Microsoft Calls for Infected PC Quarantine
At RSA, Microsoft's Scott Charney compares infected PCs' spamming to secondhand smoke -- and suggests they also be banned from the Net.
Search Results
Search found 37 results on 2 pages for 'quarantine'.
Page 1/2 | 1 2 | Next Page >
-
-
What should I do about com.apple.quarantine?
- by Jason S
I've downloaded some .jar files from the internet and want to use them under Mac OS X. But the OS seems to have tagged them with the extended attribute com.apple.quarantine (no indication of this until I noticed the "@" in the ls -l and figured out how to use ls -l@) -- apparently because they have been downloaded from the internet. What's the right way to deal with this?Read the article
-
Mails are coming from mail server to my account automatically...???
- by Jayakrishnan T
Hi all, i am getting same mail from admin account of my mail server every day automatically.The content of the mail is given below. Click here to access your spam quarantine. The spam quarantine contains emails that are being held from your email account. Quarantined emails can be released to your inbox or deleted using the spam quarantine link. Please give me an advice to solve this problem.Read the article
-
Need help identiying a nasty rootkit in Windows
- by goofrider
I have a nasty rootkit that not tools seem to be able to idenity. I know for sure it's a rootkit, but I can figure out which rootkit it is. Here's what I gathered so far: It creates multiple copies of itself in %HOME%\Local Settings\Temp with names like Q.EXE, IAJARZ.exe, etc., and install them as hidden services. These EXE have SysInternals identifiers in them so they're definitely rootkits. It hooked very deep in the system, including file read/write, security policies, registry read/write, and possibly WinSock/TCP/IP. When going to Sophos.com to download their software, the rootkit inject something called Microsoft Ajax Tootkit into the page, which injects code into the email submission form in order to redirect it. (EDIT: I might have panicked. Looks like Sophos does use an AJAZ email form, their form is just broken on Chrome so it looked like a mail form injection attack, the link is http://www.sophos.com/en-us/products/free-tools/virus-removal-tool/download.aspx ) Super-Antispyware found a lot of spyware cookies, in the name of .kaspersky.2o7.net, etc. (just chedk 2o7.net, looks like it's a legit ad company) I tried comparing DNS lookup from the infected systems and from system in other physical locations, no DNS redirections it seems. I used dd to copy the MBR and compared it with the MBR provided by ms-sys package, no differences so it's not infecting MBR. No antivirus or rootkit scanner be able to identify it. Most of them can't even find it. I tried scanning, in-situ (normal mode), in safe mode, and boot to linux live CD. Scanners used: Avast, Sophos anti rootkit, Kasersky TDSSKiller, GMER, RootkitRevealer, and many others. Kaspersky reported some unsigned system files that ought to be signed (e.g. tcpip.sys), and reported a number of MD5 mismatches. But otherwise couldn't identify anything based on signature. When running Sysinternal RootkitRevealer and Sophos AntiRootkit, CPU usage goes up to 100% and gets stucked. The Rootkit is blocking them. When trying running/installing HiJackThis, RootkitRevealer and some other scanners, it tells me system security policy prevent running/installing it. The list of malicious acitivities go on and on. here's a sample of logs from all my scans. In particular, aswSnx.SYS, apnenfno.sys and PROCMON20.SYS has a huge number of hooks. It's hard to tell if the rootkit replaced legit program files like aswSnx.SYS (from Avast) and PROCMON20.SYS (from Sysinternal Process Monitor). I can't find whether apnenfno.sys is from a legit program. Help to identify it is appreciated. Trend Micro RootkitBuster ------ [HIDDEN_REGISTRY][Hidden Reg Value]: KeyPath : HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\sptd\Cfg Root : 586bfc0 SubKey : Cfg ValueName : g0 Data : 38 23 E8 D0 BF F2 2D 6F ... ValueType : 3 AccessType: 0 FullLength: 61 DataSize : 32 [HOOKED_SERVICE_API]: Service API : ZwCreateMutant Image Path : C:\WINDOWS\System32\Drivers\aswSnx.SYS OriginalHandler : 0x8061758e CurrentHandler : 0xaa66cce8 ServiceNumber : 0x2b ModuleName : aswSnx.SYS SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwCreateThread Image Path : c:\windows\system32\drivers\apnenfno.sys OriginalHandler : 0x805d1038 CurrentHandler : 0xaa5f118c ServiceNumber : 0x35 ModuleName : apnenfno.sys SDTType : 0x0 [HOOKED_SERVICE_API]: Service API : ZwDeleteKey Image Path : C:\WINDOWS\system32\Drivers\PROCMON20.SYS OriginalHandler : 0x80624472 CurrentHandler : 0xa709b0f8 ServiceNumber : 0x3f ModuleName : PROCMON20.SYS SDTType : 0x0 HiJackThis ------ O23 - Service: JWAHQAGZ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jeff\LOCALS~1\Temp\JWAHQAGZ.exe O23 - Service: LHIJ - Sysinternals - www.sysinternals.com - C:\DOCUME~1\jeff\LOCALS~1\Temp\LHIJ.exe Kaspersky TDSSKiller ------ 21:05:58.0375 3936 C:\WINDOWS\system32\ati2sgag.exe - copied to quarantine 21:05:59.0217 3936 ATI Smart ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:05:59.0342 3936 C:\WINDOWS\system32\BUFADPT.SYS - copied to quarantine 21:05:59.0856 3936 BUFADPT ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:05:59.0965 3936 C:\Program Files\CrashPlan\CrashPlanService.exe - copied to quarantine 21:06:00.0152 3936 CrashPlanService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0246 3936 C:\WINDOWS\system32\epmntdrv.sys - copied to quarantine 21:06:00.0433 3936 epmntdrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0464 3936 C:\WINDOWS\system32\EuGdiDrv.sys - copied to quarantine 21:06:00.0526 3936 EuGdiDrv ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:00.0604 3936 C:\Program Files\Common Files\Macrovision Shared\FLEXnet Publisher\FNPLicensingService.exe - copied to quarantine 21:06:01.0181 3936 FLEXnet Licensing Service ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0321 3936 C:\Program Files\AddinForUNCFAT\UNCFATDMS.exe - copied to quarantine 21:06:01.0430 3936 OTFSDMS ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0492 3936 C:\WINDOWS\system32\DRIVERS\tcpip.sys - copied to quarantine 21:06:01.0539 3936 Tcpip ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0601 3936 C:\DOCUME~1\jeff\LOCALS~1\Temp\TULPUWOX.exe - copied to quarantine 21:06:01.0664 3936 HKLM\SYSTEM\ControlSet003\services\TULPUWOX - will be deleted on reboot 21:06:01.0664 3936 C:\DOCUME~1\jeff\LOCALS~1\Temp\TULPUWOX.exe - will be deleted on reboot 21:06:01.0664 3936 TULPUWOX ( UnsignedFile.Multi.Generic ) - User select action: Delete 21:06:01.0757 3936 C:\WINDOWS\system32\Drivers\usbaapl.sys - copied to quarantine 21:06:01.0866 3936 USBAAPL ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:01.0913 3936 C:\Program Files\VMware\VMware Player\vmware-authd.exe - copied to quarantine 21:06:02.0443 3936 VMAuthdService ( UnsignedFile.Multi.Generic ) - User select action: Quarantine 21:06:02.0443 3936 vmount2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:02.0443 3936 vmount2 ( UnsignedFile.Multi.Generic ) - User select action: Skip 21:06:02.0459 3936 vstor2 ( UnsignedFile.Multi.Generic ) - skipped by user 21:06:02.0459 3936 vstor2 ( UnsignedFile.Multi.Generic ) - User select action: SkipRead the article
-
Messages released from MailScanner quarantine are marked as DUPLICATEDELIVER in Exchange 2007
- by kdl
I have installed Postfix with MailScanner on CentOS 5.4 as a smarthost for Exchange 2007. When a message gets quarantined and I later release it (http://wiki.mailscanner.info/doku.php?id=documentation%3Aconfiguration%3Amta%3Apostfix%3Ahow%5Fto%3Arelease%5Fquarantined%5Fmail), it gets delivered to the Exhcange box but does not appear in a user's mailbox. Exchange message tracking log shows the message is marked as DUPLICATEDELIVER and therefore dropped. How can I work around this situation? Maybe changing a message ID somehow while at the Postfix box or some other way? Thanks.Read the article
-
DMG mounting warning message says "it may make computer less secure or cause other problems"
- by Cawas
When I try to open a DMG file I get this: I'll just transcript the image: There may be a problem with this disk image. Are you sure you want to open it? Opening this disk image may make your computer less secure or cause other problems. What does that mean in fact? What's really wrong with it, and what kind of problem can it cause just by mounting? Someone said: When you download a file in Leopard (and Snow Leopard), it's marked as a quarantined file. This occurs by the OS adding an attribute to the file, tagging where it came from (such as "downloaded by Safari"). This is what causes the user to see prompts when running files that were downloaded from the Internet, you may remember being asked to confirm you'd like to launch program XXX downloaded by Safari on XXX date. As a new part of Snow Leopard, files which are tagged with the quarantine attribute also have integrity checked by fsck, and if that verify fails you will see the message you described, triggered by an unused node in the disc image. But really, I didn't get that. What's quarantine? I've just downloaded a file here on SL, tried to open, and got that warning. Apple have a say about quarantine files, and they seem to work the same on Leopards. Plus I have got that file using Google Chrome while that feature seems to work just with Safari.Read the article
-
Edit exim4 Message-ID for releasing blocked mail by Mailscanner
- by F12
Our sysadmin team edits the field Message-ID in exim4 header files (ending with -H) and substitues the first char after "<". e.g: 077I Message-ID: <[email protected] -- 077I Message-ID: <[email protected] I'd like to write a script to release the mails. I changed the part between "<" and "@" in the field Message-ID and substituted a hash value so the Message-ID looks like: 077I Message-ID: <[email protected] Now exim says "format error" in the log and the mail is not released. There was no change except for this one field. Why can't the ID be substituted like that? Does it need to be the exact same length? It's exim4 version 4.69-2ubuntu0.3.Read the article
-
Bash PATH: How long is too long?
- by ajwood
Hi, I'm currently designing a software quarantine pattern to use on Ubuntu. I'm not sure how standard "quarantine" is in this context, so here is what I hope to accomplish... Inside a particular quarantine is all of the stuff one needs to run an application (bin, share, lib, etc.). Ideally, the quarantine has no leaks, which means it's not relying on any code outside of itself on the system. A quarantine can be defined as a set of executables (and some environment settings needed to make them run). I think it will be beneficial to separate the built packages enough such that upgrading to a newer version of the quarantine won't require rebuilding the whole thing. I'll be able to update just a few packages, and then the new quarantine can use some of old parts and some of the new parts. One issue I'm wondering about is the environment variables I'll be setting up to use a particular quarantines. Is there a hard limit on how big PATH can be? (either in number of characters, or in the number of directories it contains) Might a path be so long that it affects performance? Thanks very much, Andrew p.s. Any other wisdom that might help my design would be greatly appreciated :)Read the article
-
Microsoft Windows DHCP: Steering IPv4 clients into specific scopes based on MAC
- by Easter Sunshine
We have visitors on our campus who bring their own laptops and devices and use our wireless and wired networks. When we receive a copyright infringement notice (typically BitTorrenting), we are required to quarantine that MAC address so that it no longer has Internet access. No matter what website it tries to visit, it is sent to a web page explaining to the user that the device has been quarantined. We have thus far implemented this in ISC DHCP on Linux. We have multiple VLANs with one or more public-IP subnets and one RFC1918 quarantine subnet each. All clients are leased IPs in the public-IP subnet(s) unless you're in a list of known bad MACs. Then, you are sent to the quarantine subnet so that your traffic is unroutable on the Internet (you are isolated by subnet only, not by VLAN). We would like to move to Windows DHCP in light of the IPAM role but I cannot figure out how to replicate this in Windows DHCP 2012 (Assign DHCP IPs for specific MAC prefixes on Windows Server 2008 R2 suggests it was not possible in 2008 R2), even while using policies. So here's what I'd like: The administrator/help desk provides and maintains a list of MAC addresses that are to be quarantined. The DHCP server places those MACs into the quarantine subnet on the respective VLAN, no matter which VLAN the client is in. I don't think reservations would work: We currently have about 300 registered bad MACs and about 12 VLANs. I don't want to make 300 x 12 reservations nor have to add 12 reservations per new MAC address. Not to mention all of the quarantine subnets are /24s. We do not have NPS/NAC. You do not have to register your MAC address get network access. We use Cisco routers/switches. Thanks.Read the article
-
Getting error code -41 when copying files to external drive
- by diego
I'm having trouble copying some files from my mac to an external hard drive: I keep getting the nondescript "error code -41". I noticed some of the files with an additional "@" permission bit had the "com.apple.quarantine" flag set. I used the "xattr" command from this article What should I do about com.apple.quarantine? to take care of the quarantine flag and sort that out (these files were copied over from another mac on my network, so I guess OS X flagged them as quarantine). That took care of the problem for those files but I still have some that I can't manually copy over to the external drive. The only other thing I've noticed is that some of these files have a an extra permission bit: "drwxr-xr-x+" which I haven't been successful in googling. Aside from that I don't see anything else. Also, Disk Utility says everything's fine. Any help would be greatly appreciated.Read the article
-
How to display same type of data from XML using XSLT
- by MKS
Hi Guys, I am using XSLT and XML. I have got below XML. <documentCountryInformation> <countryCode>US</countryCode> <countryName>United States</countryName> <sufficientDocumentation>Conditional</sufficientDocumentation> <sectionInformation> <sectionName>Health</sectionName> <documentParagraph paragraphId="23628"> <paragraphType>Requirement</paragraphType> <paragraphText> <p> Vaccination for <strong>yellow fever</strong> Persons without valid yellow fever certification, if required, are subject to quarantine for a period up to 6 days. </p> </paragraphText> </documentParagraph> </sectionInformation> </documentCountryInformation> <documentCountryInformation> <countryCode>IN</countryCode> <countryName>India</countryName> <sufficientDocumentation>Conditional</sufficientDocumentation> <sectionInformation> <sectionName>Health</sectionName> <documentParagraph paragraphId="23648"> <paragraphType>Requirement</paragraphType> <paragraphText> <p> Vaccination for <strong>Dengue fever</strong> Persons without valid yellow fever certification, if required, are subject to quarantine for a period up to 3 days. </p> </paragraphText> </documentParagraph> </sectionInformation> </documentCountryInformation> Above is the part of full xml and you can see there are two records of same type, now I have got the <countryName> in parameters of XSLT in above example my countryName parameter will contain this type of data "United States,India", Now I want to split the parameter data and further it will check the XML having same country name and display the data according, I mean there will be loop on country name and below is desired HTML. <div class="resultsContainer" id="divTransit"> <h3>Transit - United States (US)</h3> <p> Vaccination for <strong>yellow fever</strong> Persons without valid yellow fever certification, if required, are subject to quarantine for a period up to 6 days. </p> <h3>Transit - India (IN)</h3> <p> Vaccination for <strong>Dengue fever</strong> Persons without valid yellow fever certification, if required, are subject to quarantine for a period up to 3 days. </p> </div>Read the article
-
Virus in Subversion repository, what to do?
- by furtelwart
Imagine the following situation: A virus infected file was commited into a Subversion repository. A Anti Virus scanner runs on the server and also scans the Subversion repository. The Anti Virus scanner will delete the affected revision or move it to quarantine. The consequence is a broken repository. If the revision file is recoverable (from quarantine), how to solve this problem? I have some goals to achieve: The AV is not allowed to be disabled or excluded from the directories. The virus infected file must not be stored in the repository The repository must be consistens and usable. What is the nicest solution for this little problem?Read the article
-
MS Securily Essentials efficiency / usage, suspicious processes
- by biggvsdiccvs
I recently noticed that my (originally pretty fast) Windows 7 Pro laptop started getting slow and using a lot of CPU power for no apparent reason. A full scan by Microsoft Security Essentials revealed nothing. After some investigation, I found multiple instances of a strange process called urpev.exe and a couple of similar exe files sitting in subdirectories of Users//AppData/Roaming (this particular one was in a folder called Xyceowme). Description: "Mescrosift Visaal Studie 2010". Company name: "Mesrosift Corporatien". Is it a virus or something? :) Now, all of these exe files were scheduled to be started from the Task Scheduler by tasks with names like "Security Center Update - 1291373911" and similar. My user name was listed as the author of the tasks. I disabled the tasks, restarted the computer in safe mode and moved all of the exe files to quarantine for further investigation. All of this was done last night. I just scanned the files with Security Essentials again (not updated since yesterday) in the quarantine location and this time it found PWS:Win32/Zbot.gen!plock in urpev.exe (but not in the other exe files, which are most likely viruses, too). Category: Password Stealer Description: This program is dangerous and captures user passwords. Another strange process is browser.exe (not chrome.exe) by Google Inc., described as Google Chrome. I uninstalled Chrome but it's still there. It runs out of Users\\AppData\LocalLow\UIVoice\ToolMedium\browser.exe and if I move it in safe mode, it just reappears there, and multiple instances run. Needless to say, it I kill it, it just runs again. Couldn't see anything in Task Scheduler, but found a couple of references to it in the Registry Editor: HKEY_CURRENT_USER/Software/Microsoft/Internet Explorer/LowRegistry/Audio/PolicyConfig/PropertyStore/ HKEY_USERS/S-1-5-21-1685709306-872053864-2599010960-1002/Software/Microsoft/Internet Explorer/LowRegistry/Audio/PolicyConfig/PropertyStore/ Maybe it's a legit process, but seems kind of strange. For the time being, I suspended the process and killed all of the child processes when I booted up the laptop. I used Security Essentials to scan the system periodically, but obviously it's not effective at least against one virus. I had the "real-time protection" turned off. Would it help if it were turned on and how much of a nuisance would it be? I wonder if there is a better alternative to Security Essentials. Over the years I've used multiple antivirus products at home and especially at work and was not very happy with any of them. Apparently, asking for software recommendations or comparisons is taboo here, but I will mention that I installed Malware Bytes and it was able to find an quarantine a bunch of suspicious files, and at least some of which were truly infected, but when it scans the bogus security center update executables from Mesrosift Corporatien, it finds nothing wrong. Also, any thoughts on the browser.exe mystery? Neither MS Security Essentials nor Malware Bytes found anything wrong with that file. However, after I ran a Malware Bytes scan and quarantined everything it found suspicious and rebooted the laptop, the process did not run.Read the article
-
Should Malware-Infected PCs Be Banished?
Microsoft proposes throwing malware-infected PCs into quarantine and denying them Internet access. The company also announces availability for its new identity management product.Read the article
-
Cannot remove script virus in Ubuntu [duplicate]
- by Daniel Yunus
This question already has an answer here: Should I be worried about a possible threat? 2 answers After I scan via clamav/clamtk, I found 1 possible threat that I cannot remove/quarantine. How to remove virus? Or Is this false positive? /usr/lib/ruby/1.9.1/rdoc/generator/template/darkfish/js/thickbox-compressed.js PUA.Script.Packed-1Read the article
-
How do I allow programs that generate "high" or "severe" alerts in MS Security Essentials?
- by Alex O
Microsoft Security Essentials seems to allow only quarantine or delete actions for program that it deems to have "high" or "severe" risk. However, it also assigns these levels to what it considers to be "hacking tools". Is there a way to override this nanny behaviour and force programs on the allowed list? Thank you. EDIT: Here's a screenshot showing the lack of an "Allow" option in the drop-down list: http://img820.imageshack.us/img820/3870/msse.pngRead the article
-
How to remove fastaddressbar?
- by deadfish
somehow I downloaded and installed spyware or malware. I do not know. I know that if I write somethin in field where you put as a website link I get web engine results but not by google but fastaddressbar.. It is part of websearch toolbar. Most of them was blocked and added to quarantine by my antivirus comodo however I still do not know how restore fast search in firefox to get results from google. Please help :(Read the article
-
Advanced subversion techniques, what am I missing?
- by Derek Adair
I started using SVN about 9 months ago and it's been a game changer to say the least. Although, I feel I'm still a bit lost. I feel like there is a lot more I need to take advantage of to really step up my application development. For example I would like to be able to quarantine any volatile/major changes into some kind of 'sub-repository' or something. I'm finding that major changes are impeding minor bug fixes that are quite urgent. How can I push one simple update without pushing incomplete or broken code?Read the article
-
McAfee Secure Messaging Service / Postini: false positive?
- by Martin
Hello, I'm puzzled by this email message that gets quarantined by McAfee Secure Messaging Service (it's based on Postini) for no reason that I can think of. Here are the Postini headers: X-pstn-2strike: clear X-pstn-neptune: 0/0/0.00/0 X-pstn-levels: (S: 0.02932/98.63596 CV:99.9000 FC:95.5390 LC:95.5390 R:95.9108 P:95.9108 M:97.0282 C:98.6951 ) X-pstn-settings: 3 (1.0000:1.0000) s cv gt3 gt2 gt1 r p m c X-pstn-addresses: from [db-null] X-pstn-disposition: quarantine I read the docs (http://www.mcafee-sms.com/webdocs/admin%5Fee%5Fmcafee/wwhelp/wwhimpl/common/html/wwhelp.htm?context=MACAFFHelp&file=header%5Foverview.html#951634) and in short, the x-pstn-settings header tells me that NONE of the filters was triggered, but the x-pstn-levels header tells me that the final score (0.02932) is low enough to classify the email as bulk/spam. Can anyone explain to me why the final score is so low when none of the filters were triggered? Does anyone have any suggestions on how to prevent this from happening? Regards, MartinRead the article
-
SBS 2008 - Add user not seeing AD users (reconnecting or creating new mailbox)
- by Robert
Using SBS 2008 - completely updated. I was originally trying to create a spam mailbox for quarantine purposes, and when I bring up the "select an existing user" it does not display any of the domain users (other than QB database user accounts installed on their server). I have tried changing the scope and still nothing. Searching reveals nothing either. Then later I noticed that we had (1) disconnected mailbox, and I tried to reconnect it to the AD user - and I got the same results. Help would be much appreciated.Read the article
-
Configure postfix to filter email into hold queue
- by Ian
Hey, I would like postfix to send all emails received on SMTP off to an external process, which will decide whether to allow them through as normal, or whether to put them into the hold queue (or another quarantine area), where they have to wait for admin approval. I was thinking of doing this with an after-queue content filter, which uses pipe(8) to run a script on each message, and the script itself will spawn "postsuper -h " if it decides to put the message on hold. Then the admin can do postsuper -d or -r to delete or pass the message on as appropriate. So, my questions are - a) will this work, and b) is this the best way to do it? Would a milter or another type of content filter be a better approach?Read the article
-
Python/Lesta.A worm
- by Hanks
My Nod32 have been catching something that is apparently identified as Python/Lesta.A worm. No matter how many times I tell Nod32 to delete and quarantine the file, it always re-appear, the situation will repeat about 3-4 times a day. This thing has been creating a folder called "pamela" in one of my drives, it sometimes also creates a "xxx.folder" file, which Nod32 identifies as "Exploit/CodeBase virus". I have Googled, and done pretty much everything related to this: a full scan in safe mode with no networking turned on, and also ran Ad-Aware, SpyBot, SpyHunter, ComboFix and cleaned the registry. Any idea how I can completely get rid of this annoying virus/worm?Read the article
-
amavisd + postfix + dovecot blocks gif images
- by David W
I occasionally have a client who tries to email me and says his email gets blocked by my server. When I check the logs, I see this: Sep 6 18:12:52 myers amavis[15197]: (15197-08) p.path BANNED:1 [email protected]: "P=p003,L=1,M=multipart/mixed | P=p002,L=1/2,M=application/ms-tnef,T=tnef,N=winmail.dat | P=p004,L=1/2/1,T=image,T=gif,N=image001.gif,N=image001.gif", matching_key="(?-xism:^\\.(exe|lha|tnef|cab|dll)$)" And then a little later... Sep 6 18:12:58 myers amavis[15197]: (15197-08) Blocked BANNED (.image,.gif,image001.gif,image001.gif), [213.199.154.205] [157.56.236.229] <[email protected]> - > <[email protected]>, quarantine: banned-g4QhZGvwJvDF, Message-ID <6A9596BE385EC1499F83E464FA9ECCA20C668320@BY2PRD0611MB417.namprd06.prod.outlook.com>, mail_id: g4QhZGvwJvDF, Hits: -, size: 20916, 8439 ms From this and the bounce that he forwards me (to a different address I give him), I determine that its bouncing because of the file in his signature (image001.gif). However, that does NOT match the "key" in this part of the log: matching_key="(?-xism:^\\.(exe|lha|tnef|cab|dll)$)" Furthermore, the .gif extension is nowhere to be found in the /etc/amavisd.conf file (i.e. I'm not blocking emails because they contain .gif images). Am I missing something here? This is strange... and annoying.Read the article
-
Trying to delete directory with "rm -rf", but get message that it's not empty
- by Ben Hocking
I've tried deleting a directory using "rm -rf" and I'm getting the message "Directory not empty": Bens-MacBook-Pro:please benjaminhocking$ ls -lart empty_directory/ total 16 drwxr-xr-x 5 benjaminhocking staff 170 Aug 27 14:46 . drwxr-xr-x 3 benjaminhocking staff 102 Aug 27 15:28 .. Bens-MacBook-Pro:please benjaminhocking$ rm -rf empty_directory/ rm: empty_directory/: Directory not empty Bens-MacBook-Pro:please benjaminhocking$ rmdir empty_directory/ rmdir: empty_directory/: Directory not empty If I try the same thing using Finder (dragging the folder to the Trash), I get the message The operation can’t be completed because the item “empty_directory” is in use. I've tried doing xattr -d com.apple.quarantine, purely out of superstition, but it did no good. A probably important piece of context is that this directory was initially in a directory that should've been deleted by a "make clean" command I issued prior to Terminal locking up on me, after which a little over half of the other programs I had running also locked up, including Skype, and eventually the OS itself. I ended up having to reboot the computer by pressing and holding the power key. Edit to add: Another important piece of information I left off was that this was happening in an encrypted folder à la encfs. I was able to track down the corresponding folder in the encrypted side of things and delete it there. I still don't know why I couldn't do it from the decrypted side of things like I normally do. I'll leave this unanswered for now in case anyone has a good answer for that.Read the article
-
Soundtest works, but no other sounds and windows starts very slowly
- by Kristian Kari
So suddenly all sounds on my computer stopped working expect the sound test works, but when I go to control panel and audio it says there's no audio device. And audio players and audio on website doesn't work either. and Also windows starts very slowly. I'm not sure if this helps but I'll tell what happened before this. I downloaded this program from a little shady website, I hesitated and for a good reason I guess cos the moment I finished downloading it, my antivir detected it as unwanted program and put it on quarantine. I thought everything was fine, but had some problems with program (won't go to details about it cos it's not really related to audio) so rebooted the computer and I was suprised that windows started really really slowly. It took like 5 mins to load the desktop such. After that I noticed the sounds were missing, I immediately deleted the program since I thought it was causing the problem. But it didn't change much. I tried to find the solution with no success and now I'm just scanning again my computer. I'd be thankful if anyone would be able to help me. I might have left a thing or ten things out, so feel free to ask. oh and I'm using windows xpRead the article
