Antivirus Problems

Discussions on webmail and the Professional version.
Post Reply
eastwood
Posts: 119
Joined: Sun Feb 02, 2003 5:17 pm
Location: UK, Swindon

Antivirus Problems

Post by eastwood » Fri Feb 20, 2004 2:23 pm

Still got messages that slip through the net using ME Pro and F-Prot

had a shed load of emails get through the checker with the virus of W32.Netsky.b@mm

Lucky for me Norton picked them up my end BUT I had customers who werent so lucky.....

What can i do to make sure ME is picking things up, how do these get through, why does it not pick up all? I have run the debug and its fine it stops some but not all?

Cheers

Guest

Re: Antivirus Problems

Post by Guest » Fri Feb 20, 2004 5:31 pm

[quote="eastwood"]Still got messages that slip through the net using ME Pro and F-Prot

Here also with me-pro and Norman antivirus, does not look good !!!!

MailEnable-Ben
Posts: 5858
Joined: Fri Jan 16, 2004 6:49 am
Location: Melbourne

Fix for F-Prot not stoppping some backdoor viruses!

Post by MailEnable-Ben » Tue Feb 24, 2004 4:52 am

Hi, we have created a fix for the issue you have mentioned here please find it below it is a replacement setting for your registry.

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVFPI]
"Exit Codes"="3 8"
CHeers,
Ben.
Regards,

Product Services
MailEnable Pty Ltd

To keep track of all ME company updates and version releases you should subscribe to the MailEnable list at http://www.mailenable.com or the RSS feed http://www.mailenable.com/rss.

Guest

Post by Guest » Fri Feb 27, 2004 9:20 am

I have been getting the exact same problems, except we are using Sophos AntiVirus...

Will this fix work for us??

Thanks

- Carl S

AlertServ
Posts: 30
Joined: Fri Oct 03, 2003 1:36 am
Contact:

Post by AlertServ » Fri Feb 27, 2004 3:47 pm

How about Panda Command Line Scanner and ME Pro?
Alert Serv | Managed Windows Servers, Incident Support
Including Support for Mail Enable & Helm - http://www.AlertServ.com
------------------------------------------------------
Authorized Helm Reseller

christophw
Posts: 52
Joined: Sun Feb 01, 2004 7:04 pm

Re: Fix for F-Prot not stoppping some backdoor viruses!

Post by christophw » Mon Mar 01, 2004 10:04 am

Is this fixed for 1.16 or do we have to apply this registry fix to 1.16 servers too?

Chris

[quote="Support-Ben"]Hi, we have created a fix for the issue you have mentioned here please find it below it is a replacement setting for your registry.

[code]Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVFPI]
"Exit Codes"="3 8"[/code]

CHeers,
Ben.[/quote]

woldhekkie

mailenable and Norman antivirus also problems

Post by woldhekkie » Tue Mar 02, 2004 11:53 pm

Sometimes virus slips through, also get a message in the mta debug log :

Error!-Could not delete Inbound Message ( Boys, look into this !!!!)

It looks like sometimes antivirus did find a virus , gave a return code to mta , but mta and/or antivirus was unable to delete the file in the smtp queue.

Every day the smtp queue fills up with files. The ammount of files is exact the same as the errors i get in the mta debug log.

It look like sometimes the files get locked to long. (or mta is to fast)

Running 2003 server on 2x 3ghz proc. 1.5 gh mem. Use Norman antivirus with changed registrysettings (wich support return code) and Fprot 6.0
Also use snimta (works perfect)

If support can`t get antivirus to work , I will give up on Mail Enable.
(spend too much time in it......)

nathand
Posts: 105
Joined: Wed Aug 20, 2003 4:34 am
Location: Richardson, TX

Re: Fix for F-Prot not stoppping some backdoor viruses!

Post by nathand » Wed Mar 03, 2004 7:08 pm

I checked a 1.16 installation and it was correct by default, so it looks fixed for 1.16.
christophw wrote:Is this fixed for 1.16 or do we have to apply this registry fix to 1.16 servers too?

Chris
Support-Ben wrote:Hi, we have created a fix for the issue you have mentioned here please find it below it is a replacement setting for your registry.

Code: Select all

Windows Registry Editor Version 5.00

[HKEY_LOCAL_MACHINE\SOFTWARE\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVFPI]
"Exit Codes"="3 8"
CHeers,
Ben.

techcall
Posts: 77
Joined: Tue Apr 08, 2003 3:56 am

Post by techcall » Mon Mar 08, 2004 3:30 pm

Here is what I'm seeing when using PAVCL....

We are able to successfully stop the EICAR.zip.

However, when in zip format, Netsky and Bagel seem to slide through (AV Sig file is up to the minute).

When I tested the return code settings Ben provided for FProt, it kills all attachments.

So, for PAVCL, let me ask the question a different way...

What are the correct switch and registry settings?

Is anyone getting PAVCL to successfully stop Netsky and Bagel in zip format?

techcall
Posts: 77
Joined: Tue Apr 08, 2003 3:56 am

Post by techcall » Mon Mar 08, 2004 4:39 pm

UPDATE:

I thought I had the latest build installed but I was mistaken (downloading is not enough, you must actually not get distracted and complete the install - DOH!). Upon completing the install, everything works exactly as it should.

Post Reply