Overview
After updating GFI MailEssentials to 21.6 with all the patches, the antispam scan engine continuously crashes. Mail flow is stopping and emails are being moved to the FailedMails folder. The antivirus engine cannot be deactivated.
Solution
This is caused by a corrupted database for the AntiPhishing filter.
How to identify
The Event log identifies the faulting application to be gfiscans.exe
, with the faulting module name being purbl.dll
.
Faulting application name: gfiscans.exe, version: 21.6.11004.33, time stamp: 0x5e39198c
Faulting module name: purbl.dll, version: 21.6.11610.33, time stamp: 0x5f315c72
Exception code: 0xc000000d
Fault offset: 0x0004861d
Faulting process id: 0x4540
Faulting application start time: 0x01d6c18f59a6e15e
Faulting application path: C:\Program Files (x86)\GFI\MailEssentials\Antispam\gfiscans.exe
Faulting module path: C:\Program Files (x86)\GFI\MailEssentials\Antispam\purbl.dll
Report Id: a428d216-2d82-11eb-81e6-000c293b418e
Faulting package full name:
Faulting package-relative application ID:
Ensure that updates can go through
The first step is to allow updates through HTTP:
- Open the Windows Registry
- From the Start menu, click Run.
- In the Open box, type
regedit
, and click OK.
- Create a new DWORD key under
- for x86:
HKEY_LOCAL_MACHINE\SOFTWARE\GFI\MailEssentials\Config
- for x86_64:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\GFI\MailEssentials\Config
- for x86:
- Name the new key auhttpallowed and set it's value to 1 HEX.
- Restart the GFI MailEssentials Attendant service which will automatically restart the other GFI services.
For more information about this registry configuration, please visit the Setting MailEssentials to use HTTP to download updates article.
Once enabled HTTP access, please make sure that there aren't any firewall rules that prevent access to the update servers:
GFI MailEssentials downloads updates from the following locations over HTTP ports 80 and 443:
amazonaws.com cdnupdate.gfi.com cdnpatches.gfi.com db11.spamcatcher.net meupdate.gfi.com update.gfi.com update.gfisoftware.com spamrazer.gfi.com support.gfi.com *.mailshell.net *.rules.mailshell.net
GFI MailEssentials can also be configured to download updates through a proxy server. Refer to the Configuring Proxy Settings article for more information.
Verify there are no port conflicts
GFI MailEssentials communicates through a variety of ports. Make sure that are no conflicts and that the local firewall solution is not preventing communication through the ports as defined in the GFI MailEssentials Port Description article.
Check the proxy configuration
Make sure that the credentials supplied to the proxy configuration are correct, as described in the GFI MailEssentials updates are failing when using a proxy article.
If definitions are old but updates don't fail, disable caching on the proxy server for the GFI MailEssentials server or exclude the cdnupdate.gfi.com domain.
Check Anti-Virus and Backup Exclusions
Updates may fail if the local antivirus marks the downloaded files as malware. Local backup solutions may access update files or folders and thus corrupt the update process. Please make sure you follow the steps in the Recommended Anti-virus and Backup Exclusions article to minimize the risk of corruption.
Stop the MailEssentials services
The MailEssentials services need to be stopped.
Open the Windows Services Manager by navigating to Start > Run > services.msc and stop the following services:
- Microsoft Exchange Transport service
- GFI List Server
- GFI MailEssentials Attendant
- GFI MailEssentials AS Scan Engine
- GFI MailEssentials Autoupdater
- GFI MailEssentials AV Scan Engine
- GFI MailEssentials Backend
- GFI MailEssentials Legacy Attendant
- GFI POP2Exchange
- GFI MailEssentials Quarantine Action Services
Remove the corrupted files
Navigate to the ...\GFI\MailEssentials\AntiSpam\AUAntiPhish2 folder, and delete the following files:
Once the files are removed, MailEssentials will auto-update the definitions.
Start the MailEssentials services
The MailEssentials services previously stopped, need to be started back up.
Open the Windows Services Manager by navigating to Start > Run > services.msc and start the following services:
- Microsoft Exchange Transport service
- GFI List Server
- GFI MailEssentials Attendant
- GFI MailEssentials AS Scan Engine
- GFI MailEssentials Autoupdater
- GFI MailEssentials AV Scan Engine
- GFI MailEssentials Backend
- GFI MailEssentials Legacy Attendant
- GFI POP2Exchange
- GFI MailEssentials Quarantine Action Services
Testing
After applying the steps above, the Antispam scan engine is updating correctly and is no longer crashing.
If the issue still persists, please generate the troubleshooting logs as follows:
- Make sure that you have tracing enabled.
- Wait for at least 30 minutes to gather enough information and for the issue to be reproduced.
- Run the troubleshooter:
- Start > Programs > GFI MailEssentials > Troubleshooter
- Follow the Log Generation Wizard for collecting the required and pertinent information.
- Select New Case when completing the log generation to attach the logs to a new case that will be automatically created, or open a support ticket manually and attach the logs to that ticket, so that the Support team can investigate the problem.