Overview
The MailEssentials Email Security module uses multiple antivirus engines to scan inbound, outbound, and internal emails for the presence of viruses and malware. Out of the box, MailEssentials ships with Avira and BitDefender Virus Scanning Engines while also providing customers with the flexibility to acquire a license for Kaspersky, Sophos & Cyren Virus Scanning Engines (VSE).
All the Virus Scanning Engines can be configured to Automatically check for updates which can sometimes fail. While the general procedure to manually update is similar, there are subtle differences in how the various engines are manually updated.
This article describes how to determine if a manual update for any of the Virus Scanning Engines is necessary and provides an index to the different articles detailing the manual update procedure.
Diagnosis
Automatic updates for the Virus Scanning Engines will be unsuccessful if any of the below conditions are true:
- An antivirus engine has become corrupt and cannot be initialized.
- Any kind of corruption of the definitions can cause updates not to download properly
- Improper exclusions for file-based backups and 3rd party anti-virus scanners resulting in corrupt definitions
- Content filter type hardware firewalls can corrupt the MD5 checksum during the update process so it is important to verify the proper exclusions on the hardware firewall for successful updates.
Determine if a manual update is necessary by navigating to GFI MailEssentials > Dashboard > Updates tab. The Anti-Virus Definition Updates section shows the available Anti-virus engines as well as whether the last automatic update succeeded or failed as shown below:
The failed update can be further confirmed by navigating to GFI MailEssentials > EmailSecurity > Virus Scanning Engines and click on the Anti-Virus engine that is failing to automatically update:
The Update Status section should confirm that the automatic update process failed. More details on the reasons can be extracted from the debug logs. Location and filename for the debug log files is as shown below:
VSE | Filename & Location |
Avira | ..\GFI\MailEssentials\EmailSecurity\DebugLogs\Avira Engine.gfi_log.txt |
BitDefender | ..\GFI\MailEssentials\EmailSecurity\DebugLogs\BitDefender Engine.gfi_log.txt |
Kaspersky | ..\GFI\MailEssentials\EmailSecurity\DebugLogs\Kaspersky Engine.gfi_log.txt |
Cyren | ..\GFI\MailEssentials\EmailSecurity\DebugLogs\Cyren Engine.gfi_log.txt |
Sophos | ..\GFI\MailEssentials\EmailSecurity\DebugLogs\Sophos Engine.gfi_log.txt |
In the below example the Avira upgrade failed to update important Avira engine files, causing failed automatic updates and eventually failed mails shown in the Dashboard with a Scan Result of "Failed (VSE)".
"#00001fb0","#00001fc8","info ","Avira","CVScanner::ReadEngineFolder <<"
"#00001fb0","#00001fc8","info ","Avira","EngineFolder [C:\Program Files (x86)\GFI\MailEssentials\AntiVirus\avira]"
"#00001fb0","#00001fc8","error ","Avira","CAviraScanner::InitVSEngine - Failed to load Loader DLL [C:\Program Files (x86)\GFI\MailEssentials\AntiVirus\avira\gfiaviraldr.dll]. Error[126]"
"#00001fb0","#00001fc8","error ","Avira","Failed to initialize scanning engine: 0x8007007E"
A manual update will be necessary for any anti-virus engine that is failing to automatically update as described in the articles provided in the next section.
Solution
A manual update must be performed on the engine that is failing to automatically update successfully or causing failed mails to occur when the engine is enabled.
Follow the linked articles below for details on the manual update procedure for each Virus Scanning Engine in MailEssentials:
- How to Manually update Avira definitions
- How to Manually update Kaspersky definitions
- How to manually update Bitdefender definitions
- How to Manually update Sophos definitions
- How to Manually update Cyren definitions
Confirmation
Go to GFI MailEssentials > Dashboard > Updates tab. Verify that the last update attempt was successful for the particular engine by looking at the Last Update date and time as well as the remarks under the Status column which should state No updates currently in progress (last update succeeded).