BitDefender blocking all emails - Solution
|
Logged in as: Guest
|
|
Users viewing this topic:
none
|
|
Login  | |
|
BitDefender blocking all emails - Solution - 2.Mar.2005 1:23:00 PM
|
|
|
Nicks
Posts: 2772
Joined: 17.Mar.2003
Status: offline
|
As has been discussed in other threads, an issue has been encountered that would cause the BitDefender virus scanner to block all emails. More information on this can be found at http://kbase.gfi.com/showarticle.asp?id=KBID002294
If it is impossible to reboot the machine, please perform the following:
If MailSecurity is installed in VSAPI mode, restart the Microsoft Exchange Information Store.
If MailSecurity is installed in non-VSAPI mode, restart IIS Admin service.
If you have MailSecurity in VSAPI, and you are not able to restart the Microsoft Exchange Information Store at the moment, do the following:
1. Open the MailSecurity configuration
2. Right click on General and select properties.
3. Change to the VSAPI tab, and disable VSAPI.
4. From Task Manager, wait till the process gfiscan.exe stops (should take less then 20 seconds).
5. When gfiscan.exe stops, enable VSAPI once again.
This will avoid having to restart the Exchange Information Store.
|
|
|
|
|
RE: BitDefender blocking all emails - Solution - 2.Mar.2005 1:25:00 PM
|
|
|
johnmad
Posts: 6
Joined: 1.Mar.2005
Status: offline
|
Sorry but that isnt my problem.
Our Mail Security has rules to quarantine corrupt zips, we have experienced the same problems as all your other customers, however it seems to have DELETED all messages and not quarantined them. Is this also a symptom of of the problem or unique to our setup?
we have checked in the moderator client and there are no mails in there for the time frame. The log files indicated that they were deleted. We have confirmed that our rules are set to quarantine and not delete. Can you tell us the physical folder location where these quarantined files would be kept? We use mail essentials merely as a mail relay for incoming/outgoing external mail.
[ March 02, 2005, 07:28 PM: Message edited by: johnmad ]
|
|
|
|
|
RE: BitDefender blocking all emails - Solution - 2.Mar.2005 1:27:00 PM
|
|
|
kleesman
Posts: 12
Joined: 6.Feb.2005
Status: offline
|
Retrieve Subject and Sender of deleted messages!
I was able to look in the vsapistr.log file under the C:\Program Files\GFI\MailSecurity\Gfimon to find the logging that shows in the GFI monitor to find the senders and subjects of all the messages that were wrongly deleted today. Do it quickly, because the file seems to only keep a set number of lines, deleting the oldest.
Kyle
|
|
|
|
|
RE: BitDefender blocking all emails - Solution - 2.Mar.2005 1:30:00 PM
|
|
|
Nicks
Posts: 2772
Joined: 17.Mar.2003
Status: offline
|
If you had configured the virus scanning engines to delete the emails, there is no way to recover the deleted emails. You can also check BitDefender.txt from the logs directory which will show you information on the emails which where deleted.
|
|
|
|
|
RE: BitDefender blocking all emails - Solution - 2.Mar.2005 1:32:00 PM
|
|
|
johnmad
Posts: 6
Joined: 1.Mar.2005
Status: offline
|
thank you nick, but as I said it is set to quarantine mails, not delete. we are always nervous about setting it to delete.
and now they are gone. I thought i would let you know as this may also be a problem specific to 8.1
|
|
|
|
|
RE: BitDefender blocking all emails - Solution - 2.Mar.2005 1:43:00 PM
|
|
|
Nicks
Posts: 2772
Joined: 17.Mar.2003
Status: offline
|
Hi johnmad,
I think that you are referring to the Decompression engine, which will always quarantine emails.
In this case, it was the BitDefender engine that was blocking the emails. The BitDefender engine will perform the action that is specified in the properties of the Virus scanning node.
|
|
|
|
|
RE: BitDefender blocking all emails - Solution - 2.Mar.2005 3:05:00 PM
|
|
|
PineGrove
Posts: 15
Joined: 1.Mar.2005
Status: offline
|
I'm having trouble with this fix.
I first disabled the Bitdefender service.
Then re-started IIS as stated in the fix (non-VSAPI)
Then I enabled Bitdefender and tried to update the definitions. No updated was downloaded.
I left Bitdefender on and it seemed to work for a while, but then started quarantining every message again after a while.
|
|
|
|
|
RE: BitDefender blocking all emails - Solution - 2.Mar.2005 3:16:00 PM
|
|
|
TDogg7200
Posts: 37
Joined: 21.Dec.2004
Status: offline
|
Fortunately for us, BitDefender did not update for some reason. The last update was on 02/23/05. But what I dont understand is that for BitDefender, we have it set to Automaticaly check for updates every 1 hour. So why did it last update on the 23rd of last month??
|
|
|
|
|
RE: BitDefender blocking all emails - Solution - 2.Mar.2005 3:24:00 PM
|
|
|
dennez
Posts: 1
Joined: 1.Mar.2005
Status: offline
|
The only temporary solution that worked for me is disabling the BitDefender engine.
I'm just now starting to see the impact this will have on my company's clients. About 90% of my clients' Exchange servers out there have MS installed. I've been able to login remotely to a couple of them tonight to disable the BD engine, but most of them still continue to delete all mail until we're able to reach them tomorrow!
All this mail will be gone and this will be unacceptable to lots of people! All hell is going to break loose tomorrow and I'm going to be big sad scapegoat!
|
|
|
|
|
RE: BitDefender blocking all emails - Solution - 2.Mar.2005 4:09:00 PM
|
|
|
Marcelo-CCC
Posts: 194
Joined: 21.Apr.2004
From: Linden, NJ - USA
Status: offline
|
Trapped as everyone else and lost (Deleted) all my incoming and outgoing mail... we retrieved the Msec Monitor text file vsapistr.txt and parsed all lines since the crash until the server started to work (7 lines per deleted mail) and created a script to send a notification to all "Sender(s)" about their mail being blown to ashes by 'forces beyond our control'. Then we notified all the "Recipients" so they could follow up the issue with their corresponding "Senders".
Lot's of work and hundreds of emails but it saved our skin and our business...
|
|
|
|
|
RE: BitDefender blocking all emails - Solution - 2.Mar.2005 4:12:00 PM
|
|
|
Marcelo-CCC
Posts: 194
Joined: 21.Apr.2004
From: Linden, NJ - USA
Status: offline
|
UPDATE: Nick said "You can also check BitDefender.txt from the logs directory which will show you information on the emails which where deleted."
yes but the info is not complete in some cases (outgoing mail sender, subject, etc) and it'salmost impossible a good reconstruction.
Instead use the \gfimon\vsapistr.txt file
|
|
|
|
|
RE: BitDefender blocking all emails - Solution - 2.Mar.2005 4:31:00 PM
|
|
|
Heath
Posts: 11
Joined: 21.Jun.2004
Status: offline
|
quote:
Originally posted by johnmad:
Our Mail Security has rules to quarantine corrupt zips, we have experienced the same problems as all your other customers, however it seems to have DELETED all messages and not quarantined them. Is this also a symptom of of the problem or unique to our setup?
Johnmad, I had the same thing happen. The emails should have been quarantined, but they weren't. I should have received an email saying they were quarantined (or even deleted), but I didn't. The emails are gone. The email I received from GFI was useless as it was stripped of its content as well.
Our license is up for renewal in the next couple months and I'm seriously going to do some re-evaluating before I commit again. This is completely inexcusable. Combine this with the fact that some whitelisted addresses are still being marked as spam, and some blacklisted addresses are still getting through the filters untouched, I think it's time to look elsewhere.
|
|
|
|
|
RE: BitDefender blocking all emails - Solution - 3.Mar.2005 2:53:00 AM
|
|
|
johnmad
Posts: 6
Joined: 1.Mar.2005
Status: offline
|
quote:
Originally posted by Heath:
quote:
Originally posted by johnmad:
Our Mail Security has rules to quarantine corrupt zips, we have experienced the same problems as all your other customers, however it seems to have DELETED all messages and not quarantined them. Is this also a symptom of of the problem or unique to our setup?
Johnmad, I had the same thing happen. The emails should have been quarantined, but they weren't. I should have received an email saying they were quarantined (or even deleted), but I didn't. The emails are gone. The email I received from GFI was useless as it was stripped of its content as well.
Our license is up for renewal in the next couple months and I'm seriously going to do some re-evaluating before I commit again. This is completely inexcusable. Combine this with the fact that some whitelisted addresses are still being marked as spam, and some blacklisted addresses are still getting through the filters untouched, I think it's time to look elsewhere.
Exactly the same as us, Nicks reply to me above is useless, i dont think he even read what I put. We lost ALL emails between 2-4 GMT yesterday. Thats ALOT of mails(1000s), weve had to tell the end users to resend their mails, they aint happy, the IT director aint happy and I aint happy. I've already kicked off software evaluation of other products. I suppose you get what you pay for, crap product, crap support.
|
|
|
|
 New Messages |
 No New Messages |
 Hot Topic w/ New Messages |
 Hot Topic w/o New Messages |
 Locked w/ New Messages |
 Locked w/o New Messages |
|
 Post New Thread
Reply to Message
Post New Poll
Submit Vote
Delete My Own Post
Delete My Own Thread
Rate Posts |
|
|
Printable Version
![[Smile]](/image/smiles/smile.gif)
This should fix you though: