I have configured the ClamAV antivirus on the server.
The Message Filter is enabled and when I Test the settings, then I get a positive result with a return code: 1
The Activity Log is set to: D:\Program Files (x86)\Mail Enable\Logging\MTA
Yet when I check there, or in the Antivirus Logs, there is only an old log file from September 2019. Nothing after that, despite having restarted the MTA service and disabled/enabled the Antivirus Filter.
Is the Antivirus scan even working? How can I check if the messages are scanned?
Antivirus Activity Log missing
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Antivirus Activity Log missing
Hi,
Have you created a Filter for AV checks under the "Filter" node within the administration console and configured an action to delete etc?
Have you created a Filter for AV checks under the "Filter" node within the administration console and configured an action to delete etc?
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Antivirus Activity Log missing
Yes. There is a enabled filter for "Where the message contains a virus". It copies it to the Quarantine directory and then deletes the message.
But no logs show up.
But no logs show up.
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Antivirus Activity Log missing
Hi,
Download process monitor and then configure it to filter on the memta.exe (MTA agent) process. Run the service and check for access denied errors on the logging paths.
Download process monitor and then configure it to filter on the memta.exe (MTA agent) process. Run the service and check for access denied errors on the logging paths.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Antivirus Activity Log missing
I tried that. There's a whole bunch of lines, and most of them have a result of "SUCCESS". A few show other messages, but none is with an error or access denied. I copied a part out:
Code: Select all
15:57:20.8070407 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Resident SUCCESS Desired Access: Query Value
15:57:20.8070521 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Resident\Status SUCCESS Type: REG_DWORD, Length: 4, Data: 0
15:57:20.8070593 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Resident SUCCESS
15:57:20.8070683 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8070743 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER SUCCESS Desired Access: Query Value
15:57:20.8070827 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER\Antivirus Scratch Directory SUCCESS Type: REG_SZ, Length: 86, Data: D:\Program Files (x86)\Mail Enable\Scratch
15:57:20.8070893 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER\Antivirus Scratch Directory SUCCESS Type: REG_SZ, Length: 86, Data: D:\Program Files (x86)\Mail Enable\Scratch
15:57:20.8070953 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER SUCCESS
15:57:20.8071406 MEMTA.EXE 6092 CreateFile D:\Program Files (x86)\Mail Enable\Queues NAME COLLISION Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
15:57:20.8072421 MEMTA.EXE 6092 CreateFile D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created
15:57:20.8072988 MEMTA.EXE 6092 CloseFile D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS
15:57:20.8073186 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8073261 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS Desired Access: Query Value
15:57:20.8073366 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Status SUCCESS Type: REG_DWORD, Length: 4, Data: 1
15:57:20.8073438 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS
15:57:20.8073900 MEMTA.EXE 6092 CreateFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8074077 MEMTA.EXE 6092 QueryAttributeTagFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS Attributes: A, ReparseTag: 0x0
15:57:20.8074162 MEMTA.EXE 6092 QueryStandardInformationFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS AllocationSize: 12,288, EndOfFile: 8,435, NumberOfLinks: 1, DeletePending: False, Directory: False
15:57:20.8074219 MEMTA.EXE 6092 QueryBasicInformationFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS CreationTime: 17/04/2020 15:57:17, LastAccessTime: 17/04/2020 15:57:17, LastWriteTime: 17/04/2020 15:57:18, ChangeTime: 17/04/2020 15:57:18, FileAttributes: A
15:57:20.8074300 MEMTA.EXE 6092 QueryStreamInformationFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS 0: ::$DATA
15:57:20.8074414 MEMTA.EXE 6092 QueryBasicInformationFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS CreationTime: 17/04/2020 15:57:17, LastAccessTime: 17/04/2020 15:57:17, LastWriteTime: 17/04/2020 15:57:18, ChangeTime: 17/04/2020 15:57:18, FileAttributes: A
15:57:20.8074486 MEMTA.EXE 6092 QueryEaInformationFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS EaSize: 0
15:57:20.8074945 MEMTA.EXE 6092 CreateFile D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT SUCCESS Desired Access: Generic Read/Write, Delete, Write DAC, Disposition: OverwriteIf, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: A, ShareMode: None, AllocationSize: 8,435, OpenResult: Created
15:57:20.8075731 MEMTA.EXE 6092 QueryAttributeInformationVolume D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00000, MaximumComponentNameLength: 255, FileSystemName: NTFS
15:57:20.8075818 MEMTA.EXE 6092 QueryBasicInformationFile D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT SUCCESS CreationTime: 17/04/2020 15:57:20, LastAccessTime: 17/04/2020 15:57:20, LastWriteTime: 17/04/2020 15:57:20, ChangeTime: 17/04/2020 15:57:20, FileAttributes: A
15:57:20.8075884 MEMTA.EXE 6092 QueryAttributeInformationVolume D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00000, MaximumComponentNameLength: 255, FileSystemName: NTFS
15:57:20.8076062 MEMTA.EXE 6092 QueryRemoteProtocolInformation D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI INVALID PARAMETER
15:57:20.8076164 MEMTA.EXE 6092 QuerySecurityFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS Information: Attribute
15:57:20.8076287 MEMTA.EXE 6092 SetEndOfFileInformationFile D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT SUCCESS EndOfFile: 8,435
15:57:20.8076611 MEMTA.EXE 6092 ReadFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS Offset: 0, Length: 8,435, Priority: Normal
15:57:20.8076824 MEMTA.EXE 6092 WriteFile D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT SUCCESS Offset: 0, Length: 8,435, Priority: Normal
15:57:20.8077094 MEMTA.EXE 6092 SetBasicInformationFile D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT SUCCESS CreationTime: 01/01/1601 08:00:00, LastAccessTime: 01/01/1601 08:00:00, LastWriteTime: 17/04/2020 15:57:18, ChangeTime: 17/04/2020 15:57:18, FileAttributes: n/a
15:57:20.8077280 MEMTA.EXE 6092 QueryRemoteProtocolInformation D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT INVALID PARAMETER
15:57:20.8077361 MEMTA.EXE 6092 CloseFile D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT SUCCESS
15:57:20.8077460 MEMTA.EXE 6092 CloseFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS
15:57:20.8077601 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8077682 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER SUCCESS Desired Access: Query Value
15:57:20.8077793 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER\Antivirus Scratch Directory SUCCESS Type: REG_SZ, Length: 86, Data: D:\Program Files (x86)\Mail Enable\Scratch
15:57:20.8077860 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER\Antivirus Scratch Directory SUCCESS Type: REG_SZ, Length: 86, Data: D:\Program Files (x86)\Mail Enable\Scratch
15:57:20.8077929 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER SUCCESS
15:57:20.8078001 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8078064 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters SUCCESS Desired Access: Query Value
15:57:20.8078151 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Processing Order BUFFER OVERFLOW Length: 144
15:57:20.8078208 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Processing Order SUCCESS Type: REG_SZ, Length: 216, Data: MEAVCLM,MEAVFPI,MEAVFPI6,MEAVGR7,MEAVGR8,MEAVGRI,MEAVMAC,MEAVNAV,MEAVNOR,MEAVPAN,MEAVSOP,MTAFILTER,Resident
15:57:20.8078259 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Processing Order BUFFER OVERFLOW Length: 144
15:57:20.8078304 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Processing Order SUCCESS Type: REG_SZ, Length: 216, Data: MEAVCLM,MEAVFPI,MEAVFPI6,MEAVGR7,MEAVGR8,MEAVGRI,MEAVMAC,MEAVNAV,MEAVNOR,MEAVPAN,MEAVSOP,MTAFILTER,Resident
15:57:20.8078364 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters SUCCESS
15:57:20.8078436 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8078496 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS Desired Access: Query Value
15:57:20.8078571 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Status SUCCESS Type: REG_DWORD, Length: 4, Data: 1
15:57:20.8078631 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS
15:57:20.8078700 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8078757 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS Desired Access: Query Value
15:57:20.8078826 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Status SUCCESS Type: REG_DWORD, Length: 4, Data: 1
15:57:20.8078886 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS
15:57:20.8078952 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8079009 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS Desired Access: Query Value
15:57:20.8079078 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Status SUCCESS Type: REG_DWORD, Length: 4, Data: 1
15:57:20.8079153 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS
15:57:20.8079225 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8079285 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS Desired Access: Query Value
15:57:20.8079363 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Antivirus Agent Plugin Enabled NAME NOT FOUND Length: 144
15:57:20.8079420 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS
15:57:20.8079982 MEMTA.EXE 6092 QueryOpen D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT SUCCESS CreationTime: 17/04/2020 15:57:20, LastAccessTime: 17/04/2020 15:57:20, LastWriteTime: 17/04/2020 15:57:18, ChangeTime: 17/04/2020 15:57:18, AllocationSize: 12,288, EndOfFile: 8,435, FileAttributes: A
15:57:20.8080207 MEMTA.EXE 6092 CreateFile D:\ SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8080360 MEMTA.EXE 6092 QueryDirectory D:\Program Files (x86) SUCCESS Filter: Program Files (x86), 1: Program Files (x86), FileInformationClass: FileBothDirectoryInformation
15:57:20.8080531 MEMTA.EXE 6092 CloseFile D:\ SUCCESS
15:57:20.8081002 MEMTA.EXE 6092 CreateFile D:\Program Files (x86) SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8081146 MEMTA.EXE 6092 QueryDirectory D:\Program Files (x86)\Mail Enable SUCCESS Filter: Mail Enable, 1: Mail Enable, FileInformationClass: FileBothDirectoryInformation
15:57:20.8081275 MEMTA.EXE 6092 CloseFile D:\Program Files (x86) SUCCESS
15:57:20.8081726 MEMTA.EXE 6092 CreateFile D:\Program Files (x86)\Mail Enable\Scratch SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8081867 MEMTA.EXE 6092 QueryDirectory D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS Filter: 4CEDA2502BE0430BB4DF436F3489741F.MAI, 1: 4CEDA2502BE0430BB4DF436F3489741F.MAI, FileInformationClass: FileBothDirectoryInformation
15:57:20.8081999 MEMTA.EXE 6092 CloseFile D:\Program Files (x86)\Mail Enable\Scratch SUCCESS
15:57:20.8082578 MEMTA.EXE 6092 CreateFile D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
15:57:20.8082752 MEMTA.EXE 6092 QueryStandardInformationFile D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT SUCCESS AllocationSize: 12,288, EndOfFile: 8,435, NumberOfLinks: 1, DeletePending: False, Directory: False
15:57:20.8082827 MEMTA.EXE 6092 CloseFile D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT SUCCESS
15:57:20.8083013 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8083088 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS Desired Access: Query Value
15:57:20.8083184 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Antivirus Agent SUCCESS Type: REG_SZ, Length: 96, Data: C:\Program Files (x86)\ClamWin\bin\clamscan.exe
15:57:20.8083241 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Antivirus Agent SUCCESS Type: REG_SZ, Length: 96, Data: C:\Program Files (x86)\ClamWin\bin\clamscan.exe
15:57:20.8083301 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS
15:57:20.8083370 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8083427 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS Desired Access: Query Value
15:57:20.8083503 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Antivirus Parameters BUFFER OVERFLOW Length: 144
15:57:20.8083560 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Antivirus Parameters BUFFER OVERFLOW Length: 144
15:57:20.8083608 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Antivirus Parameters SUCCESS Type: REG_SZ, Length: 282, Data: "[AGENT]" "[FILENAME]" --no-summary --database="C:\ProgramData\.clamwin\db\main.cld" --tempdir="C:\Program files (x86)\Mail Enable\Scratch"
15:57:20.8083671 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS
15:57:20.8083725 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8083782 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS Desired Access: Query Value
15:57:20.8083854 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Parse Result Status NAME NOT FOUND Length: 144
15:57:20.8083908 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS
15:57:20.8083959 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8084013 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS Desired Access: Query Value
15:57:20.8084082 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Single Instance NAME NOT FOUND Length: 144
15:57:20.8084133 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM SUCCESS
15:57:20.8084220 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:20.8084274 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters SUCCESS Desired Access: Query Value
15:57:20.8084346 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Process Timeout SUCCESS Type: REG_DWORD, Length: 4, Data: 20000
15:57:20.8084403 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters SUCCESS
15:57:20.8085712 MEMTA.EXE 6092 CreateFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8085880 MEMTA.EXE 6092 QueryBasicInformationFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS CreationTime: 28/05/2019 10:42:43, LastAccessTime: 28/05/2019 10:42:43, LastWriteTime: 03/03/2018 18:27:34, ChangeTime: 28/05/2019 10:42:43, FileAttributes: A
15:57:20.8085955 MEMTA.EXE 6092 CloseFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS
15:57:20.8087032 MEMTA.EXE 6092 CreateFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8087164 MEMTA.EXE 6092 QueryBasicInformationFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS CreationTime: 28/05/2019 10:42:43, LastAccessTime: 28/05/2019 10:42:43, LastWriteTime: 03/03/2018 18:27:34, ChangeTime: 28/05/2019 10:42:43, FileAttributes: A
15:57:20.8087231 MEMTA.EXE 6092 CloseFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS
15:57:20.8087921 MEMTA.EXE 6092 CreateFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8088092 MEMTA.EXE 6092 CreateFileMapping C:\Program Files (x86)\ClamWin\bin\clamscan.exe FILE LOCKED WITH ONLY READERS SyncType: SyncTypeCreateSection, PageProtection:
15:57:20.8088236 MEMTA.EXE 6092 CreateFileMapping C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS SyncType: SyncTypeOther
15:57:20.8088464 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamscan.exe NAME NOT FOUND Desired Access: Query Value, Enumerate Sub Keys
15:57:20.8088857 MEMTA.EXE 6092 QueryNameInformationFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS Name: \Program Files (x86)\ClamWin\bin\clamscan.exe
15:57:20.8089998 MEMTA.EXE 6092 Process Create C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS PID: 6184, Command line: "C:\Program Files (x86)\ClamWin\bin\clamscan.exe" "D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT" --no-summary --database="C:\ProgramData\.clamwin\db\main.cld" --tempdir="C:\Program files (x86)\Mail Enable\Scratch"
15:57:20.8090361 MEMTA.EXE 6092 QuerySecurityFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS Information: Owner, Group, DACL, SACL, Label
15:57:20.8090847 MEMTA.EXE 6092 QueryNameInformationFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS Name: \Program Files (x86)\ClamWin\bin\clamscan.exe
15:57:20.8090962 MEMTA.EXE 6092 QueryBasicInformationFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS CreationTime: 28/05/2019 10:42:43, LastAccessTime: 28/05/2019 10:42:43, LastWriteTime: 03/03/2018 18:27:34, ChangeTime: 28/05/2019 10:42:43, FileAttributes: A
15:57:20.8091187 MEMTA.EXE 6092 RegOpenKey HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers NAME NOT FOUND Desired Access: Query Value
15:57:20.8091286 MEMTA.EXE 6092 RegOpenKey HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\clamscan.exe NAME NOT FOUND Desired Access: Query Value
15:57:20.8091463 MEMTA.EXE 6092 RegOpenKey HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide SUCCESS Desired Access: Read
15:57:20.8091574 MEMTA.EXE 6092 RegQueryValue HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest NAME NOT FOUND Length: 20
15:57:20.8091652 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide SUCCESS
15:57:20.8093951 MEMTA.EXE 6092 QuerySecurityFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS Information: Owner, Group, DACL, SACL, Label
15:57:20.8094056 MEMTA.EXE 6092 QueryNameInformationFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS Name: \Program Files (x86)\ClamWin\bin\clamscan.exe
15:57:20.8094341 MEMTA.EXE 6092 QueryBasicInformationFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS CreationTime: 28/05/2019 10:42:43, LastAccessTime: 28/05/2019 10:42:43, LastWriteTime: 03/03/2018 18:27:34, ChangeTime: 28/05/2019 10:42:43, FileAttributes: A
15:57:20.8094644 MEMTA.EXE 6092 CloseFile C:\Program Files (x86)\ClamWin\bin\clamscan.exe SUCCESS
15:57:21.1923192 MEMTA.EXE 6092 CreateFile D:\Program Files (x86)\Mail Enable\Config\CLUSTER\MTA-SMTP.BLK SUCCESS Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Overwritten
15:57:21.1925017 MEMTA.EXE 6092 CreateFile D:\Program Files (x86)\Mail Enable\Config\CLUSTER\MTA-SMTP.ACT SUCCESS Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Overwritten
15:57:21.1925722 MEMTA.EXE 6092 WriteFile D:\Program Files (x86)\Mail Enable\Config\CLUSTER\MTA-SMTP.ACT SUCCESS Offset: 0, Length: 22, Priority: Normal
15:57:21.1926055 MEMTA.EXE 6092 CloseFile D:\Program Files (x86)\Mail Enable\Config\CLUSTER\MTA-SMTP.ACT SUCCESS
15:57:21.1926523 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
15:57:21.1926667 MEMTA.EXE 6092 RegCreateKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\CONNECTORS\SMTP SUCCESS Desired Access: All Access, Disposition: REG_OPENED_EXISTING_KEY
15:57:21.1926869 MEMTA.EXE 6092 RegSetValue HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\CONNECTORS\SMTP\Inbound Queue Last Poll SUCCESS Type: REG_DWORD, Length: 4, Data: 1587110241
15:57:21.1927604 MEMTA.EXE 6092 RegCloseKey HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\CONNECTORS\SMTP SUCCESS
15:57:21.1928264 MEMTA.EXE 6092 CreateFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound SUCCESS Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:21.1928513 MEMTA.EXE 6092 QueryDirectory D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\*.MAI SUCCESS Filter: *.MAI, 1: 4CEDA2502BE0430BB4DF436F3489741F.MAI, FileInformationClass: FileBothDirectoryInformation
15:57:21.1929420 MEMTA.EXE 6092 CreateFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
15:57:21.1929720 MEMTA.EXE 6092 ReadFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS Offset: 0, Length: 326, Priority: Normal
15:57:21.1930107 MEMTA.EXE 6092 ReadFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\4CEDA2502BE0430BB4DF436F3489741F.MAI END OF FILE Offset: 326, Length: 4,096
15:57:21.1930239 MEMTA.EXE 6092 CloseFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\4CEDA2502BE0430BB4DF436F3489741F.MAI SUCCESS
15:57:21.1930552 MEMTA.EXE 6092 QueryDirectory D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound NO MORE FILES
15:57:21.1930696 MEMTA.EXE 6092 CloseFile D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound SUCCESS
15:57:21.1930960 MEMTA.EXE 6092 RegQueryKey HKLM SUCCESS Query: HandleTags, HandleTags: 0x0
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Antivirus Activity Log missing
Hi,
Best way forward here is to lodge a support ticket and provide access to the server to a technician can troubleshoot in more detail.
Best way forward here is to lodge a support ticket and provide access to the server to a technician can troubleshoot in more detail.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Antivirus Activity Log missing
Oh well. Yet another support call for you, and I can then wait two months plus and not get a reply? Honestly, no thanks. I really don't feel like paying upfront for such a service.
-
- Site Admin
- Posts: 9738
- Joined: Mon Mar 22, 2004 4:44 am
- Location: Melbourne, Victoria, Australia
Re: Antivirus Activity Log missing
Hi,
You have the option of lodging the ticket as installation or upgrade which are free submission. We require access to the server to check further. This cannot be done via the forum because of our support policies.
You have the option of lodging the ticket as installation or upgrade which are free submission. We require access to the server to check further. This cannot be done via the forum because of our support policies.
Regards,
Ian Margarone
MailEnable Support
Ian Margarone
MailEnable Support
Re: Antivirus Activity Log missing
Made the support ticket.