Major incident notice for ESS and PSB ESS: F-Secure Gemini failed to scan email messages

Katriina_M
Katriina_M W/ Alumni Posts: 8 Cyber Knight

Dear F-Secure Customer/Partner,

 

From 2015-09-24 13:10 UTC to 2015-09-24 16:06 UTC, our Email and Server Security (ESS) and Protection Service for Business Email and Server Security (PSB ESS) products experienced a major incident.

 

This incident affected all products relying on ESS and PSB ESS services. The visible effect was that the F-Secure Gemini scanning engine failed to scan email messages and put them directly into quarantine.

 

This incident was promptly resolved and was fixed in Gemini 2015-09-24_03.

 

However, if you are unable to get the updates immediately, and you are still experiencing issues, you can disable the Gemini scanning engine temporarily as follows:

 

  1. In the F-Secure web console, click on General > Engines > Status.
  2. Go to F-Secure Gemini > Properties, then select Disable engine.

This will prevent emails going to quarantine.

 

We apologize for the inconvenience this may have caused you. We have initiated a root cause analysis process to identify how we can avoid similar incidents in the future.

 

With Best Regards,

F-Secure Customer Care

Comments

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Dear Katriina,

     

    > Act temporarily as follows:

     > In the F-Secure web console, click on General > Engines > Status.

    > Go to F-Secure Gemini > Properties, then select Disable engine.

    > This will prevent emails going to quarantine.

     

    If the hard disk space becomes low because of the excessive many e-mails placed in quarantine, this method cannot be applied, as the web interface cannot start.

     

    (Regrettably, the FSAV ESS installer unwisely places the quarantines folder on the system drive, thereby excerberating this problem.)

     

    Yours Sincerely: Tamas  Feher, Hungary.

  • MikaK
    MikaK W/ Alumni Posts: 22 Digital Defender

    Dear Tamas,

     

    You can move Quarantine storage on other drives as well:

    Web Console > Quarantine > Options > General

     

    In addition, you can define Quarantine retention and cleanup options:

    Web Console > Quarantine > Options > Maintenance

     

    Best Regards,

    Mika

  • etomcat
    etomcat W/ Alumni Posts: 1,172 Firewall Master

    Dear Mika,

     

    Thanks for the response, but please consider that web console based remediation procedures are useless if the FSAV ESS web user interface cannot start up (in case the free hard disk space is exhausted or falls below 30MB after a large amount of e-mails suddenly accumulated in the quarantine folder).

     

    The customers who suffer from such a situation would need a command-line or registry-based solution to remedy the Gemini engine malfunction, because they cannot access the Web Console. (Manually removing many e-mails from the quarantine fodler reportedly leads to index corruption?)

     

    Yours Sincerely: Tamas Feher.

  • punkel
    punkel W/ Alumni Posts: 2 Security Scout

    F-Secure, whats going on? You did it again. Please fix it quickly.

  • MikaK
    MikaK W/ Alumni Posts: 22 Digital Defender

    Could you please check a version of the ESS. There might be an issue if it is an older or unsupported version like 9.xx. 

  • punkel
    punkel W/ Alumni Posts: 2 Security Scout
    You allready released the fix
This discussion has been closed.