Emails are moved to FailedEmails folder when Malformed File extension is enabled

Overview

Legitimate emails are being stored under the EmailSecurity\FailedMails folder when the Malformed File Extension (High Alert) rule is enabled in the Email Exploit Engine.

Even though tracing is enabled, there are no errors reported in the log files.

Solution

This is a known issue affecting the Email Exploit Engine. For the time being, the only workaround is to keep the rule disabled. In order to accomplish that, please follow the steps below:

1. Open the GFI MailEssentials Configuration UI
2. Navigate to Email Security > Email Exploit Engine > Exploit List
3. Select the Malformed File Extension (High alert) and click Disable Selected
4. Click Apply to update the configuration.

Testing

After disabling the rule, reprocess the failed mails folder.  The emails should be processed correctly.

If the issue still persists, please generate the troubleshooting logs as follows:

• Make sure that you have tracing enabled.
• Wait for at least 30 minutes to gather enough information and for the issue to be reproduced.
• Run the troubleshooter:
  1. Start > Programs > GFI MailEssentials > Troubleshooter
  2. Follow the Log Generation Wizard for collecting the required and pertinent information.
  3. Select New Case when completing the log generation to attach the logs to a new case that will be automatically created, or open a support ticket manually and attach the logs to that ticket, so that the Support team can investigate the problem.