After intalling Client Security 9.3 all emails downloaded from MS Outlook are empty

Scholar

After intalling Client Security 9.3 all emails downloaded from MS Outlook are empty

Previous version 9.2 worked fine, but after the upgrade to version 9.3 all emails, we received with MS Outlook (2003 and 2007) are empty. Empty from, empty to, empty subject, empty body.

If I deactivate the realtime scanner for emails it works fine and the emails are correct.

So what kind of settings are required to get emails with activated realtime scanner?

20 REPLIES 20
F-Secure

I've sent your problem report forward to the development...

I've sent your problem report forward to the development team. 

F-Secure
F-Secure

Please, collect the email scanning log: To enable logging...

Please, collect the email scanning log:

To enable logging for ES driver follow these steps:
1. Registry entry: HKEY_LOCAL_MACHINE\SYSTEM\CurrentControlSet\Services\FSES
2. Value: debuglevel (type DWORD)
3. 20 - verbose logging
4. Value: debuglog (type String), for example, c:\fses.log
5. Reboot

Superuser

problem reported here by customer and our lab as well.

problem reported here by customer and our lab as well.

 

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de

Scholar

Re: Please, collect the email scanning log: To enable logging...

Here is the log from a test email wich is empty received.

===============================================
09:52:08 process_data, 20 incoming bytes
09:52:08 command_complete, 0 bytes delayed
09:52:08 Allowed 20 incoming bytes
09:52:08 stream ClassifyFn: PID 3440, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 -> 81.223.239.102:110 8 bytes, flags 00010000
09:52:08 First net buffer list: 8 bytes
09:52:08 MDL offset 0 Byte count 8, offset 0
09:52:08 RETR 2
09:52:08 process_data, 8 outgoing bytes
09:52:08 feed_outbound:: token 1
09:52:08 Allowed 8 outgoing bytes
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 18 bytes, flags 00000011
09:52:08 First net buffer list: 18 bytes
09:52:08 MDL offset 76 Byte count 18, offset 0
09:52:08 +OK 11579 octets
09:52:08 process_data, 18 incoming bytes
09:52:08 Receiving 11579 bytes
09:52:08 Injecting 5 incoming bytes, flags 1
09:52:08 scan_data_begin (1), total 11579
09:52:08 send_msg_to_user, type 19
09:52:08 Blocked 18 incoming bytes
09:52:08 inject_request_complete, status 00000000, length 5
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 1452 bytes, flags 00000001
09:52:08 First net buffer list: 1452 bytes
09:52:08 MDL offset 0 Byte count 1452, offset 0
09:52:08 Return-Path: <office@honker.at>
Received: from HonkerMobile (85-126-151-74.work.xdsl-line.inode.at [85.126.151.74]) by mail2.dotnethost.at with SMTP;
F-Secure
F-Secure

Re: Please, collect the email scanning log: To enable logging...

Is this a complete log? The impression is that it's interrupted in the middle.
Scholar

Re: Please, collect the email scanning log: To enable logging...

Here is the complete log for 1 email. I changed Username and Password.

==============================================
09:46:35 FSES.SYS 2.00.515 built Oct 3 2011 14:32:08. Windows 6.1.7601 SP 1.0 32bit
09:46:35 FwpmEngineOpen0 failed: C0020035
09:46:36 FwpmEngineOpen0 failed: C0020035
09:46:37 FwpmEngineOpen0 failed: C0020035
09:46:38 FwpmEngineOpen0 failed: C0020035
09:46:39 FwpmEngineOpen0 failed: C0020035
09:46:40 FwpmEngineOpen0 failed: C0020035
09:46:41 FwpmEngineOpen0 failed: C0020035
09:46:42 FwpmEngineOpen0 failed: C0020035
09:46:43 FwpmEngineOpen0 failed: C0020035
09:46:44 FwpmEngineOpen0 failed: C0020035
09:46:45 FwpmEngineOpen0 failed: C0020035
09:46:46 FwpmEngineOpen0 failed: C0020035
09:46:47 FwpmEngineOpen0 failed: C0020035
09:46:48 FwpmEngineOpen0 failed: C0020035
09:46:49 FwpmEngineOpen0 failed: C0020035
09:46:50 FwpmEngineOpen0 failed: C0020036
09:46:51 stream NotifyFn: filter added to flow
09:46:51 stream NotifyFn: filter added to flow
09:46:51 flow_estab NotifyFn: filter added to flow
09:46:51 flow_estab NotifyFn: filter added to flow
09:46:51 install_filters: OK
09:46:54 flow_estab ClassifyFn: PID 2420, IRQL 2 192.168.72.72:49187 -> 192.168.72.102:135
09:46:54 flow_estab ClassifyFn: PID 2420, IRQL 2 192.168.72.72:49188 -> 192.168.72.102:1026
09:46:54 flow_estab ClassifyFn: PID 2420, IRQL 2 192.168.72.72:49189 -> 192.168.72.102:389
09:46:54 User PID 2504
09:46:55 flow_estab ClassifyFn: PID 4, IRQL 2 192.168.72.72:49190 -> 192.168.72.101:445
09:46:55 flow_estab ClassifyFn: PID 640, IRQL 2 192.168.72.72:49191 -> 192.168.72.102:88
09:46:56 flow_estab ClassifyFn: PID 2400, IRQL 2 192.168.72.72:49192 -> 217.110.97.198:80
09:46:57 flow_estab ClassifyFn: PID 2400, IRQL 2 192.168.72.72:49194 -> 217.110.97.198:80
09:46:57 flow_estab ClassifyFn: PID 640, IRQL 2 192.168.72.72:49195 -> 192.168.72.102:88
09:46:57 flow_estab ClassifyFn: PID 640, IRQL 2 192.168.72.72:49196 -> 192.168.72.102:88
09:46:57 flow_estab ClassifyFn: PID 640, IRQL 2 192.168.72.72:49197 -> 192.168.72.102:88
09:46:58 flow_estab ClassifyFn: PID 1112, IRQL 2 192.168.72.72:49198 -> 192.168.72.102:135
09:46:58 flow_estab ClassifyFn: PID 1112, IRQL 2 192.168.72.72:49199 -> 192.168.72.102:1026
09:46:59 flow_estab ClassifyFn: PID 640, IRQL 2 192.168.72.72:49200 -> 192.168.72.102:88
09:46:59 flow_estab ClassifyFn: PID 4, IRQL 2 192.168.72.72:49201 -> 192.168.72.102:445
09:46:59 flow_estab ClassifyFn: PID 640, IRQL 2 192.168.72.72:49202 -> 192.168.72.102:88
09:46:59 flow_estab ClassifyFn: PID 640, IRQL 2 192.168.72.72:49203 -> 192.168.72.102:88
09:46:59 flow_estab ClassifyFn: PID 4, IRQL 2 192.168.72.72:49204 -> 192.168.72.102:445
09:46:59 flow_estab ClassifyFn: PID 640, IRQL 2 192.168.72.72:49205 -> 192.168.72.102:88
09:46:59 flow_estab ClassifyFn: PID 1112, IRQL 2 192.168.72.72:49206 -> 192.168.72.102:389
09:46:59 flow_estab ClassifyFn: PID 640, IRQL 2 192.168.72.72:49207 -> 192.168.72.102:88
09:46:59 flow_estab ClassifyFn: PID 1112, IRQL 2 192.168.72.72:49208 -> 192.168.72.102:389
09:47:01 flow_estab ClassifyFn: PID 1408, IRQL 2 192.168.72.72:49210 -> 213.199.181.90:80
09:47:09 flow_estab ClassifyFn: PID 1112, IRQL 2 192.168.72.72:49212 -> 192.168.72.254:80
09:47:15 flow_estab ClassifyFn: PID 4, IRQL 2 192.168.72.72:49213 -> 192.168.72.102:445
09:47:20 flow_estab ClassifyFn: PID 2976, IRQL 2 192.168.72.72:49211 -> 209.85.148.138:80
09:47:25 flow_estab ClassifyFn: PID 3676, IRQL 2 192.168.72.72:49214 -> 192.168.72.102:389
09:47:25 flow_estab ClassifyFn: PID 3676, IRQL 2 192.168.72.72:49215 -> 192.168.72.102:389
09:47:25 flow_estab ClassifyFn: PID 640, IRQL 2 192.168.72.72:49216 -> 192.168.72.102:88
09:47:25 flow_estab ClassifyFn: PID 640, IRQL 2 192.168.72.72:49217 -> 192.168.72.102:88
09:47:25 flow_estab ClassifyFn: PID 640, IRQL 2 192.168.72.72:49218 -> 192.168.72.102:88
09:47:33 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49219 -> 204.9.163.247:80
09:47:34 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49220 -> 2.21.246.71:80
09:47:36 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49221 -> 84.241.93.42:4248
09:47:37 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49222 -> 193.120.199.13:12350
09:47:37 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49223 -> 78.141.177.89:12350
09:47:38 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49224 -> 88.221.18.161:443
09:47:38 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49225 -> 88.221.18.161:443
09:47:38 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49227 -> 2.21.175.139:443
09:47:38 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49226 -> 2.21.175.139:443
09:47:38 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49228 -> 173.194.65.95:443
09:47:38 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49229 -> 94.245.69.236:443
09:47:39 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49230 -> 64.4.21.39:443
09:47:39 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49232 -> 192.168.72.254:80
09:47:39 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49231 -> 78.141.177.124:443
09:47:40 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49233 -> 88.221.17.195:443
09:47:40 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49234 -> 65.55.8.8:443
09:47:41 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49235 -> 192.168.72.254:4444
09:47:42 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49237 -> 192.168.72.254:4444
09:47:42 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49236 -> 130.117.72.100:12350
09:47:43 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49238 -> 192.168.72.254:4444
09:47:44 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49239 -> 192.168.72.254:4444
09:47:45 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49240 -> 192.168.72.254:4444
09:47:46 flow_estab ClassifyFn: PID 2972, IRQL 2 192.168.72.72:49241 -> 192.168.72.254:4444
09:47:58 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49243 -> 127.0.0.1:49244
09:47:58 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49244 <- 127.0.0.1:49243
09:47:58 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49242 -> 127.0.0.1:49245
09:47:58 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49245 <- 127.0.0.1:49242
09:47:58 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49246 -> 74.125.230.211:80
09:47:58 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49247 -> 74.125.230.211:80
09:48:03 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49248 -> 127.0.0.1:49250
09:48:03 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49250 <- 127.0.0.1:49248
09:48:03 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49249 -> 127.0.0.1:49251
09:48:03 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49251 <- 127.0.0.1:49249
09:48:03 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49252 -> 81.223.239.102:443
09:48:03 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49253 -> 81.223.239.102:443
09:48:14 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49254 -> 127.0.0.1:49260
09:48:14 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49260 <- 127.0.0.1:49254
09:48:14 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49255 -> 127.0.0.1:49261
09:48:14 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49261 <- 127.0.0.1:49255
09:48:14 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49256 -> 127.0.0.1:49262
09:48:14 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49262 <- 127.0.0.1:49256
09:48:14 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49257 -> 127.0.0.1:49263
09:48:14 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49263 <- 127.0.0.1:49257
09:48:14 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49258 -> 127.0.0.1:49264
09:48:14 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49264 <- 127.0.0.1:49258
09:48:14 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49259 -> 127.0.0.1:49265
09:48:14 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49265 <- 127.0.0.1:49259
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49272 -> 127.0.0.1:49274
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49274 <- 127.0.0.1:49272
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49273 -> 127.0.0.1:49275
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49275 <- 127.0.0.1:49273
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49266 -> 69.71.61.107:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49267 -> 69.71.61.107:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49268 -> 69.71.61.107:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49269 -> 69.71.61.107:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49270 -> 69.71.61.107:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49271 -> 69.71.61.107:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49276 -> 74.125.230.212:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49277 -> 74.125.230.212:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49278 -> 127.0.0.1:49279
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49279 <- 127.0.0.1:49278
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49281 -> 127.0.0.1:49282
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49282 <- 127.0.0.1:49281
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49283 -> 127.0.0.1:49284
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49284 <- 127.0.0.1:49283
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49285 -> 127.0.0.1:49288
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49288 <- 127.0.0.1:49285
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49287 -> 127.0.0.1:49289
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49289 <- 127.0.0.1:49287
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49290 -> 74.125.230.212:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49286 -> 74.125.230.212:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49291 -> 74.125.230.212:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49292 -> 74.125.230.212:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49293 -> 127.0.0.1:49294
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49294 <- 127.0.0.1:49293
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49296 -> 127.0.0.1:49297
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49297 <- 127.0.0.1:49296
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49280 -> 69.71.61.107:443
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49299 -> 127.0.0.1:49300
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49300 <- 127.0.0.1:49299
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49302 -> 127.0.0.1:49303
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49303 <- 127.0.0.1:49302
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49305 -> 127.0.0.1:49306
09:48:15 flow_estab ClassifyFn: PID 5216, IRQL 2 127.0.0.1:49306 <- 127.0.0.1:49305
09:48:16 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49295 -> 69.71.61.107:443
09:48:16 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49298 -> 69.71.61.107:443
09:48:16 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49301 -> 69.71.61.107:443
09:48:16 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49304 -> 69.71.61.107:443
09:48:16 flow_estab ClassifyFn: PID 5216, IRQL 2 192.168.72.72:49307 -> 69.71.61.107:443
09:49:22 FSES_SET_PORTS: SMTP=25 POP3=110 IMAP4=143
09:50:02 flow_estab ClassifyFn: PID 1112, IRQL 2 192.168.72.72:49308 -> 65.55.184.152:443
09:50:07 flow_estab ClassifyFn: PID 3740, IRQL 2 192.168.72.72:49309 -> 192.168.72.101:1521
09:51:27 flow_estab ClassifyFn: PID 4, IRQL 2 192.168.72.72:49310 -> 192.168.72.102:445
09:51:57 flow_estab ClassifyFn: PID 472, IRQL 2 192.168.72.72:49311 -> 193.110.109.103:80
09:52:07 flow_estab ClassifyFn: PID 3440, IRQL 2 192.168.72.72:49312 -> 81.223.239.102:110

Following next comment...
Scholar

Re: Please, collect the email scanning log: To enable logging...

09:52:07 insert_connection: cookie 1 active 1
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 82 bytes, flags 00000011
09:52:08 First net buffer list: 82 bytes
09:52:08 MDL offset 12 Byte count 82, offset 0
09:52:08 +OK POP3 server ready <fa08c02a-d417-44ff-a59c-3aa6df57bf28@mail2.dotnethost.at>
09:52:08 process_data, 82 incoming bytes
09:52:08 command_complete, 0 bytes delayed
09:52:08 Allowed 82 incoming bytes
09:52:08 stream ClassifyFn: PID 3440, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 -> 81.223.239.102:110 7 bytes, flags 00010000
09:52:08 First net buffer list: 7 bytes
09:52:08 MDL offset 0 Byte count 7, offset 0
09:52:08 AUTH
09:52:08 process_data, 7 outgoing bytes
09:52:08 feed_outbound:: token 5
09:52:08 Allowed 7 outgoing bytes
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 22 bytes, flags 00000011
09:52:08 First net buffer list: 22 bytes
09:52:08 MDL offset 72 Byte count 22, offset 0
09:52:08 -ERR Invalid command
09:52:08 process_data, 22 incoming bytes
09:52:08 command_complete, 0 bytes delayed
09:52:08 Allowed 22 incoming bytes
09:52:08 stream ClassifyFn: PID 3440, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 -> 81.223.239.102:110 25 bytes, flags 00010000
09:52:08 First net buffer list: 25 bytes
09:52:08 MDL offset 0 Byte count 25, offset 0
09:52:08 USER UserName
09:52:08 process_data, 25 outgoing bytes
09:52:08 feed_outbound: Command not recognized
09:52:08 Allowed 25 outgoing bytes
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 34 bytes, flags 00000011
09:52:08 First net buffer list: 34 bytes
09:52:08 MDL offset 60 Byte count 34, offset 0
09:52:08 +OK User:'UserName' ok
09:52:08 process_data, 34 incoming bytes
09:52:08 command_complete, 0 bytes delayed
09:52:08 Allowed 34 incoming bytes
09:52:08 stream ClassifyFn: PID 3440, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 -> 81.223.239.102:110 18 bytes, flags 00010000
09:52:08 First net buffer list: 18 bytes
09:52:08 MDL offset 0 Byte count 18, offset 0
09:52:08 PASS xxxx
09:52:08 process_data, 18 outgoing bytes
09:52:08 feed_outbound: Command not recognized
09:52:08 Allowed 18 outgoing bytes
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 17 bytes, flags 00000011
09:52:08 First net buffer list: 17 bytes
09:52:08 MDL offset 76 Byte count 17, offset 0
09:52:08 +OK Password ok
09:52:08 process_data, 17 incoming bytes
09:52:08 command_complete, 0 bytes delayed
09:52:08 Allowed 17 incoming bytes
09:52:08 stream ClassifyFn: PID 3440, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 -> 81.223.239.102:110 6 bytes, flags 00010000
09:52:08 First net buffer list: 6 bytes
09:52:08 MDL offset 0 Byte count 6, offset 0
09:52:08 STAT
09:52:08 process_data, 6 outgoing bytes
09:52:08 feed_outbound: Command not recognized
09:52:08 Allowed 6 outgoing bytes
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 13 bytes, flags 00000011
09:52:08 First net buffer list: 13 bytes
09:52:08 MDL offset 80 Byte count 13, offset 0
09:52:08 +OK 2 13335
09:52:08 process_data, 13 incoming bytes
09:52:08 command_complete, 0 bytes delayed
09:52:08 Allowed 13 incoming bytes
09:52:08 stream ClassifyFn: PID 3440, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 -> 81.223.239.102:110 6 bytes, flags 00010000
09:52:08 First net buffer list: 6 bytes
09:52:08 MDL offset 0 Byte count 6, offset 0
09:52:08 UIDL
09:52:08 process_data, 6 outgoing bytes
09:52:08 feed_outbound:: token 4
09:52:08 Allowed 6 outgoing bytes
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 31 bytes, flags 00000011
09:52:08 First net buffer list: 31 bytes
09:52:08 MDL offset 64 Byte count 31, offset 0
09:52:08 +OK 2 messages (13335 octets)
09:52:08 process_data, 31 incoming bytes
09:52:08 Allowed 31 incoming bytes
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 99 bytes, flags 00000011
09:52:08 First net buffer list: 99 bytes
09:52:08 MDL offset 76 Byte count 99, offset 0
09:52:08 1 sm_00001506_5c551bffdd454107a65836b05b16a071
2 sm_00001507_5c551bffdd454107a65836b05b16a071
.
09:52:08 process_data, 99 incoming bytes
09:52:08 command_complete, 0 bytes delayed
09:52:08 Allowed 99 incoming bytes
09:52:08 stream ClassifyFn: PID 3440, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 -> 81.223.239.102:110 6 bytes, flags 00010000
09:52:08 First net buffer list: 6 bytes
09:52:08 MDL offset 0 Byte count 6, offset 0
09:52:08 LIST
09:52:08 process_data, 6 outgoing bytes
09:52:08 feed_outbound:: token 2
09:52:08 Allowed 6 outgoing bytes
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 31 bytes, flags 00000011
09:52:08 First net buffer list: 31 bytes
09:52:08 MDL offset 64 Byte count 31, offset 0
09:52:08 +OK 2 messages (13335 octets)
09:52:08 process_data, 31 incoming bytes
09:52:08 Allowed 31 incoming bytes
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 20 bytes, flags 00000011
09:52:08 First net buffer list: 20 bytes
09:52:08 MDL offset 76 Byte count 20, offset 0
09:52:08 1 1756
2 11579
.
09:52:08 process_data, 20 incoming bytes
09:52:08 command_complete, 0 bytes delayed
09:52:08 Allowed 20 incoming bytes
09:52:08 stream ClassifyFn: PID 3440, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 -> 81.223.239.102:110 8 bytes, flags 00010000
09:52:08 First net buffer list: 8 bytes
09:52:08 MDL offset 0 Byte count 8, offset 0
09:52:08 RETR 2
09:52:08 process_data, 8 outgoing bytes
09:52:08 feed_outbound:: token 1
09:52:08 Allowed 8 outgoing bytes
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 18 bytes, flags 00000011
09:52:08 First net buffer list: 18 bytes
09:52:08 MDL offset 76 Byte count 18, offset 0
09:52:08 +OK 11579 octets
09:52:08 process_data, 18 incoming bytes
09:52:08 Receiving 11579 bytes
09:52:08 Injecting 5 incoming bytes, flags 1
09:52:08 scan_data_begin (1), total 11579
09:52:08 send_msg_to_user, type 19
09:52:08 Blocked 18 incoming bytes
09:52:08 inject_request_complete, status 00000000, length 5
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 1452 bytes, flags 00000001
09:52:08 First net buffer list: 1452 bytes
09:52:08 MDL offset 0 Byte count 1452, offset 0
09:52:08 Return-Path: <office@honker.at>
Received: from HonkerMobile (85-126-151-74.work.xdsl-line.inode.at [85.126.151.74]) by mail2.dotnethost.at with SMTP;
Tue, 20 Dec 2011 10:49:45 +0100
From: =?iso-8859-1?Q?G=FCnter_Honsdorf?= <office@honker.at>
To: <g.honsdorf@wisi.at>
Subject: test
Date: Tue, 20 Dec 2011 10:49:49 +0100
Message-ID: <!&!AAAAAAAAAAAYAAAAAAAAAHC9FrLcdKxIqosaa3WquD7CgAAAEAAAAOzoHuse4TVAm5tjdRdq8OkBAAAAAA==@honker.at>
MIME-Version: 1.0
Content-Type: multipart/related;
boundary="----=_NextPart_000_002F_01CCBF05.18BBBC00"
X-Mailer: Microsoft Outlook 14.0
Thread-Index: Acy+/LavN2G6MRBORlOQSs7CcmaIwg==
Content-Language: de-at
Disposition-Notification-To: =?iso-8859-1?Q?G=FCnter_Honsdorf?= <office@honker.at>
X-SmarterMail-TotalSpamWeight: 0 (Authenticated)

This is a multipart message in MIME format.

------=_NextPart_000_002F_01CCBF05.18BBBC00
Content-Type: multipart/alternative;
boundary="----=_NextPart_001_0030_01CCBF05.18BBBC00"


------=_NextPart_001_0030_01CCBF05.18BBBC00
Content-Type: text/plain;
charset="iso-8859-1"
Content-Transfer-Encoding: quoted-printable

=20

=20

mit freundlichen Gr=FC=DFen,

=20

G=FCnter Honsdorf

honker :: Simplify your work
EDV-Dienstleistungen / Handel

----------------------------------------------------

Obere Hauptstrasse 20

A-7372 Weingraben


Tel + Fax: +43(0)2617/25803
Mobil: +43(0)680/2020548

Email: <mailtoSmiley Surprisedffice@honker.process_data, 1452 incoming bytes
09:52:08 Blocked 1452 incoming bytes
09:52:08 stream ClassifyFn: PID 0, IRQL 2, metavalues 00000042
09:52:08 stream ClassifyFn: 192.168.72.72:49312 <- 81.223.239.102:110 1452 bytes, flags 00000001
09:52:08 First net buffer list: 1452 bytes
09:52:08 MDL offset 0 Byte count 1452, offset 0
09:52:08 at> office@honker.at

Web: <http://www.honker.at/> www.honker.at
UID: ATU57921716

----------------------------------------------------

<http://www.facebook.com/Honker.Austria> Beschreibung: FB-Logo_link
<https://twitter.com/#!/Honsdorf> Beschreibung: Twitter_Logo_link=20

=20
F-Secure
F-Secure

Re: Please, collect the email scanning log: To enable logging...

Thank you very much for your help. Can I ask you to try one more thing - replace email scan driver (F-Secure\FWES\drivers\fses.sys) with the driver from Client Security 9.20. You can get it from cs 9.20 jar content: program\inst\fses_6.00-511.windows.fip
and inside the fip:
fses_6.00-511.windows.fip\fses\windows-amd64\drivers\fses.sys for 64-bit OS
fses_6.00-511.windows.fip\fses\windows-x86\drivers\fses.sys for 32-bit OS

Does this help?
Superuser

The service is not registered correctly, that is why it d...

The service is not registered correctly, that is why it does not work!!

Was HKLM\system\CurrentControlSet\services\FSES existing? or did you create it?

 

Matthias
----------
perComp is a Platinum Partner of F-Secure since 1994. Any advice or help given by me in this forum is voluntarily and to my best knowledge based on working with the products since 1997. Direct contact for customers please check our homepage http://www.percomp.de