Master caution - two customers report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

Highlighted
Superuser

Master caution - two customers report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

Hello,

 

Possible master caution incident - two independet hungarian customers suddenly report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

 

One of them: non-clustered, Win2008 R2 Std + Exch 2010, FSAV for Exchange 11.01 build 157, first e-mail arrived in the quarantine today at 13:07 CEST, 900 alerts generated on ~150 incoming mails in ~90 mins, some of the alerts, getting stalled also generated further alerts in a chain reaction.
 
A diag is available in F-Secure's incoming FTP folder.
 
Yours Sincerely: Tamas Feher, 2F 2000 Kft., Hungary.
1 ACCEPTED SOLUTION

Accepted Solutions
Novice

Re: Master caution - two customers report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

Let me start by sincerely apologizing for any inconveniences or problems that this issue has caused you.

 

This problem was introduced in Gemini 2015-09-24_01 update published on 24th of September 2015 at 13:18 (EEST) and promptly fixed in Gemini 2015-09-24_03  update published on 24th of September 2015 at 16:06 PM (EEST). We have initiated a root cause analysis process to identify how we can further improve our processes and automation to avoid similar incidents in the future.

 

If you have any further questions or feedback please do not hesitate to contact F-Secure at any time

View solution in original post

17 REPLIES 17
Superuser

Re: Master caution - two customers report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

Dear F-Secure Partner Support,

 

Please find a diagnostic output at: (censored)

 

Yours Sincerely: Tamas Feher, 2F 2000 Kft., Hungary.

Superuser

Re: Master caution - two customers report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

Hello,

 

A third hungarian customer reports the FSAV ESS downtime is possibly related to GEMINI error messages and that reboot doesn't help.

 

Yours Sincerely: Tamas Feher, 2F 2000, Hungary.

Novice

Re: Master caution - two customers report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

Hi There,

 

same problem here since Gemini V3.2.384 in Germany.

 

Diag is on the way to f-secure.

Disabled Gemini Module, Email is working again so far...

 

Waiting for solution...

 

buster

Superuser

Re: Master caution - two customers report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

Dear Buster,

 

Thanks for the clue!

 

> Disabled Gemini Module

 

Is that only possible if the FSAV ESS computer is under Policy Manager control, I think? But most are stand-alone here (probably for fear of misconfiguration if lumped together with other endpoints in PMC).

 

Yours Sincerely: Tamas Feher, 2F 2000 Kft., Hungary.

 

 

Novice

Re: Master caution - two customers report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

Hi,

 

You can do that in the ESS Webinterface.

(I dont think PM Control is necessary... but i'm not sure.)

I dont know the the english Option, could be "common", below that there is a "Module" Option where you can see the 3 Scanengines.

In the settings there you can disable the Engine...

 

Novice

Re: Master caution - two customers report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

Let me start by sincerely apologizing for any inconveniences or problems that this issue has caused you.

 

This problem was introduced in Gemini 2015-09-24_01 update published on 24th of September 2015 at 13:18 (EEST) and promptly fixed in Gemini 2015-09-24_03  update published on 24th of September 2015 at 16:06 PM (EEST). We have initiated a root cause analysis process to identify how we can further improve our processes and automation to avoid similar incidents in the future.

 

If you have any further questions or feedback please do not hesitate to contact F-Secure at any time

View solution in original post

Superuser

Re: Master caution - two customers report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

Hello,

 

(I think the  following advice is now depreciated, since the fixed Gemini signature updates have been already published.)

 

I got an e-mail from F-Secure, advising this setting may partially cure the problem, until a new bugfixed Gemini update can be published.

 

Best regards: Tamas Feher, Hungary.

 

********************************************

 

FSAV_CSS_scan_with_other_engines.png

Scholar

Re: Master caution - two customers report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

Disabling the Gemini engine has worked for me. Thanks Buster76!

Superuser

Re: Master caution - two customers report FSAV ESS "failed to scan mail" possible wrong update in AUA/AUS?

Dear Timo,

 

I just ran an FSAUA-reset, but even after that I'm still receiving Gemini_today_01 from fsbwserver.f-secure.com, in FSPM 12.00's AUA/AUS?

 

Yours Sincerely: Tamas Feher.