Fix IE8 unable to authenticate on a local website using Windows authentication

by Peter Tyrrell Wednesday, October 21, 2009 3:05 PM

Symptom

IE8 refuses to authenticate on a local website (website and browser are on the same machine) even when valid credentials are supplied, when the website is reached using a host header bound to the machine's loopback address. After a few attempts, the website reports an HTTP 401.1 Access Denied error. A different browser may authenticate successfully. Browsing the website with IE8 from an external client computer authenticates as expected.

Cure

A Windows security update is responsible for a loopback check security feature that is meant to prevent reflection attacks. Authentication fails if the host header does not match the local computer name. Disable the loopback check in the registry:

  1. Run regedit.
  2. Find HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Control\Lsa.
  3. Add a new DWORD value called DisableLoopbackCheck.
  4. Modify the new value data to 1.
  5. Reboot.

Related

Tags:

How to enable Windows 7 single sign-on for a website using Windows authentication

by Peter Tyrrell Wednesday, October 21, 2009 2:43 PM

Symptom

You visit an intranet website that uses Windows authentication with an IE browser on Windows 7 and expect to be logged in automatically with your current domain credentials. Instead, you are challenged for credentials. Once you enter credentials everything acts normally, but you expect a single sign-in scenario and it doesn't happen. If you visit the same URL with IE on another Windows OS within the domain, single sign-on works as expected.

Cure

A default local security policy in Windows 7 prevents LM and NTLM responses.

  1. Go to Local Security Policy > Security Settings > Local Policies > Security Options
  2. Select Network security: LAN Manager authentication level
  3. Change security setting to Send LM & NTLM responses

win7_secpol

Related

Tags: Windows 7

How to set up ClamAV as a Windows Service to scan file streams on demand

by Peter Tyrrell Thursday, October 15, 2009 9:44 PM

Overview

Clam Antivirus, or ClamAV for short, is an open-source antivirus solution for UNIX. It's also the ONLY open-source antivirus solution. Naturally it would nice to have it for Windows, too, and it's absolutely possible; the hard part is finding out how to go about it.

Documentation on installing ClamAV for Windows and running its daemon clamd as a Windows Service is as scarce as hen's teeth, and the best information I could find was scattered across various unrelated forums and articles and none of it was fully up to date. So here it is, laid out as best as I can tell it, in one place: where to find a current native Win32 port of ClamAV, how to install it, how to set up clamd to run as a service, and the settings relevant to scanning file streams sent from an external client.

To give some context: I am using ClamAV to scan user-uploaded files for viruses in an ASP.NET web application, before writing them to disk. Each upload is sent as a stream from the webserver to another Windows 2003 server running the clamd service, which scans them and replies with some basic info on the outcome of the scan.

UPDATE Feb 19 2010: Extra info for installing on Windows Server 2008 x64.

Get the current version of ClamAV for Windows

Get ClamAV for Windows 0.95.2 at http://hideout.ath.cx/clamav/.

I am writing on October 15, 2009 and the current version of Clam AntiVirus is 0.95.2. The best 0.95.2 native Windows port available, in my opinion - because it has an installer - is at http://hideout.ath.cx/clamav/.

Another 0.95.2 alternative is at http://oss.netfarm.it/clamav/, but does not have an installer and requires you grab an additional assembly from Microsoft. On the other hand, it offers a 64 bit build.

You don't want ClamWin, which is a GUI aimed at the desktop crowd, and doesn't include clamd. Or it doesn't appear to right now. It might later. Maybe. It's hard to tell. See hen's teeth, above. Nor do you want the former native Win32 port at http://w32.clamav.net/ which is dead, dead, dead at version 0.92.1. Nor the Cygwin version, nor the Interix version. No.

UPDATE Dec 14 2010: Commenter J. Moore reports that MS Security Essentials reckons the hideout.ath.cx version contains a hacking tool Hideproc.c within chp.exe. The distribution from oss.netfarm.it does not contain chp.exe and doesn't throw any virus alerts.

Install ClamAV for Windows

Run the installer, ClamAV-095-2.exe. It is best to let the installer deploy to the default location, which is c:\clamav\, or you'll have to manually modify a bunch of clamav settings files afterwards.

Install clamd as a service

  1. Open a command prompt.
  2. Change directory to c:\clamav\ or wherever you installed clamav.
  3. Run clamd.exe --install
  4. Open services.msc and edit the newly installed "ClamWin Free Antivirus Scanner Service" to start Automatically and/or use credentials other than the local system account, etc.

clamav_cmd

Um, yes, that was easy.

The astute will note that the service names itself "ClamWin yada yada." Again, clamd is NOT included with ClamWin, so your guess is as good as mine as to the connection here, but there clearly *is* some connection, the true nature of which I have been unable to fathom.

You may find, if you Google for "clamd windows service", various helpful threads or articles describing how to forcibly set up clamd as a service with instsrv.exe and srvany.exe from the Windows 2003 Resource Kit Tools. And that works - but it's not necessary. I can only assume that the ClamAV Windows ports came out with a built-in "install as service" feature at some point fairly recently, but the word just hasn't got around.

I'll get to the settings for clamd next, but you need an up-to-date antivirus library first.

Schedule freshclam to update frequently

Freshclam fetches antivirus library updates. You need to run it right away to get the initial database up and going - just double-click freshclam.exe. After that, you can install it as a service in the same manner as clamd above. Or create a batch file that runs freshclam.exe on a schedule with Windows Task Scheduler. It has its own settings file: freshclam.conf.

Settings for on-demand stream scanning

Settings for clamd are in clamd.conf, and there are quite a few, but the ones most relevant for on-demand stream scanning are:

  • TCPAddr - server IP address
  • TCPSocket - port clamd will listen on, default 3310
  • StreamMaxLength - maximum size of stream to be scanned, in megabytes

Create a Windows firewall exception

The lazy way out here is to add clamd.exe as an exception to Windows firewall. Read on if you like.

You can exception just the port clamd listens on (default 3310), but a call to its STREAM method generates a reply on a random port with a range you can set in clamd.conf, which would mean you would have to add exceptions for the entire range. To problematize still further, STREAM has been deprecated in favour of INSTREAM, which sticks to the port you called it on in the first place. For now I'm just going to exception clamd.exe, though I did restrict its scope to the local subnet.

Call clamd from ASP.NET

I've found just one available .NET library that will call a clamd service, called WRAVLib: http://www.wolfereiter.com/antivirus.aspx. Unfortunately, it's somewhat out of date and written for .NET 1.1, but happily the source code is freely available, so you can compile for .NET 3.5 if you like. Direct link to source code is here: http://www.wolfereiter.com/Downloads/wravlib/wravlib-1.1-src.zip.

It does target the deprecated STREAM method instead of INSTREAM, which I touched on above, but it's still the fastest way to get up and running. Here's a bit of pseudocode to give an idea:

// create scan agent
IVirusScanAgent agent = new ClamdStreamAgent("127.0.0.1", 3310, false);
 
// create unique scan id
string scanId = Guid.NewGuid().ToString();
 
agent.VirusFound += ((sender, args) => {
   // do something
});
 
agent.ItemScanCompleted += ((sender, args) =>  {
   // do something
});                                  
                                    
// scan filestream
agent.Scan(scanId, file.InputStream);

Conclusion

I wish I had more time to fill in the gaps and provide more detail, but I just don't. Even this amount of information took way too long to gather in the first place! It should provide a good foundation nevertheless.

Acknowledgements 

  • This how-to on setting up ClamAV for Kerio MailServer on Windows convinced me I could run clamd as a service in the first place.
  • This forum thread on installing ClamAV Win32 with hMailserver was instrumental, guiding me with sample settings files and good pointers.

Tags: ClamAV

How to install Inmagic Webpublisher 12 on Windows 7

by Peter Tyrrell Wednesday, October 14, 2009 1:12 PM

Disclaimer: Not officially supported. Plunging heedlessly on...

1 - Back up INI files

First back up all your .ini files. Be sure you are getting the CORRECT copy of the ini file: the ini files in the Program Files directory are access-protected in Vista and Win7 because the Program Files area is a forbidden zone. You must open the ini file with elevated privileges, like with Notepad "run as administrator", and save it somewhere safe.

  • dbtwpub.ini
  • inmagic.ini
  • dbtext.ini

2 - Upgrade from previous version

If you want to upgrade from previous version of WPP instead installing a fresh copy, uninstall the previous version MANUALLY first, because the WPP 12 installer tries to uninstall without elevated permission, and thus fails.

3 - Run installer as admin

Run the WPP 12 installer with administrator privileges. If you have a setup.exe you can right-click to "run as administrator".

My preview version of the installer is an *.msi file only, which doesn't have a right-click "run as admin" option. Instead, I launch the msi with msiexec from an elevated command prompt:

  1. Search for "cmd.exe" from Windows Start Menu
  2. Right-click cmd.exe and "run as administrator"
  3. Change directory to location of the msi, e.g. cd c:\users\ptyrrell\downloads
  4. Run the msi with the msiexec /i option, e.g. msiexec /i "Inmagic DBText WebPublisher PRO.msi"

4 - Fulfill prerequisites

The installer is cleverer than previous versions when checking for prerequisites, so you'll probably have to go and install or enable various Windows features before continuing.

wpp12_prereqs 

IIS 6 Compatibility (IIS7 only) seems to be satisfied by enabling the "IIS Metabase and IIS 6 configuration compatibility" Windows feature.

wpp12_iis6

Be warned: if you don't run the installer with elevated privileges, you will continue to fail the prerequisite check even after installing/enabling the right prerequisites!

 

5 - Test the install

Restore your backed up ini files. Run a query on the sample cars textbase to ensure WPP is returning results as expected.

If you are installing on a 64 bit machine, you need to enable 32 bit applications on the relevant application pool as covered in this previous post called How to Install Webpublisher on 64-bit IIS 7.

6 - Be the star you know you are

You did it! Now cut out a cardboard star with safety scissors, pencil "STAR HACKER" on it, and get your mum to pin it to your chest, glitter optional. Salute yourself in the mirror. Star! Hacker!

Highlight search terms with jQuery

by Peter Tyrrell Thursday, September 03, 2009 12:04 PM

Overview

Highlight words and phrases within specified elements on the page. Search syntax is trimmed or eradicated, stopwords and words less than 3 characters  are ignored.

Ingredients

You will need:

   1:  
   2: /*
   3:     methods to help highlight search words and terms 
   4:     depends on jquery
   5:     Peter Tyrrell, August 2009
   6: */
   7:  
   8: // 
   9: var highlightTermsIn = function(jQueryElements, terms) {
  10:     var wrapper = ">$1<b style='font-weight:normal;color:#000;background-color:rgb(255,255,102)'>$2</b>$3<";
  11:     for (var i = 0; i < terms.length; i++) {
  12:         var regex = new RegExp(">([^<]*)?("+terms[i]+")([^>]*)?<","ig");
  13:         jQueryElements.each(function(i) {
  14:             $(this).html($(this).html().replace(regex, wrapper));
  15:         }); 
  16:     };
  17: }
  18:  
  19: // returns array of unique search terms (words, phrases) found in value        
  20: var parseSearchTerms = function(value) {
  21:     
  22:     // split string on spaces and respect double quoted phrases
  23:     var splitRegex = /(\u0022[^\u0022]*\u0022)|([^\u0022\s]+(\s|$))/g;
  24:     var rawTerms = value.match(splitRegex);
  25:     
  26:     var terms = [];            
  27:     for (var i = 0; i < rawTerms.length; i++) {
  28:         
  29:         // trim whitespace, quotes, apostrophes and query syntax special chars
  30:         var term = rawTerms[i].replace(/^[\s\u0022\u0027+-][\s\u0022\u0027+-]*/, '').replace(/[\s*~\u0022\u0027][\s*~\u0022\u0027]*$/, '').toLowerCase();
  31:         
  32:         // ignore if <= 2 chars
  33:         if (term.length <= 2) {
  34:             continue;
  35:         }
  36:         
  37:         // ignore stopwords
  38:         var stopwords = ["about","are","from","how","that","the","this","was","what","when","where","who","will","with","the"];
  39:         var isStopword = false;
  40:         for (var j = 0; j < stopwords.length; j++) {
  41:             if (term == stopwords[j]) {
  42:                 isStopword = true;
  43:                 break;
  44:             }
  45:         }
  46:         if (isStopword === true) {
  47:             continue;
  48:         }
  49:         
  50:         // add term to term list
  51:         terms[terms.length] = term;
  52:     }
  53:     return terms;
  54: }

Example 1

Pass an array of terms to be highlighted in jquery-selected elements:

   1: <script type="text/javascript">
   2:     $(document).ready(function() {
   3:         var searchTerms = ["banana", "monkey"];
   4:         // highlight valid terms in search results          
   5:         highlightTermsIn($("#HighlightWrapper"), searchTerms);        
   6:     });
   7: </script>

Example 2

Parse raw search input to strip out stopwords, query syntax characters, and wee short words less than 3 characters that do nobody any good. Quoted phrases are treated as a single term.

   1: <script type="text/javascript">
   2:     var rawSearch = "give the banana* to a monkey";
   3:     var termsToHighlight = parseSearchTerms(rawSearch);
   4:     // termsToHighlight now = ["give", "banana", "monkey"]
   5: </script>

Example 3

Put it all together to retrieve raw search input from the query string, parse out terms to highlight, and highlight within specified containers.

   1: <script type="text/javascript">
   2:     $(document).ready(function() {
   3:         // get quick search value from query string
   4:         var quickSearch = $.query.get("q");
   5:         // highlight valid terms in divs marked class="HighlightWrapper"        
   6:         highlightTermsIn($("div.HighlightWrapper"), parseSearchTerms(quickSearch));
   7:     });     
   8: </script>

Acknowledgements

 

Tags: javascript

Month List