Phone Lines icon GFI Support

Articles in this section

See more

Mailflow stops when an antivirus engine is enabled in GFI MailEssentials

Author: Luis Fernandes Updated

Versions / Builds Affected

GFI MailEssentials 2012 and higher

Status

Resolved

Problem Summary

When an antivirus engine enabled, the gfiscanm.exe process will crash constantly (around 2-3 times a second) and in some cases will throw errors about delays with the gfiavroutingagent.

TT / JIRAID

801

How to Identify

When the GFI MailEssentials EmailSecurity function and the GFI MailEssentials Bitdefender engine are enabled, mailflow will halt and constant crashes of gfiscanm.exe or faulting ntdll.dll will be listed. It may also show up in the application event viewer like this: The execution time of agent 'GfiAvRoutingAgent' exceeded 90000 milliseconds while handling event 'OnSubmittedMessage' for message with InternetMessageId: 'Not Available'. This is an unusual amount of time for an agent to process a single event. However, Transport will continue processing this message. Once the GFI MailEssentials Bitdefender engine is disabled and the AV scanning engine service is restarted, mailflow will go back to normal. "info ","BitDefender","EngineFolder [C:\Program Files (x86)\GFI\MailEssentials\Antivirus\avx]" "error ","BitDefender","CBitDefenderScanner::InitVSEngine - Failed to load Loader DLL [C:\Program Files (x86)\GFI\MailEssentials\Antivirus\avx\gfibitdefenderldr.dll]. Error[126]" "error ","BitDefender","Failed to initialize scanning engine: 0x8007007E" "info ","BitDefender","Scanning Engine successfully uninitialized." "info ","BitDefender","Logging Session Ended" "error ","SCore","Scan: Calling [Virus Scanning Engine]...ok[25]" "error ","SCore","Scan: final result(CRITICAL)" "info ","Virus Scanning Engine","Process: calling [Vipre Engine]...ok[0]" "info ","Virus Scanning Engine","ERROR: Process: calling [BitDefender Engine] - plugin is not initialized, failing..." The Microsoft Windows EventViewer will show something similar to: Event id 1000 Faulting Aplpication GFIScanM.exe Faulting Module ntdll.dll 6.1.7601.18229 Exception Code 0x00033bc2 Faulting Process is 0x1b14 One important hint is that under GFI MailEssentials\EmailSecurity\Virus Scanning Engines\Bitdefender\Bitdefender Version Information\Build, instead of the current year some old build number is shown (quite common is 7.0.0.2410 2007).

Workaround / Fix Details

Confirm the crashes/warnings in the application event viewer, then disable the Bitdefender engine. Verify the definition that Bitdefender is currently running (If the definition is in the 500,000 to 600,000 you must follow the article to Manually Purge the definitions) -Article name "How to manually update Bitdefender definitions" http://kb.gfi.com/articles/SkyNet_Article/How-to-manually-update-Bitdefender-definitions?retURL=%2Fapex%2FSupportHome&popup=true Verify that Hardware firewall or content filter has proper exclusions in place for: - update.gfi.com - cdnupdate.gfi.com If the customer has an antivirus or file based software, make sure the proper exclusions are in place. Verify Customer is on MailEssentials 2014 build 20140308 or later Solution: 1. navigate to ...GFI\MailEssentials\Antivirus\AVX\ and ...\GFI\MailEssentials\Antivirus\backup\AVX\ folders, sort the files by Date modified and replace the 2007 files with new ones from a test installation (important are the bdcore.dll and libfn.dll ) 2. navigate to ...\GFI\MailEssentials\Updater\avx folder and delete the _current_revision.txt file 3. trigger manual updates from the configuration UI to update the affected engine Same solution applies to the rest of engines.

Required Actions

Apply above solution and attach article to case.