Friday, February 28, 2014

Uninstalling Symantec Antivirus Client 10.2 from Windows 7 64bit Without the Uninstall Password

If you attempt to install Symantec Antivirus Win64 from Win 7 without the uninstall password, you'll probably find that people suggest that you change a registry key value:

HKEY_LOCAL_MACHINE\SOFTWARE\Intel\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security\UseVPUninstallPassword from 1 to 0.

That doesn't really work for the 64 bit variant as the key locations are different. I looked around a bit and found that the key was here, instead:

HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Intel\LANDesk\VirusProtect6\CurrentVersion\AdministratorOnly\Security\UseVPUninstallPassword

After changing that 1 to 0, you should be able to uninstall without a password.


Wednesday, February 19, 2014

Blocking Outbound File Attachments In MailScanner

MailScanner is a popular anti-virus/anti-spam open source package that supports several operating systems, including Linux and FreeBSD. It can be helpful for minor compliance work.

For exmaple, Company X wants to block outbound Microsoft Word Docs (both .doc and .docx) but allow people from outside to send them in. To set this up, you'll need to create a couple of files and modify the main config, Mailsca

In order to block only, say, word docs in Mailscanner, you need to do a few things.

Steps

1. add a rule to split the filename processing. On CentOS, we'll call this /etc/MailScanner/rules/filenameconf.rules

The contents are:

From:   *@mydomain.com /etc/MailScanner/filename.mydomain.rules.conf
From:       default /etc/MailScanner/filename.rules.conf

2. copy /etc/MailScanner/filename.rules.conf to /etc/MailScanner/filename.mydomain.rules.conf

3. edit /etc/MailScanner/filename.mydomain.rules.conf and set the rules you want. To block doc/docs:

deny   \.docx?$        Windows Word Doc                                                               Word  documents may contain sensitive information or viruses

(note, the fields are tab delimited, not space delimited!)

4. modify the main config file, /etc/MailScanner/MailScanner.conf and comment out this line:

Filename Rules = %etc-dir%/filename.rules.conf

and replace it with this:

Filename Rules = %rules-dir%/filenameconf.rules

5. restart mailscanner (sudo service MailScanner restart)