Answer
PROBLEM
The antivirus definition update is failing.
Emails go to the FailedMails folder when the Engine fails to initialize.
ENVIRONMENT
- GFI MailEssentials
- All supported environments
SOLUTION
There are two ways to initiate the update.
Solution 1
- Navigate to the following directory <GFI MailEssentials installation path>GFI\MailEssentials\Updater\Sophos
- Delete the following files:
- sophos_current_revision.txt
- sophos_current_revision.txt.checked
- sophos_current_revision.txt.tmp
- Open Services.msc and restart the GFI MailEssentials AV Scan Engine and GFI MailEssentials Autoupdater services.
- Open MailEssentials Configuration and navigate to Email Security > Virus Scanning Engine > Sophos > Updates.
- Click Download Updates and click Apply.
- Verify that the definitions successfully installed on the Update status section.
Solution 2
If the above steps do not update the definitions, a manual update is required in order to clear the possible corrupt definitions out of the GFI MailEssentials directories. Follow the steps below in order to complete the manual update process.
- Open a browser and navigate to http://cdnupdate.gfi.com/
- Navigate to the following directory incav2 > sophos > C1 folder and click the sophos_current_version.c1.zip link to download the latest Sophos definitions.
- After the download has completed you will need to navigate to service.msc and stop the SMTP or transport service (note this will stop mail flow and queue the messages in exchange until restarted)
- In services.msc console locate and stop all GFI services related to GFI MailEssentials.
- Extract the downloaded zip from step 2 to the following location <GFI MailEssentials installation path>\GFI\MailEssentials\Updater\Sophos
- Overwrite when prompted.
- Navigate to the directory where you just extracted the files to from the previous step <GFI MailEssentials installation path>\GFI\MailEssentials\Updater\sophos and locate the file sophos.zip.
- Extract the sophos.zip to the following locations: <GFI MailEssentials installation path>\GFI\MailEssentials\AntiVirus\Sophos and <GFI MailEssentials installation path>\GFI\MailEssentials\AntiVirus\backup\Sophos.
- Overwrite when prompted.
- Start all services stopped in step 3 and 4.
- Open GFI MailEssentials configuration and verify that the Sophos Engine has been updated successfully with the latest version.
CAUSES
- The definitions files were corrupted and that can cause update failures.
- Third party antivirus or backup scanning of the GFI MailEssentials folders can corrupt definitions.
- Content filter type check from firewalls can corrupt the MD5 checksum during the update process. Verify that the proper exclusions are configured on your firewall. See the following article for the current update sites needed to be excluded in your firewall. https://www.gfi.com/support/products/gfi-mailessentials/What-sites-are-used-for-GFI-Product-Updates