Syncplify may drop 32-bit/legacy support in future versions

Almost 7 years ago, Microsoft has dropped support for 32 bit versions of their server operating system; in fact, as of Windows Server 2008 R2 only 64-bit server OSs have been released by Microsoft. Later, support for 32-bit versions of server OSs has been dropped, so we can safely say that – today – only 64-bit versions of Windows Server are available and supported.

MongoDB (the database we use as a back-end to Syncplify.me Server!) is considering a similar choice. And even though they still support 32 at the time this article is being written, their 32 bit version comes with limitations that make it unsuitable for large-scale deployments.

Furthermore, according to our license database, only about 1% of our customers are still using 32-bit versions of our software, and less than 0.2% of them have active support and maintenance subscriptions. Simply put, almost nobody is using 32-bit versions of our software anymore.

For all of the above reasons, Syncplify’s management is currently considering the possibility to drop 32-bit support in future versions of our flagship software (Syncplify.me Server!) and possibly all other software titles we design and develop.

How to prevent uploads of EXE files

Syncplify.me Server! version: 4.0.0+

Some SFTP servers feature a simple “extension exclusion list” so that administrators can specify certain file extensions that the server should not let users upload. But that’s a pretty weak defense, as a clever attacker could always upload an EXE with a fake extension and then rename it or otherwise find alternative ways to run it on the server, thus compromising its security.

Syncplify.me Server!’s scriptable nature, though, allows you to do a lot more than just disallow certain file extensions. Here’s a sample script that can be attached to the “AfterFileUpload” event handler, to identify EXE files that have been uploaded with fake extensions and delete them right away.

The above script is provided as a mere example to identify Windows EXE files. But it could be easily modified in order to identify other file types.

All Windows EXEs, in fact have stable distinguishing features in their binary code, and more precisely: the first 2 bytes (in hex) will always be 4D5A, and the 4 bytes at offset 256 (0x100) will always be 50450000. So if a file has those byte sequences in those exact locations, it’s safe to say it’s a Windows EXE.

Do you need to identify ZIP files instead? The first 4 bytes are always 04034B50.

And so on… many file types can be identified by specific “signatures” in their binary code, that one can easily read using Syncplify.me Server!’s powerful scripting capabilities.

Syncplify.me Server!: VFS with quotas

Syncplify.me Server! version: 4.0.0+

The Virtual File System (VFS) instroduced in Syncplify.me Server! v4.0, comes with a long-awaited feature: quota management.

The Windows OS features a very powerful yet complicated quota management, but it’s only available in Windows Server editions and requires optional features to be installed, therefore we could not rely on that and we built our own quota management system which is cross-compatible with all Windows systems.

Now, the problem with quota management is that calculating the current size of a folder (along with its sub-folders) can be very time-consuming, if the folder contains millions and millions of files. So if we were to re-evaluate the size to enforce quota restrictions at every operation it could totally kill the performances. Our solution the Quota TTL, which is the Time-To-Live (TTL) of the quota cache, expressed in seconds. Basically, when Syncplify.me Server! calculates the current size of a folder structure, it will consider such result valid for QuotaTTL seconds, without re-evaluating it too often. Continue reading

Syncplify.me Server! v4.0.9 released

We have just released version 4.0.9 of our Syncplify.me Server! software. This version features the following improvements:

  • Added brand new “zero configuration” option to the HTTP/REST Configuration Wizard
  • Added auto-selection of an alternate port for the HTTP/REST service if 443 is busy (without overwriting your IIS certificate)
  • Fixed a bug in Active Directory Group support (also read this article)
  • Fixed a stability bug in the REST API service which was affecting only Windows 2012 R2

As usual you can download this new release from our website.