in

SharePoint Blogs

The Best Place for SharePoint-related Blogs

Bobby Habib SharePoint & MOSS Blogging Space

Bobby Habib - My findings on SharePoint / MOSS, Web Part Developments, etc. Information I think will help the SharePoint Community. All posts are provided "AS IS" with no warranties, and confers no rights. Whats the bloody Point!

April 2008 - Posts

  • MOSS AntiVirus Guidelines

    I find that a lot of companies implementing MOSS into their organisations are not really thinking about Antivirus software that is running at the Operating System level. There are a number of products out there talking about MOSS Antivirus plug in etc, but these plug in are checking for documents that are being pushed into MOSS for viruses.

    MS Fore Front Security for SharePoint:

    http://www.microsoft.com/forefront/sharepoint/en/us/product-overview.aspx

    McAfee:

    http://us.trendmicro.com/us/products/enterprise/portalprotect/index.html

    But there seems to be a big area that companies are forgetting about, that can effect the stability of MOSS servers and cause a lot of issues that really confuse IT professionals. The OPERATING SYSTEM ANTIVIRUS. Wink

    To rule out any interference that the operating system antivirus software might bring to SharePoint's stability, the following exclusions from the antivirus real-time scan are recommended:

    Windows 2003 Server

     

    ·    The %systemroot% is normally the C:\WINDOWS or C:\WINNT directory depending on your OS·    %systemroot%\System32\Spool (and all the sub-folders and files)·    %systemroot%\SoftwareDistribution\Datastore·    Any Network Drives that are mapped Refer to the following article for information:

    KB822158 - Virus scanning recommendations for computers that are running Windows
    Server 2003, Windows 2000, or Windows XP http://support.microsoft.com/kb/822158     

    Internet Information Server

    • The IIS compression directory (default compression directory is %systemroot%\IIS Temporary Compressed Files)
    • %systemroot%\system32\inetsrv folder
    • Files that have the .log extension
    Refer to the following knowledge base articles for reference:
    KB817442 - IIS 6.0: Antivirus Scanning of IIS Compression Directory May Result in 0-Byte File
    http://support.microsoft.com/kb/817442
    KB821749 - Antivirus software may cause IIS to stop unexpectedly http://support.microsoft.com/kb/821749

    SQL Server

    • Exclude .MDF, .LDF, .NDF, .TRN, .BAK and .SLS
    • Exclude sqlmangr.exe and sqlservr.exe
    • SQL folder and databases files (or database file types) from scanning for performance reasons:
    KB309422 - Guidelines for choosing antivirus software to run on the computers that are running SQL Server http://support.microsoft.com/kb/309422

    WSS 3,0 / MOSS 2007 

    • Drive:\Program Files\Microsoft Office Servers\12.0
    • Drive:\Program Files\Common Files\Microsoft Shared\web server extensions\12
    • Drive:\DOCUME~1\ALLUSE~1\APPLICATION DATA\MICROSOFT\FIREWALL CLIENT\*
    • Drive:\WINDOWS\Temp\WebTempDir\*
    • Drive:\DOCUMENTS AND SETTINGS\<SPSServiceAccount>\LOCAL SETTINGS\APPLICATION DATA\*
    • Drive:\Documents and Settings\\<SPSServiceAccount>\Local Settings\Temp\*
    • Drive:\WINDOWS\system32\LogFiles
    • W3wp.exe, cbd.exe, cidaemon.exe, owstimer.exe (WSS)
    (where Drive: is the drive letter where you installed SharePoint Portal Server)

     

    MOM

    ·    Drive:\Documents and Settings\All Users\Application Data\Microsoft\Microsoft Operations Manager

    ·    Drive:\Program Files\Microsoft Operations Manager 2005

     

    If you are using Trend Micro the follow these guide lines:

    • Temp folder:  C:\Program Files\Trend Micro\PortalProtect\temp
    • Quarantine folder, whose default location is:
    Drive:\Program Files\Trend Micro\PortalProtect\Quarantine
    • Backup folder, whose default location is:
    Drive:\Program Files\Trend Micro\PortalProtect\Backup

    The following link will provide you how you can configure MOSS anti-virus, not Operating System Anti-Virus.

    http://technet2.microsoft.com/Office/f/?en-us/library/1289e6e2-03e0-4f10-8921-e516187891c61033.mspx

    One of my recomendation before logging Microsoft PSS calls is to make sure you have these guidelines applied in your environment, this could save a lot of  time & money with regard to support issues. I hope this helps. Stick out tongue

    I thought I would add this to the post; the offical KB article associated to "Folders may have to be excluded from antivirus scanning when you use a file-level antivirus program in Windows SharePoint Services 3.0 or in SharePoint Server 2007": http://support.microsoft.com/kb/952167

    Posted Apr 22 2008, 10:45 AM by bobbyhabib with 3 comment(s)
    Filed under: ,

  • MOSS - Error : Unable to find an entry point named 'OshFGetSafeHtmLAllocForManaged3' in DLL 'osafehtm.dll'

    This is not a pretty error and can make you run around the house's trying to figure out what the hell is going on. Tongue Tied

    The exception tend to occurs when you try to publish changes on a site page within MOSS.

    You normally see the following error stack:

    “Application error when access /_layouts/AddNavigationLinkDialog.aspx, Error=Unable
    to find an entry point named 'OshFGetSafeHTMLAllocForManaged3' in DLL
    'osafehtm.dll'. at
    Microsoft.SharePoint.Publishing.Fields.SafeHtmlWraSurprisepper.NativeMethods.OshFGetSafeHTML
    AllocForManaged3(Byte[] htmlSourceBytes, Int32 htmlSourceBytesSize, Int32
    htmlSourceCodePage, Byte** htmlReturnedBytes, Int32& htmlReturnedBytesSize, Int32
    convertToDestinationCodePage, Int32 safeHtmlBehaviorFlags, String[] tagsToHandle,
    Int32[] tagHandlingFlags, Int32 tagHandlingCount, Int32& tagHandlingResultFlags,
    EditOrDropUrlsDelegate urlHandlingCallback, Boolean& isSafeHtml) at
    Microsoft.SharePoint.Publishing.Fields.SafeHtmlWrapper.GetSafeHtml(String
    stylecopStringUnsafeHtml, Int32 safeHtmlBehaviorFlags, Hashtable tagsAndFlags...”

    Now I have seen a lot of people using a temporary work around for this which is, to run from a command line "psconfig.exe -cmd secureresources" and then a iisreset.     Well this is interesting because this seems to cure the issue for about 24 hours and then the issue seems to arise again. Oh my god! The business impact this must be having on some of the companies out there. Surprise Now the secureresources command performs SharePoint Products and Technologies resource security enforcement on the server. For example, security is enforced on files, folders, and registry keys. So why would something like this cure the issue for about 24 hours. I was amazed. Surprise

    So lets look at this in a bit more detail. The stack trace shows an error with OshFGetSafeHTMLAllocForManaged3 which tells us that the dll used here is osafehtm.dll. This dll is a MOSS wrapper assembly used with the HTML controls on site pages and is used widely across the MOSS UI pages.

    The OshFGetSafeHTMLAllocForManaged3 function is used mainly when there are pages that are using image or hyperlink HTML controls on a page. Also to note that the osafehtm.dll resides in the following directory in MOSS C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\ directory. When I looked closely at the server configuration which the exception occurred I also noticed C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\ directory. And as soon as I took a peak in this directory I noticed the office 11 version of the osafehtm.dll in this directory. Bingo! Renamed the file to z_osafehtm.dll and ran a iisreset /restart the error never did occur again. Stick out tongue Infact I renamed the 60 directory to z_60.

     So here's the logic:

    1. The error seems to only occur on configurations that have been upgraded from SPS2003 to MOSS.

    2. With the upgrade both the C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\12\BIN\ and C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\ are defined paths, which means the incorrect dll can be loaded.

    So why does it work for 24 hours after you run psconfig.exe securedresources and a IISReset:

    I think this is because the secured resources must force 12\bin directory path to be read and loads the correct version of the osafehtm.dll assembly and the IISReset will reset all cached assemblies that are loaded in memory or cached by IIS. Within 24 hours the Application Pool will recycle itself if the default setting for the application pook are configured and at this point there are two different versions of the assembly that now can be loaded because the C:\Program Files\Common Files\Microsoft Shared\Web Server Extensions\60\BIN\ is also a defined path and MOSS then loads the incorrect version of osafehtm.dll.

     

    Posted Apr 03 2008, 11:09 PM by bobbyhabib with 2 comment(s)
    Filed under: , ,
Need SharePoint Training? Attend a SharePoint Bootcamp!
Posts (c) their respective authors. Everything else (c) 2007 SharePoint Experts