eWall switching itself off! [Archive] - Server-Side Solutions Forum

View Full Version : eWall switching itself off!

Anthony Baynes

02-22-2005, 10:44 AM

Yesterday we stopped receiving e-mail. I found that e-wall had turned itself
off. Today the same thing happened again! I will include the section of the
log where it stopped and where I restarted it. To the best of my knowledge,
yesterday was the first time that this has happened, and, apart from
upgrading to the new version 2.0.242 a couple of weeks ago, this has been a
stable installation. What could be causing this? Is it possible that
something in an incoming e-mail could turn eWall off?

eWall stopped at 05:25:02 whilst checking an incoming email with AVG
anti-virus.

Copy of a portion of the log...
22/02/2005 05:23:48 ID:175 Handling by server 127.0.0.1:2525
22/02/2005 05:23:48 ID:175 220 ArGoSoft Mail Server Pro for WinNT/2000/XP,
Version 1.8 (1.8.7.2) - eWall v2.0.242
22/02/2005 05:24:11 ID:175 HELO 81.33.7.159
22/02/2005 05:24:12 ID:175 250 Welcome, 127.0.0.1 [127.0.0.1], pleased to
meet you
22/02/2005 05:24:17 ID:175 MAIL FROM: <KPUYQ@lit-electric.com>
22/02/2005 05:24:17 ID:175 250 Sender "KPUYQ@lit-electric.com" OK...
22/02/2005 05:24:17 SPF:175 Retrieving SPF record for domain
'lit-electric.com' ...
22/02/2005 05:24:18 SPF:175 Domain 'lit-electric.com' doesn't publish TXT
record
22/02/2005 05:24:18 SPF:175 Verifying 'best-guess' record
22/02/2005 05:24:18 SPF:175 Validating SPF record: 'v=spf1 a/24 mx/24 ptr'
22/02/2005 05:24:19 SPF:175 SPF result: Neutral
22/02/2005 05:24:22 ID:175 RCPT TO: <t.baynes@costaplett.com>
22/02/2005 05:24:22 ID:175 250 Recipient "anthony@costaplett.com" OK...
22/02/2005 05:24:27 ID:175 RCPT TO: <rosa@costaplett.com>
22/02/2005 05:24:28 ID:175 250 Recipient "rosamaria@costaplett.com" OK...
22/02/2005 05:24:43 ID:175 DATA
22/02/2005 05:24:43 ID:175 354 Ready
22/02/2005 05:25:02 ID:175 Received: 1428 bytes (28 lines)
22/02/2005 05:25:02 ID:175 0: ====== KPUYQ@lit-electric.com ->
rosa@costaplett.com, t.baynes@costaplett.com
22/02/2005 05:25:02 ID:175 0: ---> Processing group 'General'
22/02/2005 05:25:02 ID:175 16: Filters loaded ...
22/02/2005 05:25:02 ID:175 16: Processing filter 'Virus?'
22/02/2005 05:25:02 ID:175 16: Checking condition 'message has a virus'
22/02/2005 05:25:02 ID:175 16: Running AVG Antivirus System
22/02/2005 11:22:56 - Starting eWall
22/02/2005 11:22:56 - ... Listening at 0.0.0.0:25
22/02/2005 11:22:56 - eWall started
22/02/2005 11:22:56 - Delivery Agent started
22/02/2005 11:22:56 - Paranoid Spam Detector v2.0 initialized
22/02/2005 11:24:35 - Requesting connection from Canada 64.34.44.24
(m4.xoopa.net)
22/02/2005 11:24:35 ID:1 Handling by server 127.0.0.1:2525
22/02/2005 11:24:35 ID:1 220 ArGoSoft Mail Server Pro for WinNT/2000/XP,
Version 1.8 (1.8.7.2) - eWall v2.0.242

Alexander Telegin [SSS]

02-22-2005, 10:49 AM

Anthony,

Maybe it's related to AVG Autoupdate?

- Alex

Anthony Baynes

02-22-2005, 11:11 AM

It might be Alex, but why would it start doing this now, I haven't changed
anything on the server..? Strange.. I will check the log file to see what it
was doing yesterday when it turned itself off...

Ok, I've included the portion of the log on the 19th, when it turned itself
off. I never realized that it was off from the 19th, I thought it had turned
itself off yesterday. The log shows that it wasn't checking AVG when it
happened... I'm going to reboot the server and keep checking to see if it
occurs again. Please le me know if you have any similar incidents from any
of the other eWall users.

Relevant portion of log from the 19th Feb...

19/02/2005 19:45:03 ID:151 MAIL FROM: <jxdmjytqlgggy@cqi.com>
19/02/2005 19:45:03 ID:150 93: Processing filter 'Banned word filter'
19/02/2005 19:45:03 ID:150 93: Checking condition 'body contains 'Lottery'
or contains 'mortgage' or contains 'Nigeria' or contains 'porn'...'
19/02/2005 19:45:03 ID:150 93: Processing filter 'DNSBL listed'
19/02/2005 19:45:03 ID:150 93: Checking condition 'sender is listed in
'cbl.abuseat.org' or 'relays.bl.kundenserver.de''
19/02/2005 19:45:03 ID:150 93: Checking '69.25.27.173' in
'cbl.abuseat.org'...
19/02/2005 19:45:03 ID:150 93: Checking '69.25.27.173' in
'relays.bl.kundenserver.de'...
19/02/2005 19:45:04 - Requesting connection from Argentina 200.42.0.178
(postino5b.prima.com.ar)
19/02/2005 19:45:04 ID:150 593: Checking '210.59.230.60' in
'cbl.abuseat.org'...
19/02/2005 19:45:04 ID:150 593: Checking '210.59.230.60' in
'relays.bl.kundenserver.de'...
19/02/2005 19:45:04 ID:151 250 Sender "jxdmjytqlgggy@cqi.com" OK...

David Payer

02-22-2005, 02:08 PM

I had this happen alot in the past when I was using AVG. I stopped using it
and the problem stopped.

It has something to do with the way they update. Remember, you may not do
anything but the update does. It can change the manner in which the program
works.

David P.

Anthony Baynes

02-22-2005, 02:17 PM

Thanks for the info David. I'll continue using AVG for a while and see what
happens. If I have to change, which anti-virus solution are you using? Can
you recommend somthing?

Tony Baynes

FLhr

02-22-2005, 05:48 PM

It has been pretty well established that AVG is a Royal PITA with eWall and
Argosoft. Continuing to use it is continuing to ask for trouble.

Carl

David Payer

02-22-2005, 06:38 PM

I am using eTrust EZ antivirus but it appears they are not going to allow
this product to work with a server. (I may move ewall to another machine
using XP. I have also used F-Prot but I think I catch more with eTrust.

David P

HDJulie

02-22-2005, 06:54 PM

I just updated from EZTrust Antivirus Version 6 to Version 7 & had no
problems getting it to either install or work, in spite of their claim that
it will not work on a server.

Bob Escher

02-22-2005, 08:59 PM

Been using it for over a year (both versiion 6 & 7)
on a bunch of servers and it runs just perfectly fine
(EZ Antivirus

Bob E

Anthony Baynes

02-23-2005, 10:03 AM

I don't know if it's AVG causing the problem... could be, but it's been
stable for so long before the problem occurred, that I think it might be
somthing else.

I re-installed the EWLSP file after restarting the server, and everything
has been running well since yesterday. Hopefully it remains stable..

I forgot to mention my config.
WinXP-eWall-AVG(for email only)-Paranoid-Argosoft Mail Server (All the
latest, updated versions)

AVG is only used for checking mail, it's "Resident Shield" and other
features are all turned off. I use NAV 2004 for keeping an eye on the server
itself. From previous help in this newsgroup, I've instructed the AV
programs to exclude various directories on the computer to prevent hundreds
of "Virus Found" pop-up messages.

Thanks for all your help, to all of you!

Regards - Tony Baynes

James Robertson

03-21-2005, 12:46 AM

I am running eTrust EZ Antivirus 2005 without problems on W2K server (real
time and email scanning deactivated!). EZ Armor however didnt want to
install either the firewall or av.

James