Aaargh ... need to vent ... need help

Aaargh ... need to vent ... need help

Post by Kevin Weilbache » Wed, 24 Jul 2002 08:56:51



I was "evaluating" GFI's Mail Essential 7 for one of my customers for use as
a server based Spam filter product.

So, I installed it on my home/test system first (thank goodness). I'm using
the POP3 connector, and GFI informed me that I would have to use their POP3
connector program in order for ME7 to work.  SO .... I ran ICW and disabled
POP3.  I then installed ME7 and configured their POP3 connector software
(which they name POP2 ... go figure).  Things seemed to be working just
fine.  Configured and tested the spam filtering.  Configured their
Disclaimer feature. Everything up and running --- enough for one night. So,
I decided to let things just sit and run overnight.

Next day, I thought ...hhmmmm, I wonder if switching the POP3 connector
could somehowl affect Trend OfficeScan for SBS?

First clue that something was wrong ... when I opened up Trend's OfficeScan
Mgmt Console from the server console, and it comes up with a 'Enter Network
Password' window --- which wants me to enter the user name. password and
domain.  No matter what I enter, it doesn't accept it.  Oh, shoot --what's
going on?

Now the ScanMail Mgmt Console works, but not either of the two web/browser
based utilities --- they both want me to log in to the network, and even
using the administrator password does not help.

So, I went "outside" and configured an email containing the test EICAR file
as an attachment.  When my server picked it up, guess what ---  the Trend
real time monitor did *NOT* pick it up.  That's when I realized it hadn't
been picking up any viruses since the previous day.

I did a full manual virus scan of my server ... and found a couple of
quarantined Worm.Klez.H virused files.  Fortunately, although the real time
monitor did not pick it up, the scheduled virus scan did. Cr*p, I
thought --- what if something else got through --like CodeRed?

I ran the Code Red detection utility, even though I knew I was patched, and
it told me that one of the files was not patched, as if MS01-044 had never
been applied.  But it had, because I had it on my system!  But I went ahead,
and reran the patch again. Then reran the CodeRed detection program, and
said it did not find any trace of the Trojan file associated with Code Red.

Now here's what I need help with:

1. Making Trend's web/browser based mgmt console programs to work
2. I'm now starting to get some automatically generated  *undeliverable*
messages in Outlook such as:

Your message did not reach some or all of the intended recipients.
Subject: Hello,im,questionnaire
Sent: 7/22/2002 11:01 AM
The following recipient(s) could not be reached

The e-mail address could not be found. Perhaps the recipient moved to a
different e-mail organization, or there was a mistake in the address. Check
the address and try again. < out016.verizon.net #5.1.2>

Any suggestions ???

BTW, I took off GFI ME7, and reestablish SBS2K's POP3 connector.
-kw

 
 
 

Aaargh ... need to vent ... need help

Post by Javier A. Gomez-Duran » Wed, 24 Jul 2002 09:46:34


Hi Kevin:

I will post something that I read in a recent post by Steve Foster:

<-Start->
POST NAME:Exchange 2000-SP3 Error?

I ask because MailEssentials 2000 was not compatible with Exchange SP2,
unless you got a patch from GFI. Their products _may_ be interfering
with the SP3 install (or the SP3 install may not like GFI's software...)

At least if they're temporarily disabled, you can eliminate them from
the picture.

--
Steve Foster [SBS MVP]
---------------------------------------
MVPs do not work for Microsoft. Please reply only to the newsgroups.

<-End->

I really don't know if the v7 is the same product as the 2000 version that
Steve is mentioning... but I just wanted to post since it seemed curious to
me.

Hope this helps a bit,

Javier A. Gomez-Durand

San Juan, Puerto Rico


> I was "evaluating" GFI's Mail Essential 7 for one of my customers for use
as
> a server based Spam filter product.

> So, I installed it on my home/test system first (thank goodness). I'm
using
> the POP3 connector, and GFI informed me that I would have to use their
POP3
> connector program in order for ME7 to work.  SO .... I ran ICW and
disabled
> POP3.  I then installed ME7 and configured their POP3 connector software
> (which they name POP2 ... go figure).  Things seemed to be working just
> fine.  Configured and tested the spam filtering.  Configured their
> Disclaimer feature. Everything up and running --- enough for one night.
So,
> I decided to let things just sit and run overnight.

> Next day, I thought ...hhmmmm, I wonder if switching the POP3 connector
> could somehowl affect Trend OfficeScan for SBS?

> First clue that something was wrong ... when I opened up Trend's
OfficeScan
> Mgmt Console from the server console, and it comes up with a 'Enter
Network
> Password' window --- which wants me to enter the user name. password and
> domain.  No matter what I enter, it doesn't accept it.  Oh, shoot --what's
> going on?

> Now the ScanMail Mgmt Console works, but not either of the two web/browser
> based utilities --- they both want me to log in to the network, and even
> using the administrator password does not help.

> So, I went "outside" and configured an email containing the test EICAR
file
> as an attachment.  When my server picked it up, guess what ---  the Trend
> real time monitor did *NOT* pick it up.  That's when I realized it hadn't
> been picking up any viruses since the previous day.

> I did a full manual virus scan of my server ... and found a couple of
> quarantined Worm.Klez.H virused files.  Fortunately, although the real
time
> monitor did not pick it up, the scheduled virus scan did. Cr*p, I
> thought --- what if something else got through --like CodeRed?

> I ran the Code Red detection utility, even though I knew I was patched,
and
> it told me that one of the files was not patched, as if MS01-044 had never
> been applied.  But it had, because I had it on my system!  But I went
ahead,
> and reran the patch again. Then reran the CodeRed detection program, and
> said it did not find any trace of the Trojan file associated with Code
Red.

> Now here's what I need help with:

> 1. Making Trend's web/browser based mgmt console programs to work
> 2. I'm now starting to get some automatically generated  *undeliverable*
> messages in Outlook such as:

> Your message did not reach some or all of the intended recipients.
> Subject: Hello,im,questionnaire
> Sent: 7/22/2002 11:01 AM
> The following recipient(s) could not be reached

> The e-mail address could not be found. Perhaps the recipient moved to a
> different e-mail organization, or there was a mistake in the address.
Check
> the address and try again. < out016.verizon.net #5.1.2>

> Any suggestions ???

> BTW, I took off GFI ME7, and reestablish SBS2K's POP3 connector.
> -kw


 
 
 

Aaargh ... need to vent ... need help

Post by Kevin Weilbache » Wed, 24 Jul 2002 10:04:22


Javier, thanks -- Yes, I saw Steve's post.

I am not trying to install Exchange SP3, and besides, I'm beyond GFI -- now
that I've removed it.  My concerns are with the emails and fixing Trend.
Fixing Trend may simply be to uninstall and reinstall.
-kw



> Hi Kevin:

> I will post something that I read in a recent post by Steve Foster:

> <-Start->
> POST NAME:Exchange 2000-SP3 Error?

> I ask because MailEssentials 2000 was not compatible with Exchange SP2,
> unless you got a patch from GFI. Their products _may_ be interfering
> with the SP3 install (or the SP3 install may not like GFI's software...)

> At least if they're temporarily disabled, you can eliminate them from
> the picture.

> --
> Steve Foster [SBS MVP]
> ---------------------------------------
> MVPs do not work for Microsoft. Please reply only to the newsgroups.

> <-End->

> I really don't know if the v7 is the same product as the 2000 version that
> Steve is mentioning... but I just wanted to post since it seemed curious
to
> me.

> Hope this helps a bit,

> Javier A. Gomez-Durand

> San Juan, Puerto Rico



> > I was "evaluating" GFI's Mail Essential 7 for one of my customers for
use
> as
> > a server based Spam filter product.

> > So, I installed it on my home/test system first (thank goodness). I'm
> using
> > the POP3 connector, and GFI informed me that I would have to use their
> POP3
> > connector program in order for ME7 to work.  SO .... I ran ICW and
> disabled
> > POP3.  I then installed ME7 and configured their POP3 connector software
> > (which they name POP2 ... go figure).  Things seemed to be working just
> > fine.  Configured and tested the spam filtering.  Configured their
> > Disclaimer feature. Everything up and running --- enough for one night.
> So,
> > I decided to let things just sit and run overnight.

> > Next day, I thought ...hhmmmm, I wonder if switching the POP3 connector
> > could somehowl affect Trend OfficeScan for SBS?

> > First clue that something was wrong ... when I opened up Trend's
> OfficeScan
> > Mgmt Console from the server console, and it comes up with a 'Enter
> Network
> > Password' window --- which wants me to enter the user name. password and
> > domain.  No matter what I enter, it doesn't accept it.  Oh,
shoot --what's
> > going on?

> > Now the ScanMail Mgmt Console works, but not either of the two
web/browser
> > based utilities --- they both want me to log in to the network, and even
> > using the administrator password does not help.

> > So, I went "outside" and configured an email containing the test EICAR
> file
> > as an attachment.  When my server picked it up, guess what ---  the
Trend
> > real time monitor did *NOT* pick it up.  That's when I realized it
hadn't
> > been picking up any viruses since the previous day.

> > I did a full manual virus scan of my server ... and found a couple of
> > quarantined Worm.Klez.H virused files.  Fortunately, although the real
> time
> > monitor did not pick it up, the scheduled virus scan did. Cr*p, I
> > thought --- what if something else got through --like CodeRed?

> > I ran the Code Red detection utility, even though I knew I was patched,
> and
> > it told me that one of the files was not patched, as if MS01-044 had
never
> > been applied.  But it had, because I had it on my system!  But I went
> ahead,
> > and reran the patch again. Then reran the CodeRed detection program, and
> > said it did not find any trace of the Trojan file associated with Code
> Red.

> > Now here's what I need help with:

> > 1. Making Trend's web/browser based mgmt console programs to work
> > 2. I'm now starting to get some automatically generated  *undeliverable*
> > messages in Outlook such as:

> > Your message did not reach some or all of the intended recipients.
> > Subject: Hello,im,questionnaire
> > Sent: 7/22/2002 11:01 AM
> > The following recipient(s) could not be reached

> > The e-mail address could not be found. Perhaps the recipient moved to a
> > different e-mail organization, or there was a mistake in the address.
> Check
> > the address and try again. < out016.verizon.net #5.1.2>

> > Any suggestions ???

> > BTW, I took off GFI ME7, and reestablish SBS2K's POP3 connector.
> > -kw

 
 
 

Aaargh ... need to vent ... need help

Post by Andrew Gerick » Fri, 26 Jul 2002 03:41:27


Hi Kevin,

And now you know why I re-installed my whole server on the weekend. BTW: Is
running beautifully.

Cheers,

Andrew


> Javier, thanks -- Yes, I saw Steve's post.

> I am not trying to install Exchange SP3, and besides, I'm beyond GFI --
now
> that I've removed it.  My concerns are with the emails and fixing Trend.
> Fixing Trend may simply be to uninstall and reinstall.
> -kw



> > Hi Kevin:

> > I will post something that I read in a recent post by Steve Foster:

> > <-Start->
> > POST NAME:Exchange 2000-SP3 Error?

> > I ask because MailEssentials 2000 was not compatible with Exchange SP2,
> > unless you got a patch from GFI. Their products _may_ be interfering
> > with the SP3 install (or the SP3 install may not like GFI's software...)

> > At least if they're temporarily disabled, you can eliminate them from
> > the picture.

> > --
> > Steve Foster [SBS MVP]
> > ---------------------------------------
> > MVPs do not work for Microsoft. Please reply only to the newsgroups.

> > <-End->

> > I really don't know if the v7 is the same product as the 2000 version
that
> > Steve is mentioning... but I just wanted to post since it seemed curious
> to
> > me.

> > Hope this helps a bit,

> > Javier A. Gomez-Durand

> > San Juan, Puerto Rico



> > > I was "evaluating" GFI's Mail Essential 7 for one of my customers for
> use
> > as
> > > a server based Spam filter product.

> > > So, I installed it on my home/test system first (thank goodness). I'm
> > using
> > > the POP3 connector, and GFI informed me that I would have to use their
> > POP3
> > > connector program in order for ME7 to work.  SO .... I ran ICW and
> > disabled
> > > POP3.  I then installed ME7 and configured their POP3 connector
software
> > > (which they name POP2 ... go figure).  Things seemed to be working
just
> > > fine.  Configured and tested the spam filtering.  Configured their
> > > Disclaimer feature. Everything up and running --- enough for one
night.
> > So,
> > > I decided to let things just sit and run overnight.

> > > Next day, I thought ...hhmmmm, I wonder if switching the POP3
connector
> > > could somehowl affect Trend OfficeScan for SBS?

> > > First clue that something was wrong ... when I opened up Trend's
> > OfficeScan
> > > Mgmt Console from the server console, and it comes up with a 'Enter
> > Network
> > > Password' window --- which wants me to enter the user name. password
and
> > > domain.  No matter what I enter, it doesn't accept it.  Oh,
> shoot --what's
> > > going on?

> > > Now the ScanMail Mgmt Console works, but not either of the two
> web/browser
> > > based utilities --- they both want me to log in to the network, and
even
> > > using the administrator password does not help.

> > > So, I went "outside" and configured an email containing the test EICAR
> > file
> > > as an attachment.  When my server picked it up, guess what ---  the
> Trend
> > > real time monitor did *NOT* pick it up.  That's when I realized it
> hadn't
> > > been picking up any viruses since the previous day.

> > > I did a full manual virus scan of my server ... and found a couple of
> > > quarantined Worm.Klez.H virused files.  Fortunately, although the real
> > time
> > > monitor did not pick it up, the scheduled virus scan did. Cr*p, I
> > > thought --- what if something else got through --like CodeRed?

> > > I ran the Code Red detection utility, even though I knew I was
patched,
> > and
> > > it told me that one of the files was not patched, as if MS01-044 had
> never
> > > been applied.  But it had, because I had it on my system!  But I went
> > ahead,
> > > and reran the patch again. Then reran the CodeRed detection program,
and
> > > said it did not find any trace of the Trojan file associated with Code
> > Red.

> > > Now here's what I need help with:

> > > 1. Making Trend's web/browser based mgmt console programs to work
> > > 2. I'm now starting to get some automatically generated
*undeliverable*
> > > messages in Outlook such as:

> > > Your message did not reach some or all of the intended recipients.
> > > Subject: Hello,im,questionnaire
> > > Sent: 7/22/2002 11:01 AM
> > > The following recipient(s) could not be reached

> > > The e-mail address could not be found. Perhaps the recipient moved to
a
> > > different e-mail organization, or there was a mistake in the address.
> > Check
> > > the address and try again. < out016.verizon.net #5.1.2>

> > > Any suggestions ???

> > > BTW, I took off GFI ME7, and reestablish SBS2K's POP3 connector.
> > > -kw

 
 
 

Aaargh ... need to vent ... need help

Post by Kevin Weilbache » Fri, 26 Jul 2002 03:52:36


Reinstalling may clear the problem -- but I would rather know what "changed"
and understand what happened.
Glad to hear you are up and running!
-kw


> Hi Kevin,

> And now you know why I re-installed my whole server on the weekend. BTW:
Is
> running beautifully.

> Cheers,

> Andrew



> > Javier, thanks -- Yes, I saw Steve's post.

> > I am not trying to install Exchange SP3, and besides, I'm beyond GFI --
> now
> > that I've removed it.  My concerns are with the emails and fixing Trend.
> > Fixing Trend may simply be to uninstall and reinstall.
> > -kw



> > > Hi Kevin:

> > > I will post something that I read in a recent post by Steve Foster:

> > > <-Start->
> > > POST NAME:Exchange 2000-SP3 Error?

> > > I ask because MailEssentials 2000 was not compatible with Exchange
SP2,
> > > unless you got a patch from GFI. Their products _may_ be interfering
> > > with the SP3 install (or the SP3 install may not like GFI's
software...)

> > > At least if they're temporarily disabled, you can eliminate them from
> > > the picture.

> > > --
> > > Steve Foster [SBS MVP]
> > > ---------------------------------------
> > > MVPs do not work for Microsoft. Please reply only to the newsgroups.

> > > <-End->

> > > I really don't know if the v7 is the same product as the 2000 version
> that
> > > Steve is mentioning... but I just wanted to post since it seemed
curious
> > to
> > > me.

> > > Hope this helps a bit,

> > > Javier A. Gomez-Durand

> > > San Juan, Puerto Rico



> > > > I was "evaluating" GFI's Mail Essential 7 for one of my customers
for
> > use
> > > as
> > > > a server based Spam filter product.

> > > > So, I installed it on my home/test system first (thank goodness).
I'm
> > > using
> > > > the POP3 connector, and GFI informed me that I would have to use
their
> > > POP3
> > > > connector program in order for ME7 to work.  SO .... I ran ICW and
> > > disabled
> > > > POP3.  I then installed ME7 and configured their POP3 connector
> software
> > > > (which they name POP2 ... go figure).  Things seemed to be working
> just
> > > > fine.  Configured and tested the spam filtering.  Configured their
> > > > Disclaimer feature. Everything up and running --- enough for one
> night.
> > > So,
> > > > I decided to let things just sit and run overnight.

> > > > Next day, I thought ...hhmmmm, I wonder if switching the POP3
> connector
> > > > could somehowl affect Trend OfficeScan for SBS?

> > > > First clue that something was wrong ... when I opened up Trend's
> > > OfficeScan
> > > > Mgmt Console from the server console, and it comes up with a 'Enter
> > > Network
> > > > Password' window --- which wants me to enter the user name. password
> and
> > > > domain.  No matter what I enter, it doesn't accept it.  Oh,
> > shoot --what's
> > > > going on?

> > > > Now the ScanMail Mgmt Console works, but not either of the two
> > web/browser
> > > > based utilities --- they both want me to log in to the network, and
> even
> > > > using the administrator password does not help.

> > > > So, I went "outside" and configured an email containing the test
EICAR
> > > file
> > > > as an attachment.  When my server picked it up, guess what ---  the
> > Trend
> > > > real time monitor did *NOT* pick it up.  That's when I realized it
> > hadn't
> > > > been picking up any viruses since the previous day.

> > > > I did a full manual virus scan of my server ... and found a couple
of
> > > > quarantined Worm.Klez.H virused files.  Fortunately, although the
real
> > > time
> > > > monitor did not pick it up, the scheduled virus scan did. Cr*p, I
> > > > thought --- what if something else got through --like CodeRed?

> > > > I ran the Code Red detection utility, even though I knew I was
> patched,
> > > and
> > > > it told me that one of the files was not patched, as if MS01-044 had
> > never
> > > > been applied.  But it had, because I had it on my system!  But I
went
> > > ahead,
> > > > and reran the patch again. Then reran the CodeRed detection program,
> and
> > > > said it did not find any trace of the Trojan file associated with
Code
> > > Red.

> > > > Now here's what I need help with:

> > > > 1. Making Trend's web/browser based mgmt console programs to work
> > > > 2. I'm now starting to get some automatically generated
> *undeliverable*
> > > > messages in Outlook such as:

> > > > Your message did not reach some or all of the intended recipients.
> > > > Subject: Hello,im,questionnaire
> > > > Sent: 7/22/2002 11:01 AM
> > > > The following recipient(s) could not be reached

> > > > The e-mail address could not be found. Perhaps the recipient moved
to
> a
> > > > different e-mail organization, or there was a mistake in the
address.
> > > Check
> > > > the address and try again. < out016.verizon.net #5.1.2>

> > > > Any suggestions ???

> > > > BTW, I took off GFI ME7, and reestablish SBS2K's POP3 connector.
> > > > -kw