Overview
This article provides a solution for instances where emails containing viruses and spam are not being caught by MailEssentials resulting in incorrectly processed emails containing malware and spam being delivered to the users’ mailboxes.
Diagnosis
Spam and malware emails are not properly processed and are still delivered to the users' mailbox resulting in users complaining of receiving lots of spam and malware emails that bypassed the MailEssentials spam and malware filters.
The MailEssentials Dashboard logs will show the incorrectly processed emails having malware (viruses, trojans, exploits) or spam marked as OK.
Solution
Customers running older versions should be advised to upgrade to the latest version of MailEssentials with all the patches installed.
Follow the below maintenance procedure to get MailEssentials working optimally again if experiencing the problem with missed spam and malware:
- Stop all of the GFI MailEssentials services from Start > Run >
Services.msc
- Purge the following directories:
- Go to Start > Run and type
%temp%
. - Clear the temp folder.
- Similarly, clear the following folders (only the content):
- C:\Windows\Temp
- C:\Program Files (x86)\GFI\MailEssentials\Attendant\temp
- C:\Program Files (x86)\GFI\MailEssentials\Backend\temp
- C:\Program Files (x86)\GFI\MailEssentials\ActionServices\temp
- C:\Program Files (x86)\GFI\MailEssentials\Antispam\temp
- C:\Program Files (x86)\GFI\MailEssentials\EmailSecurity\Temp
Note: Do not delete the temp folders but delete their contents only.
- Right-click the C:\Program Files (x86)\GFI\MailEssentials folder and select Properties.
- Click the Security tab.
- Add the "Network Service" account with full control permissions and click OK.
- Go to Start > Run and type
- Stop all GFI services (disable both AV and AS Scan engines) and perform below actions:
- Go to Start > Run > type
compmgmt.msc
and click OK.
Computer Management MMC displays. - Go to the Services and Applications node and browse to Message Queuing.
Private Queues are displayed. Here, you should be able to see the MailEssentials queues. - Expand a queue.
Two new nodes appear in Queue Messages and Journal Messages. - Right-click Queue Messages, and select All Tasks > Purge.
A confirmation message displays. - Click OK to clear all messages in the queue.
- Repeat these steps for all relevant queues.
Note: Refresh the private queues and ensure they are all showing 0 items.
- Go to Start > Run > type
- Recreate the reporting databases.
- Browse to the ..\GFI\MailEssentials\Data\ directory.
- Rename the REPORTS.FDB to REPORTS.old
- Browse to the ..\GFI\MailEssentials\Attendant\data directory.
- Rename LOGS.FDB to LOGS.old
- Browse to ..\GFI\MailEssentials\Attendant\bin directory.
- Double-click LogsFDBCreator.exe
- Confirm if there is a new LOGS.FDB file in the ..\GFI\MailEssentials\Attendant\data location.
- Start the GFI services stopped in Step 1.
Confirmation
Once the above-mentioned maintenance steps are performed, the user can verify the processing of emails in the MailEssentials configuration console under Dashboard and ensure that the legitimate emails are passing through and spam/malware emails are getting blocked.
In case the issue persists and you have upgraded to the latest version, then gather troubleshooting logs and open a support ticket at https://support.mailessentials.gfi.com/hc/en-us.
Alternatively, you can upload the suspicious files to www.virustotal.com to see if the licensed anti-virus engines should have blocked the item. If you believe the item is malware and we did not detect it as malware, please submit the sample message directly to our vendors: