1. Troubleshooting
1.1. NTLM Advertisement Causes Connection & Login Problems
Product:  modusMail & modusGate 
Version & Build: 4.7 and above
modus automatically advertises support for NTLM authentication, which can cause connection and authentication/login issues for some users.
Use Regedit to disable the NTLM advertisement:
1. Go to HKLM\SYSTEM\CurrentControlSet\Services\SMTPRS\Parameters 
2. Create a subkey called "Authentication"
3. Create a subkey (not a value!) called “NTLM” (you should then have HKLM\SYSTEM\CurrentControlSet\Services\SMTPRS\Parameters\Authentication\NTLM)
4. Restart SMTPRS
Note: the same procedure can be used to disable support for SCRAM-MD5 and CRAM-MD5.
1.2. LDAP Service Won't Start
Product:  modusMail
Version & Build: 4.6 and above


The LDAP service will not start and you see an error message that states: "C:\Program Files\Vircom\modusMail\schema" is corrupted.


This issue can occur if modus is installed in a non-default location, where the path is quite long.  


To fix the issue requires manually changing the slapd.conf file, located in the root modusMail folder:

  • Locate the slapd.conf file and open it with Notepad
  • Replace the path in each of the following lines (below) with your actual modus install path
  • Be sure to keep the double backslashes between folder names
  • Save the updated file

   # include schema
   include "C:\\Program Files (x86)\\Vircom\\modusMail\\schema\\core.schema"
   include "C:\\Program Files (x86)\\Vircom\\modusMail\\schema\\cosine.schema"
   include "C:\\Program Files (x86)\\Vircom\\modusMail\\schema\\nis.schema"
   include "C:\\Program Files (x86)\\Vircom\\modusMail\\schema\\inetorgperson.schema"
   #include "C:\\Program Files (x86)\\Vircom\\modusMail\\schema\\vircom.schema"

1.3. PostgreSQL Extended DB Upgrade Scripts Do Not Add Quota Columns
Product:  modusMail
Version & Build: 4.6

There is a problem with the PostgreSQL extended database upgrade script, specifically for the addition of the new quota columns for Outbound Max. Recipient (4.6.741, patch 11).

Download the attached script and save it in the …\modusMail\DBStructures\PostgreSQL folder.  Once saved, run it as you would normally do.


1.4. Mac OS X Mail corrupts file attachments

Product:  All
Version & Build:  All

Some clients have reported that MAC OS X Mail corrupts file attachments.  This is not a modus™ related problem.  It is an issue with Mac Mail.

To repair corrupted files, from Mac Mail, click on Mailbox > Rebuild.  

For more information, contact Apple support.

1.5. Unhandled error occurs when accessing WebMail/Quarantine

Product: All
Version & Build: All

Problem:  “An unhandled error has occurred” when opening WebMail and WebQuarantine.

Reason:  Cookies are disabled.

Resolution:  Enable cookies.


1.6. Error Codes and Messages
1.6.1. RBL error code 0000232A

Product: All

Version & Build: All




If ever an RBL server is down and cannot reply, it will return the following error:


X-Modus-RBL: xxx.xxx.xxx.x=0000232A


Normal string:

X-Modus-RBL: xxx.xxx.xxx.x=OK

where xxx.xxx.xxx.x is the IP address of the incoming message


1.6.2. .NET 'Access Denied' Errors in Windows 2003

ModusMail & ModusGate

Version & Build: 4.0 & up


After installing WebMail 4.x on a Windows 2003 server, you may see the following error when attempting to log in:

Access to the path "c:\Windows\microsoft.NET\frameWork\v1.1.4322\Temporary ASP.NETFiles\newWebmail\9ae6ab7a\1f1f295a" is denied

This error can be resolved by giving Modify permissions to the server's IUSR and Network Service accounts on the C:\Windows\Microsoft.Net directory.  When changing the permissions, click on Advanced and select the option to propagate the changes to the child files and folders.
1.6.3. 550 Unauthorized Interface for x.x.x.x on <hostname>

Product: All
Version & Build: All
Problem:  After sending to an outside domain, the user receives the following error message:

Your message has encountered delivery problems to the following recipient(s):

(Was addressed to mailbox@foreigndomain.com)
Delivery failed

Unable to deliver to destination domain
SMTP greeting from host read:
550 unauthorized interface for <Modus IP> on <Hostname>

The recipient's mail server is rejecting mail from Modus. The likely reason is that the recipient's mail server has blacklisted the IP address.  This problem often occurs with AT&T. 

Contact the recipient's mail server administrator and describe the problem.
1.6.4. Error 551 5.7.1: Receive of data is denied

Product: All
Version & Build: 3.x and above 

The "receive of data is denied" error occurs when a message is blocked by an entry in the Protocol Filter (in Security - Properties - Protocol Filter,  the spamflt0.txt file). 

In builds prior to 3.x, the error was worded "blocked by filter 0".  The wording was changed to help prevent spammers from determining why the message is being bounced.

If you are getting false positive results with this filter, compare the message header elements (mailfrom:, from:, to:, rcpt to:, subject:, etc.) against the header fields in the bounced message and either remove the problem entry or edit it (by removing the wildcards or changing the location of the wildcards by adding empty spaces). 

If you make any changes to this list, stop and start the SMTPRS service to clear the cache.

If you are unable to trace the source of the false positive, we recommend the following procedure:

1) Rename your existing spamflt0.txt file and create a new file with the following entries: 

rcptto: *@*@*

mailfrom: *@*@*

mailfrom: "*@*"@*

from: *%*@*

to: *%*@*

rcptto: *"*@*"@*

mailfrom: *@\[*\]*

rcptto: *!*@\[*\]*

rcptto: *@*@*

helo: <your mail server's IP address>

 - Stop/start SMTPRS after changing the file
 - Test the false positive message again to ensure it does not get bounced by the new file
2) The above list can be used as is but if you must include the contents from the old file, copy and paste it to the new file in sections, testing the problem message after each addition to see whether or not it gets through. 
3) Continue doing the above until you are able to isolate which section (or line) is causing the false positive and delete the problem entry.
1.6.5. Spam update error: Sieve is not available 0xE00A0032


Product: All
Version & Build: 4.0 & above

Description of Error:

Attempting to open the Spam settings in the Modus Console results in a Sieve is not Available 0xE00A0032 error and all tabs and options within the Spam settings are greyed out.

The following errors appear in the Error log:

---- MODUSCAN log entry made at xx/xx/2005 12:47:03
Sieve data source error 0xE00A0032 : Facility=0x1C, code=0xE01C0002


This error indicates database corruption involving the tables used to store the SieveStore data, as a result of attempting to combine both the Quarantine and SieveStore databases into one (on an MS SQL server).  In this particular case, the Quarantine database was created using the scripts we provided but the SieveStore tables were created manually and added to the list of tables within the Quarantine database.

The Quarantine and SieveStore are two separate databases that have their own sets of tables.  The Quarantine stores header data about the messages that have been caught in the quarantine, whereas the SieveStore database contains the script information used to trap the messages, including any custom scripts, whitelist and blacklist entries.  These 2 databases require individual ODBC connections so as not to cause conflicts.


  • Remove the tables belonging to the SieveStore database from the list of Quarantine tables
  • Create the SieveStore as a separate database using the instructions in How-To: Configure the SieveStore Database in SQL Server
  • Check the ODBC connections to ensure that the Quarantine and SieveStore datbases have different System DSN names and that their respective connection information is properly entered in the Modus Administration console
  • Stop and start the MODUSCAN and MODUSADM services


1.6.6. Application Error During Installation or Upgrade


Product: All

Version & Build: All

The following error message may appear during the installation or upgrade:  


This is just a temporary error that usually appears only on a Windows 2003 Server can be ignored.  Click OK to close the message and then verify that the Modus services have started normally.


1.6.7. Debug Pop-up Messages on Windows 2003 / XP


Version & Build: All


There is a known issue specific to running ModusMail or ModusGate on a Windows XP or 2003 server: if the Modus services are stopped for any reason and the server is rebooted, Windows will report the service stops as an error in the Event Viewer upon reboot (see example below) and display a popup warning prompting you to debug the application.


Example error reported in the Event Viewer:

Event Type: Error
Event Source: Application Error
Event Category: (100)
Event ID: 1000
Date:  10/14/2004
Time:  3:52:39 PM
User:  N/A
Computer: XXXX
Faulting application MODUSCAN.exe, version 4.0.330.0, faulting module unknown, version, fault address 0x00000000.

Because these warnings appear only after the server is back online, they do not indicate real problems with the services.  The service in question will start and normal mail server functions will continue to operate.  Therefore, these warnings can safely be ignored and the pop-ups can be cancelled but you can use the following workaround solution to prevent the messages from appearing:

  • Right-click My Computer
  • Click on Advanced
  • Under Performance, click on Settings
  • Click on Data Execution Prevention
  • Click Add
  • Browse to ...Vircom\Modus<Mail or Gate>
  • Select ModusAdm.exe
  • Click Add
  • Select Moduscan.exe
  • Click Apply, click OK
1.6.8. Error 00002EE7 When Updating Spam Filters

Product: All
Version & Build: All

Description of Problem:

Attempting to update the SPAM definition files produces Error 00002EE7 when updating Spam filters.


This error may occur because you are using a temporary license key or your support plan has expired.


Check to see if: a) you're using a permanent license key, or b) your support contract has expired.

  • In the Modus Console, go to System - Properties - License Key
    • Ensure that the license key listed is your permanent key
    • If not, enter a vaild license key & click on Validate and Apply
  • Stop/start all services
  • Go to Spam - Properties - Auto-Updates and click on Update Now
  • If you do not have your permanent key or if the support contract has expired, please contact Vircom's sales team, by phone, at 514-845-1666 or, by email, at sales@vircom.com


1.6.9. Error 0x10B: Unhandled Exception Error


Product: All

Version & Build: 4.0 & 4.1

Description of Error:
Attempting to log into the WebMail or Quarantine program results in the following error:

Description of the problem : Server Error in '/<WebMail>' Application. 0x10B: The directory name is invalid.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.

Exception Details: VircomDotNet.WebMailClassLib.WebMailException: 0x10B: The directory name is invalid.



This error is generated when the full path for the temp folder is not specified in the ...Web\webmail\website\custom.config file (in WebMail or WebQuarantine v4.0 and v4.1)
  • Open the custom.config file and locate: <add key="Temp" value="$temppath$"></add>
  • Enter the full path (between the quotation marks )to your existing WebMail temp folder 
    • e.g. "C:\Program Files\Vircom\Web\Webmail\Temp"
  • Save the file and stop/start the WEBMAILSVR service

Occasionally, the above change to the custom.config file may not work.  This is likely because the pointer to that file is missing in your web.config file (also located in the root website folder).
  • Open the web.config file and locate: <appSettings file="Custom.config">
  • If the line is not there, add it under the <configuration> tag and save the file
  • Stop/start the WEBMAILSVR service


  • Make sure the server's IUSR and ASPNET accounts have Modify permissions on the WebMail (ModusMail) or Quarantine (ModusGate) folder
  • For Windoes 2003 Server, Modify permissions are required for the server's IUSR and NETWORK SERVICE accounts


1.6.10. Error Updating Monitoring Counters

Product:  All
Version & Build:  All

The following error occurs in the Error logs and continues to fill them up:

---- MODUSCAN log entry made at 12/08/2004 11:22:29 Error updating the monitoring counters: (-535100439) Facility=0x1B, code=0xE01B03E9.

---- MODUSCAN log entry made at 12/08/2004 11:22:29 Error updating the monitoring counters: (-535100439) Facility=0x1B, code=0xE01B03E9.

The errors indicate a problem communicating with the Monitoring database.



1]  You are using the native Access database for the monitoring data

  • There is a known memory leak in Microsoft's most recent Access Jet Engine driver which may cause the errors above


  • Switch the database to SQL Server 
  • Turn off the Monitor functions completely:
  • Stop all Modus services (to stop the counter update in the registry) and start all services except Monitor


2]  The database is SQL Server and the server is not responding:


  • Check the SQL server's Task Manager to see if it is using too many CPU cycles or too much memory
  • Check the SQL's Event Viewer for any errors 
  • If necessary, stop and start the SQL server service 
  • In the Modus Console, stop/start the Monitor service and any Modus service that reported the error (in the example above it is the MODUSCAN service)


3]  The ODBC Data Source configuration is incorrect:


  • Check the System DSN name to ensure that there aren’t any spaces
  • Check that the authentication method for the ODBC connection is an SQL account, not NT
  • Check the Client Configuration settings (on the authentication screen)
    • It should be TCP/IP if SQL is on a machine separate from that of Modus
    • A Named Pipes connection only works properly when SQL is running on the same machine as Modus


1.6.11. Event Viewer Error: %%3759014889 Modusadm Does Not Start

Product: All
Version & Build: All


The MODUSADM service is stopped and will not restart (Event Viewer error %%3759014889)


The MSSQLSERVER service had not been started.  Start the service and MODUSADM can be started afterwards.

Background Info:
The MODUSADM service is responsible for the Quarantine and Sievestore database functions and communication with the database server.  If either of the databases is stored in SQL and the SQL service is stopped, that will force the MODUSADM to stop as well until it can detect that the database is responding again.
1.6.12. Event Viewer Error: %%3759144966: MODUSCAN Does Not Start

Product: Modus AS & ASV
Version & Build: All
Description of Problem:

MODUSCAN does not start after upgrade: Event Viewer Error: %%3759144966

This problem was encountered by a few customers after an upgrade.  The source is related to a difference in the Install path between the Norman Anti-Virus files and the Modus core files. This most likely occurs if, sometime in the patch, a new installation directory was selected.  

The path for the Norman files is set under the Norman Data Defense Systems registry key: HKEY_LOCAL_MACHINE\Software\Norman Data Defense Systems

The path for the install directory is set under the "InstallDirectory" key: HKEY_LOCAL_MACHINE\Software\Vircom\Vopmail\Install Directory

1) Stop all Modus services and close the Console

2) Verify, under Task Manager, that all the services are stopped

3) In the Registry Editor, locate HKEY_LOCAL_MACHINE\Software\Norman Data Defense Systems

4) Delete the Norman Data Defense Systems key

5) Run the install

6) After the installation, all services should start and the MODUSCAN service should initialize and start without errors


1.6.13. MODUSADM Service Will Not Start: Error 0x80004003 Invalid Pointer

Product: All

Version & Build: All



Problem Summary:


MODUSADM service will not start: Error 0x80004003 Invalid pointer




This error occurs when Modus is configured to connect to an ODBC database for the quarantine and there is a connection problem.  The exact reason for the problem will vary but may include one or more of the following:


  • Invalid System DSN credentials
  • Incorrect database configured under the System DSN (Administrative Tools >  Data Sources (ODBC) > System DSN)
  • Corrupted databases
  • Network connection problem between Modus and SQL machines
  • Etc.





1)  Configure Modus to use the native MDB database:


  • In the Console, go to System – Properties – Quarantine Database
  • Select Use Native MDB database
  • Click Apply
  • Start the MODUSADM service in System – Properties – Services

All new quarantine mail will be saved in the sievestore.mdb database under ...\Vircom\Modus<Mail or Gate>\SieveData.  Note that users will not have access to their old quarantined mail.


2)  Resolve the ODBC Connection problem


Troubleshooting includes the following:


  • Verify that the correct information has been entered under System – Properties – Quarantine Database
  • Test the ODBC System DSN from Administrative Tools > Data Sources ODBC
  • Verify that you can ping the SQL Server from the Modus server
  • Verify in the Event Viewer and Modus Log files if there are any related error messages that may help determine the source of the problem


1.6.14. Network I/O Error Codes

Product: All
Version & Build: All

The majority of the error codes contained in the Error Logs, particularly Network I/O codes, are actually Win32 errors. 

The attached utility provides an easy way to look up the code:

  • Copy and extract the zip file to your server
  • Double-click the .exe file to open the interface 
  • Enter the numeric code in the Value field, e.g. 10060, and click the Look Up button
  • The explanation of the error will appear in the Error Message box
This utility works with all Win32 errors, but will not be able to decipher error codes of all types, e.g., different code formats, such as 0x------, or &H--------.  For explanations of codes that the lookup tool doesn't recognize, please consult our other Knowledge Base articles.  If you are unable to find the information you need, please contact our Support Department at support@vircom.com.
1.6.15. POP3 Error: <<< -ERR [IN-USE] mailbox in use
Product: All
Version & Build: All

Problem Summary:

The following error occurs after the user tries to access his/her mailbox via POP3:

<<< -ERR [IN-USE] mailbox in use


Example from the OPR log file:

---- POP3S log entry made at 12/08/2004 16:07:10
The mailbox for username in  is in use.
POP command failed when talking to
>>> PASS ********
<<< -ERR [IN-USE] mailbox in use




  • Network related:  The POP3 protocol only supports one connection to a mailbox
    • If two users connect at the same time, the error message will result
    • However, if the mail client does not properly close the POP3 connection, the message will occur
      • In this case, the connection may stay in user for some time preventing others from accessing the mailbox



·         For the network problem, enable Close the POP3 connection in Users

·         If two users require access to the same mailbox, at the same time, use IMAP4 instead of POP3 (which allows more than one connection to the same mailbox at the same time)
1.6.16. "Timeout on incoming connection"
Problem: All
Version & Build: All



The error logs show error 421 4.7.0 Timeout on incoming connection.


>> MAIL FROM:sender@foreignmailhost.com
<<< 250 2.0.0 rmoring@austincad.org OK
>>> RCPT To:recipient@thismailserver.com
<<< 250 2.0.0 recipient@thismailserver.com OK
>>> DATA
<<< 354 Ready for data
The address () disconnected due to idle timeout. <<< 421 4.7.0 Timeout on incoming connection.




The SMTPRS default timeout value is 600 seconds (i.e. 5 minutes).

Cause: The Modus SMTPRS disconnected because this service timed-out waiting for the sending mail server to transmit the data portion of the SMTP exchange.




If this error happens only with some sending mail servers, it may help to increase the timeout value:

  • In the Registry Editor, go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMTPRS\Parameters
  • Add a key called IdleTimeout
  • Enter a value, in seconds
  • Enter a value greater than 600

If this problem occurs for many different sending mail servers, instead of increasing the timeout, it would be better to look for underlying causes:

  • In the network there may be a Network Address Translator, Firewall, Router, etc. that is causing the problem


1.6.17. Unable to Update AV Engine: Error 0XE007FDED


Product: All

Version & Build: All



The anti-virus engine in Modus is not updating (either automatically or manually) and displays error 0XE007FDED in the Virus – Properties – General.



Background Information:


Modus inserts a specific header in the HTTP connection to Vircom's update server to access and download any new engine files and definitions: "X-Vircom-Virii-Def-Version." If this header is blocked or removed for any reason, the update does not take place.





1. Make sure you are not blocking access to HTTP Port 80 on the Modus server or the firewall

2. If the Modus server is behind a Proxy server on your network, make sure the Proxy's IP address and port are configured on the Modus server (System – Properties – Proxy)

3. Make sure that you are not blocking "custom" or "unknown headers" in the firewall

4. If your firewall, router or any other device/program on your network is configured to strip or block non-standard headers, make sure that it can allow "X-Vircom-Virii-Def-Version"

5. If you are unsure if blocking non-standard headers is the cause of the problem, try the following:

  • Access Microsoft's website (www.microsoft.com) using a machine outside of your firewall
    • Microsoft sends 2 non-standard headers - "X-Powered-By" and "X-AspNet-Version"
  • Try the same test on a machine behind your firewall
    • If the headers are not received by that machine, they are being stripped or blocked


1.6.18. Web "Server Error Application: 0X5 Access is Denied."

Product: All

Version & Build: All





When users try to log into either the Modus web interface, the following error occurs : "0X5: Access is Denied."


The following is an example of the error that can occur when logging into the ModusGate Quarantine Interface:



The Modus Web Components were installed on a non-supported operating system such as Windows XP and windows 7.




Install the Modus Web Components on Windows 2003, 2008, or 2012 Servers. 
1.6.19. WebMail Error: Internal error occurred. Code: 0x3F1
Product: All
Version & Build: All


When a user tries to add an email address to his/her Trusted Senders list the following error occurs:

Internal error occurred. Please contact the system administrator Code: 0x3F1



Background Information:

After a user creates a whitelist/blacklist the following sequence of events occur:

·         The WebMail Client communicates with the WebMail Server

·         WebMail Server communicates with the MODUSADM service on the Modus Server

·         The MODUSADM service runs a SQL Query to write a Sieve Script to the Sieve Database



The error is likely to occur when the Sievestore database is stored on a SQL Server rather than the default MS Access Database and there is an ODBC Connection problem connecting to the database (the QL Server is timing out or no connection can be made).
Solution and Troubleshooting:

·         Test the ODBC connection

o        In the Console, verify the credentials entered under Spam - Properties - Sieve Database

o        Go to the Administrative Tools > Data Sources (ODBC) and ensure that the System DSN is as it was entered in Modus

o        Use the same username and password and test the connection

§         If the connection is successful, try to narrow down the problem with the next step


·         Monitor the network and SQL Server Logs

o        If the ODBC connection works but the problem continues, there is likely a bottleneck somewhere

o        When connecting to the SQL Server, Modus will only wait as long as the ODBC connection

o        In this case the problem will more likely be presented intermittently (e.g. cannot be reproduced every time)


1.6.20. WebAdmin, WebMail & WebQuarantine Settings Error: 404 & 405


Product: All

Version & Build: All


Users can access the WebMail or WebQuarantine but the following error(s) results when clicking on Settings  or accessing the WebAdmin URL directly:

Page Not Found: Error 404


The page cannot be displayed: Error 405 resource not allowed

Causes and
Solutions for Error 404:

There are 2 likely causes:

1) ASP.NET has not been installed.  With Windows 2000 Server, ASP.NET is installed as part of the .NET framework but it's not installed, by default, with Windows Server 2003. 

Solution:  Install ASP.NET using the guidelines outlined in How-To: Configure Windows 2003 for Web Components

 The .NET framework was installed before IIS.  IIS must be installed first in order for the ASP pages to be viewed and work properly.

NOTE: Another symptom of an out-of-order installation is when the WebMail or Quarantine pages appear to be blank.

Solution: Uninstall both IIS and the .NET framework.  Reinstall IIS first and .NET version 1.1 (see below) afterwards.


Cause and Solution for Error 405:

The machine is running an older version of the .NET framework, i.e. 1.0.x or older.

Solution:  Install version 1.1

WARNING:  Simply upgrading from the v1.0 to v1.1 may work properly on some machines but not in all cases.  You may need to uninstall the older version first, reboot the server and then install 1.1.
1.6.21. WebAdmin Error: Access Denied "Failed to start monitoring directory changes" when browsing an ASP.NET page

Product: All
Version & Build: All

When logging into WebAdmin, users receive the error message "Access Denied to ... Failed to start monitoring file changes".


The ASP.NET account does not have the right permission on the files and folders.  See the Microsoft Article 317955 for more information: http://support.microsoft.com/default.aspx?scid=kb;en-us;Q317955


Add the ASP.NET account to the Webadmin folder and assign "FULL CONTROL".  Ensure that, under Advanced, you check the option Reset permissions on all child objects and enable propagation of inheritable persmissions.


1.6.22. WebMail Error 0X6B3: The RPC Server is not listening

Product: ModusMail

Version & Build: All



Problem Summary:

When logging into WebMail, the following error appears:



Essentially, there is a communication problem between the WebMail Client Component, the WebMail Server Component and the Mail Server (i.e. ModusMail).





From your Web server, follow these steps to determine the configuration problem:


  • Go to Administrative Tools > Internet Information Services (IIS) Manager
  • Locate the WebMail Virtual Folder and right-click on it and select Explore
  • Locate and open the custom.config file using Notepad
  • Locate the line that reads WebMailServerAddress value=<IP>
    • This is the IP address of the WebMail server component
    • This IP address must be the address where the WebMailSrv.exe service is running
    • Usually, this will be the same address as the IIS Server
    • In this situation, you can safely use localhost or loopback address


  • Go Administrative Tools > Services and double-click on ModusMail Web Mail Server service
  • Under General tab, locate Path to executable
  • Open Windows Explorer and go to this directory
  • Open the WebMailSvr.ini file with Notepad
  • Locate the line that reads Host=<IP>
    • This IP address is the IP address that the server portion of WebMail will bind to and it must exist on the machine


  • Stop and start the ModusMail Web Mail Server service and try to telnet to the IP address specified in HOST and on Port 31804 (i.e. telnet IP 31804)
    • A connection should be made but you will not see anything else
    • Press CTRL+] and type quit to exit Telnet
    • If you do not get a connection then something is blocking it (e.g. firewall, etc.) and the RPC Server not listening error will always occur



Note:  If any changes are made to the custom.config or WebMailSVR.ini files, perform an iisreset to apply them.


1.6.23. WebMail Errors: H800102BD & H80010134


Product: ModusMail

Version & Build: 4.1.361 & up

Error messages when attempting to log into WebMail:


An internal error occurred. Please try again later and contact your ISP if the problem persists.

Code: &H800102BD



An error occurred while retrieving your messages. The error is: "0xE0010134: [3758162228]" OR H80010134. Try refreshing your message list. If the problem persists contact the system administrator."



Either error is, generally, caused by a corrupted mailstore file.

  • Go to the user's folder in your Webmail\Users directory (e.g. …\Vircom\Web\WebMail\Users\<domain>\<username>)
  • Find the mailstore.fdf file and try to rename, delete or move it to another location
  • You should now be able to access the account again
  • Renaming this file will not affect any messages that may have been saved in user-created folders - these messages are stored in separate files


1.6.24. Webmail Error: H80042745 An established connection was aborted


Product: ModusMail

Version & Build: 4.1 & up

Description of Problem:
Attempting to log into WebMail results in the following error message:

An internal error occurred. Please try again later and contact your ISP if the problem persists.
Description : An established connection was aborted by the software in your host machine.
Code : &H80042745




  • WebMail's POP3 or IMAP connection is trying to use the machine's host name instead of the IP address
    • Verify the address by opening the webmailsvr.ini file located in the root Web\Webmail folder
    • Look for the address in the lines: POP3Server = or Imap4Server =
      • If the value is the host name, replace it with the ModusMail server's IP address
    • Save the file and stop/start the WebMail Server Service


  • The error might be caused by an incorrect ASP.NET configuration (missing account permissions or using v1,1 or older of .NET on the server)

  • Go to Control Panel > Add or Remove Programs to verify what .NET framework version is installed on the server
    • If v1.0 is installed, upgrade to v1.1 and reboot the server afterwards 


    • Check the permissions on the ModusMail\Web folder:
      • If using Windows 2000 Server, give Modify permissions to the local machine's ASP.NET account and propagate the change to the child files and folders
      • If using Windows Server 2003, give Modify permissions to the local machine's Network Service account and propagate to the child files and folders
o        After making either change, go to Start > Run and type iisreset <enter> to stop/start the IIS Admin service
1.6.25. WebMail Error: &H80049038 when attempting to send attachments


Product: ModusMail

Version & Build: Versions 3.x & 4.0 (old WebMail UI only)

Description of Problem:
Attempting to send an attachment using the original WebMail interface results in the following error:

An internal error occured, please contact your ISP, Code &H80049038.  Performing an iisreset corrects the problem temporarily.


Possible causes and solutions:


·         Verify the Event Viewer for DCOM errors - the server may be experiencing them

o     Open the error description and use the Event ID to research the Microsoft Knowledge Base to find the source of the error and how to correct it


·         You may be missing permissions for WebMail's Temp directory

    • Locate the VopMailWeb.ini file
    • Open the file (with Notepad) and locate the line that begins with TempDir (e.g. TempDir=C:\Program Files\Vircom\Web\WebMail\Temp)
    • Go to that folder and make sure the System account has Full Control permissions and that the IUSR and ASP.NET accounts have Modify rights
    • For Windows Server 2003, replace the ASP.NET with Network Service account


  • You may be missing the getattachment.asp redirection in IIS
    • Open Internet Information Services (IIS) Manager and locate your WebMail directory
    • If WebMail is set up in the root of IIS, right-click WebMail and select Properties > Custom Errors
    • Locate 404 under the HTTP Error column
    • Make sure the Type column displays URL and that the Contents column displays /getattachment.asp
    • If something different is displayed, highlight the 404 line, click Edit Properties, select URL as the Message Type and enter /getattachment.asp in the URL box
    • Click OK and Apply
  • If WebMail is set up as a virtual directory, then follow the same steps above and instead of /getattachment.asp use/Webmail/getattachment.asp
1.6.26. WebMail Error: &H800503EE

Product:  ModusMail
Version & Build:  4.x

Description of Problem:

When using the old webmail interface in ModusMail, the error &H800503EE occurs when using the Send button.

With the newer version of the WebMail interface, the window appears to hang when clicking Send and there is no error displayed and the mail is not delivered.



The SPF function is turned on in ModusMail's security settings but the customer's own SPF records are incorrect.  This causes outgoing mail from the Modus server to be blocked.


Correct the SPF records on your local DNS server and stop/start the SMTPRS service to clear the cache.  (See http://spf.pobox.com for detailed configuration information.)

If immediate changes cannot be made to the DNS, there are 2 options:

1. Turn SPF checking off and stop/start the SMTPRS service

2. Stop SPF validation of your own servers (mail and web servers if WebMail is on a separate machine from Modus) by adding the IP address(es) to Security - Properties - WhitelistsSMTP Security Whitelist (or Security - Properties - Trusted Address List, SMTP Security Trusted Address in 4.4+).  Stop/start the SMTPRS service to clear the cache.


1.6.27. WebMail Error: ASP 0178 (0x80070005), Server object, ASP 0178 (0x80070005) The call to Server.CreateObject fa
Product: ModusMail
Version & Build: All



When creating a rule in WebMail the following error occurs:


The page cannot be displayed

There is a problem with the page you are trying to reach and it cannot be displayed.

Error Type:

Server object, ASP 0178 (0x80070005)

The call to Server.CreateObject failed while checking permissions. Access is denied to this object. /EditRule.asp, line 73





The account the IIS Virtual Directory / Site is using does not have Read and Execute permissions on the comsieve.dll file.




  • On the machine running IIS, locate the WebMail site/virtual directory and take note of the account (e.g. IUSR) specified under Directory Security
  • On the same machine, open the Registry Editor
  • Click on Edit > Find to find the location of the comsieve.dll file
  • Note the location and, in Windows Explorer, go to the location of comsieve.dll
  • Right-click and select Properties
  • Add the account noted from the first step and give it Read and Execute permissions


1.6.28. WebMail Error: Error in '/' Application Directory not found or invalid

Product: ModusMail
Version & Build:  4.0.330 and above
This error can appear when trying to open attachments in WebMail.  It is caused by an invalid path for Webmail's Temp directory which is either pointing to the incorrect location or you have $temppath$.

Enter an absolute path:
  • Go to the ...\Web\Website \custom.config file and enter the correct location of the Temp directory
    • This will depend on what version of ModusMail was originally installed.  It should be one of the following:
      • ...\VMWClient\Temp
      • ...\MWMClient\Temp
      • ...\Web\Webmail\Temp
    • Perform an iireset if you make any changes


1.6.29. WebMail Error: "Error sending message: You have reached your quota limit"

Product: ModusMail
Version & Build: All
Description of Problem:

WebMail users are getting quota limit errors when attempting to send messages but there is nothing in their WebMail accounts and they can receive messages without problems.


Causes and Solutions:
1. Check the contents of the users' Sent Items and Drafts folders.  Any messages stored here count toward the quota limit and may need to be cleared out.
2. Check the folder permissions on the Web\WebMail directory.  The IUSR account must have Modify permissions on both the Temp and Users subdirectories.  This will ensure that temp files are deleted when they are no longer in use to prevent an accumulation of files.
3. The message may be over the default Max server message size.  In the Console, go to System – Properties – Settings and click on Advanced. Verify the default limit set for the Max. server message size.  This value can be changed (a value of 0 = no limits) but the SMTPRS service must be stopped/started after the change.
4. You may have WebMail-specific quotas that are too restrictive. 

a) If WebMail is installed on the modus server, go to the Console to review/change the limits:

  • Server-wide settings are located in Web – WebMail – Advanced  
  • Domain-wide settings are located in the domain properties in Web – WebMail – Advanced
If any changes are made, stop and start the WebMail Server Service.

b) If WebMail is installed on a server other than that of Modus, locate the webmailsvr.ini file to review/change the limits.

  • Server-wide settings are located in the [Default:Settings] section: MaxMessageSize, MaxAttachmentSize, StorageQuota, etc.
  • Domain settings must be added or changed manually in the [domain:Settings] section at the end of the file 
    • If there is an existing entry for a domain, manually add/change the required quota limit (the value is in BYTES) 
    • If the domain name does not appear, create the entry below the [Conversion] section


If any of these values are added or changed, stop and start the WebMail Server Service from Administrative Tools > Services.
NOTE: There are no options to set per user limits in WebMail.
REMINDER: When sending a message, its actual physical size will be larger than the size display indicates due to the addition of MIME encoding. 
1.6.30. Webmail Login exception errors


Product: All

Version & Build: 4.1.361


Description of Problem:

Attempting to log into WebMail or WebQuarantine displays an error page:

Exception Details: System.NullReferenceException: CFolder is null


 Unable to find script library '/aspnet_client /system_web/1_0_3705_6018/WebIvalidation.js..


The WebAdmin login fails totally - you cannot log in and no error is displayed.



The problem is usually caused by a conflict between two installed .NET framework versions where the ASP code is still bound to the old .NET version.  Go to Add/Remove Programs to determine that both 1.0.375 and 1.1 are loaded. 



  • In a Command Prompt, go to …\microsoft.net\framework\v1.1.4322 and run the aspnet_regiis utility (i.e. aspnet_regiis -I) to ensure all aspx code is bound to the new .NET framework.


  • If this does not correct the problem, uninstall/reinstall the 1.1 .NET framework and reinstall the WebMail or WebQuarantine package


    • Uninstall 1.0 .NET framework
    • Uninstall 1.1 .NET framework
    • Reboot the server
    • Reinstall 1.1 .NET framework
    • Reinstall the web components from the Modus install package


1.6.31. WebMail Error: the IMAP4 server does not allow the requested operation

Product: ModusMail
Version & Build: All

Description of Problem:

The following error occurs after clicking on Send in WebMail:

Error sending message: An internal error occured.  Please try again later and contact your ISP if the problem persists.
Description: the IMAP4 server does not allow the requested operation.  Code: &h80060003


The mailbox had reached it's quota limit.  The messages were able to be sent but the IMAP4 Service was not allowing additional messages to be written to the Sent Items folder in the mailbox, producing the above error.

Have the user clean out the Sent Items folder or adjust the quota limits.
1.6.32. WebMail Error: Site localhost is unavailable

Product:  ModusMail
Version & Build: All

Description of Problem:

When clicking the Settings tab in WebMail, the following error occurs.  All other functions work properly. 

Solution 1:
  • In Windows Explorer, go to the ...\Vircom\Web\WebMail\WebSite directory and open the Custom.config file with Notepad
  • Look for the following line: <add key="Site" value="localhost"></add>
  • Replace "localhost" with the machine's primary static IP
  • Perform an iisreset
Solution 2:

If the first solution does not resolve the problem, there may be a problem with the "appsettings file" information in the Web.config file, also located in the Web\WebMail\WebSite directory.  The Web.config is where we set the appsettings to load the keys from the file custom.config, which is done with the line: <appSettings file="Custom.config">.  If this line is removed or changed, then custom.config is not loaded.  Also, if there is a typo in the custom.config file, then the file will not loaded.  The solution therefore is to check all information carefully in custom.config and ensure you have the proper spelling and syntax.  Do not make any changes to the web.config file.
If everything is configured properly, then custom.config has precedence over web.config.
NOTE: Custom.config & web.config are XML files, which means that they must be properly constructed.  One way to test if they are is to copy them with a .xml extension and then load it with Internet Explorer.  If the file is not properly constructed, IE will letyou know.
1.6.33. WebMail Login Error: &H8006000D
Product: ModusMail
Version & Build: All

Problem Summary:


When logging into WebMail, users receive error code &H8006000D




This error is likely happen with database mailboxes.  The source of the error is related to problem connecting and retrieving information from the SQL Server.




Stop/start the MSSQLSERVER service to resolve this error and allow users to log in.
1.6.34. WebMail & WebQuarantine Login Error: 0xE0010FA6

Product: All
Version & Build: All


Description of Problem:

Attempting to log into either WebMail or WebQuarantine results in the following error:

Server Error in '/xxx' Application.

Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code



The "Users" base path and the default domain name are missing from the WebMail / WebQuarantine configuration file.




  • In Windows Explorer, go to ...\Vircom\Web\Web<Mail or Quarantine> and open the webmailsvr.ini file with Notepad
  • Locate the BasePath= line and enter the full path to the WebMail (ModusMail) or Quarantine (ModusGate) Users directory
    • e.g. C:\Program Files\Vircom\Web\WebMail\Users or C:\Program Files\Vircom\Web\Quarantine\Users
  • Locate the DomainName= line and enter the default or primary domain name
ModusMail:  The first domain name that appears in the Domains list in the Console.  The syntax must be the same.  Therefore, if the Console displays machine.mydomain.com,  this is what should appear in the DomainName line.  If it is just mydomain.com, make sure it appears in the line.
ModusGate:  Enter the domain name used in your email address, e.g. mydomain.com

After making the above changes, stop and start the WebMail Server Service.
1.6.35. WebQuarantine Errors: H8002013A & 0XE002013B

Product: ModusGate

Version & Build: 4.1.361 & up



When trying to log into WebQuarantine or WebAdmin, one of the following errors occurs:

0xE002013A: Error when trying to login to the WebQuarantine : An internal error occurred, please contact your system Administrator "Login failed code &H8002013A"

0xE002013B: "Unhandled exception occurred during the execution of the web request..."



Both errors are related to problems with SMTP Authentication.

Error 0xE002013A is caused by setting up an SMTP Auth connection between ModusGate and the mail server but not having SMTP Auth enabled on the mail server itself.

Error 0xE002013B is caused by not having SMTP Auth turned on in ModusGate under Security - Properties - SMTP Security, Enable SMTP Authentication.

Both WebQuarantine and WebAdmin authenticate the user against ModusGate using SMTP Authentication. ModusGate, in turn, authenticates the user against the mail server with the method configured in the ModusGate under Connection - Properties - General, Authentication Requests (e.g. SMTP Auth, POP3).



SMTP Authentication will only work if the mail server itself supports it.  Therefore, the first step is to ensure that it is turned on. 

The next step is to enable SMTP Authentication on the ModusGate Server.  Go to Security - Properties - SMTP Security & click on Enable SMTP Authentication.  Restart the SMTPRS service.  Make sure there is no firewall or router blocking SMTP communication between the ModusGate Server and ModusGate Web Components (e.g. telnet to port 25 on the ModusGate Server from the Web Server and initiate a SMTP Auth dialog).
1.6.36. WebMail / WebQuarantine: A Runtime Error has occurred. Do you wish to Debug? Line 185 Error:Oject Expected
Product: All
Version & Build: All

Problem Summary:


When clicking on the WebMail or WebQuarantine link, the following error occurs:

A Runtime Error has occurred Do you wish to Debug? Line 185 Error:Oject Expected




This error can occur in some high security network environments.  WebMail/WebQuarantine functions make a request to the ModusMail RCP server for information needed to build the web page.  In some environments, if the Webmailsvr.ini file specifies the IP address assigned to the machine and not the localhost address ( the request will fail, causing a script error to popup in Internet Explorer.




Configure the Web Server and Client portions to use the localhost IP (i.e. rather than the computer's IP.  Restart the Web Service and IIS Admin Service.

1.7. AV Backup Folders Are Not Self-Cleaning
Product: All
Version & Build: All


Prior to performing an AV engine update, modus™ backs up the .DLL and .DEF (definition) files to a backup folder:

         Norman:  …\Vircom\modus<Gate or Mail>\NVC\NSE\Backup
         McAfee:  …\Vircom\modus<Gate or Mail>\McAfee\Backup

In the event that the update fails or if there are issues with the AV engine, you can use the most recent .DLL and .DEF files stored the …\Backup folder to restore functionality (paste the files into the ...\NSE or ...\McAfee folder, depending on your version of modus™).


The definition file size for Norman is 22 MB while that of McAfee is 32 MB.  Currently, the …\Backup folder is not self-cleaning.  As such, the accumulated files will cause the folder to grow quite large.  If you are concerned about free space on your hard drive, you may consider deleting the older .DLL and .DEF files in the …\Backup folder.

Vircom strongly recommends that you do not delete the most recent files in the event that a rollback is required.

1.8. Invirus Buildup and/or Server Freezes at Regular Intervals


Version & Build: All





Server seems to freeze at regular intervals making the machine unresponsive for short periods of time (less than a few seconds).  In extreme cases, this can cause spool backlogs.





modus™ updates information in the Registry.  These write-operations to the Registry are cached in a file called software.log.  By default, the OS will purge the cache and write the operations to the Registry hive every 5 seconds for Windows Server 2003 or every 5 minutes Windows 2000 Server.


During these intervals, the system appears to freeze.  This behavior is not normal. The root cause is usually a poorly configured RAID controller whereby the Windows operating system is installed with a RAID array.





If you use a RAID array for your OS drive with the RAID mode set to writethrough mode instead of writeback mode, by default, the controller only sends an acknowledgement of a disk-write operation after the disk-write has completed.  In the example above, no disk-write operations would be acknowledged until the RAID controller has finished purging the cache file and has merged it into the Registry hive.  Therefore, it is recommended that the RAID controller on the OS drive be set to use writeback mode, which sends an acknowledgement before the write-operation is complete.  This ensures faster response.


For additional information, please consult the IBM Systems Software Information Center article Understanding write-cache mode for logical drives.



1.9. ‘Failed to access IIS metabase’ when Accessing the Web Applications

Product:  All

Version & Build: 4.5.654 and above






Failed to access IIS metabase” error when accessing the Modus Web applications with Windows 2000 Server.






IIS was installed after .NET 2.0 Framework was installed.






From a DOS window, proceed with the following:

  • Change directory to …\WINDOWS\Microsoft.NET\Framework\v2.0.50727
  • At the command prompt, type aspnet_regiis -ga aspnet <enter>


1.10. How-To: Isolate Problems Using the System Health


Product: ModusMail & ModusGate

Version & Build: 4.3


The attached document guides you through the different sections of the System Health screens and describes how that information can be used to highlight and troubleshoot potential system problems.

To access the System Health program on the local server, go to Internet Explorer (this only works with IE versions 6.0 - 8.0 inclusive, but not 9.0) and you can use the following URL: http://localhost/webmonitor.  SVG Viewer must be installed.  If you try to access the program without the SVG viewer, you will be prompted with a link for the download.

To access it from a remote machine, you can replace localhost in the above URL with the actual IP of the server on which the program is running. 


1.11. How-To: Respool Messages


Product: ModusMail & ModusGate

Version & Build: All




This article will explain how to respool messages.


If you have experienced a slowdown in message processing that has caused a backlog in one of the spool directories, the first step is to stop and start the service responsible for that particular spool and allow the machine clear out the messages normally:

  • Invirus folder: MODUSCAN & MODUSADM services
  • Incoming & Holding/Domains folders: SMTPDS service

However, if the machine is not able to process them quickly enough or if there are too many backlogged messages to wait for normal processing, follow the respool directions:

  • Create a "respool" folder where you will temporarily store all of the messages, e.g. C:\respool
  • Stop all Modus services and rename the existing spool to spool.old
  • Move all of the message files (MSG, RCP/LCK/LCA/RCO) to the respool folder using recursive copy or move commands:
    - Go to a Command Prompt
    - Go to the root of your old spool folder (e.g. spool.old)
    - For a recursive copy (that will search each subdirectory), enter the following string:  

for /r %a in (B*.*) do copy /y "%a" c:\respool 

  • Delete all of the REF files (B*.REF)
  • Rename all *.LCK, *.LCA, *.RCO, *.DEF files to *.RCP
  • At this point, you should only have MSG/RCP pairs in C:\respool
  • Restart the Modus services to create a new spool (and process new incoming messages in the meantime)
  • Move the contents of the \lists folder to the newly created spool
    • No additional temporary folders (sptplock, temp, dead, deadvirs) are required

Using a grep tool (see attachment) or Windows search tool:

  • Use grep or Windows Search to produce a list of files you do not want and turn that list into a batch file to delete them
  • Delete all MSG/RCP pairs that you do not want (example, bounce messages)


  • Get the respool tool (attached below) and extract it to your hard drive (such as the root Modus folder)
  • Respool by entering the dispinvr command from a Command Prompt: 
    • dispinvr <full path to respool folder> <full path to spool\invirus folder of current spool>
      • E.g for c:\modusmail:  dispinvr c:\respool c:\spool\invirus  <enter>
  • If the path file is lengthy, use quotation marks around the entire path, e.g. "c:\program files\vircom\modusmail\spool\invirus"



1.12. How-to: Troubleshooting DNS Resolution Problems

Product: All
Version & Build:
If your Modus server appears to be having difficulty sending mail because it cannot resolve IP addresses but using nslookup (see below) resolves the same addresses, it might be that Modus is using a different DNS server than the one you are testing with.

To detemine what DNS server IP address Modus is using:

  • In the Console, go to Logs – Properties – Operation Flags and enable DNS Transactions
  • There is no need to stop/start any services 
  • Go to the ModusMail or ModusGate \ Log directory and search for a file called OPRyyyymmdd.log
  • Open the file with Notepad and search the log for "Sending DNS request via UDP to..." and this will show the DNS server IP address

To change the IP:


  • Right-click My Network Places and select Properties
  • Select the particular connection (if more than one) and click on Internet Protocol (TCP/IP) and Properties
  • Enter the correct DNS server IP address(es) and click OK
  • Using nslookup:
    • In case you're not familiar with the nslookup utility or its commands, this is a command line program used in DOS.  For details about the syntax to use and how to read the results, please see Step 2, in Troubleshooting Mail Delivery Problems.


1.13. Troubleshooting Mail Delivery Problems

ModusMail (with some support for ModusGate)

Version & Build: All


Local users are not receiving mail from the outside world or users are trying to send mail through your server TO the outside world.  This assumes that the user is able to POP his/her mailbox but, for whatever reason, no new mail is coming in or going out. 

This how-to applies mainly for ModusMail but can be used to troubleshoot some ModusGate issues.

Step #1 - Check to see if your server is responding on port 25

You should repeat this test at least twice - once from the Modus server and once from another PC on the same network or, ideally, from a machine outside of your network (via a dialup or high-speed connection)


  • From a Command Prompt, type telnet <mail server IP> 25 <enter>
  • Your mail server’s banner should appear:

220 <domain> ModusMail ESMTP Receiver version x.xxx.xx ready

  • If the banner fails to appear within 30 seconds, you could be using RBL/DNSBL lookups or reverse DNS lookup and your DNS server or one of the blacklist servers is not responding quickly enough
  • Solution:

    • In the Console, go to Security – Properties – Sender Validation & Accreditation
    • If Perform a lookup for the SMTP host in the DNS is enabled, disable it
      • Stop/start the SMTPRS service to clear the cache
    • From a Command Prompt, type telnet <mail server IP> 25 <enter>
      • If the banner appears quickly, this problem has been resolved by disabling Reverse DNS lookups
    • If the problem persists, in the Console, go to Security – Properties – Real-Time Blacklist and click on RBL Servers
    • Remove one of the RBL servers you are using
      • Stop/start the SMTPRS service to clear the cache
    • From a Command Prompt, type telnet <mail server IP> 25 <enter>
    • Keep removing RBL servers until you determine which RBL server is causing the problem
      • Stop/start the SMTPRS service each time and replace the RBL servers that were removed during the testing (those not causing the problem)
  • If the banner appears immediately, it is possible that your IP address is whitelisted or cached
    • Repeat the telnet step from a PC outside of your network (if possible)
  • After you have tested that the SMTP banner responds quickly but people still do not receive email, proceed to the following step 
Step #2 - Use Telnet to Send an Email to a User

  • Check the recipient’s mailbox
  • If the user received the email, try sending an email for this user from an outside mail service (e.g. Hotmail)
  • If the person does not receive the email, something is preventing mail traffic from getting to your server from outside of your network OR the domain you are trying to send mail to from the outside world has a DNS configuration problem with regards to the MX record settings.
  • To rule out an invalid DNS setting, perform an nslookup of the domain that you are trying to deliver mail to from the outside world.
  • Example:

  • In the above example, we try to resolve vircom.com
  • set q=mx tells nslookup tells Windows to look for MX records
  • The result in the above example shows that mail goes to gate.vircom.com (pref level 0) and, if gate.vircom.com goes down, the mail goes to smtp.vircom.com (pref level 1)
  • It is always possible that your DNS server knows the destination domain but the outside world does not
    • You can do a lookup using a foreign DNS server by using nslookup - <remote DNS server> to see if the outside world sees your domains
  • Example:

nslookup –

  • This allows you do a lookup using Vircom’s DNS server instead of your own to find out if your domain resolves on outside DNS servers
  • Assuming that you reach this point and it is certain that DNS is properly configured for your domain, then there is a network issue between the outside world and your ModusMail server.  Chances are you have some sort of mail firewall that is causing the problems (e.g. Cisco Pix firewall)
  • If the user did not receive the email, proceed to the following step

Step #3 –  Determine What Happened to the Email


In the previous step, you tried to send an email to one of your users using telnet.  You ascertained that there was no network issue and that the domain was configured properly for DNS.  At this point, the message you sent manually is, most likely, stuck in one of the queues.


How the Modus server works:

  • Email comes into Modus on Port 25
  • SMTPRS (SMTP Receiver Service) takes the email and stores it in the spool\invirus folder as an MSG and RCP pair.  The MSG file is the body of the message and the RCP file is the “envelope” (the actual SMTP transaction as recorded during the “mail from” and “rcpt to” phase)
  • Once the message is scanned by the MODUSCAN process and, if it is clean, it is moved, by MODUSCAN, to the spool\incoming folder (both the MSG and RCP files)
  • If the message is not clean, it is moved to the spool\spam or spool\virus folder.  Afterwards, MODUSADM takes the messages from the spool\virus and spool\spam folders and quarantines them
  • The SMTPDS (SMTP Delivery Service) has a sub-thread (process) that continuously checks the spool\incoming folder.  As soon as it sees an MSG/RCP pair, this sub-thread grabs the MSG file and moves it to spool\holding.  The RCP file is moved to spool\domains\<destination.domain>
  • Modus does this to make it possible to try to deliver messages to multiple destinations at the same time.  Messages bound to local domains have their RCP files go to a special folder called spool\domains\$local$
  • Finally, the SMTPDS main delivery threads loop through the various domains under spool\domains\<domainname> and attempts to deliver the messages to their destination.  Local deliveries have priority over remote deliveries.  Messages (the MSG file) are moved to the end-user's Inbox folder.  The RCP file is deleted

The above explains how the spool works.  The following will attempt to explain why the message was not delivered:

  • Check the ..\spool\invirus folder:
  • Go to …\Vircom\Modus<Mail or Gate>\Spool\Invirus and check if there is a large backlog of mail (greater than several hundred MSG/RCP pairs)
    • Use Windows Find to determine if the message you sent is here

Backlogs with the MODUSCAN engine can be caused because of the following:


a) The Quarantine is too slow or is corrupted

  • The server simply cannot put more mail into the Quarantine because of slowness or a connectivity outage
  • If you are using the native Quarantine database (available with Modus) it is possible that you have exceeded the maximum file size of the database.  Since the default Quarantine database uses Microsoft Access, if the Quarantine reaches a size of 2 gigabytes, it crashes dies and causes MODUSCAN to spike to 100%.  Processing of messages slows considerably.
  • Check the mailstore.mdb file size in …\Vircom\Modus<Mail or Gate>\mailbox\@quarantine.  If it is at 2GB or close to it, proceed with the following:
    • In the Console, stop all services
    • In Windows Explorer, go to …\Vircom\Modus<Mail or Gate>\mailbox\@quarantine
    • Rename the mailstore.mdb file to mailstore.old
    • Rename the inbox folder to inbox.old
    • In the Console, start all services
    • Assuming that this was the cause of problem, Modus should process the backlog quickly


NOTE: Versions 3.x and above provide the option to compact the Access database to prevent reaching the 2Gg limit.  This option is on, by default, when upgrading from an older version if Access is used.  Go to System – Properties – Quarantine Database to change the time Modus compacts the database.  Stop and start the MODUSADM service after any changes.

This step is not a permanent solution.  A long term fix would be to switch to a SQL Server quarantine database.  For more information, see
How-To: Use SQL Server Instead of the Built in MDB Database for Quarantine Storage.
Another work-around would be to delete spam instead of quarantining it.  Go to Spam – Preferences – Options and, under When a Spam is detected, select Delete the message immediately under.

b) Sievestore Database is Corrupt

The SieveStore database sievestore.mdb, located in …\Virocm\ModusMail\SieveData contains all of the Sieve script updates.  To determine if the sievestore.mdb file is corrupt, search for the word corrupt in the latest OPR*.LOG and ERR*.LOG files in the Log folder.

If the database is corrupt, there is no way to recover your custom sieve scripts unless you have backed them up (by pasting them into a text file). 

To reset the sievestore database:


  • In the Console, stop all services
  • In Windows Explorer, go to the …\Sievedata folder
  • Rename sievestore.mdb to sievestore.old
  • Download the empty sievestore.mdb file (attached to this article) to your Modus server
    • Copy it to the …\Sievedata folder
  • Open the Registry Editor and go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\MODUSADM\Parameters
  • Double-click on SieveUpdateLUSN and set the Data value to 0 (zero)
  • Exit the Registry Editor
  • In the Console, start all services
  • Go to Spam – Properties – Auto-Updates and click on Update Now
  • Click on Update Now until no new updates are received
  • Go to Spam – Preferences – Options and click on Categories to ensure that they are OK
  • At this point, MODUSCAN should be catching up with itself

c) Sieve script catching messages sent to the test user

Check the quarantine to see if the message you sent in the previous step was caught.  If it was, check your custom sieve scripts to see if there is a script that is capturing more messages than it should.  Make sure your quarantine is not set to Delete Spam.  If it is, the test messages will be deleted.

d) Third-Party anti-virus is blocking messages prematurely and locking files

Some customers run a third-party anti-virus on the same machine as Modus which is, normally, a good thing.  However, since some versions of Modus provide virus scanning and infected messages are moved to a folder first, it’s possible that the third-party anti-virus locks the file while Modus is working on it and causs problems for Modus.

Make sure the following folders are not scanned by your anti-virus:

  • …Vircom\Modus<Mail or Gate>\spool folder and sub-folders
  • …Vircom\Modus<Mail or Gate>\mailbox\@quarantine folder and sub-folders
  • c:\winnt\temp folder and sub-folders

e) Slow lookup on the user setting validation with extended database format

When a message comes in and is scanned by the MODUSCAN engine, Modus checks if the user has overridden the System/Domain settings and has opted not to scan messages for spam, viruses or attachments.  If you are using registry (i.e. Generic) mailboxes, this is not an issue.  However, if you are using the Extended Database format (either in ModusMail or ModusGate Cluster), it is possible that the query takes too long to do the lookup. 


A possible reason for this slowdown is the ODBC call settings in the registry.  Therefore, the first step is to change the following settings:


  • Open the Registry Editor and go to HKEY_LOCAL_MACHINE\Software\Vircom\VopMail
    • Double-click on autodelmailboxes and set the Value data to 1
  • Go to HKEY_LOCAL_MACHINE\Software\Vircom\VopMail\ databasemailboxconfig\generic
    • Double-click on caseInsensitiveSearch and set the Value data to 0
    • Double-click on LowercaseSearch and set the Value data to 0
  • Stop and start the Modus services


If the above changes do not resolve the problem, temporarily switch to the standard Generic format.  The “standard” generic format only makes use of four fields.  Proceed with the following:


  • In the Console, go to AUTH – Properties – ODBC Database
  • Remove the check-mark at Use Extended Database
  • Click on Table Configuration and enter the following information:
    • Table Name: VopMail
    • Column Name mailbox: USERNAME in the table
    • Column Name User Name: FULLNAME in the table
    • Column Name Domain: DOMAIN in the table
    • Column Name Password: VOPPASS in the table
  • Click on Close and Apply
  • Stop and start the Modus services


If the backlog in spool\spam & spool\virus begins to decrease, this resolved the problem,  Contact Support with your findings to see if there are any long term solutions or to evaluate any optimizations that could be done with SQL database.

f) Hardware performance is taxed by the demand on the scan engine

It can happen that the load generated by the mail traffic coming into your server has reached a point where MODUSCAN cannot keep up.  The MODUSCAN engine causes 100% of CPU usage (as seen in Task Manager).   Contact Vircom Technical Support for additional help if this is case.  Please ensure that you provide the necessary information to effectively provide troubleshooting.

Step #4 - Check the …Vircom\Modus>Mail or Gate>\spool\incoming folder

The spool\incoming folder will rarely get backed up.  If it does get backed up, it is usually because Modus is too busy working on traffic under spool\domains and spool\holding.  SMTPDS handles both the spool\incoming folder and the spool\holding and domains folder.  Search this folder to see if the message is stuck.  However, if there is a backlog, chances are the problem is actually with the …\spool\domains folder (see next step).

Step #5 - Check the ...\spool\holding and ...\spool\domains folders

The …\spool\holding folder stores the messages that are bound to local and outbound delivery.  Normally, this folder can contain from a few hundred messages to a few thousand, depending on the size of your installation.  If there are more than 2000 messages, there is a problem.  Also important is what goes on in the ...\spool\domains folder since this is where Modus coordinates mail delivery.

Most important are the local deliveries, so go to the ...\spool\$local$ folder to determine what is going on.  If there is a large backlog of mail, something is preventing the timely processing of messages going to your local domains.

In the folder, you should see one of four types of files.  These are, actually, all of the same type (envelope files) but the extension of the file indicates what processing has completed so far.


  • .RCO files are recently arrived .RCP files that have yet to be scheduled for delivery
  • .RCP files are scheduled for delivery and are awaiting processing
  • .LCK files are .RCP files that are currently being delivered (or Modus is attempting to deliver them)
  • .DEF files have already been attempted once for delivery and are awaiting retry (deferred files)
If, when refreshing the folder in Windows Explorer, the number of files does not decrease (or increases), even after clicking on Deliver Now in the Console under System – Properties – Mail Delivery, there is a problem.

Possible cause for the backlog:

Database authentication failing for local domains

If you use database mailboxes and if the authentication database is down or corrupt or your system DSN is invalid, delivery to local mailboxes will fail.  To test this, in the Console, go to Users and click on a valid user.  If there is an error message, there is a problem with user authentication.

Ensure that:

System DSN points to correct database

  • On the server, go to Administrative Tools > Data Sources (ODBC) and check your system DSNs to ensure that they are still valid
    • In the case of SQL authentication, ensure that the datasource username & password are valid as well


Modus uses the correct DSN in the Modus Authentication subsystem

  • In the Console, go to Auth – Properties and select the database type that Modus is trying to authenticate against and make sure that it is pointing to the correct DSN name with the proper DSN username & password (if applicable)


You have the correct schema/stored procedures

  • Depending on the type of database Modus is authenticating against (RODOPI, Platypus or the extended database format), ensure that you are running the correct stored procedures for your particular version of Modus
  • If you recently upgraded your software, it is possible that the new package requires new fields (extended database) or new stored procedures
  • For RODOPI or Platypus users, check with the RODOPI or Boardtown (makers of the products) to see if new stored-procedures are available
  • For the extended database format, contact Vircom’s Support for the latest database schema
1.14. System Health Counters Display "Unavailable" in WebMonitor

Product: ModusMail & ModusGate

Version & Build: 4.3



The System Activity gauges in the System Health screens acquire their information from the Performance Monitor counters. If any of the gauges display an "unavailable" warning message, it is possible that the counter has been disabled.


Troubleshooting the problem:


  • Check the WebMonitor error logs to find the specific counter name being used
    • Go to ...Vircom\Web\WebMonitor\Log, open the yyyymmdd_Error.log file and search for an entry similar to the following:

Source: /WebMonitor/SystemHealth/getUpdate.aspx
Code: 0xC0000BB8
Facility: 0x1B
Error while reading performance counter data.
Error while reading performance counter data.
param 0='\POP3S\Active Connections'
param 1=
param 2=


  • In this example, the error points to a problem reading the Performance Monitor counter POP3S > Active Connections
    • Open Performance Monitor and enable the POP3S > Active Connections counter to see if there is any activity
  • If the counter does not appear in the Performance Monitor list, it may be disabled in the registry
    • Open the Registry Editor and go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\<specific service name>\Performance
    • Locate the DisablePerformanceCounters key with a value of 1 (i.e.  On)
    • Set the value to 0 (Off)
    • Stop and start the Monitor service


1.15. Cannot Delete "Scanning Errors" from the Quarantine


Version & Build: All

Messages categorized as "Scanning Errors" in the quarantine are never deleted.


The Scanning Errors (category 12) are never cleaned up from the quarantine.

This category is reserved for errors from the anti-virus engine.  If you experience this category of quarantined mail, it could be because of a problem with the virus program or because the message generated an error in the anti-virus engine and could not be scanned.  Most of the time, however, it is usually a message that cannot be parsed by the AV engine.

If this becomes a chronic problem, the messages should be taken from the @quarantine\inbox folder, zipped and emailed to us at virustrap@vircom.com.
1.16. Running Outlook 2007 & Windows Vista with modusMail May Cause Slow Downs

Product: ModusMail

Version & Build: All





End users may experience slow POP/IMAP connections and/or time-outs when using ModusMail with Outlook 2007 and Windows Vista.





The auto-negotiate function of the TCP/IP stack in Windows Vista can be disabled:


  • Log onto the Windows Vista workstation using the Administrator account
    • Using an account that has Administrator rights will not work
  • Open a Command Prompt and type the following:

netsh int tcp set global autotuninglevel=disable





More information for Vista clients can be found at http://support.microsoft.com/kb/929708/en-us.


If you are using Microsoft CryptoAPI to negotiate the SSL handshakes on a Windows server, please consult http://support.microsoft.com/kb/216482/en-us.

Note:  This fix is experimental.  Should you encounter similar problems, please report them to support@vircom.com.


Thanks to Dave Berzins of Nucleus for providing this information!


1.17. PostgreSQL Will Not Install Properly

Product: All

Version & Build: 4.2.420 & up



The article will explain the reasons for PostgreSQL installation problems and the steps to resolve them.  Modus only supports PostgreSQL v8.06.





Before beginning a PostgreSQL installation, be aware that the program cannot be installed remotely.  The installation files must be accessed and executed on the server on which the program will be installed.


You may encounter the following errors during installation:


Initializing Database cluster... Failed to create process for INITDB logon \ failure, unknown username or bad password.


Failed to set permissions on installed files, please see log file in...


You may also experience a problem whereby it appears as though the installation completed successfully but, afterwards, you are unable to see PostgreSQL in the All Programs group or you cannot access the program.


  • You may have removed the Everyone / Full Control permissions on the drive where you have installed PostgreSQL
  • There might be domain password policies set with specific restrictions (such as a required number of characters)
    • If the PostgreSQL password does not adhere to these rules, the install will fail
  • You may have a Cisco Security Agent configured that prevents the installation of PostgreSQL


  • Check the drive permissions
    • Add the PostgreSQL user to the installation location (default is C:\Program File\PostgreSQL) and give it Modify rights
    • If the installation resulted in the INITDB or permissions errors, the PostgreSQL folder should have been created
  • If you have a Cisco Security Agent configured on your system, you must disable it before proceeding with the following:
    • In the Registry Editor, go to HKEY_LOCAL_MACHINE\Software\Vircom\Vopmail
    • Delete the MonitoringDSN key and its value  PGDB:dbname=Modus user=postgres password=****
    • From a Command Prompt, remove the PostgreSQL folder using the following commands:

net user postgresusername /delete

net user postgres ********** /add /fullname:"PostgreSQL Service" /comment:"" /expires:never /passwordchg:no

ntrights +r SeServiceLogonRight -u postgres


  • Launch the Modus installer and select Mail Component only
    • Select Yes when prompted to proceed with the PostgreSQL installation


1.18. Quarantine Reports are not Being Generated


Version & Build: 4.2 & up



If your quarantine reports are not being generated consistently to all users at the specified time or if they are not being generated at all, you can enable extended logging that will allow you to see where the process might be breaking down.



Enabling logging requires manually creating a registry key:

  • Open the Registry Editor and go to HK_LOCAL_MACHINE\Software\Vircom\Vopmail\Logging
  • Create a new DWORD Value called ServerInternal
  • Give it a Data value of 1
  • Stop and start the MODUSADM service


Generate a Quarantine Report from the Console:

  • System-wide:
    • Go to System – Properties – Quarantine Reports and click on Generate Now
  • Domain-wide:
    • Go to Domains – Preferences – Reporting and click on Generate Now
  • User-level:
    • Go to Users – Preferences – Reporting and click on Generate Now


Open the most recent OPR log (OPRyyyymmdd.log) to see the results.  There will be a 1-line summary per person (for whom the report was sent) detailing if/where there was a problem and what the error is.


It is not recommended to keep the logging enabled indefinitely as your logs will become quite large.  Once the source of the problem has been identified and resolved, return to the Registry Editor and set the Data value to 0 (off) for the ServerInternal key.


1.19. WebQuarantine Settings Generate a "Value Cannot be Null" Error

ModusGate Blockade (Cluster)

Version & Build: 4.0 + up



Description of Error:

In a ModusGate blockade or cluster configuration, attempting to open the Settings page in WebQuarantine results in the following error:


Server Error in '/Quarantine' Application. Value cannot be null. Parameter name: Mailbox.




Vircom worked with a client whose problem domain was configured on a ModusGate Cluster for POP3 (Web) Authentication and used Active Directory against a Microsoft Exchange Server for automatic mailbox population.  Mail scanning worked well and all Exchange users (25 of them) were able to log into their Quarantine and see their respective QT contents.  However, when users tried to access their Settings page, they received the error above.


We noticed that, on ModusGate Server #1, the domain displayed 0 users and, on ModusGate Server #2, it only displayed 5 users.




The problem was caused by the fact that the usernames were not in the Users panel in the Console. 


The solution was to:

  • Add the missing usernames manually
  • For each user, go to Users – Preferences – General and enable Keep this user permanently


1.20. Quarantined Messages are Being Labeled as “Possible Virus”

Product: All

Version & Build: All






Vircom has identified an issue whereby quarantined messages are being labeled as “Possible Virus”.  This only affects Modus installations running the McAfee anti-virus solution.


There are two possible reasons for this:


  1. Messages were caught by Vircom scripts which are run after virus scanning
  2. The McAfee engine scanning timed out while scanning the messages



Modus sets a 10-second maximum time limit for virus scanning.  In most cases, virus scanning can be accomplished within 10 seconds.  However, decompression bomb viruses take much more time.  Decompression bombs are designed to create DoS attacks on the given scanner.  The consumed disk space or memory could be so high that the server could fail.


If a message has not been fully scanned within 10 seconds, the message is labeled as “Possible Virus”.  If the Modus server is experiencing a heavy load or if a decompression bomb is being scanned, scanning may require more than 10 seconds to complete and, because of this, messages may be incorrectly identified as “Possible Virus”.






Increase the scanning time-out in the Registry.


  • On your Modus server, open the Registry Editor
  • Go to HKEY_LOCAL_MACHINE\SOFTWARE\Vircom\VopMail and double-click on the DWORD key value McAfeeMaxBombScanTime
  • Change the default setting of 10 seconds to a higher value (15-20 seconds)


1.21. Incoming Spool Directory is Backing Up


Product: ModusMail

Version & Build: All




Messages are backed up in the …\Vircom\ModusMail\Spool\Incoming folder and delivery to the users is taking a long time.



The SMTPDS (delivery service) is responsible for mail processing in the Incoming and Holding / Domains directories.  Messages waiting to be processed through Incoming include:

  • Mail from the outside world (Internet) waiting to be delivered to local mailboxes
  • Mail from local users waiting to be delivered to other local users and to the outside world (Internet)
  • Delivery failure notices or other internal postmaster warning messages generated by Modus


Causes and troubleshooting tips:

There are several possible reasons for delays in this part of the spool and this article includes a list of the most likely causes and specific configuration errors. 


1 - Postmaster's Inbox is full:

  • In the Console, go to Users – Properties – Info and select the Postmaster mailbox for the default (primary)
  • Check the Mailbox Size (# messages)
  • If there are 1000+ messages, in Windows Explorer, rename the Inbox folder (i.e. …Vircom\ModusMail\Mailbox\postmaster\Inbox)
  • In the Console, for the Postmaster account, go to Users – Preferences – Quotas and set all quotas to None
  • Stop and start the SMTPDS service
  • If the postmaster box is forwarding to a local email address, perform these steps for that address too

2 - The Spool\Domains\$local$ directory is backlogged:

  • Check if the drive containing the Mailbox directory is full and free up space, if necessary
  • Check if the C: drive is full, even if Modus is installed on another drive
    • A minimum of 500mg free space is required
  • Check the properties on the drive(s) containing the Mailbox and Spool directories
    • Disable the Indexing Service, which is turned on by default
      • Disable it on the drive properties directly and allow the change to propagate to the child objects (this can take a very long time) or  turn off the Indexing Service in Administrative Tools > Services (preferred)
  • If you use Generic (Registry) mailboxes, ensure that there is enough space in the Registry
    • Right-click the My Computer icon and select Properties
    • Click on Advanced > Performance Options> Change and verify the current and maximum registry size settings
  • If you use a database for authentication, check the following:
    • Is the database responding (i.e. is the SQL service running)?
    • Are there any performance problems on the database with CPU or memory consumption?  Check the Event Viewer & Task Manager.
    • Do you have any indexes or triggers set up on the database that call other tables or databases? If so, remove them.
  • Are you running a database trace or logging?  Go to the Data Sources (ODBC) and click on Tracing to stop any tracing.


3 - Mail Loops and Denial of Service (DoS) attacks:


The program may be experiencing multiple simultaneous mail loops that may be the result of a DoS attack.  While Modus is designed to discard any messages that cannot be processed when in a loop, multiple simultaneous loops or a directed spam attack can affect the server's performance.


  • In Windows Explorer, go to …\Vircom\ModusMail\Spool\Dead folder to check the contents
  • Multiple .msg and.txt files, with the same message IDs, indicates a mail looping problem
  • Open the .txt files to confirm the error ("mail loop has been detected")
  • Check the associated .msg file to see what address is having problems
  • To resolve this problem, in the Console, go to Users – Properties – General and select the user causing the problem
  • Remove the forwarding address from the user's setting or disable Don't leave a copy of a forward message in this mailbox and, instead, set a message lifetime of 1 day under Users – Preferences – Quotas


For DoS attacks:


Look for multiple delivery failure messages that appear to be generated by the same source address.  Proceed with one or more of the following:

  • Block that address in Security – Properties – Protocol Filter
  • Add that address in Security – Properties – Connections, click on Reject all incoming mail from...
  • Alternatively, you can create a custom sieve script


From a Command Prompt, run the netstat -a command to review all current connections to the server.  If there are multiple connections from questionable sources, block them using the Security options:

  • Go to Security – Properties – Connection Limits, enable Total number of simultaneous connections allowed from the same IP and set the limit


1.22. Outlook Express 5.0.6 Cannot Send Through Modus When Using SMTP Auth

Product: All

Version & Build: All





Clients using Outlook Express 5.0.6 cannot send mail when using SMTP Authentication.





The problem is the result of a conflict with the NTLM authentication method.





  • Stop the SMTPRS service
  • In Windows Explorer, go to the …\Vircom\Modus<Mail or Gate> folder and rename or delete the MSSPIAUTH.dll file
  • Start the SMTPRS service


Deleting or renaming this file forces Outlook Express to try the next method of user authentication which is [CRAM-MD5].


Note: This file must be deleted or renamed after every re-installation or upgrade.
1.23. Non-sequential Logging in the Log File

Product: All

Version & Build: All





Entries in the log file are not in proper order.






The reason the logs are not in order is that the SMTPRS service keeps the info to be logged in cache before writing it to the log file.  The MODUSCAN service, however, writes the information in real time and this can cause the logs to be out of order.


1.24. Mailbox Aliases Periodically Disappear from the modusGate Console

Version & Build: All

Description of Problem:


Certain mailboxes on the system have aliases but the alias entries periodically disappear from the ModusGate Console, resulting in delivery failure errors.





If the alias address does not exist on your mail server but was added manually in ModusGate, it will be deleted by the synchronization process.





1)  If you manually add an alias address to a user's settings in ModusGate, enable Keep this user permanently in the user's properties to ensure that this setting remains intact during the synchronization process (go to Users – Properties – General)


2)  Create the alias on the mail server itself.  ModusGate will always reflect what it sees in the mail server and the entry will not be removed unless it is changed on the mail server.





Solution # 1 does not apply if you are running either:


a) A large-scale version of ModusGate where the users' names and properties are not displayed in the console




b) The "closed" mode in Gate (i.e. in Connection – Properties – General, Automatically populate user list is disabled)


For either of these two scenarios, you must configure the aliases on the mail server.
1.25. MODUSCAN Service Does Not Start

Product: All

Version & Build: All



Problem Summary:


MODUSCAN service does not start.  There is likely an error with the most recent AV update in Virus – Properties – General.  Error 4 indicates "system cannot open file".  




This problem can occur when another application on the Modus server corrupts the Norman Anti-Virus update download.  The most likely reason for this is if there is another anti-virus program installed and was not configured to exclude the Modus folders from scanning.  




  • Force Modus to download the AV definitions:
    • Sop the  MODUSCAN and MODUSADM services and close the Modus Console
    • Open the Registry Editor and go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\ MODUSCAN\Parameters
    • Double-click on the ViriiDefinitionsVersion key and delete the Value Data
    • Exit the Registry Editor
    • Open the Console and start the MODUSCAN and MODUSADM services
    • Go to Virus – Properties – Auto-Updates and click on Update Now


  • Reinstall the MODUSCAN service (the above does not resolve the problem)
    • From a Command Prompt, change directory to …Vircom\Modus<Mail or Gate>
    • Type moduscan -uninstall <enter> to remove incorrect information that may have resulted during an upgrade
    • Type moduscan –install <enter> to reinstall the service
    • Start the MODUSCAN Service

Sieve Database:


There could be a problem with the sieve database or the sieve database connection configured under Spam – Properties – Sieve Database.  A problem will result if the Sieve Database was inadvertently changed from Use Native MDB Database to Use ODBS Database and the MODUSCAN service was stopped/started.  Change the Sieve Database back to Use Native MDB Database.


However, if you intended to Use ODBC Database, test the ODBC connection using the information configured in the Console.


1.26. Quarantine Reports are Generated Too Often / Cannot Release Spam from the Report

Product:  modusGate™

Version & Build:  All




An incorrect configuration of the domain settings on modusGate™ or Microsoft™ Exchange servers may cause some issues while synchronizing mailboxes resulting in quarantine reports being generated more often than expected and the inability to release spam from the report.  Mailboxes are deleted during synchronization and are recreated as a new message enters.



On modusGate™, one or many domains are configured as alias while on the Exchange server, they are configured as real domains (or vice versa).  Ensure that on both servers, the domains are configured identically and that routes for both the alias and real domains exist on modusGate™.

To resolve this issue temporarily while you reconfigure the domains, make the following change in the Console for the use(s) who reported the problem:

  • Go to Users – Preferences – General
  • At Settings, enable the Keep this user permanently option


For configuration information, please consult the following KB article: Info: Mailbox Verification vs. Mailbox Authentication.


1.27. modusGate is Not Scanning Outbound Mail for Spam Content

Product: ModusGate

Version & Build: All





ModusGate is configured to route both Inbound mail from the Internet to the mail server and Outbound mail from local users to the Internet (i.e. outbound mail flows from the mail server through ModusGate to the Internet).



Description of Problem:


Modus properly scans the Inbound mail for spam content but Outbound mail from local users to the outside world is not getting scanned.  Local users are able to send mail out by using SMTP AUTH but the option Disable scanning for messages sent by trusted sources is not enabled.





The source of this particular problem is the way in which spam scanning is configured.  It is disabled at the system level and only enabled at the domain level.  Because outbound mail is sent to outside (non-local) domains, it is not being scanned according to the 'local' domain rules.





To ensure that mail is properly scanned in both directions, enable the options at the Server level.  For specific domains that do not want Inbound mail scanned, disable it at the domain level.


If domains do not want the outbound mail scanned and they have their own IP addresses, proceed with the following:


  • Go to Security – Properties – Trusted Address List
  • At Scanning Trusted Addresses, click on Trusted Addresses to add the IP addresses
  • Alternatively, add the domain names to Spam – Preferences – System Trusted Senders 


1.28. EXPORT Function in the Message Audit Log Does Not Open the Export Dialog Box


Product: All

Version & Build: 4.4.543+






When clicking on the Export button and your site is configured for SSL, the Export page does not open.  This can occur in IE6 and IE7.





The following steps will resolve the problem:


  • In Internet Explorer, click on Tools > Internet Options
  • Click on Advanced and scroll down to the Security section
  • Ensure that Do not save encrypted pages to disk is not enabled
  • Click on Apply if making changes
  • Click on Security and then Custom Level for Internet
  • Scroll down to Downloads
  • Ensure that Automatic prompting for file downloads is enabled
  • Click on OK if making changes
  • Click on OK to exit Internet Options



1.29. POP3 Service Slow Response Causes Message Retrieval Problems

Product: All

Version & Build: All





The POP3 Service is extremely slow to response which causes message retrieval delays.





For clients using database mailboxes, there may be a problem with the extended database SQL Index.  For clients using SQL Server for the quarantine database, problems with the MODUSADM service may be present because the Index problem will slow all access to the SQL Server.





Re-create the Index for the VOPMAIL database:


  • In SQL Server, go to Enterprise Manager
  • Expand the tree to the extended database
  • Under the extended database, click on Tables
  • Locate and right-click on VOPMAIL to select Design Table
  • Click on the Manage Indexes/Keys icon (second from right)
  • At Selected Index, ensure that IX_VOPMAIL is selected and click on Delete
  • At Selected Index, click on New to create a new index
  • Under Column, use the pull-down menu to select Username
  • Under Order, use the pull-down menu to select Ascending
  • Under Column, use the pull-down menu to select Domain and set the order to Ascending
  • Click on Close


1.30. Inconsistent SMTPDS Behavior When Returning a DSN (Delivery Status Notification)

Product:  ModusGate

Version & Build:  4.35






For messages larger than 4K in size, DSN will only send header information.  For messages smaller than 4K, DSN will send the entire contents of the message.  This 4K limit may be too restrictive for some clients. 






ModusGate v4.4.568 added a Registry key that allows you to change this value:


  • Go to HKEY_LOCAL_MACHINE\System\CurrentControlSet\Services\SMTPDS\Parameters
  • Locate the MsgSizeOnlyHeader key and open it
  • Assign a value greater than 4
  • Stop/start the SMTPDS service


1.31. Norman AV is no longer being updated


Product: ModusMail & ModusGate, AV & ASV Versions

Version & Build: 4.35.480





If Modus is reinstalled or moved to a directory that differs from that of the original installation, Norman AV features in Modus may cease to function. 




In environments using Norman Virus Control:


If Norman VC is reinstalled, Modus will not recognize the reinstall and the Norman AV features in Modus will cease to function.







If Modus was reinstalled or moved:


  • Go to the Registry Editor
    • Start – Run > regedit
    • Go to HKEY_LOCAL_MACHINE\SOFTWARE\Norman Data Defense Systems
      • At RootPath, ensure that the directory is set properly
        • E.g. …\Program Files\Vircom\ModusMail
    • Go to HKEY_LOCAL_MACHINE\Software\Vircom\Vopmail
      • If the value VsOwnNorman exists, delete it
  • Stop/Start the MODUSADM service



If Norman VC was reinstalled:

  • Go to the Registry Editor
    • Start – Run > regedit
    • Go to HKEY_LOCAL_MACHINE\SOFTWARE\Norman Data Defense Systems
      • If the value RootPath exists, delete it
    • Go to HKEY_LOCAL_MACHINE\Software\Vircom\Vopmail
      • If the value VsOwnNorman exists, delete it
  • Reinstall ModusMail


1.32. Cannot Access or Save Changes in WebMail/Quarantine Settings

Product: All

Version & Build: All



If users are unable to save their changes in the WebMail or WebQuarantine > Settings panel or they are unable to access the WebAdmin program, please use the following instructions.


To resolve these problems, you must:


  1. Set permissions in the Modus Console to determine what mailbox properties users can change
  2. Ensure that you have the correct file/folder permissions for the changes to take effect



1 - Setting access permissions in the console:


Mailbox permissions can be set on a system-wide level and are inherited by all users on all domains or you can create different permission sets on a per-domain basis so that only users within that domain inherit these permissions.




  • In the Console, go to Web – WebAdmin – Privileges and click on Edit for Allowed User Properties
  • Under the Normal User Privilege Level, use the drop-down menu to enable the options that your users will be allowed to change in WebMail/Quarantine and click on Apply


Domain level:


  • In the Console, click on Domain – WebAdmin – Privileges and select a domain from the Results window
  • Put a checkmark at Override Server Default Settings and click on Edit for Allowed User Properties
  • Under the Normal User Privilege Level, use the drop-down menu to enable the options that your users will be allowed to change in WebMail/Quarantine and click on Apply


Note:  When using ModusGate on a large-scale, the Domain properties are not accessible.  You must configure the permissions at the System-level.




2 - Setting file/folder permissions:


This step involves setting file/folder permissions:


  • In Windows Explorer, right-click on the …Vircom\Web folder and select Properties
  • Click on Security and Advanced
  • Enable the Reset/replace permissions… option
    • For Windows 2000, give Modify rights to the server's IUSR and ASPNET accounts
    • For Windows 2003, give Modify rights to the server's IUSR and Network Service accounts



ModusMail with SQL database mailboxes:


If the web components are configured on a different server than that of ModusMail, you must create a mirror of the ODBC connection between the web server and your SQL server.  The System DSN name, the login and the password must be the same on these servers, as they are configured on the ModusMail server.



ModusMail with Access database mailboxes:


If the Access database is located on the ModusMail server, configure Modify permissions for the server's IUSR and ASPNET accounts (Windows 2000 Server) or the Network Service account (Windows Server 2003)k3) on the .mdb and .lck files.


If the Access database is on a separate server from that of ModusMail, you may encounter errors when accessing the WebMail > Settings because Access does not easily support remote connections from a web server.  We recommend that the database be installed on the ModusMail server.  If this is not possible, you must copy the .mdb file to the ModusMail server and update the contents on a regular basis.



Troubleshooting sporadic access problems:


If users occasionally encounter errors when attempting to access WebMail > Settings, there may be a problem with caching in Internet Explorer.


  • In Internet Explorer, go to Tools > Internet Options
  • Under Temporary Internet Files, click on Delete Cookies and Delete Files
  • Click on OK

1.33. Spam / Virus Definition Updates Not Working Properly

Product: All

Version & Build: All





The Spam or Virus definition update process is interrupted or becomes corrupt, leading to repeated invalid update reports or errors in the Console 





Delete the Registry keys:


  • Spam definition update keys


    • Open the Registry Editor and go to HKEY_LOCAL_MACHINE\System\ CurrentControlSet\Services\MODUSADM\Parameters
    • Delete the following keys:
      • SieveAdaMCDefsList
      • SieveUpdateLUD
      • SieveUpdateLUSN
  • Virus definition update keys


    • Open the Registry Editor and go to HKEY_LOCAL_MACHINE\System\ CurrentControlSet\Services\MODUSADM\Parameters
    • Delete the following key:
      • UpdateLUSN (or McAfeeUpdateLUSN)
    • Open the Registry Editor and go to HKEY_LOCAL_MACHINE\System\ CurrentControlSet\Services\MODUSCAN\Parameters
    • Delete the following key:
      • ViriiDefinitionsVersion (or McAfeeViriiDefinitionsVersion)



Force a manual update in the Modus Console:


  • Spam
    • Go to Spam – Properties – Auto-Updates and click on Update Now


  • Virus
    • Go to Virus – Properties – Auto-Updates and click on Update Now



Note:  Do not wait for the automatic update process to update the definition files after deleting the registry keys.  Deleting the Registry keys will not trigger the process.  The process will continue to follow the settings configured in the Console.  This will delay the updates and leave your system unprotected.


On occasion, when these keys are deleted, the spam and virus settings could become disabled.  Verify that they are enabled prior to running the manual update.


1.34. Office 2007 Attachments Being Scanned as Archives and Blocked

Product: All

Version & Build: All





Office 2007 files are being scanned and blocked, even if the attachments are not malicious.  The file extensions affected are *.docx, *.pptx and *.xslx.  Files opened in Office 2007 that were created using previous versions of Office (therefore converted) contain *.bin files.  These *.bin files are included in Modus’ list of Forbidden Attachment extensions.


Modus can be configured to detect forbidden attachments within compressed files.  This setting forces the scan to decompress zipped files and other compressed file types to look for virus content.






Vircom proposes the following to resolve the issue:


  • Do not scan compressed files
    • Go to F.A. – Preferences – Options and remove the check-mark at Scan for forbidden attachments within compressed files          


  • Remove the *.bin extension from the list of forbidden attachments
    • Go to F.A. – Properties – Forbidden Attachments
    • Expand the Strong tree and click on *.bin
    • Click on Remove and then on Apply
    • Important: Messages are still being scanned for Viruses even though the *.BIN, *.COM file extensions were removed in the F.A list


1.35. Users List Refresh is Slow to Respond

Product: All

Version & Build: All






  • Refreshing the Users list in the Modus Console takes a long time
  • There is a communication slowdown between Modus and the database
  • WebMail times out and displays a .NET error (ModusMail only)






There may be several different causes for this type of behavior but it could be a result of having ODBC logging turned on:


  • Go to Administrative Tools > Data Sources (ODBC)
  • Click on Tracing
  • Click on Stop Tracing Now
  • Click on OK


1.36. Remote Console Freezes when Optimizing the Index

Product: All

Version & Build: All




This problem occurs when:


·         The Console is installed on a machine different from that of Modus


·         You access the Console while logged onto the server with an account other than the local administrative account



On the machine running the Console:


·         Ensure that the Console is closed

·         In the Registry Editor, go to HKEY_LOCAL_USER\Software\Vircom\Modus<Mail or Gate>\Console

·         Search for the Site key

o        If it exists, open it and ensure that the value for Value data corresponds to the machine name of that on which the Console is running

o        If it does not exist, create it

§         Under Console, click Edit > New and select String Value

§         Name the key Site and for Value data, enter the name of the machine on which the Console is running

·         Open the Console

1.37. "Delete All Spam" in the Quarantine Report Times Out

Product: All

Version & Build: 4.4.543 and above




If you receive timeout errors when trying to use the Delete All Spam feature in the Quarantine Report, we recommend increasing the timeout value in the machine.config file, located within the .NET framework files.


  • In Windows Explorer, go to …\Windows\Microsoft.NET\Framework\v1.1.4322\CONFIG
  • Locate the machine.config file and open it with Notepad
  • Find the line: <httpRuntime executionTimeout="90" maxRequestLength="4096" useFullyQualifiedRedirectUrl="false" minFreeThreads="8" minLocalRequestFreeThreads="4" appRequestQueueLimit="100" enableVersionHeader="true"/>
  • Change “90” to “360” (this value is in seconds)
  • Save the file
  • From a Command Prompt, run the iisreset command
  • Test the Delete All Spam function from a Quarantine Report to ensure that the problem is resolved

1.38. Util.exe Uses 100% CPU


Build & Version: 3.2 and above



Description of Problem:

The Util.exe program is using 100% CPU and the Quarantine is not working properly.



Background Information:

Util.exe is the built-in Access database compacting utility.  This utility is enabled by default when Use Native MDB database is enabled for the Quarantine database in System – Properties – Quarantine Database.


The quarantined messages are stored in the mailstore.mdb file located in the …\Vircom\Modus<Mail or Gate>\ Mailbox\@Quarantine directory.  If the mailstore.mdb file becomes corrupt, it could result in 100% CPU usage by the util.exe program when it attempts to run.




  • In the Console, stop the MODUSADM service
  • Using Windows Explorer, go to the …\Vircom\Modus<Mail or Gate>\ Mailbox\@Quarantine directory
  • Rename the mailstore.mdb file to mailstore.old
  • Start the MODUSADM service
  • A new mailstore.mdb file will be created automatically


For a more permanent solution, we recommend using a SQL Server for the Quarantine database.
1.39. WebMail & WebQuarantine Login Issues


Version & Build: All



General Description:


When attempting to log into WebMail or WebQuarantine, you get an error similar to the following:


Server Error in '/Quarantine' Application




Description: An unhandled exception occurred during the execution of the current web request. Please review the stack trace for more information about the error and where it originated in the code.






The Web program is attempting to connect to the SMTP server with an incorrect IP address. Either an invalid IP address was entered or your network configuration has changed and the IP addresses were not updated for the Web program.


Reminder: Any IP address change on the Modus server is not automatically inherited by WebMail or WebQuarantine and must be configured manually in the Web program files.





  • ModusGate
    • In Windows Explorer, go to …\Vircom\ModusGate\Web\WebQuarantine and open the webmailsvr.ini file with Notepad
    • Under [RPC:Settings], verify the Host IP address under
      • This should be the first static IP address of the server (from the first NIC card if there are multiple NICs installed)
      • Save the file if a change is made
    • Verify if the machine is able to resolve the loopback address ( entered for the SMTP, POP and IMAP connections
      • If your firewall or network security does not permit the use of this IP address, replace it in the webmailsvr.ini file with either "localhost or the actual static IP of the server
      • Save the file is a change is made
    • Stop and start the WEBMAILSVR service


  • ModusMail


    • In Windows Explorer, go to …\Vircom\ModusMail\Web\WebMail and open the webmailsvr.ini file with Notepad
    • Under [RPC:Settings], verify the Host IP address under
      • This should be the first static IP address of the server (from the first NIC card if there are multiple NICs installed)
      • Save the file if a change is made
    • Verify if the machine is able to resolve the loopback address ( entered for the SMTP, POP and IMAP connections
      • If your firewall or network security does not permit the use of this IP address, replace it in the webmailsvr.ini file with either "localhost or the actual static IP of the server
      • Save the file is a change is made
    • Stop and start the WEBMAILSVR service


1.40. WebMail Log Files Not Created

Product: ModusMail

Version & Build: 4.0 and above






WebMail log files are not created in the …\Vircom\Web\WebMail\Log folder.





Inadequate permissions on the Log folder prevents log files from being created.





Right-click the Log folder and select Properties > Security.  Add the IUSR, ASP.NET, & Network Services accounts for Windows Server 2003or IUSR and Network Service accounts for Windows 2000 Server.  Assign the account Modify permissions.  Do not forget to propagate to child objects.


1.41. WebAdmin Settings Generate "Page cannot be displayed" Error

Product: All

Version & Build: All






When accessing the Settings panel in WebAdmin or WebMail a “Page cannot be displayed” error occurs.  Performing an IIS reset resolves the problem but only temporarily.   The Event viewer may show an Application entry: aspnet_wp.exe - Application Error : The instruction at "0x16dbad5f" referenced memory at "0x174eeba8".




The exact cause is not know but seems to be related to IIS or the .NET framework. The administrator will likely see that multiple instances the aspnet_wp.exe process running in Task Manager.




  • Stop the IIS Admin Service
  • In Task Manager, stop all instances of the aspnet_wp.exe process
    • If necessary, use kill.exe to stop these processes
  • Start the IIS Admin Service and the WWW Service

1.42. How-To: Ensure Deliverability to Specific Problem Domains

Product: ModusMail

Version & Build: All






In an effort to prevent spam, Web-based email providers (such as Yahoo.com) terminate the connection from the sending server instead of returning a bounced message.  Occasionally, mail intended for recipients using this web-based email service can build up in the ...\Vircom\Modusmail\Spool\Holding and the …\Vircom\Modusmail\Spool\Domains\<yahoo.com> folders.  Deleting the files for the first message from the …\Domains\<yahoo.com> folder only temporarily fixes the problem.






A permanent solution is to identify the domains to which ModusMail is having problems delivering mail.  ModusMail would skip messages it cannot deliver for the particular domain instead of allowing messages to build up.  It would also retry to deliver the problems messages for the number of retries configured in ModusMail.


  • From the ModusMail Console, go to System – Properties – Mail Delivery
  • At Force automatic retry for these domains, click on Domain List
  • Click on Add
  • Enter the name of the domain (e.g. yahoo.com)
  • The default retry count is 50 but you may change this
  • Click on OK and then Close
  • Click on Apply


1.43. Info: Dell Servers


Product: ModusMail & ModusGate

Version & Build: 4.0 and up


Description of Problem:

Customers running ModusMail or ModusGate on Dell servers may be experiencing overall performance problems or slowdowns, such as slow response when authenticating against a database; slow mail processing; or slow network connections overall.


Known Issues with Dell's embedded Broadcom series of gigabit NIC cards:

Dell has identified problems with small data packet loss in their embedded Broadcom NIC cards that can affect the network interface and have corrected these problems with their most recent driver updates. 



Log onto the Dell Website at support.dell.com and apply all appropriate updates to your system.



1.44. Info: 3rd-Party Anti-Virus Desktop Scanners


Product: All

Version & Build: All


There have been a number of situations where ModusMail/Gate has suffered performance issues because of 3rd-party programs, particularly desktop anti-virus scanners and specifically McAfee.
To ensure that you do not experience the same problems, we ask that you check for the following server and network configurations:
1. Make sure the following file directories are excluded from any desktop virus scan
  • The modus root directory (e.g. ...\vircom\modusmail or modusgate)1 
  • The spool directory1
  • The Mailboxes\ @Quarantine directory (or just the @Quarantine directory if it is installed in a separate location from the main Mailboxes directory)2
2. Beware of mapped drives or administrative shares on the Modus server
Why? We have seen situations where workstations configured with McAfee or other desktop AV programs have connected to the Modus server via the share.  The result was that McAfee then actively scanned the Modus server itself, causing interference with the MODUSCAN service and preventing it from scanning messages properly.
3. Beware of "on access scanning" options
We have seen problems with McAfee specifically where a) the on-access scan overrode the specific file exclusions on the Modus server (listed in #1) and b) it actually disconnected servers from the network if it considered those machines to be infected.  This has resulted in Modus being disconnected from the database server, for example, which breaks the communication and causes Modus to fail.
4. Check your McAfee settings to verify whether scan for macros is enabled 
This option overrides the file exclusions in point #1 and interferes with mail flow.  This situation has been reported to McAfee but, in the meantime, please disable macro scanning.

5. Error E0020101

If you have McAfee Enterprise 8.0 desktop version installed on the Modus server, there is a default setting that blocks mass mailing on port 25 which interferes with mail flow.  You may see Error E0020101 in your logs.  This option must be disabled.  Go to VirusScan Console > Access Protection settings > Port Blocking and uncheck "Prevent mass mailing worms from sending mail".

6. Known issues when trying to use a desktop version of McAfee on a Modus server that has the McAfee AV engine built in

Because both versions of the program access the same registry keys and use the same .dll files for virus definition updates, you must disable the automatic update process in the desktop version.  This will enable the Modus server to update its definition files and provide proper email scanning.

1. These directories must be excluded on all versions of ModusMail & Gate, including those that do not have built-in virus scanning
2. It is OK to scan the contents of the Mailboxes directory, where the end-users' messages are stored.  However, the @Quarantine folder stores all the message files that have been blocked by the scanner, including any that contain viruses if the program is configured to block rather than delete them.  This folder must, therefore, be excluded from additional virus scanning to prevent interference with Modus' functionality.
1.45. Info: Applying Windows 2003 Critical Updates


Product: All

Version & Build: All


Description of Problem:

If you are using Windows 2003 Server and have applied the latest critical updates, you may see the following error when trying to use the one-click delete from the Quarantine Report:

The server is too busy to process the request, please try again later.


Stop and Start the MODUSADM service in System - Properties - Services


1.46. Header Elements Added by MX-LOGIC Cause Parsing Problems for the AutoReply Function


Product: modusMail

Version & Build: All



X-Spam: the header element added by MX-LOGIC causes the autoreply function not to work.  This only applies to setups with MX-LOGIC in front of the modusMail server.





Remove the header element that causes the problem:


  • From the Console, go to Rules – Properties – Custom Filters
  • Click on Add
  • Enter a name for the script
  • Copy the following info into the sieve box

require ["editheader","variables"];
deleteheader :matches "X-Spam" "*";


  • Click on Compile
  • Click on OK
  • Start/stop the MODUSADM and MODUSCAN services

1.47. Archived Articles for v4.1 and Below
1.47.1. Version 4.1 WebMail/Quarantine Diagnostic tool

Product: All

Version & Build: 4.1.361


From the machine where you have the Modus Web Components installed you can now access a diagnostic page that will tell you the current state of your setup and give you information about any errors in your configuration.

  1. Logon to the machine where you have the web components installed
  2. In your browser's URL Address field, replace "login.aspx" with "diagnostic.aspx"
    • If you are unable to login, just type in your <webmail or webquarantine url>/diagnostic.aspx
    • In this situation, the system displays the diagnostic page, but is not able to show as much detail about your setup.


The system displays the diagnostic page. See below for an example:


1.47.2. Version 4.0 WebMonitor login problems

The WebMonitor program requires a Windows NT login by default, so you must enter your NT account name and password at the prompt to access the information.  This prompt will appear after entering the WebMonitor URL in your web browser.

This was done to secure the program and ensure that only the system administrator has access to the information.

If you wish to remove this security to allow general access:

Goto  ..\Vircom\Web\WebMonitor make the following changes in the Web.config file:
 <authentication mode="None">
      <allow users="*" />
Then go to your IIS, right-click on the Webmonitor vrtual folder and go to Properties > Directory Security > Click "Edit" for Anonymous access and Authentication control, and make sure that "Integrated Windows Authentication" is enabled.
You may need to restart your Website and possibly do an IISRESET.


1.47.3. Version 4.0 WebMonitoring graph does not show some categories
Problem Summary: Version 4.0 330 only: Some categories may not show in the graph if the number of items for those categories are low compared to others. For example, if the number of Forbidden Attachments are 16 and the number of SPAM emails are 40,000, then the graph may not show the Forbidden Attachments.  The problem can be confirmed with MS Performance Monitor by choosing ModusAdm and then the counter for "Current X" where X is the counter item (e.g. Current Forbidden Attachments).


 The increments used in the graph are the source of the problem. If there is a large number of items for one category then this causes the interval to be very large preventing items from smaller categories from displaying.


 Vircom Inc. has recognized this as a design problem and steps have been taken to improve this problem in the future. For example, starting the graph with smaller intervals in order to show all items and then increasing the interval number so that the larger items also show in one page.


Related Information:


1.47.4. Version 4.0 Webmail message emails do not open
Problem Summary: Webmail 4.0 and higher message emails do not open. At the same time moving the mouse over various sections of the interface does not cause the section to highlight. 


 The problem source is related to two factors: First, IIS on a Windows 2000 Server machine installs a virtual directory folder called "Scripts" under the IIS "Default Web Site". Second, the new ModusWebmail's site or virtual directory also contains a sub folder called "Scripts". For this reason, when the new 4.0 and higher webmail files are saved under the IIS "Default Web Site", a conflict occurs preventing the new webmail from using the java script files under Vircom's "Scripts" folder.


Under the IIS "Default Web Site", the same place where the new webmail files were saved, delete or rename the default "Scripts" folder. IIS will then allow the Modus Webmail "Scripts" folder to be used. Refresh the IIS Admin window to confirm that the change was put into effect.

Related Information:


1.47.5. Version 4.0 Quarantine report default repository

Quarantine Reports

With each upgrade of Modus, the default directory in templates is the one that has the new reports. If you are using a previous version of the reports, from the directory one level above the default directory, you must copy the templates from the default directory up to the next level.

Alternatively, if you know you will always want to use the new report templates provided by Vircom, go to System > Quarantine Reports in the Administration Console and make the path for your quarantine reports point to the default directory. This will ensure that with each upgrade of the software, you are always using the latest revision of the reports (they will have Vircom branding).

1.47.6. Version 4.0 WebMail loading time

Loading time

Sometimes you may experience a 15-second delay (approximately) after logging in to your ModusMail account from the webmail interface before the system loads your Inbox view.

1.47.7. Version 4.0 WebMail paper clip not showing
Vircom added the support for the attachment paperclip, but decided to disable it by default. If you want to enable it, you just need to add the following line in the custom.xml file found in the Themes/Vircom directory:
    <vircommessagelist UseServerAttachment="False"></vircommessagelist>

This line must be inserted in between the existing <Theme> and </Theme> tags in the xml file. You will need to do an IISReset after the change to enable it.
P.S.: This was disabled for performance reason. When we check for attachments in a message, the whole message as to be transferred between the Mail Server and the WebMail Server and then to the IIS server.  If they are on the same computer, this should be fast, if they're not, then you could see a slowdown when loading the message list in your Inbox.  We are planning to add this functionality directly in the server, hence the name of the attribute UserServerAttachment.

1.47.8. Version 4.0 WebMonitoring and potential memory leak

Known Issue: Memory Leak, CPU/Memory Usage Warnings

Microsoft has warned against using Access Databases for data/activity monitoring purposes because of the memory leak issue in the ODBC driver. We recommend that our customers use an SQL database instead to avoid the memory leak when collecting their monitoring data.

The following section explains how to create an SQL Monitoring Database. If you need to keep the monitoring data you already have in your Access Database, this existing data can be imported through the SQL Enterprise Manager after you have completed the following steps.

How to create an SQL Monitoring Database

You must have an SQL Server fully installed with the SQL software and connected to the network that contains the server on which you have installed your Modus 4.0 product.

  1. Go to the downloads page of the Vircom website and download the Monitor.SQL file
  2. Open the SQL Enterprise Manager and create a new database called Monitoring
  3. Go to the SQL Query Analyzer – connect to the SQL Server where you will create the Monitoring database
  4. Execute the Monitor.SQL (this will create the database tables for the monitoring database)

NOTE: make sure you have selected the Monitoring database that you created in step 1 before running the query.

  1. Open ODBC Manager and create the system DSN for the Monitoring database
  2. Open your Modus Console and go to System > Monitoring database. Select the Use ODBC Database checkbox and enter the database name, your username and password
  3. Restart Modus services
1.47.9. Mailbox in Use Error

Description of Problem:

End users are complaining about getting "mailbox in use" errors.  Or, you see more of these errors appearing in the logs.


If using ModusMail 4.0.330 or prior versions: there is a known problem when accessing the mailbox with Outlook.  This has been fixed in 4.0.340

The error may also occur in the following circumstances:

  • The mailbox may already be open with another mail client, such as WebMail.
  • The end user may have a desktop copy of an anti-virus program (e.g. Norton) that hangs when trying to scan the email.


1. Upgrade to 4.0.340 to receive the latest code changes.

2. Close any other email client application that may be open and try to reset the POP service on the client's mailbox:

  • Go to the user's mailbox properties in the Modus administration console and click the Close POP3 button

3. There are known problems when using the Email Scanning option with the Norton Anti-Virus program.  Ask the customer to disable this option to remove any interference with the POP download from the ModusMail server.  The customer should then run the virus scan on the messages AFTER they have finished downloading and BEFORE opening them.

1.47.10. "Not a valid mailbox" error when the mailbox does exist


Product: ModusMail

Version & Build: 4.1.361


ModusMail is configured to authenticate against a database. On random occasions, incoming messages are rejected because of "invalid mailbox" errors, despite the fact that the user's name does exist in the database.

Probable Cause:

When Modus receives a message, it checks to see if the mailbox exists or not: it first determines whether it's a database mailbox, then tries to find the record in the db. If the db replies that it does not exist, the "open" connection fails, and Modus responds that the mailbox does not exist.

However, the invalid mailbox error can also occur in the following circumstances:

  • Modus cannot connect to the database (e.g., because of invalid ODBC connection details, network connection problems, etc.)
  • the database does not respond
  • some other database-related error (e.g., not enough disk space, no memory available, problems with stored procedures, etc.) 
  • the "open" attempt fails 

If the above problems happen from time to time, that could explain why the mailbox randomly seems to not exist.

If you're experiencing such a problem and you're using Dell servers, please see Known issue with Dell Servers

Note that this particular problem was reported by a customer using a Platypus database for authentication. He was advised to check the behavior of the stored procedure verify_mail_user.

1.47.11. ModusAdm Service does not start
Problem Summary: The ModusAdm Service does not start.


 This problem is most likely to happen with the new 4.0 228 version. Most likely a problem developed during the installation. Whether the resolution in this article fixes the problem, customers should contact Vircom so that the issue can be logged and a permanent fix can be found.


 1) Open a command prompt; 2) Navigate to the install folder (e.g. "modusmail" / "modusgate"). 3) Remove the Modusadm service with the command "modusAdm -remove"; 4) Re-install the ModusAdm Service with the command "ModusAdm -install"; 5) Start the ModusAdm service; 6) Verify that ModusAdm.exe is running in Task Manager.


Related Information:


1.48. Quarantine Database Problems when Upgrading from 4.4.568

Product: All

Version & Build: 4.4.543 and below





When upgrading to v4.4.568, a database script should automatically be run on the Quarantine database to add a new column called confidence in tblMsgCatalog.  This column was added to resolve an issue with the “Delete all” function in the Quarantine Report.





In some cases, where the User ID being used in the ODBC (e.g. SA) does not have the correct permissions, the automatic upgrade for the database does not occur.  If this occurs, clients must manually run the script XXX_quarantine_upgrade.sql, where XXX is the DB software you are using (e.g. mssql_quarantine_upgrade.sql for SQL Server).


Symptoms if the confidence column is missing:


  • No new items appear in the Console when Refresh is selected
  • There is a backlog in the …\Spool\Spam and/or …\Spool\Virus folders
  • No messages nor errors appear in the Console, under Quarantine, when Refresh is selected
  • There is a backlog in the…Spool\Invirus folder



Tracing the problem:


  • Open the ERR log, located in …\Vircom\Modus<Mail or Gate>\log, and search for errors related to MODUSADM





We are using Microsoft SQL Server but this solution applies to PostgreSQL, Access and MySQL, simply by using your DB client folder and the corresponding DB script.

  • From the Modus Console, stop the MODUSADM service
  • From a Command Prompt, run the mssql_quarantine_upgrade.sql script (located in …\Vircom\Modus<Mail or Gate>\DBStructures\SQL Server\Quarantine)
  • Start the MODUSADM service



Microsoft Access Users:


99.9% of our clients who use Microsoft Access for the Quarantine database have not experienced this problem because the DB is local to the server.  However, if you do experience this problem, proceed with the following:


  • From the Console, stop the MODUSADM service
  • Open a Command Prompt and change directory to …\Vircom\Modus<Mail or Gate>
  • At …\Vircom\Modus<Mail or Gate>, type util upgradedb -q -p dbstructures <enter>
  • Start the MODUSADM service





If you use Modus WebAdmin (as Administrator) and there is a problem with the statistical information (numbers are incorrect) or if the page times out, proceed with the following (again, using SQL Server as an example):


  • From the Modus Console, stop the MODUSADM service
  • From a Command Prompt, run the mssql_quarantine_manual_upgrade.sql script (located in …\Vircom\Modus<Mail or Gate>\DBStructures\SQL Server\Quarantine)
  • Start the MODUSADM service
  • This script adds a column, Domain, which increases database performance to display information more quickly in WebAdmin


1.49. How to fix web components to view with IE 11

Product: All

Version & Build: All


Description of Problem:


When viewing webmail with Internet Explore 11, clients are subjected to an error on the page stating that the browser is unsupported. This is in reason of the release of Windows 8.1 being distributed with Internet Explorer 11.




1-Locate the web.config file under the Web folder root Webmail\WebRoot or WebQuarantine\WebRoot

2-In the custom.config file edit the following entry.


<add key="AllowUnSupportedBrowsers" value="false" />


<add key="AllowUnSupportedBrowsers" value="true" />


3-Save the changes and restart the IIS service by opening up the run command and typing IISRESET.

4-Then check for Windows server updates and apply all .NET framework updates on the Modus server.

5-Once they are applied, you are required to reboot the Modus server.



1.50. Unable to Update Avira Virus Engine:


Product: All

Version & Build: 5.61+



The anti-virus engine in Modus is not updating causing the Moduscan service not to start or fail.


Background Information:


Under the Virus tab in modus the update engine would display that the "Moduscan pending restart..." However the service will not start.





1. Go to the windows services, select moduscan then properties on moduscan, click on RECOVERY tab and chose NO ACTION for the three option listed there 

2.  Make sure that moduscan is STOPPED

3.  Navigate to  HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\MODUSCAN\Parameters   

4. Delete the following keys: 




5.  Stop/Start modusAdm

6. On the console, click Virus, and click  Update now.

1.51. Invalid license for VircomMailAuto

Product: All

Version & Build: All



When you are doing a migration moving from one server to another server or if you have ModusMail or ModusGate is installed on a different server from the Web Components, there is a possibility to receive an unhandled error during login. 


Description of Problem:

Please open the most recent ERROR.LOG file located under "Vircom\Web\WebMail\Log" if the following error that is located belows found within the error log: The error is cause because a possible some DLL libraries file.


Source: /webmail/Login.aspx

Exception Description is: Invalid license for VircomMailAuto

COM Error: 0x80040112

Call Stack :

   atLicObjActivatorLib.ActivatorClass.CreateLicensedInstance(String strProgID,String strKey)



1-  Please make a copy of your Themes folder and copy of your login.aspx file (if need be).

2-  Run the Modus installer executable.

3-  When the installation is finished, copy back the Theme folder and login.aspx from step 1.

4-  Reboot the Modus server if necessary.



1.52. Error 00002f0D running Spam updates.
Product:  modusMail & modusGate 
Version & Build: All
When you open the Modus console and you click on the SPAM button, if you see the following error listed below

  • Sieve remote data source error 0x00002F0D.
Then you need to proceed as follows:

1- Apple all windows updates.
2- Reboot the server.
4- Click on START - RUN and type MMC in the run command and press "enter".
5- In MMC, click on FILE - ADD/REMOVE SNAP/IN.
6- Select CERTIFICATES from the list.
11- Select ALL TASK - IMPORT.
12- Select the certificate you downloaded from the link above.
13- Make srue the "Place all certificates in the following store" is set to "TRUSTED ROOT CERTIFICATES AUTHORITIES.
14- Finish.
15- Now update the spam definitions.
1.53. Avira Virus Updates Generate an Error: 0XE007FDF1

Product: All

Version & Build: 5.61+



The anti-virus engine in Modus is not updating causing the Moduscan service not to start or fail.


Background Information:


Within the Modus console under the Virus tab, if the following error code is displayed 0XE007FDF1 this means that some Microsoft updates are required. The image below indicates the error message reported in Event Viewer.




Solutions 1:


1. Download C++ redistributable 2008 SP1 from https://www.microsoft.com/en-us/download/details.aspx?id=11895 and 2005 version from https://www.microsoft.com/en-us/download/details.aspx?id=3387

2. Uninstall C++ Redistributable 2005 + Reboot + install C++ Redistributable 2005 again from the newly downloaded.

3. Uninstall C++ Redistributable 2008 x86 SP1 + reboot + Re-installing it again from the newly downloaded. 


Solutions 2: 

1. Stop Moduscan and Modusadm

2. Grab this file ftp://yves:arivne@ftp.vircom.com/avira/hbedv.key

3. Copy the new HBED.KEY to the Avira folder and replace the old file with the new hbedv.key file

4. Go to the registry (HKLM\SYSTEM\CurrentControlSet\Services\MODUSCAN\Parameters) and delete the known keys.


  • AviraViriiDefinitionsVersion
  • AviraLastUpdatePckgld
  • AviraLastCheckResult
  • AviraLastCheckDate


5. Restart Modusadm and Moduscan.

6. Console > Virus and push the UPDATE button.

7. It'll take a few minutes but it should be operational.  


1.54. Modusmon Service will not start:


Product: All

Version & Build: All



When in the modus console and attempting to start the modusmon service and it will not start. it seems the service does not do anything.



Background Information:


When checking the modus error log and you see the following error message for the modusmon service

  • Monitoring service failed to initialize. Error code: 1740 Error description. The endpoint is a duplicate.
This indicates that port 32000 is being used by another services on the server and must be killed or changed.





1. Download TCPView below and run it on the local modus server. This will display all the ports being used.

2.  Locate the service or session that is running port 32000 and use TCPView to kill the task or determine which service is using the port.

3.  Once the session has been terminated or port modified for the 3rd part service, log back into modus to restart the Modusmon service and the service should start.

1.55. How-To: Troubleshoot outbound mail flow

Product: All

Version & Build: All






It has occur from time to time that domains are able to receive email but are not able to send outbound emails. There is a number of factors that can contribute to this issue from modus services not started to compromised accounts. Here are some troubleshooting steps that can be done to ensure mail flow is working.





Step 1:


  • Ensure that port 25 is able to relay outbound from your existing modus server. Open a command prompt from your modus server and attempt to telnet to any external domain on port 25. May i suggest telnet to mgate-01.vircom.com on port 25. If you are able to connect and see a banner this indicates that port 25 is opened.

  • If an SMTP banner does not display or if you are unable to connect to via port 25, please verify your local firewall policies to ensure outbound mail flow is allowed. if this is not the case head to step 2.

Step 2:


  • Ensure if all modus services are running on the server, any service that is not running may cause mail flow issues or delay in email. If this is not the case head to step 3.


Step 3: 


  • Locate your spool directory within your modus console. The path can be found in modus under SYSTEM - SETTINGS

  • Copy that directory path into a windows explorer page where a list of folders will be displayed. One of those folders will be named DOMAINS.
  • Right click the domains folder and select PROPERTIES from the menu.

  • On the properties page be aware of the Contains label and the number of files listed.
  • If the number is greater than 500, this may indicate a spam attack or compromised account.



Step 4: 


  • In the spool directory in the domains folder, locate any domain listed of abnormal naming convention or bizarre format. This may indicate a compromised account ... ie (yahhoo.com, hootmail.com... etc.
  • go into one of these folder and see if any files are listed.
  • If a number of files are listed with the extension .DEF, this indicates that emails being sent to this domain have failed or is unable to reach its destination.



Step 5:


  • Double click to open any of the .DEF files found.
  • The content of the file may contain some information as listed below.
  • The main points of the .DEF file are highlighted below.
  • The TRY-NUMBER value indicates how many times the email attempted to resend itself.
  • The AUTH-LOGIN value indicates which user account authenticated to send the message.
  • The LAST-ERROR value indicates the reason as to why the email was not delivered.


Step 6:


  • After repeatedly performing STEP 4 and STEP 5 on different domain folders.
  • And if the content of the .DEF files seem to contain the same AUTH-LOGIN and LAST-ERROR info.
  • This is will a sure you that there is a compromised account, which can indeed cause the disruption of outbound mail flow.






  • Locate the culprits mailbox within your mail exchanger software and perform the following.
    • Change user account password\or disable account.
    • Rename the modus spool directory path found in STEP 3.
    • Restart all modus services in the console under SYSTEM - SERVICES.
    • Perform security scan on mail exchanger.
    • Perform security scan on clients end workstation.



  •  Locate the culprit mailbox within modusMail Console and perform the following.
    • Change user account password\or disable account.
    • Rename the modus spool directory path found in STEP 3.
    • Restart all modus services in the console under SYSTEM - SERVICES.
    • Perform security scan on modusMail server.
    • Perform security scan on clients end workstation.







1.56. IMAP Syn Flood


Product: modusMail

Version & Build: All



If your mailbox is IMAP type then you might experience the following symptoms that on one can login to webmail.




  • No one can login to webmail mail client.
  • You get the banner only after 3 to 4 times a telnet command is issued on port 143.
  • If you list the IP address connecting to your server on port 143 you should see similar to screen shot below where you should notice on the last column to the right a series of SYN_RECEIVED.


Someone form the outside world is sending to many AUTH requests creating a SYN_FLOOD scenario on port 143 making the IMAP port unresponsive.



When you locate this/these IP addresses, you MUST add them at the firewall level (your front end firewall) as adding them to the modusMail console banned IP list will not help.



1.57. Understanding Message Headers

Product: All
Version & Build:

Understanding Message Header Information

Return-Path:    The return-path email header Outlook is mainly used for bounces. It describes the return-path of the message, where the message needs to be delivered or how one can reach to message sender. If the message is not delivered, then the mail server will send the message to the specified email address.


Received:   An essential email header in Outlook 2010 or all other versions is received header. It displays the list of all the email server through which message is routed to reach the receiver. Moreover, the best way to analysis this header is read it from bottom to top. 

This header also provides the information about the message that is when the message is transferred for example in above header it specifies that it occur on Tuesday, October 18, 2016, at 04:56:19 in the morning is Pacific Standard Time that is 8 hours late than UTC (Universal Coordinated Time).

This field also provides IP address of all the sender's mail server, receiver's mail server, and the mail server, through which message is passed from sender to receiver.

Message-ID:   There is always a unique message id assigned to each message that refers to a particular version of a particular message. For example: 


  • Message-ID: "58060de3.644e420a.7228e.e2aa@mx.domain.com" 


This message has a unique identifier (number) that is assigned by mx.google.com for identification purpose. It is the unique ID that is always associated with the message.


Date:   As it is clear from the name, it specifies the date and time of a particular message that when the message was composed and sent. Moreover, this date and time are totally dependent on the clock of sender's computer. 

From:   The from email header in Outlook specifies the name of the sender and the email address of the sender. This header can easily be forged, therefore it is least reliable. For example:

  • From: "Microsoft Outlook" "content.trainingupdate@domain.com"

It specifies that message was sent by Microsoft Outlook from the email address content.trainingupdate@domain.com.

To:   The "to" field in the Outlook email header normally specifies the name of the receiver or we can say that to whom message was sent. 


Subject:   This header field normally displays the subject of the email message which is specified by the sender of the email 


MIME Version:   MIME is basically a Multipurpose Internet Mail Extension is an internet standard. Its role is to extend the email message format. It also describes the version of MIME protocol that sender was using at that time. It is also an important email header in Outlook.


Content-Type:   It is an additional MIME header that tells the type of content to expect in the message with the help of MIME-compliant e-mail programs. It also displays the format of the message like HTML, XML and plain text.