Setup and Use ClamAV (anti-virus) with Azure - asp.net-mvc

I want to scan the files that are uploaded to my Azure blob. It looks like ClamAV (www.clamav.net) is probably the way to go. I see instructions on how to install on a Windows server, but what would my procedure be for a site hosted on Azure? I am using ASP.NET MVC.

Disclaimer: I haven't used ClamAV. Having said that...
You should be able to install it during a startup task (with elevated privileges). I looked at the ClamAV wiki, and it appears that the msi has a silent-install:
msiexec /i clamAV.msi /qr
You'll need to change that last parameter to /qn to force "no user interface."
The challenge will be scanning blobs. You'll need to copy files from their blobs to a local directory in your VM instance, and then run clamdscan on that file (basing off the wiki).
I haven't tried this, but the basic premise should hold up: Install anything requiring an MSI as a startup task (probably needs elevated mode).

Related

Teradata & Continuous Integration

Status quo:
We are developing a project at the client side. There's an existing Teradata appliance on the DEV side and one on the production side.
On the DEV side there is more than one supplier and every supplier has its own sub-database. The DBAs are not granted with direct permissions but call macros to create users and databases, grant rights etc. But no SYSDBA permissions on Teradata.
On the PRD side these macros don't exist. Every statement has to be run as is and has to be run automatically (packaged via RPM).
Therefore it is currently impossible to do a complete packaging and integration testing.
We have a Jenkins running which is doing several other tasks. The system is virtual, we're root and we already have an established packaging process.
What we need/ideas: an image of a plain Teradata database we can connect to (remote is ok) and run our DDL scripts.
The idea is to start some kind of image (Docker, VMWare, VirtualBox) which provides a small Teradata installation, we run our DDLs and throw the result away at the end.
Best case would be Docker in this case, but I'm open for ideas. Is there some kind of trial Teradata (v15) which can be used in this case?
I have looked into this (as I need to do the same) and here is what I have found:
You can actually run the VMWare image in Virtualbox (which is what I will be doing).
Once I have the image running I tarred and dumped out the file system at root (/) and I was able to startup docker.
However Teradata Express has also got a RAID1 setup (I think) which are the two vmdks PDISK0 and PDISK1 (SCSI sdb and sbc). I couldn't find a way to replicate this in docker (without spending more time and my time is up on this) so for now I think running in docker is not an option but if someone more familar with docker could find a way to virtualize the RAID1 I am happy to be corrected.

How to bundle Electron application and windows service together?

I am very new with electron application. I need some help with election installation.
I have an Electron desktop application and a windows service.
I can start and stop my pre installed services by using sudo-prompt package.
I am creating windows installer by using electron-winstaller package.
But I want to bundle my windows service along with my electron application. My requirement is when I install my electron package then it should install my service also, when I uninstall my package then that service should be uninstalled.
Please help me out. Any clue, Any suggestions will be appreciated.
If you think this should be achieved with something else then please do suggest me.
Electron's windows installer packager strikes me a specific case tool that would likely hit limitations in scenarios like this. I would use a general case tool instead such as the Free and Open Source Windows Installer XML Toolset aka WiX. I would also use with that another FOSS application called Industrial Strength Windows Installer XML aka IsWiX.
WiX allows you to describe and build MSI databases using an XML/XSD domain specific language. It supports MSBuild for easy integration with your CI/CD pipeline. IsWiX* is a set of project templates and graphical designers that provide an opinionated project structuring (scaffolding) and greatly speeds up the learning curve and implementation. For example, this installer you describe could be done without writing a single line of XML.
For more information see: https://github.com/iswix-llc/iswix-tutorials
The desktop-application and windows-service tutorials should** show you everything you need to know to author this installer. Basically follow the desktop-application all the way through and then skip to the final portion of the windows-service tutorial where you define the windows service.
I'm the maintainer of IsWiX
** This assumes your service exe is a proper Windows service that interfaces with the windows service control manager. If it's really just a console app that runs as a service you will need to include a program such as srvany.exe. This will require one line of hand crafted XML to extended the service definition in the registry with the proper command line value to be passed to your exe. An example can be found here: Wix installer to replace INSTSRV and SRVANY for user defined service installation

How to make a setup/install for remote msi

I would want to make a setup which allows to install a remote MSI package.
The trade platform that i use does not allow to download too heavy files - my MSI package is too heavy.
So i am obliged to use a "light" setup which is capable of downloading and of executing my remote MSI package.
For information my MSI package is generated from ANT file with WIX technology.
Any ideas on the way of taking itself there to make this setup ?
Thanks you in advance.
The best answer that I can give depends on some assumptions:
That you can install an agent on the client systems.
That the client is permanently connected to the internet and can get to the remote MSI file, and the same applies if it's an intra-company network situation.
If you can't download the MSI (and "push" installs don't work anyway) then get an agent program onto each client system somehow, which installs the MSI file using your HTTP:// web site as the location of the MSI file, the equivalent of msiexec /i http://server/share/package.msi
This is effectively what group policy and so on do in corporate networks, the MSI being on a share rather than an internet location.
The other alternative if you can download MSI files with your own code is again to have an agent program on the client machine that explicitly downloads the MSI to a permanent location (NOT temp internet files location) and simply installs it with MsiInstallProduct or equivalent, and "how to download a file" is an internet question rather than a Windows Installer question.

Deploy features.xml in servicemix during jenkins Build

I have my features.xml file in src/main/resources/features folder , when I build my project through Jenkins after building my bundle goes to the nexus repository , my requirement is that after my bundle goes to nexus then features.xml should automatically be deployed on servicemix as part of build only. I should not open the servicemix console to install the feature. Please help
You may think about using a KAR (KAraf aRchive).
More information can be found here: http://karaf.apache.org/manual/latest-3.0.x/users-guide/kar.html
You can build а KAR (through Jenkins), containing your feature, then you can use a hot deployment.
Apache Karaf also provides a KAR deployer. It means that you can drop
a KAR file directly in the deploy folder.
Apache Karaf will automatically install KAR files from the deploy
folder. You can change the behaviours of the KAR deployer in the
etc/org.apache.karaf.kar.cfg:
I have also been working on this and my solution was to turn to automated scripting to accomplish this. I wrote a ssh and FTP based program which would stop an smx, delete the ${karaf.home}/data/cache/ directory, replace the new feature file with the one retrieved from the ftp operation, then restart the karaf container.
If you are open to looking into other possibilities:
You can look into Fuse Fabric which can link many smx Containers together and implement version increases and rollbacks. Currently I believe this would also need scripting to accomplish it automatically.
The third option is relatively new and comes in the form of Building docker images and deploying them via OpenShiftV3 which was just unveiled at the Redhat Summit 2015. Its worth noting its fairly new, but it does pack a very impressive feature set.

Launching a service from msi installer that depends on assemblies installed by the msi

I'm using WiX to write a MSI installer to start a service that depends on DLLs installed by the MSI. On Vista, the DLLs become added to the global assembly cache in the MSI's InstallFinalize phase, so I can't use the built-in service starting command in WiX. That one tries to start the service before the DLLs are in the GAC, and fails. The solution seems to be to use a custom action instead [1], and run that after InstallFinalize.
The custom action I used was starting the service with sc. Everything works fine when running the installer as an administrator, but running as a regular user doesn't work. The installer will elevate privileges for the actual install phase, but will drop them after finalizing the installation, and starting the service with sc as a non-privileged user will fail. Setting the custom action to be deferred and no-impersonate to get admin privileges won't work either after InstallFinalize [2].
As a final kludge, I tried to add <Condition>Privileged</Condition> to the WiX file to tell the user that the installer needs to be run as Administrator, but I couldn't get that to work either. The Privileged value gets set to 1 during the installation, maybe when the main install sequence is given higher privileges.
So has anyone else ran into the combination of Vista, non-Administrator user, installer needs to start a service and service needs stuff that goes into GAC during installation to run? Is there any kind of working general approach to this?
[1] http://www.mail-archive.com/wix-users#lists.sourceforge.net/msg09162.html
[2] http://www.mail-archive.com/wix-users#lists.sourceforge.net/msg15381.html
This is one of those times when the easiest solution is just to schedule a reboot.
Here are a few possibilities :
If possible, do not install prerequisite assemblies in the GAC. This will allow your service to be started normally (ie between InstallInitialize and InstallFinalize).
Create a bootstrapper (a small app that launches prerequisite MSIs in a certain order). Place the prerequisite assemblies (those that go in the GAC) into their own MSI, and get the bootstrapper to install them before it installs your service.
Create a launcher (an even smaller app that just launches your MSI). Give it a manifest that will make it run elevated. That way, the entire MSI is elevated, not just the part that's between InstallInitialize and InstallFinalize. You should be able to invoke sc succesfully.
I agree with #sascha. Rebooting is not just the easiest but cleanest in this case. All of the other proposed solutions are going to set you up for a much higher failure rate in the future. IMHO, the Windows Installer design w.r.t. the GAC is busted. The reboot is recognition of that.

Resources