Hello,
today we received a mail addressed to 40+ recipients containing the
Melissa virus.
The virus filter had no problem to detect the malicious content and
sent out warnings to all recipients as well as to the postmaster and
the sender of the mail.
So far all is working as expected.
Then FW-1 logs: Connection to Content Security Server failed.
Short after this FW-1 tries again to deliver the infected and let the
virus scanner inspect the mails.
This repeats every 5 minutes (the configured resend period of the SMTP
security server).
Obviously the virus scanner (Trendmicro Viruswall 3.5 on Solaris Sparc
2.6) is acting as it should except that it doesn't notify FW-1 about
the result. Hence FW-1 treat this as an error in the connection and
starts over with this mail.
It looks like a problem with timing. Our first guess is that FW-1 gets
a timeout while the Viruswall is still sending the notification mails.
Second guess is that while Viruswall is still sending notification
mails, FW-1 hits its SMTP security servers resend time and resends the
mail before the virusscanner has finished and thus disrupting the
previous scan.
Does this problem sound familiar to someone?
Kind regards,
Joerg
// pallas GmbH ............ Joerg Oertel ...........
Hermuelheimer Str. 10 System engineer
D-50321 Bruehl, Germany [EMAIL PROTECTED]
phone +49-(0)2232-1896-0
http://www.pallas.de fax +49-(0)2232-1896-29
........................................................
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
