Vuln in ClamAV

I should do some more reading on this, but I am amused by the US Cert comment at the end

ClamAV PE Scanning Vulnerability
added April 14, 2008 at 09:21 am

US-CERT is aware of a report of a buffer overflow vulnerability affecting ClamAV. This heap-based buffer overflow vulnerablity may allow an attacker to execute arbitrary code on an affected system.

US-CERT recommends that users do not scan PE files from untrusted sources.

Isn’t the hole point of running an av product to test for viruses in untrusted files?

Geek Christmas

Since I had some time off over Christmas and we didn’t have any major plans so I decided to tackle some outstanding IT project in the house.

The first thing was to clean out all the computer that used to live close to the litter box in HY’s old appartment. That was the most icky of the projects, vacuuming out the layer of the cat litter dust, stripping out all the drives, and wiping down everything. I also needed to wipe down all the stuff I dumped in the basement after moving for similar reasons.

I ran nine cat 5 cables, 2 to the TV in basement, 2 to the TV in living room and 4 to basement room with all the computers and one to the phone demark. I still need to find out if I can easily pull some cables up into the attic and over to HY’s office.

I rebuilt the asterisk server with PBX in a flash and hooked the Sipura 2002 into the house telephone lines so we can use normal cordless phones for making calls. I also signed up for axvoice to get 200 minutes of US/Canada minutes. The international rates also appear to be good.

I also needed to centralize all my mp3/acc files on one computer, over the years the files have spead out over a number of computers. I also borked my raid array on the file server a couple years back and had a lot of MP3’s that didn’t play all the way through. So I wrote a script that copies all the mp3 from my laptop to the file sever. If it was already on the fileserver then it would over write the file, if it didn’t then it added the song to a ‘new’ folder. After after a month or so and a couple iterations fixing dumb things like ; and ‘ in the song names I had all the files in one location which are being sharing out via iTunes on the mac mini.

I also backed up all my files on my laptop and installed Leopard (macos 10.5). Apple makes it really hard to accidentally wipe your computer so took me few goes to work out how to do a full wipe. The first time I missed the small “options button” in the install that gives you the non idiot upgrader. The second time i selected to do a fresh install, but preserve user applications and files in a separate folder option. I didn’t realize it was going to copy in all saved files and applications back into the normal folders after installing. So the third time I did the nuke and destroy option to wipe the computer then install. After all that I now have a fresh install with just the applications I want. It runs nice and fast now.

I am really like 10.5, the time machine option is nice and easy for backing up the computer. The Screen Sharing App is the best way to remotely control another Mac, very very fast compared to Chicken of VNC or Vine. I had some issues with X11 doing control click for pasting till I found the developers site where I could install an unofficial update. I am not impressed with the new version of Front Row. Apple synced Front Row to match the version that comes with the AppleTV’s. It seems slower especially when viewing media on another mac. They also removed the extra level between selecting a TV Season and the episodes so you it now goes straight from TV Show to all the episodes. This sucks if you have 4 or 5 seasons of a show and only want to watch season 3.

The final thing on my geek list was to upgrade the file server to something less ancient than Suse 9.3. Ubuntu has been my Linux distro of choice for over a year now, but it doesn’t have a nice gui for setting up LVM and RAID partitions so I wanted to see what open suse 10.3 was like. I tried out the live cd on another computer and wasn’t hugely impressed with the newer version of KDE. I didn’t like the equivalent of the start menu, the final decision was made when I couldn’t get the live cd to boot on file server, so ubuntu it was. After installing I had some issues with the raid drives. I wasted most of Sunday trying different things, but both raid arrays are now online and keep working even after rebooting. I had a number of issues, first the partitions on two of the disks wouldn’t show up in /dev till I removed the entry in /etc/blckid.tab. I then had to build the raid mirror with just one drive, then wipe the super block on the other drive, reboot, then add the second drive back in. The only thing I can think of is that the drive had the superblock in both the /dev/sdd and /dev/sdd1 which was confusing it.

I still have to install vmware server, setup samba and some other junk on the file server but nfs is up and running and the macmini can see all the media.

Oh and I got a Garmin GPS Bike computer from Hongying that allows my to track my heart rate and the path I took.

So thats my Christmas geek fest.

What did everyone else do?

Postman Pat

I called in to cancel my series 1 tivo which I have had since sept 2000 and they offered me an HD tivo for $200. I ended up getting it since it it will let me transfer shows back and forward between the HD Tivo and the Series 3 I already have. I got it a couple days ago and I finally got everything set up so I can transfer shows between them and now I am watching Postman Pat which was recorded on the tivo HD in the basement and then transfered to the Series 3 in family room.

I can’t believe it they have changed the theme song, and Postman Pat now has kids, they even have cultural diversity now with an Indian family. HY is looking at me strangely………

Sad story of a memory leak

One of the DARPA Grand Challenge teams gets hit with a memory leak

On race day, we set the timer and off she went for a brilliant 9.8 mile drive. Unfortunately, our system was seeing and cataloging every bit of tumbleweed and scrub that it could find along the side of the road. Seeing far more obstacles than we’d ever seen in our controlled tests, the list blew up faster than expected and the computers died only 28 minutes in, ending our run.

Though we thought we had cleared all references to old entries in the list, because the objects were still registered as subscribers to an event, they were never getting deleted.

Read the full story

Automount in Leopard

I automount an nfs share from my mac mini to a linux file server. I upgraded the mac to leopard and discovered that automounts are nolonger set in the netinfo app, in fact netinfo doesn’t exist anymore in leopard. Instead you are supposed to use Directory Utility. The only issue was that the original mount didn’t show up in the utility. After some more searching I found this webpage that explains where the mount files are stored in /var/db/dslocal/nodes/Default/mounts and you need to update the file to say <key>vfstype</key> instead or <key>type</key>

Moving dsl lines

My dsl line is being moved tomorrow so my web server and email server will be shutdown some time to night. If you need something from me call my cell phone as I wont have email up and running till tomorrow night.

Palm Cancels the Folio

I just read on the Official Palm Blog that they are canceling their new folio product. It is always sad to see a product canceled, but I doubt this one will be missed much. I do feel a little pain for the programmers and hardware people who have probably put in long hours to get a finished product, but Palm say they are going to refocus on a new operating system which they have been in need of for over two years.

Now here is what I want in a new OS.
1) An operating system that can multitask
2) A phone that doesn’t randomly reboot when it feels like it
3) A phone that doesn’t lock up for a few seconds when cell signal drops in an out.
4) A phone that can browse the internet, Blazer is good, but it could be so much better
5) A phone with email that handles imap with folders
6) A phone that I can load third party apps on it.
7) A phone that will play video
8) A phone that will play music
9) a standard 3.5mm headphone jack
10) be able to run legacy apps in a VM at least till we get native apps.

I have looked at the pocket pc phones and the iphone and still stand behind my decision to buy a treo 700p. It does everything I wanted it to when I bought it and more, I just need it to be stable and fast.

Another one bites the dust

I have a number of maxtor (now seagate) 120 gig hard drives. I used to use them in my raid array till I got fed up replacing them every 3 months. I needed a hard disk for a test box and the only ting I had handy was was one of the left over 120gig hard disks. Yesterday I logged into the box and the root file system was readonly, kind of strange, maybe it was borked from distro upgrade. I rebooted and the box and ssh didn’t come back to life. I poked at the box this morning and found found it was kind of messed up. I booted the Seagate disk doctor tools and the first thing it reported was drive over heat. Not really surprising since these drive always ran hot, so I ran the disk diag tool, lots over errors

So the conclusion is official an other one bites the dust.

RIP Maxtor DiamondMax Plus 9 120GB ATA/133 HDD, last known successful diagnostics test 11/27/2005

Glad I didn’t install the Treo 700p Update

I saw the update as soon as it came out, but I was busy that week so held off to see how others faired on https://www.treocentral.com. Looks like I made a good choice as there were a number of people complaining about connectivity issues. Now Palm has pulled the 700p update for Verizon https://blog.palm.com/palm/2007/08/treo-700-series.html. Hopefully the next version will fix all the issues mentioned in the forum.

Playing with gps

A while back I bought the Palm tomtom gps package for my treo 700p. This works great for traffic and saved our ass recently when traveling in Canada, but one of the things I have been looking for is way to track things like hiking or biking trips. While looking for something else I came across cotogps which can install on a palm. Cotogps connects to my gps receiver over bluetooth and gives various tracking information like lat,lon,direction, speed etc. The cool thing is it also allows you to create tracks then load them into https://www.gpsvisualizer.com which can render them as a google map. I haven’t tried putting the live map on a web site but I used command-shift-4 on a mac to do a screen shot which you can see below.

Walking round work