics" service.
# When this option is enabled, the information on malware detected by
# your clamd installation is made available to you through our website.
# To get your HostID, log on http://www.stats.clamav.net and add a new
# host to your host list. Once you have the HostID, uncomment this option
# and paste the HostID here. As soon as your freshclam starts submitting
# information to our stats collecting service, you will be able to view
# the statistics of this clamd installation by logging into
# http://www.stats.clamav.net with the same credentials you used to
# generate the HostID. For more information refer to:
# http://www.clamav.net/support/faq/faq-cctts/
# This feature requires SubmitDetectionStats to be enabled.
# Default: disabled
#DetectionStatsHostID unique-id
# This option enables support for Google Safe Browsing. When activated for
# the first time, freshclam will download a new database file (safebrowsing.cvd)
# which will be automatically loaded by clamd and clamscan during the next
# reload, provided that the heuristic phishing detection is turned on. This
# database includes information about websites that may be phishing sites or
# possible sources of malware. When using this option, it's mandatory to run
# freshclam at least every 30 minutes.
# Freshclam uses the ClamAV's mirror infrastructure to distribute the
# database and its updates but all the contents are provided under Google's
# terms of use. See http://code.google.com/support/bin/answer.py?answer=70015
# and http://safebrowsing.clamav.net for more information.
# Default: disabled
#SafeBrowsing yes
# This option enables downloading of bytecode.cvd, which includes additional
# detection mechanisms and improvements to the ClamAV engine.
# Default: enabled
#Bytecode yes
# Download an additional 3rd party signature database distributed through
# the ClamAV mirrors. Here you can find a list of available databases:
# http://www.clamav.net/download/cvd/3rdparty
# This option can be used multiple times.
#ExtraDatabase dbname1
#ExtraDatabase dbname2
Any help is much appreciated.

MatejLach wrote:
clamd is running, user and group clamav all have the relevant permissions as far as I can tell, however upon scanning my mail, I always end up with the following error:
Scanning error:
/home/username/.claws-mail/mimetmp/0000000e.mimetmp: lstat() failed: Permission denied. ERROR
Seems like a permissions error to me... maybe check the actual file it is attempting to scan... I know it is in your home folder, but just to be sure, you might want to check that everything is sane.

How to SCAN uploaded files for VIRUS in APEX

part 1:
Goal:
Do a virus scan of the uploaded file from APEX application prior to storing the file in custom tables.
The process:
Followed the document from www.developer.com:
Implementing an Anti-Virus File Scan in JEE Applications
By Vlad Kofman
Go to page: 1 2 3 Next
This article will discuss one of the ways to implement antivirus file scanning in Java, particular in the JEE applications. Viruses, Trojan Horses, and different malware and spyware are a real problem for current computer environments, and especially for the Windows operating system. If you are designing any application in Java that has a requirement to be able to upload external files, you have a potential security risk. By uploading, I mean any way to get the external file inside of the corporate firewall be it via HTTP protocol or any other means. It is quite common to have this type of requirement in an enterprise application and with Java being one of the most popular web development platforms, it is unfortunate that this type of gaping security risk is quite often overlooked.
Java's Development Kit (JDK) does not have any means to do the antivirus scan right out of the box. This is primarily because Java is a programming language, and does not have any virus scanning packages. Furthermore, anti-virus software is not Sun's area of expertise or business model. Developing this type of software (or Java package), and more importantly maintaining it, would be a huge task for Sun. Mainly because viruses are constantly evolving and keeping virus definitions up-to-date is a daunting task. Large companies such as McAffee, Symantec, or Zone Labs develop virus detecting and combating products and spend a lot of resources to maintain them.
Application Environment
To implement a virus file scan in Java, a third-party package needs to be used. For the purposes of this article, I will use Symantec Scan Engine (SSE) package, which comes with Java APIs. This package is an application that serves as a TCP/IP server and has a programming interface and enables Java applications to incorporate support for content scanning technologies. For this article, I used Symantec Scan Engine 5.1, which is available as a Unix or Windows install.
If you are using an anti-virus package from the different vendor, you will need to investigate what kind of APIs are available; however, the general approach should be similar. Also, note that my implementation can be used with JEE technology and any modern MVC framework such as Struts or Spring.
The architecture is as follows: A server machine needs to have SSE running at all times. This can be the same machine that hosts your Application Server, but in an enterprise environment this should be a different machine. The Default Port needs to be open through the firewall to allow communication with the scan engine. All JEE applications that need to do file scanning can talk to the SSE server machine through a default port. Also, multiple applications running on different application servers can re-use the same scanning server. For more information, you should refer to the Symantec Scan Engine (SSE) Installation Guide, available on the Symantec web site.
When an external file that needs to be scanned is sent to the SSE via its programming interface (Java APIs using the default port), before any other operation on the file is performed, the SSE returns a result code. For instance, a file is uploaded by an external user into the web email type application as an attachment; then, the SSE API is invoked by the application and the return code of pass or fail determines the outcome of the upload and whether that email can actually be sent. If you have an account on Yahoo mail, you probably have seen that Yahoo is using Norton Antivirus to scan all attachments, although no Java.
Click here for a larger image.
Figure 1: Screen shot from Yahoo
For details on the Scan Engine Server Installationm please see the Symantec Scan Engine (SSE) Implementation Guide from Symantec.
Here are some key things to remember about SSE:
• Java 2 SE Runtime (JRE) 5.0 Update 6.0 or later must be installed on the server before the SSE installation is done.
• After installation, verify that the Symantec Scan Engine daemon is running. At the Unix command prompt (if it's a Unix install), type the following command:
ps –ea | grep sym.
A list of processes similar to the following should appear:
o 5358 ? 0:00 symscan
o 5359 ? 0:00 symscan
If nothing is displayed the SSE process did not start.
If the SSE process did not start, type the following command to restart SSE:
/etc/init.d/symscan restart
• Keeping the virus definition up to date is the most important task and if new updates are not installed, the whole scan becomes ineffective. Symantec automatically downloads the most current file definitions through LiveUpdate. Please make sure that firewall rules are in place to allow the host server to connect to the Symantec update service.
Project Setup
For the purposes of this article, I included a wrapper for the Symantec SSE APIs, av.jar, which has Symantec Java APIs and serves as a client to the SSE server and takes care of all communications with the server. Please refer to the download source section. The av.jar should be included in the Java CLASSPATH to work with the SSE. This jar contains a class called AVClient that takes care of actually sending the files to SSE as byte arrays and returning the result.
In my project setting, I added three variables to be accessed via the System.getProperty mechanism. For example:
AV_SERVER_HOST=192.168.1.150
AV_SERVER_PORT=1344
AV_SERVER_MODE=SCAN
The AV_SERVER_HOST is the host name or IP of the machine where Scan Engine is installed.
The AV_SERVER_PORT is the port where Scan Engine listens for incoming files.
The AV_SERVER_MODE is the scan mode which can be:
• NOSCAN: No scanning will be done (any keyword that does not start with "SCAN" will result in ignoring the call to the Scan Engine and no files will be transferred for scanning).
• SCAN: Files or the byte stream will be scanned, but the scan engine will not try to repair infections.
• SCANREPAIR: Files will be scanned, the scan engine will try to repair infections, but nothing else will be done.
• SCANREPAIRDELETE: Files will be scanned, the scan engine will try to repair infections, and irreparable files will be deleted.
Note: For the file stream (byte array) scanning, the only meaning full values are "SCAN" and "NOSCAN".
Using the SSE Scanning Java APIs
In any class where scan is required, call the scanning API provided in the AVClient object located in the av.jar. The AVClient object will establish connection to the Scan Engine server and has the following APIs:
Figure 2: The significant APIs for the communication with to the Scan Engine Server.
If scanning a file on the file system, in SCAN only mode, use the call that accepts filename only.
If scanning a file on the file system, with SCANREPAIR or SCANREPAIRDELETE, use the call that accepts input and output file names.
If scanning an in-memory file (byte array), use the call accepting byte array.
For example:
import com.av.*;
Initialize setup parameters:
static String avMode =
(System.getProperty("AV_SERVER_MODE") != null)
? (String) System.getProperty("AV_SERVER_MODE") : "NOSCAN";
static boolean scan = avMode.startsWith("SCAN");
static String avServer =
(String) System.getProperty("AV_SERVER_HOST");
static int avPort =
Integer.parseInt( (String) System.getProperty("AV_SERVER_PORT"));
Scan check example for an in-memory file byte array:
public void scanFile(byte[] fileBytes, String fileName)
throws IOException, Exception {
if (scan) {
AVClient avc = new AVClient(avServer, avPort, avMode);
if (avc.scanfile(fileName, fileBytes) == -1) {
throw new VirusException("WARNING: A virus was detected in
your attachment: " + fileName + " Please scan
your system with the latest antivirus software with
updated virus definitions and try again.");
Note that if you are using this code inside of the MVC handler, you can throw a custom VirusException and check for it in the calling method and perform any necessary cleanup. I have included the class in the AV Jar as well.
For example:
catch (Exception ex) {
logger.error(ex);
if (ex instanceof VirusException) {
// do something here
else {
// there was some other error – handle it
For more details on the Scan Engine Client API, please see Symantec Scan Engine Software Developers Guide.
Continuation in part2

part 4:
c) Clienttester.java – This is the gui app set to test if the configuration is working or not. This gui uses the method scanfile(inputfile, outputfile) as you can see the result in the outputpane of the jframe.
* clienttester.java
* Created on April 12, 2005, 2:37 PM
* @author george_maculley
package com.av;
import java.io.*;
import java.awt.*;
import java.awt.event.*;
import javax.swing.*;
public class clienttester
implements ActionListener {
// private String ipaddress = "127.0.0.1";
private String ipaddress = "199.209.150.58";
//private String ipaddress = "192.168.0.55";
static JFrame frame;
JFileChooser chooser = new JFileChooser();
TextField pathtofile = new TextField(System.getProperty("user.home"), 30);
// TextField pathtooutfile= new TextField(System.getProperty("user.home"),30);
private int port = 1344;
JButton filechooser = new JButton("Browse to file"); ;
private String originalfilename;
private String outputfilename;
JButton scanbutton = new JButton("Scan");
TextArea outputarea = new TextArea(20, 40);
TextField iptext = new TextField("127.0.0.1", 16);
TextField porttext = new TextField("1344", 5);
AVClient mine;
JRadioButton choosescan = new JRadioButton("SCAN");
// JRadioButton choosedelete= new JRadioButton("SCANREPAIRDELETE");
/** Creates a new instance of gui */
public clienttester() {
public clienttester(java.lang.String ip, java.lang.String infile, java.lang.String outfile, int port) {
this.ipaddress = ip;
this.port = port;
this.originalfilename = infile;
this.outputfilename = outfile;
boolean setValues(java.lang.String ip, java.lang.String infile, java.lang.String outfile, int port) {
this.ipaddress = ip;
this.port = port;
this.originalfilename = infile;
this.outputfilename = outfile;
return (true);
public void actionPerformed(java.awt.event.ActionEvent actionEvent) {
JComponent c = (JComponent) actionEvent.getSource();
if (c == filechooser) {
int retval = chooser.showDialog(frame, null);
if (retval == JFileChooser.APPROVE_OPTION) {
File theFile = chooser.getSelectedFile();
if (theFile != null) {
pathtofile.setText(theFile.getPath());
// pathtooutfile.setText(theFile.getPath());
JOptionPane.showMessageDialog(frame, "You chose this file: " + theFile.getPath());
if (c == scanbutton) {
//return object that can be passed to AVClient
String policy;
int thisport;
int scanresult;
String thisip;
String inputfile;
String outputfile;
outputarea.append("Server: " + iptext.getText() + "\r\n");
if (choosescan.isSelected()) {
policy = "SCAN";
else {
policy = "SCANREPAIRDELETE";
thisport = new Integer(porttext.getText()).intValue();
thisip = iptext.getText();
//mine= new AVClient(iptext.getText(),porttext.getText(),policy);
mine = new AVClient(iptext.getText(), thisport, policy);
if (mine.test() == 1) {
outputarea.append("Sorry. Incorrect parameters specified.\r\n");
System.exit(1);
else {
outputarea.append("Connection to SAVSE initialized.\r\n");
inputfile = pathtofile.getText();
// outputfile=pathtooutfile.getText();
outputfile = "/tmp";
outputarea.append("Scanning file " + inputfile + " \r\n");
if (policy == "SCAN") {
scanresult = mine.scanfile(inputfile);
else {
scanresult = mine.scanfile(inputfile, outputfile);
if (scanresult == 0) {
outputarea.append("File is clean.\r\n");
else if (scanresult == -1) {
outputarea.append("File is infected. \r\n");
else {
outputarea.append("Scan error.\r\n");
void display() {
Frame f = new Frame("SAVSE JAVA ICAP Client");
f.setLayout(new GridLayout(1, 2));
JPanel lpanel = new JPanel(new GridLayout(7, 1));
JPanel ippanel = new JPanel();
JPanel portpanel = new JPanel();
JPanel rpanel = new JPanel();
JPanel outputpanel = new JPanel();
JPanel buttonpanel = new JPanel();
JPanel pathpanel = new JPanel();
// JPanel outpathpanel= new JPanel();
JPanel policypanel = new JPanel();
ButtonGroup policygroup = new ButtonGroup();
filechooser.addActionListener(this);
scanbutton.addActionListener(this);
choosescan.setSelected(true);
policygroup.add(choosescan);
// policygroup.add(choosedelete);
buttonpanel.setBorder(BorderFactory.createTitledBorder("Scan Policy"));
buttonpanel.add(choosescan);
// buttonpanel.add(choosedelete);
pathpanel.setBorder(BorderFactory.createTitledBorder("Path to File"));
pathpanel.add(pathtofile);
f.setSize(new Dimension(650, 400));
f.setBackground(Color.white);
f.setResizable(true);
ippanel.setBorder(BorderFactory.createTitledBorder("SAVSE IP Address"));
ippanel.add(iptext);
outputpanel.setBorder(BorderFactory.createTitledBorder("OUTPUT"));
outputpanel.add(outputarea);
portpanel.setBorder(BorderFactory.createTitledBorder("ICAP Port"));
portpanel.add(porttext);
// outpathpanel.setBorder(BorderFactory.createTitledBorder("Path to Repair File"));
// outpathpanel.add(pathtooutfile);
lpanel.add(ippanel);
rpanel.add(outputpanel);
lpanel.add(portpanel);
lpanel.add(buttonpanel);
lpanel.add(pathpanel);
// lpanel.add(outpathpanel);
lpanel.add(filechooser);
lpanel.add(scanbutton);
f.add(lpanel);
f.add(rpanel);
f.setVisible(true);
public static void main(String[] args) {
clienttester g = new clienttester();
g.display();
d) my2.java – This is the class file I wrote to test that I am able to send a file and scan it and see the output in the JDEVELOPER. In this case the file is stored on the filesystem of the client machine. JDEVELOPER should be able to see the file.
NOTE:
“EICAR.com” is the test file downloaded from Symantec site to test a non malicious virus file. I n order to be able to test it like this, the Antivirus program running on your machine should be disabled, or else Antivirus will kick in and delete the file. In the first place you will not be able to download the test virus file either with anti virus running on the machine you are downloading to.
package com.av;
import java.io.*;
public class my2 {
static int my_return = 0;
* @param fileBytes
* @param fileName
* @return
public static int scanfile(String fileName){
String avMode = "SCAN";
boolean scan = avMode.startsWith("SCAN");
String avServer = "xx";--avserver ip address
int avPort = 1344;
int the_return = 0;
if (scan) {
AVClient avc = new AVClient(avServer,avPort,avMode);
the_return = avc.scanfile(fileName);
if (the_return == -1) {
return (the_return);
} else
return (the_return);
//my_return = the_return;
return (the_return);
public static void main(String[] args) throws Exception {
System.out.println("Hi there in Main");
byte[] b1 = new byte[4];
b1[1] = 68;
my_return = scanfile("c:\\eicar.com");
System.out.println(my_return);
e) Then finally we have my1.JAVA, which takes the filename, and it’s contents in the bytes form and scans the file. The reason for this method is we are not storing the file on the filesystem, it is read into the memory and only if it is clean, it is put into the database or else notify the user.
package com.av;
import java.io.*;
public class my1 {
static int my_return = 0;
static int a_length = 0;
* @param fileBytes
* @param fileName
* @return
public static int scanfile(String fileName,byte[] fileBytes) throws IOException {
String avMode = "SCAN";
boolean scan = avMode.startsWith("SCAN");
String avServer = "xxx";--avserver’s ip address
int avPort = 1344;
int the_return = 0;
if (scan) {
AVClient avc = new AVClient(avServer,avPort,avMode);
// File file = new File(fileName) ;
//byte[] fBytes = getBytesFromFile(file);
the_return = avc.scanfile(fileName, fileBytes);
if (the_return == -1) {
return (the_return);
} else
{return (the_return);}
my_return = the_return;
return (the_return);
// Returns the contents of the file in a byte array.
* @param file
* @return
* @throws IOException
public static byte[] getBytesFromFile(File file) throws IOException {
InputStream is = new FileInputStream(file);
// Get the size of the file
long length = file.length();
// You cannot create an array using a long type.
// It needs to be an int type.
// Before converting to an int type, check
// to ensure that file is not larger than Integer.MAX_VALUE.
if (length > Integer.MAX_VALUE) {
// File is too large
// Create the byte array to hold the data
byte[] bytes = new byte[(int)length];
// Read in the bytes
int offset = 0;
int numRead = 0;
while (offset < bytes.length
&& (numRead=is.read(bytes, offset, bytes.length-offset)) >= 0) {
offset += numRead;
// Ensure all the bytes have been read in
if (offset < bytes.length) {
throw new IOException("Could not completely read file "+file.getName());
// Close the input stream and return bytes
is.close();
return bytes;
// public static void main(String[] args) throws Exception {
//System.out.println("Hi there in Main");
// File file = new File() ;
// byte[] b1 = getBytesFromFile(file);
//System.out.println(b1);
// my_return = scanfile(,b1);
//System.out.println(my_return); }
Finally , you have the exceptions file,
e) package com.av;
public class VirusException
extends Exception {
public VirusException() {
super();
public VirusException(String text) {
super(text);
Once you have all these classes, you can use JDEVELOPER , to load these classes into the database: This is as follows:
Right click on the project, which has all these classes.
NEW -> deployment profiles -> load java and stored procedures.
When you are created deployment profile, you have to specify,
Loadjava options.
-f, -v (check the check boxes)
Under privileges:
-s – specify database schema these classes are loaded into
-s – create sysnonym check box
-g – grant to public or any specific users per your policy.
Under Resolver,
-r and –o (check the check boxes)
I accepted the default name storedproc1. Then you right click on the storedproc1.deploy, deploy to whichever database connection you created.
And then, In order to access this java class we need a pl/sql wrapper as follows:
create or replace package my1 is
function mycheck (pfilename in varchar2, psize in number)
return number;
end my1;
create or replace package body my1 is
 function mycheck (pfilename in varchar2, psize in number)
return number is
language java
 name 'com.av.my1.scanfile(java.lang.String, byte[]) return int';
 end my1;
And the code is invoked from sql plus as follows:
Select my1.mycheck(“filename”, “filebytes”) from dual;
One important catch in the above method is to send the filename and filecontents in bytes form. In order to send the file contents as filebytes, you will need another java class and load into the data base as described above.
import java.io.File;
import java.io.FileInputStream;
import java.io.IOException;
import java.io.InputStream;
* This program demonstrates how to read a file into a byte array. This method
* reads the entire contents of the file into a byte array.
* @version 1.0
* @author Jeffrey M. Hunter ([email protected])
* @author http://www.idevelopment.info
public class ReadFileIntoByteArray {
* method to convert a byte to a hex string.
* @param data the byte to convert
* @return String the converted byte
public static String byteToHex(byte data) {
StringBuffer buf = new StringBuffer();
buf.append(toHexChar((data >>> 4) & 0x0F));
buf.append(toHexChar(data & 0x0F));
return buf.toString();
* Convenience method to convert an int to a hex char.
* @param i the int to convert
* @return char the converted char
public static char toHexChar(int i) {
if ((0 <= i) && (i <= 9)) {
return (char) ('0' + i);
} else {
return (char) ('a' + (i - 10));
* Returns the contents of the file in a byte array
* @param file File this method should read
* @return byte[] Returns a byte[] array of the contents of the file
private static byte[] getBytesFromFile(File file) throws IOException {
InputStream is = new FileInputStream(file);
System.out.println("\nDEBUG: FileInputStream is " + file);
// Get the size of the file
long length = file.length();
System.out.println("DEBUG: Length of " + file + " is " + length + "\n");
* You cannot create an array using a long type. It needs to be an int
* type. Before converting to an int type, check to ensure that file is
* not loarger than Integer.MAX_VALUE;
if (length > Integer.MAX_VALUE) {
System.out.println("File is too large to process");
return null;
// Create the byte array to hold the data
byte[] bytes = new byte[(int)length];
// Read in the bytes
int offset = 0;
int numRead = 0;
while ( (offset < bytes.length)
( (numRead=is.read(bytes, offset, bytes.length-offset)) >= 0) ) {
offset += numRead;
// Ensure all the bytes have been read in
if (offset < bytes.length) {
throw new IOException("Could not completely read file " + file.getName());
is.close();
return bytes;
* @param filename
public static byte[] chk_file(String filename) {
byte[] fileArray = null;
try {
fileArray = getBytesFromFile(new File( filename));
} catch (IOException e) {
e.printStackTrace();
if (fileArray != null) {
for (int i=0; i<fileArray.length; i++) {
System.out.println(
"fileArray[" + i + "] = " +
((int)fileArray[i] < 9 ? " " : "") +
( ((int)fileArray[i] > 9 && (int)fileArray[i] <= 99) ? " " : "") +
fileArray[i] + " : " +
" HEX=(0x" + byteToHex(fileArray) + ") : " +
" charValue=(" + (char)fileArray[i] + ")");
return fileArray;
* Sole entry point to the class and application.
* @param args Array of String arguments.
public static void main(String[] args) {
byte[] fileArray = null;
try {
fileArray = getBytesFromFile(new File("c:\\eicar.com"));
} catch (IOException e) {
e.printStackTrace();
if (fileArray != null) {
for (int i=0; i<fileArray.length; i++) {
System.out.println(
"fileArray[" + i + "] = " +
((int)fileArray[i] < 9 ? " " : "") +
( ((int)fileArray[i] > 9 && (int)fileArray[i] <= 99) ? " " : "") +
fileArray[i] + " : " +
" HEX=(0x" + byteToHex(fileArray[i]) + ") : " +
" charValue=(" + (char)fileArray[i] + ")");
Having main method helps you to run the file in JDEVELOPER or using JAVA.
DO not forget to load this class into the database.
And you create the pl/sql wrapper again as follows:
create or replace FUNCTION TOBY (pfilename in varchar2) RETURN VARCHAR2 iS
language java name
'ReadFileIntoByteArray.chk_file(java.lang.String) return byte[]';
And you call the function from sqlplus as follows:
Sql>Set serveroutput on size 20000;
Sql> call dbms_java.set_output(20000);
Sql> Select toby(“filename”) from dual; --
this file should be accessible, I mean you will not be able to send a file on your pc, from sql plus as sql/plus is running on your db server.
You will be able to see the output in sql plus:
If you are running it from the APEX:
When we use file browser widget from APEX, the file is stored in APEX_APPLICATION_FILES table. And we retrieve that into a variable and pass this variable to the function as follows:
DECLARE
scan_failed EXCEPTION;
x varchar2(400);
z number;
BEGIN
select filename into x from wwv_flow_files where name = :P1_FILE_NAME;
select my1.mycheck(x,toby(x)) into z from dual;
if z = 0 then
:P1_SUBJECT:= 'PASSED';
else
:P1_SUBJECT:= 'FAILED';
end if;
:P1_SCAN_RESULT := '** Scanning File **';
IF UPPER(:P1_SUBJECT) = 'PASSED' THEN
BEGIN
:P1_SCAN_FLAG := 'PASSED';
:P1_SCAN_RESULT := :P1_SCAN_RESULT || ' ** File passed scan **';
END;
ELSIF UPPER(:P1_SUBJECT) = 'FAILED' THEN
BEGIN
:P1_SCAN_FLAG := 'FAILED';
:P1_SCAN_RESULT := :P1_SCAN_RESULT || ' ** File failed scan **';
END;
ELSE
BEGIN
:P1_SCAN_FLAG := 'UNKNOWN';
:P1_SCAN_RESULT := :P1_SCAN_RESULT || ' ** Scan Is Not Conclussive **';
END;
END IF;
--IF :P1_SCAN_FLAG = 'FAILED'
-- THEN RAISE scan_failed;
--END IF;
EXCEPTION
WHEN OTHERS THEN
DELETE from APEX_APPLICATION_FILES WHERE name = :P1_FILE_NAME;
RAISE_APPLICATION_ERROR (-20000, 'seb OTHERS error encountered - file upload not allowed. Possible virus detected !');
raise;
END;
ACKNOWLEDMENTS:
1) JOHN SCOTT – who suggested this ICAP API in one of the threads which is my initial starting point in this direction.
2) VLAD KOFMAN who wrote the article on WWW.DEVELOPER.com
3) Mr. KIRAN –One of the engineers from Metalink, who helped me at every step of getting this java programs and pl/sql wrappers working. But for him, I would have not completed my project.

Hi I am looking for a way to have trace32 open multiple files on remote computers

Simply put I am looking for someone who could afford to give me a basic script (vbs) that I could run from an elevated command prompt. It would need to be available for me to type in the name of a remote computer or (mulitple if possible) and also
allow me to choose log files to open or multiple files and then open them using trace 32. Hopefully it would detect the available log files and show me what is available to choose to open... anyone know of such a thing or know how to go about setting up something
like this for people to use?
EDIT
I was able to create a basic script to do what I wanted but I want to be able to add wildcards for the rollover logs... Can someone suggest the easiest way to do that as I am not sure how to add the wildcards directly before the .log
here is the script.
' ******Created by Luis Delgado*********
'This script will get a remote computers .log files depending on which documents you enter in the "files to open on remote computer using trace32" section
'Get and open log files on remote Computer
on error resume next
Set WshShell = Wscript.CreateObject("Wscript.Shell")
strcomputer = inputbox("Enter remote computer name or leave as localhost for this computer","Get log files from a remote computer with Trace32","Localhost")
If strComputer = "" Then
WScript.Quit
End If
'Opens trace32
wshShell.run "C:\Program Files\ConfigMgr 2007 Toolkit\CCM Tools\Trace32.exe"
'Files to open on remote computer using trace32
wshShell.Run "\\" & strcomputer & "\c$\Windows\System32\CCM\Logs\datatransferservice.log"
wshShell.Run "\\" & strcomputer & "\c$\Windows\System32\CCM\Logs\ccmexec.log"
wshShell.Run "\\" & strcomputer & "\c$\Windows\System32\CCM\Logs\locationservices.log"
!!!!NOTE!!!
What I need is for any file that starts with datatransferservices, ccmexec, or locationservices to open in trace32
my thought would be place a wild card in its respective spots but it does not work see below
wshShell.Run "\\" & strcomputer & "\c$\Windows\System32\CCM\Logs\datatransferservice*.log"
wshShell.Run "\\" & strcomputer & "\c$\Windows\System32\CCM\Logs\ccmexec*.log"
wshShell.Run "\\" & strcomputer & "\c$\Windows\System32\CCM\Logs\locationservices*.log"

The roll over logs all have the same name exact the extension is .lo_ , So.. I'm not sure what you are looking for.
Garth Jones | My blogs: Enhansoft and
Old Blog site | Twitter:
@GarthMJ

Ways to scan for viruses on macs?

I want to scan and check for viruses.

1. This comment applies to malicious software ("malware") that's installed unwittingly by the victim of a network attack. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the victim's computer. That threat is in a different category, and there's no easy way to defend against it. If you have reason to suspect that you're the target of such an attack, you need expert help.
2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user, but internally Apple calls it "XProtect." The malware recognition database is automatically checked for updates once a day; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
The following caveats apply to XProtect:
It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets (see below.)
It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
3. Starting with OS X 10.7.5, there has been another layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't actually been tested by Apple (unless it comes from the Mac App Store), but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. For most practical purposes, applications recognized by Gatekeeper as signed can be considered safe.
Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
It can easily be disabled or overridden by the user.
A malware attacker could get control of a code-signing certificate under false pretenses, or could find some other way to evade Apple's controls.
4. Beyond XProtect and Gatekeeper, there’s no benefit, in most cases, from any other automated protection against malware. The first and best line of defense is always your own intelligence. All known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the malware attacker. If you're smarter than he thinks you are, you'll win.
That means, in practice, that you never use software that comes from an untrustworthy source. How do you know whether a source is trustworthy?
Any website that prompts you to install a “codec,” “plug-in,” "player," "extractor," or “certificate” that comes from that same site, or an unknown one, is untrustworthy.
A web operator who tells you that you have a “virus,” or that anything else is wrong with your computer, or that you have won a prize in a contest you never entered, is trying to commit a crime with you as the victim. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
Pirated copies or "cracks" of commercial software, no matter where they come from, are unsafe.
Software of any kind downloaded from a BitTorrent or from a Usenet binary newsgroup is unsafe.
Software with a corporate brand, such as Adobe Flash Player, must be downloaded directly from the developer’s website. If it comes from any other source, it's unsafe.
5. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style "virus" affecting OS X. Merely loading a page with malicious Java content could be harmful. Fortunately, Java on the Web is mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other inessential uses of Java.
Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it — not JavaScript — in your browsers. In Safari, this is done by unchecking the box marked Enable Java in the Security tab of the preferences dialog.
Currently, when you install the Apple-supplied Java runtime (but not the Oracle runtime), a "Malware Removal Tool" (MRT) is also installed. MRT runs automatically in the background and appears to scan your files for installed malware that may have evaded XProtect. Like XProtect, MRT is probably effective against known attacks, but not against unknown attacks. There is no user interface to MRT.
Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a specific task, enable Java only when needed for the task and disable it immediately when done. Close all other browser windows and tabs, and don't visit any other sites while Java is active. Never enable Java on a public web page that carries third-party advertising. Use it, when necessary, only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
Follow the above guidelines, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself from malware.
6. Never install any commercial "anti-virus" or "Internet security" products for the Mac, as they all do more harm than good, if they do any good at all. If you need to be able to detect Windows malware in your files, use the free software ClamXav — nothing else.
Why shouldn't you use commercial "anti-virus" products?
Their design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere.
In order to meet that nonexistent threat, the software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
By modifying the operating system, the software itself may create weaknesses that could be exploited by malware attackers.
7. ClamXav doesn't have these drawbacks. That doesn't mean it's entirely safe. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
ClamXav is not needed, and should not be relied upon, for protection against OS X malware. It's useful only for detecting Windows malware. Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else.
A Windows malware attachment in email is usually easy to recognize. The file name will often be targeted at people who aren't very bright; for example:
♥♥♥♥♥♥♥♥♥♥♥♥♥♥!!!!!!!H0TBABEZ4U!!!!!!!.AVI♥♥♥♥♥♥♥♥♥♥♥♥♥♥.exe
ClamXav may be able to tell you which particular virus or trojan it is, but do you care? In practice, there's seldom a reason to use ClamXav unless a network administrator requires you to run an anti-virus application.
8. The greatest harm done by anti-virus software, in my opinion, is in its effect on human behavior. It does little or nothing to protect people from emerging threats, but they get a false sense of security from it, and then they may behave in ways that expose them to higher risk. Nothing can lessen the need for safe computing practices.
9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.

HT5621 How can I scan for viruses on my Mac?

How can I scan for viruses on my Mac desktop?

You may find this User Tip on Viruses, Trojan Detection and Removal, as well as general Internet Security and Privacy, useful: The User Tip seeks to offer guidance on the main security threats and how to avoid them.
https://discussions.apple.com/docs/DOC-2435
More useful information can also be found here:
www.thesafemac.com/mmg

Scan a file for virus before upload

In many CRM functions, eg - Activities, Mkt Planner, etc., there is a tab for uploading/attaching files. How can we scan the file for virus before saving? We have a Basis 620, so we can't use the Virus Scan Interface because it is available from Basis 640 onwards.
I am looking for two things - 1. A method to scan for virus and 2. A user exit where this can be implemented before saving.
Thanks.

http://forum.java.sun.com/thread.jspa?threadID=499566&tstart=200

Scanning an uploaded file for viruses

Hi All,
I want scan an uploaded file for viruses.i there is any JAVA API where i can connect to Scan engine.
i have gone through the Symantic scan engine. where it provides the ICAP protocol to communicate with ScanEngine but i dont know how to communicate with that using java.
Please help me out with this.....
Thanks In Advance

Raghavendra_LR wrote:
Hi All,
I want scan an uploaded file for viruses.i there is any JAVA API where i can connect to Scan engine.
i have gone through the Symantic scan engine. where it provides the ICAP protocol to communicate with ScanEngine but i dont know how to communicate with that using java.
Well buddy i'm afraid there are no good open source solutions available for this however,we have commercial solutions provided by respective vendors.
[http://www.ciao.co.uk/McAfee_E_Business_Server_Java_API_Complete_package__5529793]
or the below provided a Java client / Local SDK libraries for which supports number of anti-virus softwares
[http://www.opswat.com/oesislocal.shtml ]
Hope that helps :)
REGARDS,
RaHuL

Scan for viruses before file upload

Hi,
I'm making a HR application which will allow for public users to upload their resumes in word, pdf, etc format.
I'd like to scan the files for viruses before they are inserted into the DB.
From my understanding, files are loaded in the wwv_flow_files view after a user submits a page with a file upload. Because of this, scanning a file before it's in the DB doesn't seem like it will be possible. I'd like to scan the file when it resides in the wwv_flow_files view and erase it, if applicable, before inserting it into the table that will hold the resume files.
I've talked to our DBA and he doesn't know how to do this. Do you have any suggestions?
Thanks,
Martin

If you could identify a file (resume) with a virus in it before anyone opens it, would that be acceptable? If so you could look at doing:
1) Use the File Browser item type in an HTML DB page to load the file in wwv_flow_files with the document.
2) Have your HTML DB page move the file from wwv_flow_files to a custom table marked as "not scanned" for document scanning.
3) Have a process running on a server which has access to the scanning table and virus scanning software scan the document and mark it as "scanned ready for viewing".
If it is a absolute requirement that the document be scanned before being loaded into wwv_flow_files, the only other way I see is to have your users "drop" their files on some type of server where a process on that server would scan the file for viruses and then load it into the database.
This may be just useless babble for you, but it may just stir up some ideas for you.
Mike

How do I uninstall the firefox 16 update from my computer? it won't allow my antivirus to scan for viruses and spyware!!

when I installed this update it said that it was not compatible with my Norton toolbar, which I didn't think would be a problem. now I've got malware ads popping up on different websites and when I scan my computer for viruses/spyware, it always says there is no risks. I find that hard to believe. I just want to uninstall the last update (Firefox 16).

You posted here with Firefox 17.0.1.
Try running a Norton Live Update so Norton can update their Firefox add-on and get that Toolbar working again.
That said, Norton doesn't do anything about Malware. You need a Malware application to locate and remove Malware.
Install, update, and run these programs in this order. They are listed in order of efficacy. '''''(Not all programs detect the same Malware, so you may need to run them all to solve your problem.)''''' These programs are all free for personal use, but some have limited functionality in the "free mode" - but those are features you really don't need to find and remove the problem that you have. 
''Note: If your Malware infection is bad enough and you are mis-directed to URL's other than what is posted, you may have to use a different PC to download these programs and use a USB stick to transfer them to the afflicted PC.''
Malwarebytes' Anti-Malware - [http://www.malwarebytes.org/mbam.php] 
SuperAntispyware - [http://www.superantispyware.com/] 
AdAware - [http://www.lavasoftusa.com/software/adaware/] 
Spybot Search & Destroy - [http://www.safer-networking.org/en/index.html] 
Windows Defender: Home Page - [http://windows.microsoft.com/en-US/windows7/products/features/windows-defender] 
Also, if you have a search engine re-direct problem, see this: 
http://deletemalware.blogspot.com/2010/02/remove-google-redirect-virus.html
If these don't find it or can't clear it, post in one of these forums for specialized malware removal help: 
[http://www.spywarewarrior.com/index.php] 
[http://forum.aumha.org/] 
[http://www.spywareinfoforum.com/] 
[http://bleepingcomputer.com]

How can i scan my mac for virus's

I download alot of music (not from stupid or untrusted sites) and torrents (mostly movies and music and software) but nothing stupid that i know for sure will infect my Macbook Air............but just to be on the safe side i want to know if their is a safe way i can scan my mac for a virus? from my personal experience anti virus's do more harm than good Suggestion? SOLUTIONS?

1. This procedure is a diagnostic test. It changes nothing, for better or worse, and therefore will not, in itself, solve the problem. But with the aid of the test results, the solution may take a few minutes, instead of hours or days.
Don't be put off by the complexity of these instructions. The process is much less complicated than the description. You do harder tasks with the computer all the time.
2. If you don't already have a current backup, back up all data before doing anything else. The backup is necessary on general principle, not because of anything in the test procedure. Backup is always a must, and when you're having any kind of trouble with the computer, you may be at higher than usual risk of losing data, whether you follow these instructions or not.
There are ways to back up a computer that isn't fully functional. Ask if you need guidance.
3. Below are instructions to run a UNIX shell script, a type of program. As I wrote above, it changes nothing. It doesn't send or receive any data on the network. All it does is to generate a human-readable report on the state of the computer. That report goes nowhere unless you choose to share it. If you prefer, you can read it yourself without disclosing the contents to me or anyone else.
You should be wondering whether you can believe me, and whether it's safe to run a program at the behest of a stranger. In general, no, it's not safe and I don't encourage it.
In this case, however, there are a couple of ways for you to decide whether the program is safe without having to trust me. First, you can read it. Unlike an application that you download and click to run, it's transparent, so anyone with the necessary skill can verify what it does.
You may not be able to understand the script yourself. But variations of the script have been posted on this website thousands of times over a period of years. The site is hosted by Apple, which does not allow it to be used to distribute harmful software. Any one of the millions of registered users could have read the script and raised the alarm if it was harmful. Then I would not be here now and you would not be reading this message.
Nevertheless, if you can't satisfy yourself that these instructions are safe, don't follow them. Ask for other options.
4. Here's a summary of what you need to do, if you choose to proceed:
☞ Copy a line of text in this window to the Clipboard.
☞ Paste into the window of another application.
☞ Wait for the test to run. It usually takes a few minutes.
☞ Paste the results, which will have been copied automatically, back into a reply on this page.
The sequence is: copy, paste, wait, paste again. You don't need to copy a second time. Details follow.
5. You may have started the computer in "safe" mode. Preferably, these steps should be taken in “normal” mode, under the conditions in which the problem is reproduced. If the system is now in safe mode and works well enough in normal mode to run the test, restart as usual. If you can only test in safe mode, do that.
6. If you have more than one user, and the one affected by the problem is not an administrator, then please run the test twice: once while logged in as the affected user, and once as an administrator. The results may be different. The user that is created automatically on a new computer when you start it for the first time is an administrator. If you can't log in as an administrator, test as the affected user. Most personal Macs have only one user, and in that case this section doesn’t apply. Don't log in as root.
7. The script is a single long line, all of which must be selected. You can accomplish this easily by triple-clicking anywhere in the line. The whole line will highlight, though you may not see all of it in the browser window, and you can then copy it. If you try to select the line by dragging across the part you can see, you won't get all of it.
Triple-click anywhere in the line of text below on this page to select it:
PATH=/usr/bin:/bin:/usr/sbin:/sbin:/usr/libexec;clear;cd;p=(Software Hardware Memory Diagnostics Power FireWire Thunderbolt USB Fonts SerialATA 4 1000 25 5120 KiB/s 1024 85 \\b%% 20480 1 MB/s 25000 ports ' com.clark.\* \*dropbox \*GoogleDr\* \*k.AutoCAD\* \*k.Maya\* vidinst\* ' DYLD_INSERT_LIBRARIES\ DYLD_LIBRARY_PATH -86 "` route -n get default|awk '/e:/{print $2}' `" 25 N\\/A down up 102400 25600 recvfrom sendto CFBundleIdentifier 25 25 25 1000 MB com.apple.AirPortBaseStationAgent 464843899 51 5120 files );N5=${#p[@]};p[N5]=` networksetup -listnetworkserviceorder|awk ' NR>1 { sub(/^$[0-9]+$ /,"");n=$0;getline;} $NF=="'${p[26]}')" { sub(/.$/,"",$NF);print n;exit;} ' `;f=('\n%s: %s\n' '\n%s\n\n%s\n' '\nRAM details\n%s\n' %s\ %s '%s\n-\t%s\n' );S0() { echo ' { q=$NF+0;$NF="";u=$(NF-1);$(NF-1)="";gsub(/^ +| +$/,"");if(q>='${p[$1]}') printf("%s (UID %s) is using %s '${p[$2]}'",$0,u,q);} ';};s=(' /^ *$|CSConfigDot/d;s/^ */ /;s/[-0-9A-Fa-f]{22,}/UUID/g;s/(ochat)\.[^.]+(\..+)/\1\2/;/Shared/!s/\/Users\/[^/]+/~/g ' ' s/^ +//;/de: S|[nst]:/p;' ' {sub(/^ +/,"")};/er:/;/y:/&&$2<'${p[10]} ' 1s/://;3,6d;/[my].+:/d;s/^ {4}//;H;${ g;s/\n$//;/s: [^EO]|x([^08]|02[^F]|8[^0])/p;} ' ' 5h;6{ H;g;/P/!p;} ' ' ($1~/^Cy/&&$3>'${p[11]}')||($1~/^Cond/&&$2!~/^N/) ' ' /:$/{ N;/:.+:/d;s/ *://;b0'$'\n'' };/^ *(V.+ [0N]|Man).+ /{ s/ 0x.... //;s/[()]//g;s/(.+: )(.+)/ (\2)/;H;};$b0'$'\n'' d;:0'$'\n'' x;s/\n\n//;/Apple[ ,]|Genesy|Intel|SMSC/d;s/\n.*//;/\)$/p;' ' s/^.*C/C/;H;${ g;/No th|pms/!p;} ' '/= [^GO]/p' '{$1=""};1' ' /Of/!{ s/^.+is |\.//g;p;} ' ' $0&&!/ / { n++;print;} END { if(n<200) print "com.apple.";} ' ' $3~/[0-9]:[0-9]{2}$/ { gsub(/:[0-9:a-f]{14}/,"");} { print|"tail -n'${p[12]}'";} ' ' NR==2&&$4<='${p[13]}' { print $4;} ' ' END { $2/=256;if($2>='${p[15]}') print int($2) } ' ' NR!=13{next};{sub(/[+-]$/,"",$NF)};'"`S0 21 22`" 'NR!=2{next}'"`S0 37 17`" ' NR!=5||$8!~/[RW]/{next};{ $(NF-1)=$1;$NF=int($NF/10000000);for(i=1;i<=3;i++){$i="";$(NF-1-i)="";};};'"`S0 19 20`" 's:^:/:p' '/\.kext\/(Contents\/)?Info\.plist$/p' 's/^.{52}(.+) <.+/\1/p' ' /Launch[AD].+\.plist$/ { n++;print;} END { print "'${p[41]}'";if(n<200) print "/System/";} ' '/\.xpc\/(Contents\/)?Info\.plist$/p' ' NR>1&&!/0x|\.[0-9]+$|com\.apple\.launchctl\.(Aqua|Background|System)$|'${p[41]}'/ { print $3;} ' ' /\.(framew|lproj)|\):/d;/plist:|:.+(Mach|scrip)/s/:[^:]+//p ' '/^root$/p' ' !/\/Contents\/.+\/Contents|Applic|Autom|Frameworks/&&/Lib.+\/Info.plist$/ { n++;print;} END { if(n<1100) print "/System/";} ' '/^\/usr\/lib\/.+dylib$/p' ' /Temp|emac/{next};/(etc|Preferences|Launch[AD].+)\// { sub(".(/private)?","");n++;print;} END { print "'${p[41]}'.plist\t'${p[42]}'";if(n<500) print "Launch";} ' ' /\/(Contents\/.+\/Contents|Frameworks)\/|\.wdgt\/.+\.([bw]|plu)/d;p;' 's/\/(Contents\/)?Info.plist$//;p' ' { gsub("^| |\n","\\|\\|kMDItem'${p[35]}'=");sub("^...."," ") };1 ' p '{print $3"\t"$1}' 's/\'$'\t''.+//p' 's/1/On/p' '/Prox.+: [^0]/p' '$2>'${p[43]}'{$2=$2-1;print}' ' BEGIN { i="'${p[26]}'";M1='${p[16]}';M2='${p[18]}';M3='${p[31]}';M4='${p[32]}';} !/^A/{next};/%/ { getline;if($5<M1) a="user "$2"%, system "$4"%";} /disk0/&&$4>M2 { b=$3" ops/s, "$4" blocks/s";} $2==i { if(c) { d=$3+$4+$5+$6;next;};if($4>M3||$6>M4) c=int($4/1024)" in, "int($6/1024)" out";} END { if(a) print "CPU: "a;if(b) print "I/O: "b;if(c) print "Net: "c" (KiB/s)";if(d) print "Net errors: "d" packets/s";} ' ' /r\[0\] /&&$NF!~/^1(0|72\.(1[6-9]|2[0-9]|3[0-1])|92\.168)\./ { print $NF;exit;} ' ' !/^T/ { printf "(static)";exit;} ' '/apsd|BKAg|OpenD/!s/:.+//p' ' (/k:/&&$3!~/(255\.){3}0/ )||(/v6:/&&$2!~/A/ ) ' ' $1~"lR"&&$2<='${p[25]}';$1~"li"&&$3!~"wpa2";' ' BEGIN { FS=":";p="uniq -c|sed -E '"'s/ +\$[0-9]+\$\$.+\$/\\\2 x\\\1/;s/x1$//'"'";} { n=split($3,a,".");sub(/_2[01].+/,"",$3);print $2" "$3" "a[n]$1|p;b=b$1;} END { close(p);if(b) print("\n\t* Code injection");} ' ' NR!=4{next} {$NF/=10240} '"`S0 27 14`" ' END { if($3~/[0-9]/)print$3;} ' ' BEGIN { L='${p[36]}';} !/^[[:space:]]*(#.*)?$/ { l++;if(l<=L) f=f"\n "$0;} END { F=FILENAME;if(!F) exit;if(!f) f="\n [N/A]";"file -b "F|getline T;if(T!~/^(AS.+ (En.+ )?text$|(Bo|PO).+ sh.+ text ex)/) F=F" ("T")";printf("\nContents of %s\n%s\n",F,f);if(l>L) printf("\n ...and %s more line(s)\n",l-L);} ' ' BEGIN{FS="= "} /Name/{print $2} ' 's/0/Off/p' ' END{print NR} ' ' /id: N|te: Y/{i++} END{print i} ' ' / / { print "'"${p[28]}"'";exit;};1;' '/ en/!s/\.//p' ' NR!=13{next};{sub(/[+-M]$/,"",$NF)};'"`S0 39 40`" ' $10~/$L/&&$9!~"localhost" { sub(/.+:/,"",$9);print $1": "$9;} ' '/^ +r/s/.+"(.+)".+/\1/p' 's/(.+\.wdgt)\/(Contents\/)?Info\.plist$/\1/p' 's/^.+\/(.+)\.wdgt$/\1/p' ' /l: /{ /DVD/d;s/.+: //;b0'$'\n'' };/s: /{ /V/d;s/^ */- /;H;};$b0'$'\n'' d;:0'$'\n'' x;/APPLE [^:]+$/d;p;' ' /^find: /d;p;' "`S0 44 45`" );c1=(system_profiler pmset\ -g nvram fdesetup find syslog df vm_stat sar ps sudo\ crontab sudo\ iotop top pkgutil 'PlistBuddy 2>&1 -c "Print' whoami cksum kextstat launchctl sudo\ launchctl crontab 'sudo defaults read' stat lsbom mdfind ' for i in ${p[24]};do ${c1[18]} ${c2[27]} $i;done;' defaults\ read scutil sudo\ dtrace sudo\ profiles sed\ -En awk /S*/*/P*/*/*/C*/*/airport networksetup mdutil sudo\ lsof test );c2=(com.apple.loginwindow\ LoginHook '" /L*/P*/loginw*' '" L*/P*/*loginit*' 'L*/Ca*/com.ap*.Saf*/E*/* -d 1 -name In*t -exec '"${c1[14]}"' :CFBundleDisplayName" {} \;|sort|uniq' '~ $TMPDIR.. \( -flags +sappnd,schg,uappnd,uchg -o ! -user $UID -o ! -perm -600 $' '.??* -path .Trash -prune -o -type d -name *.app -print -prune' :${p[35]}\" :Label\" '{/,}L*/{Con,Pref}* -type f ! -size 0 -name *.plist -exec plutil -s {} \;' "-f'%N: %l' Desktop L*/Keyc*" therm sysload boot-args status " -F '\$Time \$Message' -k Sender kernel -k Message Req 'bad |Beac|caug|dead[^bl]|FAIL|fail|GPU |hfs: Ru|inval|jnl:|last value [1-9]|n Cause: -|NVDA$|pagin|proc: t|Roamed|rror|ssert|Thrott|tim(ed? ?|ing )o|WARN' -k Message Rne 'Goog|ksadm|SMC:| VALI|xpma' -o -k Sender fseventsd -k Message Req 'SL' " '-du -n DEV -n EDEV 1 10' 'acrx -o comm,ruid,%cpu' '-t1 10 1' '-f -pfc /var/db/r*/com.apple.*.{BS,Bas,Es,J,OSXU,Rem,up}*.bom' '{/,}L*/Lo*/Diag* -type f -regex .\*[cgh] ! -name *ag \( -exec grep -lq "^Thread c" {} \; -exec printf \* \; -o -true $ -execdir stat -f:%Sc:%N -t%F {} \;|sort -t: -k2 |tail -n'${p[38]} '-L {/{S*/,},}L*/Lau* -type f' '-L /{S*/,}L*/StartupItems -type f -exec file {} +' '-L /S*/L*/{C*/Sec*A,E}* {/,}L*/{A*d,Ca*/*/Ex,Co{mpon,reM},Ex,Inter,iTu*/*P,Keyb,Mail/B,Pr*P,Qu*T,Scripti,Sec,Servi,Spo,Widg}* -path \\*s/Resources -prune -o -type f -name Info.plist' '/usr/lib -type f -name *.dylib' `awk "${s[31]}"<<<${p[23]}` "/e*/{auto,{cron,fs}tab,hosts,{[lp],sy}*.conf,pam.d/*,ssh{,d}_config,*.local} {,/usr/local}/etc/periodic/*/* /L*/P*{,/*}/com.a*.{Bo,sec*.ap}*t /S*/L*/Lau*/*t .launchd.conf" list getenv /Library/Preferences/com.apple.alf\ globalstate --proxy '-n get default' -I --dns -getdnsservers\ "${p[N5]}" -getinfo\ "${p[N5]}" -P -m\ / '' -n1 '-R -l1 -n1 -o prt -stats command,uid,prt' '--regexp --only-files --files com.apple.pkg.*|sort|uniq' -kl -l -s\ / '-R -l1 -n1 -o mem -stats command,uid,mem' '+c0 -i4TCP:0-1023' com.apple.dashboard\ layer-gadgets '-d /L*/Mana*/$USER&&echo On' '-app Safari WebKitDNSPrefetchingEnabled' "+c0 -l|awk '{print(\$1,\$3)}'|sort|uniq -c|sort -n|tail -1|awk '{print(\$2,\$3,\$1)}'" );N1=${#c2[@]};for j in {0..9};do c2[N1+j]=SP${p[j]}DataType;done;N2=${#c2[@]};for j in 0 1;do c2[N2+j]="-n ' syscall::'${p[33+j]}':return { @out[execname,uid]=sum(arg0) } tick-10sec { trunc(@out,1);exit(0);} '";done;l=(Restricted\ files Hidden\ apps 'Elapsed time (s)' POST Battery Safari\ extensions Bad\ plists 'High file counts' User Heat System\ load boot\ args FileVault Diagnostic\ reports Log 'Free space (MiB)' 'Swap (MiB)' Activity 'CPU per process' Login\ hook 'I/O per process' Mach\ ports kexts Daemons Agents launchd Startup\ items Admin\ access Root\ access Bundles dylibs Apps Font\ issues Inserted\ dylibs Firewall Proxies DNS TCP/IP Wi-Fi Profiles Root\ crontab User\ crontab 'Global login items' 'User login items' Spotlight Memory Listeners Widgets Parental\ Controls Prefetching SATA Descriptors );N3=${#l[@]};for i in 0 1 2;do l[N3+i]=${p[5+i]};done;N4=${#l[@]};for j in 0 1;do l[N4+j]="Current ${p[29+j]}stream data";done;A0() { id -G|grep -qw 80;v[1]=$?;((v[1]==0))&&sudo true;v[2]=$?;v[3]=`date +%s`;clear >&-;date '+Start time: %T %D%n';};for i in 0 1;do eval ' A'$((1+i))'() { v=` eval "${c1[$1]} ${c2[$2]}"|'${c1[30+i]}' "${s[$3]}" `;[[ "$v" ]];};A'$((3+i))'() { v=` while read i;do [[ "$i" ]]&&eval "${c1[$1]} ${c2[$2]}" \"$i\"|'${c1[30+i]}' "${s[$3]}";done<<<"${v[$4]}" `;[[ "$v" ]];};A'$((5+i))'() { v=` while read i;do '${c1[30+i]}' "${s[$1]}" "$i";done<<<"${v[$2]}" `;[[ "$v" ]];};';done;A7(){ v=$((`date +%s`-v[3]));};B2(){ v[$1]="$v";};for i in 0 1;do eval ' B'$i'() { v=;((v['$((i+1))']==0))||{ v=No;false;};};B'$((3+i))'() { v[$2]=`'${c1[30+i]}' "${s[$3]}"<<<"${v[$1]}"`;} ';done;B5(){ v[$1]="${v[$1]}"$'\n'"${v[$2]}";};B6() { v=` paste -d: <(printf "${v[$1]}") <(printf "${v[$2]}")|awk -F: ' {printf("'"${f[$3]}"'",$1,$2)} ' `;};B7(){ v=`grep -Fv "${v[$1]}"<<<"$v"`;};C0(){ [[ "$v" ]]&&echo "$v";};C1() { [[ "$v" ]]&&printf "${f[$1]}" "${l[$2]}" "$v";};C2() { v=`echo $v`;[[ "$v" != 0 ]]&&C1 0 $1;};C3() { v=`sed -E "$s"<<<"$v"`&&C1 1 $1;};for i in 1 2;do for j in 0 2 3;do eval D$i$j'(){ A'$i' $1 $2 $3; C'$j' $4;};';done;done;{ A0;D20 0 $((N1+1)) 2;D10 0 $N1 1;B0;C2 27;B0&&! B1&&C2 28;D12 15 37 25 8;A1 0 $((N1+2)) 3;C0;D13 0 $((N1+3)) 4 3;D23 0 $((N1+4)) 5 4;D13 0 $((N1+9)) 59 50;for i in 0 1 2;do D13 0 $((N1+5+i)) 6 $((N3+i));done;D13 1 10 7 9;D13 1 11 8 10;D22 2 12 9 11;D12 3 13 10 12;D23 4 19 44 13;D23 5 14 12 14;D22 6 36 13 15;D22 7 37 14 16;D23 8 15 38 17;D22 9 16 16 18;B1&&{ D22 35 49 61 51;D22 11 17 17 20;for i in 0 1;do D22 28 $((N2+i)) 45 $((N4+i));done;};D22 12 44 54 45;D22 12 39 15 21;A1 13 40 18;B2 4;B3 4 0 19;A3 14 6 32 0;B4 0 5 11;A1 17 41 20;B7 5;C3 22;B4 4 6 21;A3 14 7 32 6;B4 0 7 11;B3 4 0 22;A3 14 6 32 0;B4 0 8 11;B5 7 8;B1&&{ A2 19 26 23;B7 7;C3 23;};A2 18 26 23;B7 7;C3 24;A2 4 20 21;B7 6;B2 9;A4 14 7 52 9;B2 10;B6 9 10 4;C3 25;D13 4 21 24 26;B4 4 12 26;B3 4 13 27;A1 4 22 29;B7 12;B2 14;A4 14 6 52 14;B2 15;B6 14 15 4;B3 0 0 30;C3 29;A1 4 23 27;B7 13;C3 30;D13 24 24 32 31;D13 25 37 32 33;A2 23 18 28;B2 16;A2 16 25 33;B7 16;B3 0 0 34;B2 21;A6 47 21&&C0;B1&&{ D13 21 0 32 19;D13 10 42 32 40;D22 29 35 46 39;};D13 14 1 48 42;D12 34 43 53 44;D22 0 $((N1+8)) 51 32;D13 4 8 41 6;D12 26 28 35 34;D13 27 29 36 35;A2 27 32 39&&{ B2 19;A2 33 33 40;B2 20;B6 19 20 3;};C2 36;D23 33 34 42 37;B1&&D23 35 45 55 46;D23 32 31 43 38;D12 36 47 32 48;D13 20 42 32 41;D23 14 2 48 43;D13 4 5 32 1;D13 4 3 60 5;D12 26 48 49 49;B3 4 22 57;A1 26 46 56;B7 22;B3 0 0 58;C3 47;D22 4 4 50 0;D23 22 9 37 7;A7;C2 2;} 2>/dev/null|pbcopy;exit 2>&-
Copy the selected text to the Clipboard by pressing the key combination command-C.
8. Launch the built-in Terminal application in any of the following ways:
☞ Enter the first few letters of its name into a Spotlight search. Select it in the results (it should be at the top.)
☞ In the Finder, select Go ▹ Utilities from the menu bar, or press the key combination shift-command-U. The application is in the folder that opens.
☞ Open LaunchPad. Click Utilities, then Terminal in the icon grid.
Click anywhere in the Terminal window and paste by pressing command-V. The text you pasted should vanish immediately. If it doesn't, press the return key.
9. If you see an error message in the Terminal window such as "Syntax error" or "Event not found," enter
exec bash
and press return. Then paste the script again.
10. If you're logged in as an administrator, you'll be prompted for your login password. Nothing will be displayed when you type it. You will not see the usual dots in place of typed characters. Make sure caps lock is off. Type carefully and then press return. You may get a one-time warning to be careful. If you make three failed attempts to enter the password, the test will run anyway, but it will produce less information. In most cases, the difference is not important. If you don't know the password, or if you prefer not to enter it, press the key combination control-C or just press return three times at the password prompt. Again, the script will still run.
If you're not logged in as an administrator, you won't be prompted for a password. The test will still run. It just won't do anything that requires administrator privileges.
11. The test may take a few minutes to run, depending on how many files you have and the speed of the computer. A computer that's abnormally slow may take longer to run the test. While it's running, there will be nothing in the Terminal window and no indication of progress. Wait for the line
[Process completed]
to appear. If you don't see it within half an hour or so, the test probably won't complete in a reasonable time. In that case, close the Terminal window and report what happened. No harm will be done.
12. When the test is complete, quit Terminal. The results will have been copied to the Clipboard automatically. They are not shown in the Terminal window. Please don't copy anything from there. All you have to do is start a reply to this comment and then paste by pressing command-V again.
At the top of the results, there will be a line that begins with the words "Start time." If you don't see that, but instead see a mass of gibberish, you didn't wait for the "Process completed" message to appear in the Terminal window. Please wait for it and try again.
If any private information, such as your name or email address, appears in the results, anonymize it before posting. Usually that won't be necessary.
13. When you post the results, you might see an error message on the web page: "You have included content in your post that is not permitted," or "You are not authorized to post." That's a bug in the forum software. Please post the test results on Pastebin, then post a link here to the page you created.
14. This is a public forum, and others may give you advice based on the results of the test. They speak only for themselves, and I don't necessarily agree with them.
Copyright © 2014 by Linc Davis. As the sole author of this work, I reserve all rights to it except as provided in the Use Agreement for the Apple Support Communities website ("ASC"). Readers of ASC may copy it for their own personal use. Neither the whole nor any part may be redistributed.

Using ARD for scanning remote computers for Virus

Similar Messages

Maybe you are looking for