Articles Articles Most Popular Articles Most Popular Articles
Advanced Search
DrillDown Icon Table of Contents
DrillDown Icon PLEASE READ: Our Update Server IPs Have Changed
DrillDown Icon Support
DrillDown Icon Alleviating Spam – Best Practices
DrillDown Icon modusMail & modusGate Technical Information
DrillDown Icon Documentation & Release Information
DrillDown Icon Fixes and Patches
DrillDown Icon Configuration Information
DrillDown Icon Troubleshooting
DrillDown Icon PostgreSQL Extended DB Upgrade Scripts Do Not Add Quota Columns
DrillDown Icon Mac OS X Mail corrupts file attachments
DrillDown Icon Unhandled error occurs when accessing WebMail/Quarantine
DrillDown Icon Error Codes and Messages
DrillDown Icon AV Backup Folders Are Not Self-Cleaning
DrillDown Icon Invirus Buildup and/or Server Freezes at Regular Intervals
DrillDown Icon ‘Failed to access IIS metabase’ when Accessing the Web Applications
DrillDown Icon How-To: Isolate Problems Using the System Health
DrillDown Icon How-To: Respool Messages
DrillDown Icon How-to: Troubleshooting DNS Resolution Problems
DrillDown Icon Troubleshooting Mail Delivery Problems
DrillDown Icon System Health Counters Display "Unavailable" in WebMonitor
DrillDown Icon Cannot Delete "Scanning Errors" from the Quarantine
DrillDown Icon Running Outlook 2007 & Windows Vista with modusMail May Cause Slow Downs
DrillDown Icon PostgreSQL Will Not Install Properly
DrillDown Icon Quarantine Reports are not Being Generated
DrillDown Icon WebQuarantine Settings Generate a "Value Cannot be Null" Error
DrillDown Icon Quarantined Messages are Being Labeled as “Possible Virus”
DrillDown Icon Incoming Spool Directory is Backing Up
DrillDown Icon Mac Outlook Express 5.0.6 Cannot Send Through Modus When Using SMTP Auth
DrillDown Icon Non-sequential Logging in the Log File
DrillDown Icon Mailbox Aliases Periodically Disappear from the modusGate Console
DrillDown Icon MODUSCAN Service Does Not Start
DrillDown Icon Quarantine Reports are Generated Too Often / Cannot Release Spam from the Report
DrillDown Icon modusGate is Not Scanning Outbound Mail for Spam Content
DrillDown Icon EXPORT Function in the Message Audit Log Does Not Open the Export Dialog Box
DrillDown Icon POP3 Service Slow Response Causes Message Retrieval Problems
DrillDown Icon Inconsistent SMTPDS Behavior When Returning a DSN (Delivery Status Notification)
DrillDown Icon Norman AV is no longer being updated
DrillDown Icon Cannot Access or Save Changes in WebMail/Quarantine Settings
DrillDown Icon Spam / Virus Definition Updates Not Working Properly
DrillDown Icon Office 2007 Attachments Being Scanned as Archives and Blocked
DrillDown Icon Users List Refresh is Slow to Respond
DrillDown Icon Remote Console Freezes when Optimizing the Index
DrillDown Icon "Delete All Spam" in the Quarantine Report Times Out
DrillDown Icon Util.exe Uses 100% CPU
DrillDown Icon WebMail & WebQuarantine Login Issues
DrillDown Icon WebMail Log Files Not Created
DrillDown Icon WebAdmin Settings Generate "Page cannot be displayed" Error
DrillDown Icon How-To: Ensure Deliverability to Specific Problem Domains
DrillDown Icon Info: Dell Servers
DrillDown Icon Info: 3rd-Party Anti-Virus Desktop Scanners
DrillDown Icon Info: Applying Windows 2003 Critical Updates
DrillDown Icon Header Elements Added by MX-LOGIC Cause Parsing Problems for the AutoReply Function
DrillDown Icon Archived Articles
DrillDown Icon Quarantine Database Problems when Upgrading from 4.4.568
DrillDown Icon Hardware & OS System Requirements
DrillDown Icon Tools
DrillDown Icon Other Product Technical Information
DrillDown Icon Professional Services
DrillDown Icon Newsletters
DrillDown Icon Creating & Configuring Databases
DrillDown Icon End-of-Life: Modus 4.1 and older versions
  Email This ArticlePrintPrint Current Article/Category and All Sub-Articles/Categories
  
Quarantined Messages are Being Labeled as “Possible Virus”
 

Product: All

Version & Build: All

 

 

 

Background:

 

Vircom has identified an issue whereby quarantined messages are being labeled as “Possible Virus”.  This only affects Modus installations running the McAfee anti-virus solution.

 

There are two possible reasons for this:

 

  1. Messages were caught by Vircom scripts which are run after virus scanning
  2. The McAfee engine scanning timed out while scanning the messages

 

 

Modus sets a 10-second maximum time limit for virus scanning.  In most cases, virus scanning can be accomplished within 10 seconds.  However, decompression bomb viruses take much more time.  Decompression bombs are designed to create DoS attacks on the given scanner.  The consumed disk space or memory could be so high that the server could fail.

 

If a message has not been fully scanned within 10 seconds, the message is labeled as “Possible Virus”.  If the Modus server is experiencing a heavy load or if a decompression bomb is being scanned, scanning may require more than 10 seconds to complete and, because of this, messages may be incorrectly identified as “Possible Virus”.

 

 

 

Solution:

 

Increase the scanning time-out in the Registry.

 

  • On your Modus server, open the Registry Editor
  • Go to HKEY_LOCAL_MACHINE\SOFTWARE\Vircom\VopMail and double-click on the DWORD key value McAfeeMaxBombScanTime
  • Change the default setting of 10 seconds to a higher value (15-20 seconds)

 
Modified 7/8/2008
Keywords: McAfee AV scripts
Article ID: 1604
   Vircom
2008 Vircom Inc. All rights reserved.		 Knowledge Base Software
Powered By: NovoSolutions, Inc.