Email and server security 10.0 huge problems

Vallu

Hi all!

 

Yesterday i installed latest Email and Server security 10.00. it was working allright for one day. Now suddenly spam mails cannot quarantine by F-secure. My mailbox is filling with warnings. Database connection is ok and i'm using SQL server 2008 R2 express on same server as Exchange 2010 SP3. I understand that spam messages are deleted when there's no connection to database servers, so we are ok at the moment, and i have set Spam confidence level to only 8 or more => quarantine.

 

Here's sample warning mail:

 

Befor tried just reboot:

 

Date: 2013-07-18  18:25:32+03:00
Host: *************
Computer name: ****
User account: SYSTEM
Product: F-Secure Content Scanner Server (OID: 1.3.6.1.4.1.2213.18)
Severity: error (3)
Message: Scanning '*548403280*.tmp' by Threat Detection Engine was unsuccessful. Failed to classify the message. Error type=3, error code=204, description=CFCHttpClient::ReadResponse() - Request timeout.

 

And after reboot:

 

Date: 2013-07-18  19:43:31+03:00
Host: ***************
Computer name: ****
User account: SYSTEM
Product: F-Secure Anti-Virus for Microsoft Exchange (OID: 1.3.6.1.4.1.2213.20)
Severity: warning (2)
Message: Cannot quarantine message. Details:
 Source: **********
 Destination: **************
 Subject: **************
 Reason: 

 

 

Any advice were to start?

 

 

I'm opening a ticket, but i have to call f-secure. Ticket submit form just ends with error.

 

EDIT:

 

now this:

 

Date: 2013-07-18  19:56:45+03:00
Host: **********
Computer name: ****
User account: SYSTEM
Product: F-Secure Anti-Virus for Microsoft Exchange (OID: 1.3.6.1.4.1.2213.20)
Severity: error (3)
Message: The F-Secure Anti-Virus for Microsoft Exchange Real-Time Scanner cannot connect to any of the servers specified in Server Pool. 

 

Server pool? Where is it specified??

 

 

Costas-Inter

Sounds like you are having network errors

 

This message:

Message: Scanning '*548403280*.tmp' by Threat Detection Engine was unsuccessful. Failed to classify the message. Error type=3, error code=204, description=CFCHttpClient::ReadResponse() - Request timeout.

 

means that your FSESS, cannot connect to Real-time protection network of F-secure (cloud) to check the message.

 

This message:

Date: 2013-07-18  19:56:45+03:00
Host: **********
Computer name: ****
User account: SYSTEM
Product: F-Secure Anti-Virus for Microsoft Exchange (OID: 1.3.6.1.4.1.2213.20)
Severity: error (3)
Message: The F-Secure Anti-Virus for Microsoft Exchange Real-Time Scanner cannot connect to any of the servers specified in Server Pool.

 

Means that your scanning agent is not able to connect to your Content scanner server to send the e-mail for analysis.

 

And here:

 

Date: 2013-07-18  19:43:31+03:00
Host: ***************
Computer name: ****
User account: SYSTEM
Product: F-Secure Anti-Virus for Microsoft Exchange (OID: 1.3.6.1.4.1.2213.20)
Severity: warning (2)
Message: Cannot quarantine message. Details:
 Source: **********
 Destination: **************
 Subject: **************
 Reason:

 

Probably the agent is not able to access the 'shared'/network folder that is used for quarantining messages. (see should have declared such a directory when run your installation wizard). Check if you can access it from your MSE node that is receiving and relaying the messages.

 

Check if f-secure services are running in your nodes, and then check your network.

(while opening the ticket with F-Secure)

 

Good luck

Costas

 

 

 

Vallu

Just checked our firewall logs and it seems ok. Our server is constatly connection to http://193.66.251.202/SpamResolverNG/SpamResolverNG.dll?DoNewRequest and it's ok. 

 

No connections are dropped from our server, so networks is ok.

 

Now waiting for f-secure to solve this.

Vallu

Hi all!

 

Problem solved. F-secure support send me an email with instruction how to correct. In my case, everyting was ok, i just had to start/stop two services:

 

    Open Control Panel\Administrative Tools\Services

    Stop "Microsoft Exchange Transport" service.

    Stop "F-Secure Quarantine Manager" service.

    Start again "F-Secure Quarantine Manager" service.

    Wait at least 10 seconds.

    Start again "Microsoft Exchange Transport" service.

 

I bet this is a bug and hotfix is on its way

 

Just want to share this fix if someone else needs it.

 

Happy weekend everyone!

 

 

etomcat

Dear Sirs,

 

Is FSAV ESS 10.00 already compatible with Exchange 2007 SP3 Update Roll-up 11 on Windows 2008 R2?

 

Please give an official reply ASAP!

 

Thanks in advance, Sincerely: Tamas Feher, 2F 2000, Hungary.

PBHS

Thanks I have the same problem doing the steps helped, now all spam is getting added to the quarantine database