GFI MailSecurity/BitDefender problem...
Results 1 to 7 of 7

Thread: GFI MailSecurity/BitDefender problem...

  1. #1
    Senior Member
    Join Date
    Mar 2004
    Posts
    171

    Angry GFI MailSecurity/BitDefender problem...

    Hey everyone,

    Just a heads up, but if you are running GFI Mail Security for Exchange/SMTP, the newest release of the BitDefender update is causing all incomming and outgoing mail to be quarantined as "Corrupted Zip File" even plain text. Needless to say, it stops all traffic flow thru Exchange.

    So far, the only solution from GFI, is to disable BitDefender in the GFI configutation, and restart Exchange/IIS. But be sure that you have a secondary virus scan running. If not.. well hopefully you do on the workstations and they will catch anything getting thru.

    http://forums.gfi.com/cgi-bin/ultima...c;f=7;t=002546

    Cheers!


    PS: It is strange to be happy about getting Spam in.... :S
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  2. #2
    Senior Member
    Join Date
    Mar 2004
    Posts
    171
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  3. #3
    Senior Member
    Join Date
    Mar 2004
    Posts
    510
    http://www.theregister.co.uk/2005/03/02/gfi_beserker/

    BitDefender said it planned to implement a testing module for integration, alongside its existing testing regime, in order to detect possible future problems before updates go live.
    What a nice idea.
    \"You got a mouth like an outboard motor..all the time putt putt putt\" - Foghorn Leghorn

  4. #4
    Member
    Join Date
    Dec 2003
    Posts
    97
    It's pretty clear that the testing of AV definitions is an important thing.

  5. #5
    Senior Member
    Join Date
    Mar 2004
    Posts
    171

    GFI responds

    In case you missed the correction in the knowledge base:

    I am having BitDefender blocking all emails. What can I do?

    The information in this article applies to:
    GFI DownloadSecurity for ISA Server 6
    GFI MailSecurity for Exchange/SMTP 7
    GFI MailSecurity for Exchange/SMTP 8

    Article ID: kbid002294
    Query keywords:


    Following the BitDefender virus definition files update of 2nd March 14:20 (CET), MailSecurity will start blocking all emails and action the email according to the action configured for virus infected emails. This issue is caused by an incompatibility between the BitDefender virus definition files and the virus engine update mechanism in MailSecurity.

    Whilst each virus update is tested (automatically), this particular update - even though tested - caused an unexpected result. GFI was not aware of certain changes which had been done to the BitDefender engine. A new set of BitDefender virus definition files has been made available at 15:42 (CET) for customers who had not updated with the problematic definition files. Customers who did not download a set of BitDefender Virus definition files between 14:20 (CET) and 15:42 (CET) where not effected by this issue.

    If MailSecurity was configured to quarantine virus infected emails, these emails can be approved from the Moderator client, or the Web Moderator client. In this case the Web Moderator client can prove to be much more efficient for the job. More information on the Web Moderator client can be found at the end of this article.

    If MailSecurity was configured to delete virus infected emails, these emails cannot be recovered. A script will be made available within a few hours which will parse the GFI Monitor log file and retrieve information on the emails that where effected by this problem. This requires you to backup the GFI Monitor log file from the <MailSecurity\gfimon> directory. the file is called vsapistr.log. Please check again later for this utility.

    If MailSecurity was installed in VSAPI mode, the message body and attachments would have been removed from the email, and the following text would have been added instead:
    This mail has been deleted because a part of it (body or attachment) violated GFI Content Security's security policy. That mail has been deleted by the GFI Content Security BitDefender Engine Module.

    Solution:

    The easiest solution would be to reboot the machine running MailSecurity. This will cause MailSecurity (and BitDefender) to start scanning emails normally. If a reboot is not possible, you can perform the following:

    If MailSecurity is installed in non-VSAPI mode, restart IIS Admin service and all it's dependant services.

    If MailSecurity is installed in VSAPI mode, restart the Microsoft Exchange Information Store. If you are not able to restart the Microsoft Exchange Information Store at the moment, do the following:

    Open the MailSecurity configuration
    Right click on the General node and select Properties.
    Change to the VSAPI tab, and disable VSAPI.
    From Task Manager, wait till the process gfiscan.exe stops (it should take less then 20 seconds).
    When gfiscan.exe stops, enable VSAPI once again from the VSAPI tab.
    This will avoid having to restart the Exchange Information Store.

    If you perform the above procedure, you do NOT need to update the BitDefender virus definition files.

    More information:

    MailSecurity Remote Web Moderator client

    Using the Remote Moderator Client
    Setting up the Web based moderator

    Checking if you are running the problematic BitDefender Virus definition files.

    You can check if you are running the virus definition files that caused the problem as follows. Note that running this set of virus definition files after rebooting the machine or restarting the MailSecurity engine as shown above will solve the problem.

    Browse to the MailSecurity directory (installed by default in C:\Program Files\gfi\MailSecurity)
    Open the <AntiVirus\Avx> directory
    Open update.txt with notepad

    If update.txt contains the below text then you need to perform the solution shown above:

    Update time: Wed Mar 2 15:08:01 2005
    Signature number: 101759
    Update time GMT: 1109761681
    Version: 7.00636
    ~ I'm NOT insane! I've just been in a bad mood for the last 30 years! ~ Somepeople are like Slinky's: Not good for anything, but the thought of pushing them down the stairs brings a smile to your face!

  6. #6
    Senior Member
    Join Date
    Jan 2005
    Posts
    217

    More problems...

    I think they (GFI) mess up some...

    GFI, a Microsoft "gold certified partner," is offering free upgrades to all its customers, after it trashed their e-mails by sending out incorrect update information.
    More news here -- http://news.zdnet.com/2100-1009_22-5598860.html

    Yo!
    \"Life without FREEDOM is no life at all\". - William Wallace
    MyhomE MyboX StealtH (loop n. see loop.)
    http://www.geocities.com/sebeneleben/SOTBMulti.gif

  7. #7
    From what I've read, this is just a simple case of 'forgot to test our updates before we deploy them.' As bad as it is, we've come to expect this from our software vendors. However, it's a 'security' vendor that's doing this, customers of GFI should be appalled. I don't use their Mail Security product (the one that does A/V scans), but I do use their spam filter. I will be switching now, thank you very much.

    We have to hold vendors accountable. As long as people allow things like this to go on, the situation is never going to get any better.

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •