Major incident notice for ESS and PSB ESS: F-Secure Gemini failed to scan email messages
Dear F-Secure Customer/Partner,
From 2015-09-24 13:10 UTC to 2015-09-24 16:06 UTC, our Email and Server Security (ESS) and Protection Service for Business Email and Server Security (PSB ESS) products experienced a major incident.
This incident affected all products relying on ESS and PSB ESS services. The visible effect was that the F-Secure Gemini scanning engine failed to scan email messages and put them directly into quarantine.
This incident was promptly resolved and was fixed in Gemini 2015-09-24_03.
However, if you are unable to get the updates immediately, and you are still experiencing issues, you can disable the Gemini scanning engine temporarily as follows:
- In the F-Secure web console, click on General > Engines > Status.
- Go to F-Secure Gemini > Properties, then select Disable engine.
This will prevent emails going to quarantine.
We apologize for the inconvenience this may have caused you. We have initiated a root cause analysis process to identify how we can avoid similar incidents in the future.
With Best Regards,
F-Secure Customer Care
> Act temporarily as follows:
> In the F-Secure web console, click on General > Engines > Status.
> Go to F-Secure Gemini > Properties, then select Disable engine.
> This will prevent emails going to quarantine.
If the hard disk space becomes low because of the excessive many e-mails placed in quarantine, this method cannot be applied, as the web interface cannot start.
(Regrettably, the FSAV ESS installer unwisely places the quarantines folder on the system drive, thereby excerberating this problem.)
Yours Sincerely: Tamas Feher, Hungary.
Thanks for the response, but please consider that web console based remediation procedures are useless if the FSAV ESS web user interface cannot start up (in case the free hard disk space is exhausted or falls below 30MB after a large amount of e-mails suddenly accumulated in the quarantine folder).
The customers who suffer from such a situation would need a command-line or registry-based solution to remedy the Gemini engine malfunction, because they cannot access the Web Console. (Manually removing many e-mails from the quarantine fodler reportedly leads to index corruption?)
Yours Sincerely: Tamas Feher.