Viewing Symantec Endpoint Protection notifications on Android

We use Symantec Endpoint Protection 12 for our clients’ virus protection.  It is a comprehensive and reliable product, but it unfortunately sends MHT attachments in it’s email notifications.  These can be viewed fine using Internet Explorer, but the Android phones don’t know how to handle them.  I combined some open source projects to create a viewer for these attachments on Android 2.2.  It needs the K9 email client installed which automatically opens the attachment viewer.

You can download the installer and the source code at

http://code.google.com/p/symmht/

Logwatch 7.3 missing entries in Centos 5.5

I spent this morning trying to figure out why logwatch 7.3 mailings were only showing exim entries on a newly deployed Centos server.  It turns out that Centos 5.5 now ships with rsyslogd, which by default logs entries with a different timestamp format than traditional syslog.  There is a bug report filed at

https://bugzilla.redhat.com/show_bug.cgi?id=583621

The fix was to edit /etc/rsyslog.conf and modify each line to have a trailing

;RSYSLOG_TraditionalFileFormat

For example :

authpriv.*                                              /var/log/secure;RSYSLOG_TraditionalFileFormat

Restarting the rsyslog daemon resulted in a working logwatch.

PNG files not showing in Internet Explorer 7 on Terminal Server

At one of our clients I had to troubleshoot a problem viewing png files in IE 7 on a Windows Server 2003 Terminal Server.  The solution was completely unexpected, so I am posting it here.  The symptoms were this : user accounts that used IE 7 to view web pages with PNG files received a broken link instead.  FireFox worked fine.  Admin accounts could view the PNG files with no issues.  Downloading the PNG files and then viewing them using Windows Explorer worked fine for both types of accounts.  After reading the Experts Exchange article at

http://www.experts-exchange.com/OS/Microsoft_Operating_Systems/Server/2003_Server/Q_26277330.html

that was solved by re-applying the server security settings, I realized this was a permissions issue (should have figured that out with the admin difference, but was really scratching my head on this one).  I fired up Process Monitor and found that IE was giving ACCESS DENIED errors on two Adobe Flash registry keys.  We had just upgraded Flash recently on this server to 10.1.  I changed the permissions on these two keys to add Authenticated Users : Read access

HKCR\MIME\DataBase\Content Type\application/futuresplash

HKCR\MIME\DataBase\Content Type\application/x-shockwave-flash

Firing up Internet Explorer 7 confirmed that this worked.

PCI, PCI Express, PCI X slots

PCI is the old bus system, coming in 32 bit and 64 bit variants. PCI X (Xtended) has compatible slots and runs at faster bus speeds. PCIe (Express) has completely different slots and fastest bus speeds.

For my reference, here are pictures of the different PCI slots courtesy of  http://www.adexelec.com/

PCI 32PCI 64

PCIe x1PCIe x4PCIe x8PCIe x16

Here are the different bus speeds, courtesy of OrbitMicro, which also sells expander/riser cards for these PCIe

Bus Max Speed
PCI 33 Mhz 32 bit 132 MBps
PCI 66 Mhz 32 bit 264 MBps
PCI 66 Mhz 64 bit 528 MBps
PCI-X 133 Mhz 64 bit 1 GBps
AGP x1 264 MB/s
AGP x2 528 MB/s
AGP x4 1056 MB/s
AGP x8 2112 MB/s
PCI Express x1 500 MB/s
PCI Express x2 1000 MB/s
PCI Express x4 2000 MB/s
PCI Express x8 4000 MB/s
PCI Express x12 6000 MB/s
PCI Express x16 8000 MB/s

Round robin MPIO using Microsoft Initiator and open-e

Many thanks for the assistance that Open-E tech support provided getting the DSS Demo CD running.  I am trying to troubleshoot a problem with my setup here.

Target : Open-E DSS v1.23 B2763 running on HP ProLiant ML350 G5 Dual-Core 5130 2.0 GHz server with 3 GB of RAM. The storage setup is HP SmartArray E200i (supports 1.5Gb SATA and SCSI peak transfer rate of 3Gb/s per port) and two Maxtor DiamondMax 20 SATA 3 Gb/s 160 GB configured as a RAID-1 array.

Initiator : Windows Server 2003 R2 (SP1) running on HP ProLiant ML110 G4

One Intel PRO/1000 PT Dual Port Server Adapter in each the server and the client

NetGear GS724T gigabit Smart Switch

Layout

Login to Open-E will Full access password “admin”
The HP SmartArray E200i was detected correctly as an HP (although the info screen says unknown device 3238) and the HP array configuration utility was able to see it. I was also able to format a new volume correctly for use as an iSCSI volume.
Set up network interfaces on the two Intel NIC’s, with one IP of 192.168.11.1 and the other IP of 192.168.12.1
Create a volume and set up network access allowed from 192.168.11.0/24;192.168.12.0/24

On the Windows Server 2003 box, , configure the Intel NIC’s on different network subnets (i.e. 192.168.11.2 and 192.168.12.2)
Install Microsoft Initiator 2.04 with MPIO selected
On Windows 2003 client, install storport update KB932755
In Microsoft Initiator, on the Discovery tab, create two iSCSI targets – one for each network card
192.168.11.1 and click Advanced
Local Adapter : Default
Source IP : Default
192.168.12.1 and click Advanced
Local Adapter : Default
Source IP : Default

Click on the Targets tab
Select the target and click Logon. Check the “Automatically restore” and check the “Enable multi-path” checkboxes. Click OK.
Click Advanced.
Local Adapter : Microsoft iSCSI
Source IP : 192.168.11.2
Target Portal : 192.168.11.1 / 3260
Click OK twice.
Select the target and click Logon again. Check the “Automatically restore” and check the “Enable multi-path” checkboxes.
Click OK.
Click Advanced.
Local Adapter : Microsoft iSCSI
Source IP : 192.168.12.2
Target Portal : 192.168.11.1 / 3260
Click OK twice.
pic1

iscsi5

Select the target and click Details. Click Devices, and then Advanced. Select the MPIO tab and change the Load Balance Policy to Round Robin. Click OK.

iscsi3

Click on Bound Volumes tab and click “Bind All”
Click OK.

iscsi4

The drive now shows in Computer Management as Disk 1 (Dynamic), drive letter F. I ran benchmark software PerformanceTest 6.1 from www.passmark.com. The speed test is under Advanced-Disk. I clicked Edit thread and set the configuration to Custom, which runs the sequential read tests at 16386 bytes. However, the disk speed tests are only showing 32 MBps, which is the same as what I received without using two connections to the target. An IOMeter test of transfer size of 4K, 100% read, 0% random results in speeds of 20 MBps. The redundancy is working because disconnecting one of the network cables from the Windows server still allows access to the iSCSI device.

Patching php 5.2.1 with MOPB fixes

In @Risk Volume: VI, Issue: 14, The Month of PHP Bugs (MOPB) is covered and it is mentioned that a patched version of php is available from OpenSuSE to address some of the bugs discovered. Since I use CentOS 4.4 (RHEL 4.4), I wanted to get these patches installed on php 5.2.1 on CentOS. Using the instructions at Utter Ramblings, I was able to do this.

Download the latest php source package from the Factory build of OpenSuSE. The version I used for these steps was php5-5.2.1-5.src.rpm, but the latest as of this posting is php5-5.2.1-6.src.rpm.

Install this source RPM and copy out the SPECS/php5.spec file and the SOURCES/php5-MOPB-*secfix.patch files to another directory. Remove all of the files from the SPECS and SOURCES directory (make sure there’s nothing in here from a previous build that you want to keep). Download and install the php source package from the Fedora Core project as detailed at Utter Ramblings. I am using php-5.2.1-3.src.rpm. Download the suhosin security patch from www.hardened-php.net to the SOURCES directory.

Switch to the SOURCES folder. Rename the php5-MOPB-*secfix.patch files to conform to the Fedora naming convention. I named them php5-5.2.1-mopbxx.patch, where xx is the bulletin number. This naming makes a difference when the patch is applied and must match the spec file we will be editing. The OpenSuSE packages apparently build in the root of the BUILD directory, and Fedora packages build under a directory named after the package source. So, each of the patch files must be fixed to reflect this. I am not an experienced Linux user, so I did this by manually editing each file with vi and executing the following commands :

:%s/--- /--- php-5.2.1\//g

:%s/+++ /+++ php-5.2.1\//g

There is a quick vi reference at http://www.cs.colostate.edu/helpdocs/vi.html The nano command is detailed in the Utter Ramblings article and looks easier to use.

Now that those files are fixed, the SPECS/php.spec file needs to be edited. Towards the top of the file are some Patch lines. Comment out the line Patch9 by putting a # before it (it’s RedHat’s patch that conflicts with MOPB14 from OpenSuSE) and then add the following lines :

# OpenSUSE patches

Patch10:        php-5.2.1-mopb14.patch

# see http://www.securityfocus.com/bid/22886

Patch11:        php-5.2.1-mopb20.patch

Patch12:        php-5.2.1-mopb21.patch

Patch13:        php-5.2.1-mopb22.patch

Patch14:        php-5.2.1-mopb24.patch

And add the following for suhosin after all the patches (see for instructions) :

# Suhosin

Patch100: suhosin-patch-5.2.1-0.9.6.2.patch

Then go down the file several pages to a %patch section. Comment out the %patch9 line and then add the following :

%patch10 -p1 -b .mopb14

%patch11 -p1 -b .mopb20

%patch12 -p1 -b .mopb21

%patch13 -p1 -b .mopb22

%patch14 -p1 -b .mopb24

and after all of the patches add this :

%patch100 -p1 -b .suhosin

Save the file and you are finally ready to build php. I needed to download, build, and upgrade the pcre-6.6 from Fedora Project first using the comments in the Utter Ramblings instructions. I then followed the normal Utter Ramblings instructions and did an rpmbuild -bb SPECS/php.spec. Then I also built the php-pear as directed.
Thanks to all of those in the community who support these projects!

(Updated @11:45 AM to include PCRE steps)



Follow

Get every new post delivered to your Inbox.