Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update
FYI if anyone else experienced this problem, we pinned this down to F-Prot. Disabling F-prot has resolved the problem. Are you using F-Prot.exe or fpcmd.exe? Are you using the /NOFLOPPY switch in the SCANFILE line in the \IMail\Declude\virus.cfg file (which must be there for F-Prot.exe, and must not be there for fpcmd.exe)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
RE: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update
Which exact version please? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Mailing Lists Sent: Wednesday, September 17, 2003 7:37 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update FYI if anyone else experienced this problem, we pinned this down to F-Prot. Disabling F-prot has resolved the problem. Peter - Original Message - To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 1:07 PM Subject: Blue Screen on Imail with Declude Virus and Declude Junkmail Hi all, hopefully someone can give us some insight to a problem related to BSOD we have been encountering on our Imail server Server is running Imail 8.02 with Declude Virus with scanners below and Declude Junkmail. Nothing else is running on the server. Declude Virus Config appears at end of this email. Ipswitch claims this is not caused by Imail Declude Virus has the following virus scanners: F-Prot version 3.14a Netshield 2000 SP1 Grisoft AVG 7 Server Edition On access virus scanning is disabled. What seems to be happening is that when there is a high volume of mail processed, the server will blue screen with: The computer has rebooted from a bugcheck. The bugcheck was: 0x007f (0x000d, 0x, 0x, 0x). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\MEMORY.DMP. BSOD shows UNEXPECTED_KERNEL_MODE_TRAP At first we thought it was a hardware related issue since this was a new server built for Imail. So we rebuilt another server and installed to that new server but problem still persists. Examining logs (Declude and Imail) show nothing peculiar, and nothing is reported in the event log except for the reboot and bugcheck. We then thought it may be related to the Imail Queue manager so to test this we stopped Imail Queue Service for a while and simulated the problem by sending large amounts of mail to the server and sure enough it crashed again (with Queue Manager stopped). This should exclude Queue Manager. Server specs are: Intel 7501WV2 Motherboard with dual onboard Nics Intel SRCZCR Raid Controller Card 2 x 18 GB u320 Maxtor Raid 1 (OS) 2 x 36 GB u320 Maxtor Raid 1 (Imail) 1 GB Crucial RAM Any insight anyone? Thanks Peter Verzoni # # Declude Virus configuration file # CODE # The in the LOGFILE option automatically gets replaced with the month/date LOGFILE e:\spool\vir.log LOGLEVELHIGH CONSOLE OFF # # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. # SCANFILE1 D:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /DUMB /NOBOOT /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection SCANFILE2 D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC /REPORT=report.txt VIRUSCODE2 2 VIRUSCODE2 6 REPORT2identified SCANFILE3 C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP /NOBREAK /UNZIP /SILENT /NODDA /REPORT report.txt VIRUSCODE3 13 REPORT3 Found # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'virus' (\IMail\spool\virus). VIRDIR e:\spool\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. MAXATONCE 0 # # The following options allow you to limit scanning to only incoming or outgoing # E-mail. # INCOMING ON OUTGOING ON # # The ONACCESS option should be set to OFF unless you have an on-access virus scanner # that will be deleting attachments with viruses. # ONACCESS OFF # # The SCANNERTIMEOUT option lets you choose the number of seconds that Declude will # wait for the virus scanner to finish. The minimum value is 10 seconds. Most # scanners will not need to take that long. This option is mainly to prevent # defective scanners (that never finish) from interfering with your outgoing E-mail. # Raising this will NOT help if your virus scanner always times out. # SCANNERTIMEOUT 60 # # The SKIPEXT option will let you skip scanning of certain file extensions. For # example, a GIF file can't contain a virus, so there is no need to scan it. # SKIPEXT GIF SKIPEXT TXT SKIPEXT JPG SKIPEXT MPG SKIPEXT PNG # # The BANEXT option will let you ban file extensions. E-mails containing attachments #
Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update
Scott, no we were using fpcmd.exe and /NOFLOPPY was not present. I contacted f-prot support last Friday but have not heard back from them to date. Peter SCANFILE1 D:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /DUMB /NOBOOT /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection SCANFILE2 D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC /REPORT=report.txt VIRUSCODE2 2 VIRUSCODE2 6 REPORT2identified SCANFILE3 C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP /NOBREAK /UNZIP /SILENT /NODDA /REPORT report.txt VIRUSCODE3 13 REPORT3 Found - Original Message - From: R. Scott Perry [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 10:48 AM Subject: Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update FYI if anyone else experienced this problem, we pinned this down to F-Prot. Disabling F-prot has resolved the problem. Are you using F-Prot.exe or fpcmd.exe? Are you using the /NOFLOPPY switch in the SCANFILE line in the \IMail\Declude\virus.cfg file (which must be there for F-Prot.exe, and must not be there for fpcmd.exe)? -Scott --- Declude JunkMail: The advanced anti-spam solution for IMail mailservers. Declude Virus: Catches known viruses and is the leader in mailserver vulnerability detection. Find out what you've been missing: Ask about our free 30-day evaluation. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com. --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] --- This E-mail came from the Declude.Virus mailing list. To unsubscribe, just send an E-mail to [EMAIL PROTECTED], and type unsubscribe Declude.Virus.The archives can be found at http://www.mail-archive.com.
Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update
F-Prot version 3.14a - Original Message - From: John Tolmachoff (Lists) [EMAIL PROTECTED] To: [EMAIL PROTECTED] Sent: Wednesday, September 17, 2003 10:51 AM Subject: RE: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update Which exact version please? John Tolmachoff MCSE CSSA Engineer/Consultant eServices For You www.eservicesforyou.com -Original Message- From: [EMAIL PROTECTED] [mailto:Declude.Virus- [EMAIL PROTECTED] On Behalf Of Mailing Lists Sent: Wednesday, September 17, 2003 7:37 AM To: [EMAIL PROTECTED] Subject: Re: [Declude.Virus] Blue Screen on Imail with Declude Virus and Declude Junkmail - Update FYI if anyone else experienced this problem, we pinned this down to F-Prot. Disabling F-prot has resolved the problem. Peter - Original Message - To: [EMAIL PROTECTED] Sent: Monday, September 08, 2003 1:07 PM Subject: Blue Screen on Imail with Declude Virus and Declude Junkmail Hi all, hopefully someone can give us some insight to a problem related to BSOD we have been encountering on our Imail server Server is running Imail 8.02 with Declude Virus with scanners below and Declude Junkmail. Nothing else is running on the server. Declude Virus Config appears at end of this email. Ipswitch claims this is not caused by Imail Declude Virus has the following virus scanners: F-Prot version 3.14a Netshield 2000 SP1 Grisoft AVG 7 Server Edition On access virus scanning is disabled. What seems to be happening is that when there is a high volume of mail processed, the server will blue screen with: The computer has rebooted from a bugcheck. The bugcheck was: 0x007f (0x000d, 0x, 0x, 0x). Microsoft Windows 2000 [v15.2195]. A dump was saved in: C:\WINNT\MEMORY.DMP. BSOD shows UNEXPECTED_KERNEL_MODE_TRAP At first we thought it was a hardware related issue since this was a new server built for Imail. So we rebuilt another server and installed to that new server but problem still persists. Examining logs (Declude and Imail) show nothing peculiar, and nothing is reported in the event log except for the reboot and bugcheck. We then thought it may be related to the Imail Queue manager so to test this we stopped Imail Queue Service for a while and simulated the problem by sending large amounts of mail to the server and sure enough it crashed again (with Queue Manager stopped). This should exclude Queue Manager. Server specs are: Intel 7501WV2 Motherboard with dual onboard Nics Intel SRCZCR Raid Controller Card 2 x 18 GB u320 Maxtor Raid 1 (OS) 2 x 36 GB u320 Maxtor Raid 1 (Imail) 1 GB Crucial RAM Any insight anyone? Thanks Peter Verzoni # # Declude Virus configuration file # CODE # The in the LOGFILE option automatically gets replaced with the month/date LOGFILE e:\spool\vir.log LOGLEVELHIGH CONSOLE OFF # # SCANFILE is the location of the command-line virus scanner. Note that it # must include the full path. VIRUSCODE is the code that scanner returns if # it finds a virus. # SCANFILE1 D:\Progra~1\FSI\F-Prot\fpcmd.exe /TYPE /SILENT /NOMEM /ARCHIVE /DUMB /NOBOOT /REPORT=report.txt VIRUSCODE 3 VIRUSCODE 6 VIRUSCODE 8 REPORT Infection SCANFILE2 D:\Progra~1\Grisoft\AVG7\avg.exe /NOMEM /NOSELF /ARC /REPORT=report.txt VIRUSCODE2 2 VIRUSCODE2 6 REPORT2identified SCANFILE3 C:\Progra~1\Common~1\networ~1\viruss~1\4.0.xx\scan.exe /ALL /NOMEM /NOBEEP /NOBREAK /UNZIP /SILENT /NODDA /REPORT report.txt VIRUSCODE3 13 REPORT3 Found # VIRDIR is the directory to move E-mails with viruses; by default, # it is set to 'virus' (\IMail\spool\virus). VIRDIR e:\spool\virus # The MAXATONCE option limits the number of AV processes. For example, # MAXATONCE 1 will only allow 1 AV process to run at once (IE for licensing # purposes). A value of 0 (or commenting it out) allows unlimited processes # to run at the same time. MAXATONCE 0 # # The following options allow you to limit scanning to only incoming or outgoing # E-mail. # INCOMING ON OUTGOING ON # # The ONACCESS option should be set to OFF unless you have an on-access virus scanner # that will be deleting attachments with viruses. # ONACCESS OFF # # The SCANNERTIMEOUT option lets you choose the number of seconds that Declude will # wait for the virus scanner to finish. The minimum value is 10 seconds. Most # scanners will not need to take that long. This option is mainly to prevent # defective scanners (that never finish) from interfering with your outgoing E-mail. # Raising this will NOT help if your virus scanner always times out. # SCANNERTIMEOUT 60 # # The SKIPEXT option will let you skip scanning of certain file extensions. For
