Failed messages

Failed messages (Full Version)

All Forums >> [Content Security] >> GFI MailSecurity for Exchange/SMTP

Message

Bob T -> Failed messages (22.May2008 1:29:33 AM)
Hi all, For an hour today, we had messages go missing. Of course no-one noticed until a couple of hours later. Using Exchange 2007's Message Tracking logs, I have found the following: Timestamp: 2008/05/22 12:09:48 EventId: FAIL Source: AGENT SourceContext: GfiAvRoutingAgent This is the last mention of the email in the system. My question is, what happened to GFI AV (there is nothing mentioned in the event logs around the time of the first missing email, nor the next successful email an hour later) and where have my emails gone? Surely they haven't been thrown out ! How many other times has this happened that my users just haven't noticed ?!? I have searched in every FailedMails folder I can find, searched the hard drives for small files created today and also files containing keywords I know are in the messages. I cannot find any trace of the files. Any help in finding these messages would be appreciated. Thanks, Bob T

John Letourneau -> RE: Failed messages (22.May2008 10:36:12 AM)
Bob, If you go to ..\Program Files (x86)\GFI\ContentSecurity\MailSecurity\FailedMails do you see the messages?

Bob T -> RE: Failed messages (22.May2008 3:37:49 PM)
Hi John, Thanks for your reply. That folder is empty. Any other ideas? Bob

mmcteague1 -> RE: Failed messages (22.May2008 4:27:43 PM)
I have been trying to solve the same or VERY similair issue for several weeks. I see the message in the smtp logs and there aren't any errors logged The message does not show up in the msastr.log I can find the message in message tracking and it states "SMTP: Advanced Queue Failed to Deliver Message". I have run the troubleshooter and emailed it and John L has reviewed it and said he could not see the message. I am running on Exchange 2003 / Server 2003. I am running Mail essentials 12.0 v20080326 and Mail Security 10 v20080404. I did not notice this problem until I upgraded to ME 12 v20080421 and made several changes to the smtp service and how it handled emails BEFORE it sent them to ME/MS, so I figured I must have made some config error and smtp was deleting the emails since the emails were not showing up in the gfi logs. I have since uninstalled MS and it seems ALL emails are coming in fine. I reinstalled MS and I experience intermittent problems again, so I uninstalled MS and it seems I am back to normal. My next step (which I have not done yet), is to uninstall the 20080421 NDS patch for ME and reinstall MS. This is a pain in the butt because I have to let the system run for several days after making 1 change to find out whether or not the problem still exists.

Bob T -> RE: Failed messages (22.May2008 10:10:21 PM)
I have looked at a few logs this morning, in ContentSecurity\MailSecurity\DebugLogs. Going in alphabetical order: AdaptMime.gfi_log.txt - mails are listed Attachment Checking.gfi_log.txt - mails missing (approx. 1 hour missing from log) AVG Engine.gfi_log.txt - missing BitDefender Engine.gfi_log.txt - missing BitDefender.log - missing Content Checking.gfi_log.txt - missing Decompression Engine.gfi_log.txt - listed Email Logging.gfi_log.txt - listed EmailExploit.gfi_log.txt - missing GFI.Common.Tracing.log - seem to be listed (no message names/id's but there is logging during the time) gfiscan.gfi_log.txt - listed Html Script Removal.gfi_log.txt - missing HTMLScrubber.gfi_log.txt - missing Kaspersky Engine.gfi_log.txt - missing Kaspersky.log - missing ltvsint.txt - seem to be listed (no message names/id's but there is logging during the time) McAfee Engine.gfi_log.txt - missing Norman Engine.gfi_log.txt - listed Norman.log - listed score.gfi_log.txt - listed Trojan Scanner.gfi_log.txt - missing unpack.gfi_log.bak - listed Virus Scanning Engine.gfi_log.bak - listed, with errors (see below) VSE.log - missing The Virus Scanning Engine.gfi_log.bak log shows the following, for each message in the outage timeframe: 2008-05-22,12:13:57,151,3,"#00000904","#00000d14","info ","Virus Scanning Engine","Process: >>" 2008-05-22,12:13:57,151,3,"#00000904","#00000d14","info ","Virus Scanning Engine","Process: message-id[<00c09f986be588b4ff044dc5ccc6@googlemail.com>], entering scan..." 2008-05-22,12:13:57,151,3,"#00000904","#00000d14","info ","Virus Scanning Engine","Process: checking USN..." 2008-05-22,12:13:57,151,3,"#00000904","#00000d14","info ","Virus Scanning Engine","Process: entering scan2..." 2008-05-22,12:13:57,151,3,"#00000904","#00000d14","info ","Virus Scanning Engine","Process: calling [Norman Engine]..." 2008-05-22,12:13:57,167,3,"#00000904","#00000d14","info ","Virus Scanning Engine","Process: calling [Norman Engine]...ok[0]" 2008-05-22,12:13:57,167,3,"#00000904","#00000d14","info ","Virus Scanning Engine","ERROR: Process: plugin[Kaspersky Engine] is not loaded, failing..." An interesting log is score.errors.gfi_log.txt - it has lines similar to below, for the hour outage. 2008-05-22,12:13:57,167,1,"#00000904","#00000d14","error ","SCore","Scan: Calling [Virus Scanning Engine]...ok[25]" 2008-05-22,12:13:57,167,1,"#00000904","#00000d14","error ","SCore","Scan: final result(CRITICAL)" It looks to me like there was a filure in the Kaspersky virus scanner plugin. So the question to the GFI technicians is, how can you stop the messages from being "lost" when there is a problem with a scanner plugin? Surely that would be an ideal time to put them in the "FailedMails" folder... I'd appreciate an answer from someone at GFI (even just "yes, it looks like there's a problem, we'll take a closer look into it") Thanks, Bob T

John Letourneau -> RE: Failed messages (9.Jun.2008 10:50:34 AM)
Bob, In situations like this the message should be placed in the ..\Program Files\GFI\ContentSecurity\MailSecurity\FailedMails folder. If this is not happening I'd suggest to update your build to make sure you are on the latest.

Bob T -> RE: Failed messages (10.Jun.2008 11:08:34 PM)
Thanks John, As I said in my previous post, the FailedMails folders are empty. I'm on v10, build 20080404, and the version checker says there is no newer build (although I am aware of the new beta, I wouldn't expect it is "recommended" to install this). Bob T

John Letourneau -> RE: Failed messages (23.Jun.2008 11:34:28 AM)
Bob, In your situation I would recommend submitting a support request at http://crm.gfi.com/Customizations/SupportIssue/support.aspx?lcode=en so we can take a closer look at your configuration and logs.

Bob T -> RE: Failed messages (23.Jun.2008 8:57:28 PM)
Hi John, Thanks, but it's a bit late now, being a full month after the initial request - I doubt very much the logs go back that far. Also, I have been dealing with Nick (Case CAS-70931-OUVB GFI:00970020) in regard to this. This is the first time I've had it "just happened", although it does occur regularly when installing Exchange 2007 cumulative updates or service packs, so as I said to Nick I'll turn on logging before the next Ex 07 update I do, and see how it goes. Bob

John Letourneau -> RE: Failed messages (23.Jun.2008 9:39:05 PM)
Bob, Thanks for letting me know this is being handled.

Page: [1]