ZCM Agent Inventory Scan - Patterns for Software Recognition

Similar Messages

• ZCM Agent + DeepFreeze + Data Igloo for .appstate files?

  I was wondering if anyone has any knowledge about using Data Igloo to redirect where zenworks stores its appstate files and relationships on the workstation to a thaw partition on machines with DeepFreeze? As it stands, with C:\ frozen, run on login bundles only run on the 2nd+ logins because on the first login they do not know about the relationship after being rebooted. If i use data igloo to redirect the area where Zenworks stores its relationships and appstate files I was thinking that then zenworks would always have its current relationships up to date, which would in turn fix the run on login problem, and also likely speed up login times because there would be less to go over each boot.
  What are your guys' thoughts on this?
  Thanks,
  Adam Pitt
  System Engineer
  Clare-Gladwin RESD

  Hi Adam,
  We have some batch files we run on the workstation. Doing a zac ref will refresh the workstation and execute the bundles assigned to it.
  Running zac bin GUID or zac bln GUID can be used to run / launch the bundle from a batch file.
  We have deepfreeze and looked at data Igloo as will but we would then have to use seperate partitions. Ideally it would be good to have a thawed folder on any partition we could use.
  So not using data igloo at the moment.
  Regards
  Mark

• What is the Scan from string pattern for "match everything" ?

  Hello,
  Using Scan from string for a while, I know that %s only matches string up to a whitespace. And I also thought %[^] would match everything including whitespaces. But it turned out that it would stop at the closing square brace.
  So, what is the real scan pattern for match everything including whitespaces ?

  What do you want the Scan From String to end on?  Or are you just grabbing the rest of the string?  If that is your scenario, then just use the "remaining string" output.  It might help if you give a full example of a normal input string and EVERYTHING you want as an output.

• Novell client still show red "N", does ZCM Agent work ?

  Hi
  my customer has some workstation login slow.
  User type his username & password and summit it, Novell client show red "N" about 4 ~7 mins...when red "N" disappear, it will login to desktop about 15-20 seconds...
  I want to ask...when red "N" icon still show...Whether the Novell client still try to connect to server or not ? and that time, if ZCM Agent (CASA module) still waiting capture username/password or it has capture these infromation to CASA server ??
  Because I want to clear if workstation login slow by ZCM agent .
  wyldkao

  Hi Shaun
  Thanks For your great reply.
  I find a troubleshooting section in ZCM installation Guide , about "Unable to install NetIdentity from Novell Client 32 on a device that has ZENworks installed", the section was be record from 10.1 to 11.1. The Netidentity has a Install-Check action for checking Whether Local_Machine\Software\zenworks exist or not....but ZCM 10.3 or later use Local_Machine\Software\ZCM, not useing "zenworks", so Netidentity could install evenif ZCM agent installed.
  I know ZDM agent has some issue with Netidenty...but I do know why ZCM installation still record it....even ZCM11.1 installation Guide. Could you help me clear whether Netidentity agent will effect ZCM Agent or not ?? Because I could not find any document that could provide any message it will effect "ZCM" function
  thanks!!
  wyldkao

• ZCM Inventory Scan of a NetWare 6.5 Server

  I was able to install the ZCM Adaptive Agent for NetWare servers on all of my NetWare servers, and I can see these servers in Devices/Servers after performing a discovery.
  How can I run an inventory scan for these NetWare servers so I can get more detailed information about these servers?
  Thank You,
  Ray Barry

  On Thu, 28 Feb 2008 20:44:31 GMT, Raymond Barry wrote:
  > How can I run an inventory scan for these NetWare servers so I can get more detailed information about these servers?
  probably better posted in the ZCM inventory forum...
  but.. if you go to configuration of your zone and than device management (I
  think) you will find inventory only schedules
  Marcus Breiden
  If you are asked to email me information please remove the - in my e-mail
  address.
  The content of this mail is my private and personal opinion.
  http://www.didas.de

• Intermittent Scan issues for Update Agent

  I am having an issue with SUP/WSUS that I am hoping someone can point me on the right direction on..
  The environment is:
  SCCM 2012 R2 Primary Site Server on Server 2012 R2 Update
  SQL 2012 SP1 on Server 2012 R2 Update (standalone server) that houses the SCCM DB and the WSUS DB.  
  Software Update Point is on Server 2012 R2 Update (standalone) with WSUS roll installed. WSUS is configured for SSL (with "requires ssl" checked on the role) and using port 8531.
  No issues with the SUP install.  The SUP is synchronizing just fine with Microsoft and I am able manage update objects in the SCCM Admin console (create update groups, ADR's, etc.)  
  WSUSCtrl.log:
  Checking for supported version of WSUS (min WSUS 3.0 SP2 + KB2720211 + KB2734608)
  SMS_WSUS_CONTROL_MANAGER 5/27/2014 2:16:03 PM
  3304 (0x0CE8)
  Checking runtime v2.0.50727... SMS_WSUS_CONTROL_MANAGER
  5/27/2014 2:16:03 PM 3304 (0x0CE8)
  Did not find supported version of assembly Microsoft.UpdateServices.Administration.
  SMS_WSUS_CONTROL_MANAGER 5/27/2014 2:16:03 PM
  3304 (0x0CE8)
  Checking runtime v4.0.30319... SMS_WSUS_CONTROL_MANAGER
  5/27/2014 2:16:03 PM 3304 (0x0CE8)
  Found supported assembly Microsoft.UpdateServices.Administration version 4.0.0.0, file version 6.3.9600.16384
  SMS_WSUS_CONTROL_MANAGER 5/27/2014 2:16:03 PM
  3304 (0x0CE8)
  Found supported assembly Microsoft.UpdateServices.BaseApi version 4.0.0.0, file version 6.3.9600.16384
  SMS_WSUS_CONTROL_MANAGER 5/27/2014 2:16:03 PM
  3304 (0x0CE8)
  Supported WSUS version found SMS_WSUS_CONTROL_MANAGER
  5/27/2014 2:16:03 PM 3304 (0x0CE8)
  Attempting connection to local WSUS server
  SMS_WSUS_CONTROL_MANAGER 5/27/2014 2:16:03 PM
  3304 (0x0CE8)
  Successfully connected to local WSUS server
  SMS_WSUS_CONTROL_MANAGER 5/27/2014 2:16:03 PM
  3304 (0x0CE8)
  No changes - local WSUS Server Proxy settings are correctly configured as Proxy Name  and Proxy Port 80
  SMS_WSUS_CONTROL_MANAGER 5/27/2014 2:16:03 PM
  3304 (0x0CE8)
  Attempting connection to local WSUS server
  SMS_WSUS_CONTROL_MANAGER 5/27/2014 2:16:03 PM
  3304 (0x0CE8)
  Successfully connected to local WSUS server
  SMS_WSUS_CONTROL_MANAGER 5/27/2014 2:16:03 PM
  3304 (0x0CE8)
  There are no unhealthy WSUS Server components on WSUS Server SERVER.SUBDOMAIN.DOMAIN.ORG
  SMS_WSUS_CONTROL_MANAGER 5/27/2014 2:16:03 PM
  3304 (0x0CE8)
  Successfully checked database connection on WSUS server SERVER.SUBDOMAIN.DOMAIN.ORG
  SMS_WSUS_CONTROL_MANAGER 5/27/2014 2:16:03 PM
  3304 (0x0CE8)
  The clients are getting the local policy pointing it to the correct URL.  This is also verified in the log:
  LocationServices.log:
  Current AD site of machine is EWJ LocationServices
  5/27/2014 1:45:41 PM 4236 (0x108C)
  Created and Sent Location Request '{3ABC15E0-70D3-4AE6-991C-B6BAF165C808}' for package {729742E6-9B66-4516-8A69-8569560D88C7}
  LocationServices 5/27/2014 1:45:41 PM
  4236 (0x108C)
  Calling back with the following WSUS locations
  LocationServices 5/27/2014 1:45:41 PM
  4236 (0x108C)
  WSUS Path='https://server.subdomain.domain.org:8531', Server='server.subdomain.domain.org', Version='10'
  LocationServices 5/27/2014 1:45:41 PM
  4236 (0x108C)
  Calling back with locations for WSUS request {3ABC15E0-70D3-4AE6-991C-B6BAF165C808}
  LocationServices 5/27/2014 1:45:41 PM
  4236 (0x108C)
  The issue comes into play in the fact that what appears to be about 85-90% of the time, the client scan cycle fails with error 0x80244004.  This is both Windows 7 x86/64 Pro and Windows XP SP3.  The error translates to:
  Same as SOAPCLIENT_CONNECT_ERROR - SOAP client failed to connect to the server.
  Source: Windows Update Agent
  The REALLY bizarre thing is that the OS's are inverted on their failure rates.  Win 7 fails 85-90% of the time, where as Win XP succeeds 85-90% of the time.
  We completely rebuilt the SUP Server (including OS and reconfigured it again for SSL) and alas the issue remains.
  Here's some snippets from the logs files from a machine when it fails:
  ScanAgent.log
  Message received: '<?xml version='1.0' ?>
  <UpdateSourceMessage MessageType='ScanByUpdateSource'>
  <ForceScan>TRUE</ForceScan>
  <UpdateSourceIDs>
  <ID>{729742E6-9B66-4516-8A69-8569560D88C7}
  </ID>
  </UpdateSourceIDs>
  </UpdateSourceMessage>'
  ScanAgent
  5/27/2014 1:45:41 PM 4236 (0x108C)
  *****ScanByUpdateSource request received with ForceReScan=2, ScanOptions=0x0000000a,  WSUSLocationTimeout = 604800
  ScanAgent 5/27/2014 1:45:41 PM
  4236 (0x108C)
  Sources are current, but Invalid. TTL is also invalid.
  ScanAgent 5/27/2014 1:45:41 PM
  4236 (0x108C)
  ScanJob({DDFF8212-94D4-4BDC-8A47-41E203F6AD79}): - - - - - -Locations requested for ScanJobID={DDFF8212-94D4-4BDC-8A47-41E203F6AD79} (LocationRequestID={3ABC15E0-70D3-4AE6-991C-B6BAF165C808}), will process the scan request once locations are available.
  ScanAgent 5/27/2014 1:45:41 PM
  4236 (0x108C)
  *****WSUSLocationUpdate received for location request guid={3ABC15E0-70D3-4AE6-991C-B6BAF165C808}
  ScanAgent 5/27/2014 1:45:41 PM
  4236 (0x108C)
  Sources are current, but Invalid. TTL is also invalid.
  ScanAgent 5/27/2014 1:45:41 PM
  2216 (0x08A8)
  ScanJob({DDFF8212-94D4-4BDC-8A47-41E203F6AD79}): CScanJob::OnScanComplete -Scan Failed with Error=0x80244004
  ScanAgent 5/27/2014 1:45:44 PM
  4236 (0x108C)
  ScanJob({DDFF8212-94D4-4BDC-8A47-41E203F6AD79}): CScanJob::ScheduleScanRetry- ScanRetry Timer task successfully scheduled. Will wake up in next 1800 seconds
  ScanAgent 5/27/2014 1:45:44 PM
  4236 (0x108C)
  ScanJob({DDFF8212-94D4-4BDC-8A47-41E203F6AD79}): CScanJob::OnScanComplete - Scan Retry successfully scheduled
  ScanAgent 5/27/2014 1:45:44 PM
  4236 (0x108C)
  ScanJob({DDFF8212-94D4-4BDC-8A47-41E203F6AD79}): CScanJobManager::OnScanComplete- Scan has failed, scan request will be pending for scan retry cycle.
  ScanAgent 5/27/2014 1:45:44 PM
  4236 (0x108C)
  CScanAgent::ScanCompleteCallback - failed at OnScanComplete with error=0x87d00631
  ScanAgent 5/27/2014 1:45:44 PM
  4236 (0x108C)
  WindowsUpdate.log:
  2014-05-27 13:45:41:482
  2956 8a8
  COMAPI -------------
  2014-05-27 13:45:41:482
  2956 8a8
  COMAPI -- START --  COMAPI: Search [ClientId = CcmExec]
  2014-05-27 13:45:41:482
  2956 8a8
  COMAPI ---------
  2014-05-27 13:45:41:497
  936 ed4
  Agent *************
  2014-05-27 13:45:41:497
  936 ed4
  Agent ** START **  Agent: Finding updates [CallerId = CcmExec]
  2014-05-27 13:45:41:497
  936 ed4
  Agent *********
  2014-05-27 13:45:41:497
  936 ed4
  Agent  * Include potentially superseded updates
  2014-05-27 13:45:41:497
  936 ed4
  Agent  * Online = Yes; Ignore download priority = Yes
  2014-05-27 13:45:41:497
  936 ed4
  Agent  * Criteria = "(DeploymentAction=* AND Type='Software') OR (DeploymentAction=* AND Type='Driver')"
  2014-05-27 13:45:41:497
  936 ed4
  Agent  * ServiceID = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7} Managed
  2014-05-27 13:45:41:497
  936 ed4
  Agent  * Search Scope = {Machine}
  2014-05-27 13:45:41:497
  2956 8a8
  COMAPI <<-- SUBMITTED -- COMAPI: Search [ClientId = CcmExec]
  2014-05-27 13:45:44:025
  936 ed4
  PT +++++++++++  PT: Synchronizing server updates  +++++++++++
  2014-05-27 13:45:44:025
  936 ed4
  PT  + ServiceId = {3DA21691-E39D-4DA6-8A4B-B43877BCB1B7}, Server URL = https://server.subdomain.domain::8531/ClientWebService/client.asmx
  2014-05-27 13:45:44:056
  936 ed4
  PT WARNING: Cached cookie has expired or new PID is available
  2014-05-27 13:45:44:056
  936 ed4
  PT Initializing simple targeting cookie, clientId = cf0c5d2d-2a04-41a7-8a1b-4182de886397, target group = , DNS name = sccmtstw7x641.subdomain.domain:
  2014-05-27 13:45:44:056
  936 ed4
  PT  Server URL = https://server.subdomain.domain:8531/SimpleAuthWebService/SimpleAuth.asmx
  2014-05-27 13:45:44:056
  936 ed4
  PT WARNING: GetAuthorizationCookie failure, error = 0x80244004, soap client error = 4, soap error code = 0, HTTP status code = 200
  2014-05-27 13:45:44:056
  936 ed4
  PT WARNING: Failed to initialize Simple Targeting Cookie: 0x80244004
  2014-05-27 13:45:44:056
  936 ed4
  PT WARNING: PopulateAuthCookies failed: 0x80244004
  2014-05-27 13:45:44:056
  936 ed4
  PT WARNING: RefreshCookie failed: 0x80244004
  2014-05-27 13:45:44:056
  936 ed4
  PT WARNING: RefreshPTState failed: 0x80244004
  2014-05-27 13:45:44:056
  936 ed4
  PT WARNING: Sync of Updates: 0x80244004
  2014-05-27 13:45:44:056
  936 ed4
  PT WARNING: SyncServerUpdatesInternal failed: 0x80244004
  2014-05-27 13:45:44:056
  936 ed4
  Agent  * WARNING: Failed to synchronize, error = 0x80244004
  2014-05-27 13:45:44:056
  936 ed4
  Agent  * WARNING: Exit code = 0x80244004
  2014-05-27 13:45:44:056
  936 ed4
  Agent *********
  2014-05-27 13:45:44:056
  936 ed4
  Agent **  END  **  Agent: Finding updates [CallerId = CcmExec]
  2014-05-27 13:45:44:056
  936 ed4
  Agent *************
  2014-05-27 13:45:44:056
  936 ed4
  Agent WARNING: WU client failed Searching for update with error 0x80244004
  2014-05-27 13:45:44:071
  2956 8a8
  COMAPI >>--  RESUMED  -- COMAPI: Search [ClientId = CcmExec]
  2014-05-27 13:45:44:071
  2956 8a8
  COMAPI  - Updates found = 0
  2014-05-27 13:45:44:071
  2956 8a8
  COMAPI  - WARNING: Exit code = 0x00000000, Result code = 0x80244004
  2014-05-27 13:45:44:071
  2956 8a8
  COMAPI ---------
  2014-05-27 13:45:44:071
  2956 8a8
  COMAPI --  END  --  COMAPI: Search [ClientId = CcmExec]
  2014-05-27 13:45:44:071
  2956 8a8
  COMAPI -------------
  2014-05-27 13:45:44:071
  2956 8a8
  COMAPI WARNING: Operation failed due to earlier error, hr=80244004
  2014-05-27 13:45:44:071
  2956 8a8
  COMAPI FATAL: Unable to complete asynchronous search. (hr=80244004)
  Log file for contrast on a client when it works:
  ScanAgent.log
  Message received: '<?xml version='1.0' ?>
  <UpdateSourceMessage MessageType='ScanByUpdateSource'>
  <ForceScan>TRUE</ForceScan>
  <UpdateSourceIDs>
  <ID>{729742E6-9B66-4516-8A69-8569560D88C7}
  </ID>
  </UpdateSourceIDs>
  </UpdateSourceMessage>'
  ScanAgent
  5/27/2014 1:43:20 PM 4052 (0x0FD4)
  *****ScanByUpdateSource request received with ForceReScan=2, ScanOptions=0x0000000a,  WSUSLocationTimeout = 604800
  ScanAgent 5/27/2014 1:43:20 PM
  4052 (0x0FD4)
  Sources are current and valid. TTLs are however, invalid.
  ScanAgent 5/27/2014 1:43:20 PM
  4052 (0x0FD4)
  ScanJob({1BF68613-35BB-4627-A3F3-FCA455547578}): - - - - - -Locations requested for ScanJobID={1BF68613-35BB-4627-A3F3-FCA455547578} (LocationRequestID={F6F11712-31EA-49BF-AD63-FF3FEF1BA29C}), will process the scan request once locations are available.
  ScanAgent 5/27/2014 1:43:20 PM
  4052 (0x0FD4)
  *****WSUSLocationUpdate received for location request guid={F6F11712-31EA-49BF-AD63-FF3FEF1BA29C}
  ScanAgent 5/27/2014 1:43:20 PM
  3648 (0x0E40)
  Sources are current and valid. TTLs are however, invalid.
  ScanAgent 5/27/2014 1:43:20 PM
  4052 (0x0FD4)
  ScanJob({1BF68613-35BB-4627-A3F3-FCA455547578}): Performing Full Scan.
  ScanAgent 5/27/2014 1:43:20 PM
  4052 (0x0FD4)
  ScanJob({1BF68613-35BB-4627-A3F3-FCA455547578}): Scan Succeeded, Resetting Source to Current and TTLs to Valid
  ScanAgent 5/27/2014 1:43:35 PM
  3648 (0x0E40)
  ScanJob({1BF68613-35BB-4627-A3F3-FCA455547578}): CScanJob::OnScanComplete - Scan completed successfully, ScanType=1
  ScanAgent 5/27/2014 1:43:35 PM
  3648 (0x0E40)
  ScanJob({1BF68613-35BB-4627-A3F3-FCA455547578}): CScanJobManager::OnScanComplete -ScanJob is completed.
  ScanAgent 5/27/2014 1:43:35 PM
  3648 (0x0E40)
  ScanJob({1BF68613-35BB-4627-A3F3-FCA455547578}): CScanJobManager::OnScanComplete - Reporting Scan request complete to clients...
  ScanAgent 5/27/2014 1:43:35 PM
  3648 (0x0E40)
  - - Calling back to client on Scan request complete...
  ScanAgent 5/27/2014 1:43:35 PM
  3648 (0x0E40)
  CScanAgent::ScanComplete- Scan completion received.
  ScanAgent 5/27/2014 1:43:35 PM
  3648 (0x0E40)
  I have verified there are no proxy settings on any of these devices by running "Netsh winhttp show proxy"
  Current WinHTTP proxy settings:
      Direct access (no proxy server).
  Firewall is OFF on both clients and servers.  There are no WU GPO settings applied.
  Anyone have any clues on where to look next?  I have been scouring the internet for a couple of days now and seems that all roads with this type of error leads back to a proxy issue, but since no proxy's are in play here, hasn't been of much help.  Still
  digging through stuff but if anyone has any pointers on where to look next it would much appreciated!
  Thanks,

  Found this Technet article: http://social.technet.microsoft.com/Forums/ru-RU/a1c81d16-d5d0-4367-bae6-3338aab0633f/client-updates-failing-windowsupdatelog-0x80244004?forum=configmanagersecurity
  I ran a Wireshark trace and received the exact same error on my client.  I have sent this over to the client to take a closer look.  Fingers crossed that this is the issue as it should be a simple fix.  *fingers crossed*

• MSI: Warning 25702. Failed to uninstall PrepDrvr.Sys for Software Metering Agent

  hello all,
  Iam having same problem of uninstalling sccm agent 2012. I get the error "MSI: Warning 25702. Failed
  to uninstall PrepDrvr.Sys for
  Software Metering Agent". i have used the command ccmsetup /uninstall but it did not work. i also used msiexec /x client.msi and that did not work
  either. in both cases I get same error.any one with a resolution?

  No it won't, it'll leave parts of the client not uninstalled.
  Victor_Okpara\Serg Danshin did you ever get to the bottom of this issue? Did a Client reinstall fix it?
  Robert Marshall | This forum post is my own opinion and does not necessarily reflect the opinion or view of Microsoft, its employees, or other MVPs

• ZCM Agent uninstall ask for password

  Hello,
  It appears that since we upgraded ZCM 11 to SP1 it is not possible to uninstall ZCM Agent anymore without an error (with the cleanup tool or the standard way to uninstall).
  ZESM always ask for a password. The fact is that there is no password policy in the Zone..
  What's wrong?
  Thanks in advance.

  This was a bug in the core uninstall fixed in 11.1a following the reboot. In the forthcoming SP2, there will be a zone wide agent setting that controls the uninstall password (and agent self defense) regardless of the ZESM license or enable/disable state.

• Choice of design pattern for data acquisition system

  Hello all
  I have a trouble about selecting the suitable design pattern / architecture for a data acquisition system. 
  Here is the details of the desired system:
  There is data acquisition hardware and I need to use it by observing parameters on User interface. 
  the data acquisiton period, channel list to scan should be chosen on User interface. Besides, there are many user interface interactions. e.g. if user selects a channel to add scanlist, then I need to enable and make visible some other parts on user interface. 
  When user completes the channel selection, then he will press the button to start data acquisition. Then I also need to show the scanned values on a graph in real time and log them in txt file.
  I know that I cannot use producer consumer pattern here. because the data acquisition loop should wait for parameters to scan channels. and it works in a given period by user. so the user interface loop performs higher rate then consumer loop (data acquisition loop). it means queue will be bigger bigger. if I use notifier it will loss some data come from user interface. 
  is there any idea about that ? is there any suitable design pattern for this case ? 
  Thanks in advance
  best regards 
  Veli BAYAR
  Embedded Systems Software and Hardware Engineer 
  "You live in a graphical world. Why not program in one?"
  Solved!
  Go to Solution.

  johnsold wrote:
  Veli,
  I recommend the Producer/Consumer model with some modifications.
  You might need three loops.  I cannot tell for sure from your brief description.
  The User Interface loop responds to the user inputs for configuration and start/stop of acquisition.  The parameters and commands are passed to the Data Acquisition loop via a queue. In this loop is a state machine which has Idle, Configuration, Acquisition, and Shutdown states (and perhaps others). The data is sent to the Processing loop via a different queue. The Processing loop performs any data processing, displays the data to the user, and saves it to file. A notifier can be used to send the Stop or shutdown command from the User Interface loop to the other loops.  If the amount of processing is minimal and the file write times are not too long, the Processing loop functions might be able to occur in the Timeout case of the UI loop Event structure.  This simplifies things somewhat but is not as flexible when changes need to be made.
  I am not sure that a Design Pattern for this exact setup exists but it is basically a combination of the Producer/Consumer (Events) and Producer/Consumer (Data) Design Patterns.
  Lynn
  Check out this thread: http://forums.ni.com/t5/LabVIEW/Multiple-poll-case-structures-to-event-help/td-p/2551309
  There are discussions there about a 3-loop architecture that may help you.
  Jeff
  Jeffrey Zola

• Win98 not getting inventory scan

  Our XP systems are getting the inventory scan and importing it into
  the
  database, but our Win98 systems are not.
  Recently I deleted all the workstation objects, then ran a sync to the
  database to clear it out. I then ran unreg32 at each workstation and
  let
  them reimport themselves and rerun the inventory scan.
  The XP systems worked fine. The win98 systems imported into the NDS
  with
  the minimal workstation info. But none of the info got into the
  database. When you look in nds and ask for more workstation info,
  almost
  everything comes up with "NO INFORMATION FOUND".
  It looked like it was just scanning for delta info, so yesterday I
  went
  into ConsoleOne and checked start full scan for every win98
  workstation.
  Now when I look at the java interpereter on the console, Win98 systems
  aren't showing up as getting scanned at all.
  If I look at the Scan status, I get the following messages:
  Scanner(Warning) : 027: Unable to read the sequence number from the
  Workstation Object.
  Scanner(Information) : 024: Initiated scan successfully.
  Scanner(Information) : 009: Software Scan done using Microsoft
  Installer
  (MSI).
  Before I asked for the full workstation scan, I would also get this
  message, but I don't get it anymore.
  Storer(Information) : 200: The Storer has updated the database.
  Thanks,
  Pam

  [email protected]
  > I suppose I could try upgrading the clients & see if the upgrade
  > resets whatever is stuck?
  For zen 3.0 you really are at the newest client you can be, or maybe
  even too new.
  I would try this next, although I don't know if it will fix it.
  1. Make Sure the "Enable Software Scan" box is checked.
  2. Create a new Workstation Package and reconfigure the inventory
  policies.
  3. Restart the server, unless you have already done that.
  Let me know if that helps.
  Jared L Jennings
  Novell Support Forums SysOp
  Geek by Nature, NetWare by Choice.

• Changing the lokal Grouppolicy after installing ZCM Agent

  Befor installing the ZCM Agent, we configure the lokal grouppolicy with some settings.
  These settings will be applied even if the ZCM Agent will be installed to the machine.
  But how can I change settings in these grouppolicys afterwards (without overwriting the settings in a ZCM managed grouppolicy)?
  Where are they stored and how can I deliver new settings to this set?
  (Under ZFD7 I put the new lokal GP to %*WinSysDir%\GroupPolicy.WMOriginal2 and delete
  HKLM\SOFTWARE\Novell\Workstation Manager\Group Policies\User and
  HKLM\SOFTWARE\Novell\Workstation Manager\Group Policies\Workstation
  to get new lokal grouppolicy settings merged to the ZFD managed GP's.)
  Frank

  Frank,
  i deploy LGPOs via Bundle 'Text File' action and apply_lgpo_delta.exe. You could also use importregpol.exe with the .pol Files.
  Use a dummy GPO in a Windows Domain to produce registry.pol and GptTmpl.inf Files and to track Changes.
  (Utilities for automating Local Group Policy management - Microsoft&#39;s USGCB Tech Blog - Site Home - TechNet Blogs)
  best regards
  MArkus

• I am looking for a (free, ideally) virus scan/check for my MacBook Pro -- any suggestions?

  I am looking for a (free, ideally) virus scan/check for my MacBook Pro -- any suggestions?

  Mac users often ask whether they should install "anti-virus" software. The answer usually given on ASC is "no." The answer is right, but it may give the wrong impression that there is no threat from what are loosely called "viruses." There  is a threat, and you need to educate yourself about it.
  1. This is a comment on what you should—and should not—do to protect yourself from malicious software ("malware") that circulates on the Internet and gets onto a computer as an unintended consequence of the user's actions. It does not apply to software, such as keystroke loggers, that may be installed deliberately by an intruder who has hands-on access to the computer, or who has been able to log in to it remotely. That threat is in a different category, and there's no easy way to defend against it.
  The comment is long because the issue is complex. The key points are in sections 5, 6, and 10.
  OS X now implements three layers of built-in protection specifically against malware, not counting runtime protections such as execute disable, sandboxing, system library randomization, and address space layout randomization that may also guard against other kinds of exploits.
  2. All versions of OS X since 10.6.7 have been able to detect known Mac malware in downloaded files, and to block insecure web plugins. This feature is transparent to the user. Internally Apple calls it "XProtect."
  The malware recognition database used by XProtect is automatically updated; however, you shouldn't rely on it, because the attackers are always at least a day ahead of the defenders.
  The following caveats apply to XProtect:
  ☞ It can be bypassed by some third-party networking software, such as BitTorrent clients and Java applets.
  ☞ It only applies to software downloaded from the network. Software installed from a CD or other media is not checked.
  As new versions of OS X are released, it's not clear whether Apple will indefinitely continue to maintain the XProtect database of older versions such as 10.6. The security of obsolete system versions may eventually be degraded. Security updates to the code of obsolete systems will stop being released at some point, and that may leave them open to other kinds of attack besides malware.
  3. Starting with OS X 10.7.5, there has been a second layer of built-in malware protection, designated "Gatekeeper" by Apple. By default, applications and Installer packages downloaded from the network will only run if they're digitally signed by a developer with a certificate issued by Apple. Software certified in this way hasn't necessarily been tested by Apple, but you can be reasonably sure that it hasn't been modified by anyone other than the developer. His identity is known to Apple, so he could be held legally responsible if he distributed malware. That may not mean much if the developer lives in a country with a weak legal system (see below.)
  Gatekeeper doesn't depend on a database of known malware. It has, however, the same limitations as XProtect, and in addition the following:
  ☞ It can easily be disabled or overridden by the user.
  ☞ A malware attacker could get control of a code-signing certificate under false pretenses, or could simply ignore the consequences of distributing codesigned malware.
  ☞ An App Store developer could find a way to bypass Apple's oversight, or the oversight could fail due to human error.
  Apple has so far failed to revoke the codesigning certificates of some known abusers, thereby diluting the value of Gatekeeper and the Developer ID program. These failures don't involve App Store products, however.
  For the reasons given, App Store products, and—to a lesser extent—other applications recognized by Gatekeeper as signed, are safer than others, but they can't be considered absolutely safe. "Sandboxed" applications may prompt for access to private data, such as your contacts, or for access to the network. Think before granting that access. Sandbox security is based on user input. Never click through any request for authorization without thinking.
  4. Starting with OS X 10.8.3, a third layer of protection has been added: a "Malware Removal Tool" (MRT). MRT runs automatically in the background when you update the OS. It checks for, and removes, malware that may have evaded the other protections via a Java exploit (see below.) MRT also runs when you install or update the Apple-supplied Java runtime (but not the Oracle runtime.) Like XProtect, MRT is effective against known threats, but not against unknown ones. It notifies you if it finds malware, but otherwise there's no user interface to MRT.
  5. The built-in security features of OS X reduce the risk of malware attack, but they are not, and never will be, complete protection. Malware is a problem of human behavior, and a technological fix is not going to solve it. Trusting software to protect you will only make you more vulnerable.
  The best defense is always going to be your own intelligence. With the possible exception of Java exploits, all known malware circulating on the Internet that affects a fully-updated installation of OS X 10.6 or later takes the form of so-called "Trojan horses," which can only have an effect if the victim is duped into running them. The threat therefore amounts to a battle of wits between you and the scam artists. If you're smarter than they think you are, you'll win. That means, in practice, that you always stay within a safe harbor of computing practices. How do you know when you're leaving the safe harbor? Below are some warning signs of danger.
  Software from an untrustworthy source
  ☞ Software of any kind is distributed via BitTorrent, or Usenet, or on a website that also distributes pirated music or movies.
  ☞ Software with a corporate brand, such as Adobe Flash Player, doesn't come directly from the developer’s website. Do not trust an alert from any website to update Flash, or your browser, or any other software.
  ☞ Rogue websites such as Softonic and CNET Download distribute free applications that have been packaged in a superfluous "installer."
  ☞ The software is advertised by means of spam or intrusive web ads. Any ad, on any site, that includes a direct link to a download should be ignored.
  Software that is plainly illegal or does something illegal
  ☞ High-priced commercial software such as Photoshop is "cracked" or "free."
  ☞ An application helps you to infringe copyright, for instance by circumventing the copy protection on commercial software, or saving streamed media for reuse without permission.
  Conditional or unsolicited offers from strangers
  ☞ A telephone caller or a web page tells you that you have a “virus” and offers to help you remove it. (Some reputable websites did legitimately warn visitors who were infected with the "DNSChanger" malware. That exception to this rule no longer applies.)
  ☞ A web site offers free content such as video or music, but to use it you must install a “codec,” “plug-in,” "player," "downloader," "extractor," or “certificate” that comes from that same site, or an unknown one.
  ☞ You win a prize in a contest you never entered.
  ☞ Someone on a message board such as this one is eager to help you, but only if you download an application of his choosing.
  ☞ A "FREE WI-FI !!!" network advertises itself in a public place such as an airport, but is not provided by the management.
  ☞ Anything online that you would expect to pay for is "free."
  Unexpected events
  ☞ A file is downloaded automatically when you visit a web page, with no other action on your part. Delete any such file without opening it.
  ☞ You open what you think is a document and get an alert that it's "an application downloaded from the Internet." Click Cancel and delete the file. Even if you don't get the alert, you should still delete any file that isn't what you expected it to be.
  ☞ An application does something you don't expect, such as asking for permission to access your contacts, your location, or the Internet for no obvious reason.
  ☞ Software is attached to email that you didn't request, even if it comes (or seems to come) from someone you trust.
  I don't say that leaving the safe harbor just once will necessarily result in disaster, but making a habit of it will weaken your defenses against malware attack. Any of the above scenarios should, at the very least, make you uncomfortable.
  6. Java on the Web (not to be confused with JavaScript, to which it's not related, despite the similarity of the names) is a weak point in the security of any system. Java is, among other things, a platform for running complex applications in a web page, on the client. That was always a bad idea, and Java's developers have proven themselves incapable of implementing it without also creating a portal for malware to enter. Past Java exploits are the closest thing there has ever been to a Windows-style virus affecting OS X. Merely loading a page with malicious Java content could be harmful.
  Fortunately, client-side Java on the Web is obsolete and mostly extinct. Only a few outmoded sites still use it. Try to hasten the process of extinction by avoiding those sites, if you have a choice. Forget about playing games or other non-essential uses of Java.
  Java is not included in OS X 10.7 and later. Discrete Java installers are distributed by Apple and by Oracle (the developer of Java.) Don't use either one unless you need it. Most people don't. If Java is installed, disable it—not JavaScript—in your browsers.
  Regardless of version, experience has shown that Java on the Web can't be trusted. If you must use a Java applet for a task on a specific site, enable Java only for that site in Safari. Never enable Java for a public website that carries third-party advertising. Use it only on well-known, login-protected, secure websites without ads. In Safari 6 or later, you'll see a lock icon in the address bar with the abbreviation "https" when visiting a secure site.
  Stay within the safe harbor, and you’ll be as safe from malware as you can practically be. The rest of this comment concerns what you should not do to protect yourself.
  7. Never install any commercial "anti-virus" (AV) or "Internet security" products for the Mac, as they are all worse than useless. If you need to be able to detect Windows malware in your files, use one of the free security apps in the Mac App Store—nothing else.
  Why shouldn't you use commercial AV products?
  ☞ To recognize malware, the software depends on a database of known threats, which is always at least a day out of date. This technique is a proven failure, as a major AV software vendor has admitted. Most attacks are "zero-day"—that is, previously unknown. Recognition-based AV does not defend against such attacks, and the enterprise IT industry is coming to the realization that traditional AV software is worthless.
  ☞ Its design is predicated on the nonexistent threat that malware may be injected at any time, anywhere in the file system. Malware is downloaded from the network; it doesn't materialize from nowhere. In order to meet that nonexistent threat, commercial AV software modifies or duplicates low-level functions of the operating system, which is a waste of resources and a common cause of instability, bugs, and poor performance.
  ☞ By modifying the operating system, the software may also create weaknesses that could be exploited by malware attackers.
  ☞ Most importantly, a false sense of security is dangerous.
  8. An AV product from the App Store, such as "ClamXav," has the same drawback as the commercial suites of being always out of date, but it does not inject low-level code into the operating system. That doesn't mean it's entirely harmless. It may report email messages that have "phishing" links in the body, or Windows malware in attachments, as infected files, and offer to delete or move them. Doing so will corrupt the Mail database. The messages should be deleted from within the Mail application.
  An AV app is not needed, and cannot be relied upon, for protection against OS X malware. It's useful, if at all, only for detecting Windows malware, and even for that use it's not really effective, because new Windows malware is emerging much faster than OS X malware.
  Windows malware can't harm you directly (unless, of course, you use Windows.) Just don't pass it on to anyone else. A malicious attachment in email is usually easy to recognize by the name alone. An actual example:
  London Terror Moovie.avi [124 spaces] Checked By Norton Antivirus.exe
  You don't need software to tell you that's a Windows trojan. Software may be able to tell you which trojan it is, but who cares? In practice, there's no reason to use recognition software unless an organizational policy requires it. Windows malware is so widespread that you should assume it's in everyemail attachment until proven otherwise. Nevertheless, ClamXav or a similar product from the App Store may serve a purpose if it satisfies an ill-informed network administrator who says you must run some kind of AV application. It's free and it won't handicap the system.
  The ClamXav developer won't try to "upsell" you to a paid version of the product. Other developers may do that. Don't be upsold. For one thing, you should not pay to protect Windows users from the consequences of their choice of computing platform. For another, a paid upgrade from a free app will probably have all the disadvantages mentioned in section 7.
  9. It seems to be a common belief that the built-in Application Firewall acts as a barrier to infection, or prevents malware from functioning. It does neither. It blocks inbound connections to certain network services you're running, such as file sharing. It's disabled by default and you should leave it that way if you're behind a router on a private home or office network. Activate it only when you're on an untrusted network, for instance a public Wi-Fi hotspot, where you don't want to provide services. Disable any services you don't use in the Sharing preference pane. All are disabled by default.
  10. As a Mac user, you don't have to live in fear that your computer may be infected every time you install software, read email, or visit a web page. But neither can you assume that you will always be safe from exploitation, no matter what you do. Navigating the Internet is like walking the streets of a big city. It's as safe or as dangerous as you choose to make it. The greatest harm done by security software is precisely its selling point: it makes people feel safe. They may then feel safe enough to take risks from which the software doesn't protect them. Nothing can lessen the need for safe computing practices.

• UPGRADING TO ZCM AGENT 10.3.3 CAUSING BLUE SCREENS....

  We are having alot of issues upgrading to ZCM agent 10.3 from older agents 10.22 and 10.3.0 . Users are getting multiple issues mostly Blue screens when they try logging in, and some are getting prompted for the zenworks login, which I'm asumming is a CASA related issue. The Blue screens are killing me and the users are angry..
  Has anyone seen this? Any pattern's fixes? .NET related?
  Thanks,

  I'd recommend an SR for the Blue Screens.
  There have been various reports of certain things with CASA not updating
  properly, but these generally don't cause BSOD.
  On 5/27/2011 10:06 AM, selbymathew2004 wrote:
  >
  > We are having alot of issues upgrading to ZCM agent 10.3 from older
  > agents 10.22 and 10.3.0 . Users are getting multiple issues mostly Blue
  > screens when they try logging in, and some are getting prompted for the
  > zenworks login, which I'm asumming is a CASA related issue. The Blue
  > screens are killing me and the users are angry..
  >
  > Has anyone seen this? Any pattern's fixes? .NET related?
  >
  > Thanks,
  >
  >
  Craig Wilson - MCNE, MCSE, CCNA
  Novell Knowledge Partner
  Novell does not officially monitor these forums.
  Suggestions/Opinions/Statements made by me are solely my own.
  These thoughts may not be shared by either Novell or any rational human.

• Inventory scan slows the workstation down

  Hi,
  we use zfd 4 since more than 3 years. (server 5.1SP8 with ZFD 4IR7)
  The inventory runs fine before we have begun to install all the Windows
  XP patches.
  We tried many netware client and zfd client versions. But the
  ntscan32.exe needs now more than 10 minutes to scan our workstations
  (new hardware DELL Latitude D-Series). During this time you cannot work
  with this workstations, even it is a full or differential scan.
  We play a little with the inventory policies, but nothing helps. Policy
  is configured to run on system start with software and hardware scan.
  Any ideas?
  Chris

  Marcus Breiden wrote:
  >
  > are you also running a virus scanner?
  > --
  no, but we found the problem:
  We have about 48 application objects with XP patches and every
  application has its own dependencies. It seems that the checking of
  these dependencies simultaneously to the inventory scan causes the slow
  downs. After we have deleted the associations to the workstation
  objects everything looks like before.
  Now we think the NAL has some problems to work with complex
  dependencies.
  Thank you for your help
  Chris

• When Scan email for junk mail, or virus's is enabled, sending mail fails

  When I configure mail to scan email for either junk or virus's, i get the following in my SMTP log:
  Sep 6 17:44:59 eve postfix/smtp[28412]: D60C89D66D: to=<[email protected]>, relay=none, delay=0.02, delays=0.01/0/0/0, dsn=4.4.1, status=deferred (connect to 127.0.0.1[127.0.0.1]: Connection refused)
  If I disable both junk and virus's I am able to send normally
  Any ideas?

  when I run:
  ps U _amavisd
  The only processes are:
  PID TT STAT TIME COMMAND
  3308 ?? Ss 0:01.32 clamd
  3593 ?? Rs 0:03.79 clamd
  I then ran amavisd, and did not get any errors at the terminal, but here are my logs
  soundchristian.org /usr/bin/amavisd[7979]: Module Digest::MD5 2.36
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module IO::Socket::INET6 2.51
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module MIME::Entity 5.420
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module MIME::Parser 5.420
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module MIME::Tools 5.420
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module Mail::Header 1.74
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module Mail::Internet 1.74
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module Mail::SPF::Query 1.999001
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module Mail::SpamAssassin 3.002001
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module Net::DNS 0.60
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module Net::Server 0.87
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module Time::HiRes 1.86
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module URI 1.35
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Module Unix::Syslog 0.99
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Amavis::DB code loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Amavis::Cache code loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: SQL base code NOT loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: SQL::Log code NOT loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: SQL::Quarantine NOT loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Lookup::SQL code NOT loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Lookup::LDAP code NOT loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: AM.PDP-in proto code loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: SMTP-in proto code loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Courier proto code NOT loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: SMTP-out proto code loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Pipe-out proto code NOT loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: BSMTP-out proto code NOT loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Local-out proto code loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: OS_Fingerprint code NOT loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: ANTI-VIRUS code loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: ANTI-SPAM code loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: ANTI-SPAM-SA code loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Unpackers code loaded
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Found $file at /usr/bin/file
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No $dspam, not using it
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No $altermime, not using it
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Internal decoder for .mail
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Internal decoder for .asc
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Internal decoder for .uue
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Internal decoder for .hqx
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Internal decoder for .ync
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .F tried: unfreeze, freeze -d, melt, fcat
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Found decoder for .Z at /usr/bin/uncompress
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Found decoder for .gz at /usr/bin/gzip -d
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Found decoder for .bz2 at /usr/bin/bzip2 -d
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .lzo tried: lzop -d
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .rpm tried: rpm2cpio.pl, rpm2cpio
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Found decoder for .cpio at /bin/pax
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Found decoder for .tar at /bin/pax
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .deb tried: ar
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Internal decoder for .zip
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .7z tried: 7zr, 7za, 7z
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .rar tried: rar, unrar
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .arj tried: arj, unarj
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .arc tried: nomarch, arc
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .zoo tried: zoo, unzoo
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .lha tried: lha
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .cab tried: cabextract
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .tnef tried: tnef
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Internal decoder for .tnef
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: No decoder for .exe tried: rar, unrar; lha; arj, unarj
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Using primary internal av scanner code for ClamAV-clamd
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Found secondary av scanner ClamAV-clamscan at /usr/bin/clamscan
  Aug 28 12:40:53 eve.southsoundchristian.org /usr/bin/amavisd[7979]: Creating db in /var/amavis/db/; BerkeleyDB 0.29, libdb 4.2
  Sep 7 16:41:17 mail.southsoundchristian.org /usr/bin/amavisd[3659]: logging initialized, log level 2, logfile: /var/log/amavis.log
  Sep 7 16:41:17 mail.southsoundchristian.org /usr/bin/amavisd[3659]: starting. /usr/bin/amavisd at mail.southsoundchristian.org amavisd-new-2.5.1 (20070531), Unicode aware
  Sep 7 16:41:17 mail.southsoundchristian.org /usr/bin/amavisd[3659]: user=, EUID: 0 (0); group=, EGID: 0 5 80 4 9 3 29 8 2 20 1 0 (0 5 80 4 9 3 29 8 2 20 1 0)
  Sep 7 16:41:17 mail.southsoundchristian.org /usr/bin/amavisd[3659]: Perl version 5.008008
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3659]: INFO: SA version: 3.2.5, 3.002005, no optional modules: DBD::mysql Mail::SpamAssassin::BayesStore::PgSQL NetAddr::IP NetAddr::IP::Util auto::NetAddr::IP::Util::inet_n2dx auto::NetAddr::IP::Util::ipv6_n2d Mail::SpamAssassin::Plugin::DKIM Razor2::Client::Agent IP::Country::Fast Mail::DKIM Mail::DKIM::Verifier Image::Info Image::Info::GIF Image::Info::JPEG Image::Info::PNG Image::Info::TIFF Mail::SPF Mail::SPF::Server Mail::SPF::Request Mail::SPF::Mech Mail::SPF::Mech::A Mail::SPF::Mech::PTR Mail::SPF::Mech::All Mail::SPF::Mech::Exists Mail::SPF::Mech::IP4 Mail::SPF::Mech::IP6 Mail::SPF::Mech::Include Mail::SPF::Mech::MX Mail::SPF::Mod Mail::SPF::Mod::Exp Mail::SPF::Mod::Redirect Mail::SPF::SenderIPAddrMech Mail::SPF::v1::Record Mail::SPF::v2::Record Crypt::OpenSSL::RSA auto::Crypt::OpenSSL::RSA::newpublickey auto::Crypt::OpenSSL::RSA::newkey_fromparameters auto::Crypt::OpenSSL::RSA::getkeyparameters auto::Crypt::OpenSSL::RSA::importrandomseed Digest::SHA Error
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3659]: SpamControl: initprechroot done
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3661]: Net::Server: Process Backgrounded
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3661]: Net::Server: 2008/09/07-16:41:18 Amavis (type Net::Server::PreForkSimple) starting! pid(3661)
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3661]: Net::Server: Binding to UNIX socket file /var/amavis/amavisd.sock using SOCK_STREAM
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3661]: Net::Server: Binding to TCP port 10024 on host 127.0.0.1
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3661]: Net::Server: Binding to TCP port 10026 on host 127.0.0.1
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3661]: Net::Server: Setting gid to "83 83"
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3661]: Net::Server: Setting uid to "83"
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3661]: (!!)FATAL: It is possible to change EUID from 83 to root, ABORTING!
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3661]: (!!)FATAL: Please use the most recent Net::Server
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3661]: (!!)FATAL: or start as non-root, e.g. by su(1) or using option -u user
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3661]: (!!)TROUBLE in preloophook: SECURITY PROBLEM, ABORTING at /usr/bin/amavisd line 7763.
  Sep 7 16:41:18 mail.southsoundchristian.org /usr/bin/amavisd[3661]: (!)_DIE: Suicide () TROUBLE in preloophook: SECURITY PROBLEM, ABORTING at /usr/bin/amavisd line 7763.\n
  eve.southsoundchristian.org and mail.southsoundchristian.org are the same server, with different NICs and IPs
  I was thinking about upgrading to amavisd-new I found a tutorial at http://osx.topicdesk.com/content/view/138/41/
  Do think that may help?
  I did update clamd after my first post on this, and it looks like clamd is running, just nothing else.
  Thanks