BLANK Email / Signature

Hello. I encountered two strange things.

1. Email signature won't come off / Nod is uninstalled.
This comes when sending mail using PHP . Smtp service is on the main server IIS / Exchange. Apache and PHP also. Pending for server restart once more.
Now I have 2 Signatures. Strange.

__________ Information from ESET NOD32 Antivirus, version of virus signature database 3930 (20090312) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com


__________ Information from ESET NOD32 Antivirus, version of virus signature database 3938 (20090316) __________

The message was checked by ESET NOD32 Antivirus.

http://www.eset.com

2. Blank emails

When sending mail in Outlook some mail come out BLANK. No body. I turned off EMON, Outlook plugin.

We installed some trial versions from this Nod32 2.70.32. because we were fighting conficker.c worm.

I have a hunch that something is messed up really. Tryed lots of tricks with RTF,PlainT, HTML, Word (turned off). Tryed Systemmanager MIME types. Etc.... Planing on making a scheme to see whats been missed. Any idea how to catch this inside a log. Sent items show this mail sent OK. I can see the body in sent items.

 

Hello api984,

Have you restarted? NOD32 will not be fully removed until you perform a restart. Also, do you have NOD32 installed anywhere else?

Our customer Care Engineers can take a look into this for you. Please log a support request here: http://www.eset.com/support/contact.php

Thank you,
Richard

 

Server that has exchange has not yet been restarted. Little hard to get company permissions to restart server during work days. Takes 10-15min for restart and startup about 10min. So I think I will able to do that during weekend Saturday or Friday night.

Nod32 was installed on all computers as Trial version just to block a virus using IMON and also on this server (is a PDC/AD). Until we cleaned PC and done Updates on 100pcs at least.

I don't get how can exchange be messed up. I did restart the first time nod32krn.exe was not active and other DLLs. However I reinstalled it back to make sure and did uninstall once more.

Example is :

Client Browser -> (Server/IIS) -> PHP backend -> SMTP connection -> (Nod32 uninstalled and disabled) -> Mail comes to me as example (thunderbird/ubuntu) -> I see 2 nod32 signatures. Don't know how. Exchange maybe loaded something at this point.

Another PC on the network can't scan main server while its doing outgoing mail or incoming right? That would be a little off the hook.

I sent a message to customer care on friday 13th. No answer yet. Maybe just my luck because its 13th.

I will not be sure on anything until I restart the server. I don't want to kill the process because I don't know what to expect. Because it's ran using vital windows process.

Done so far:

1. Uninstalled NOD32 on clients
2. Added these trouble domains in SystemManager (Mesage format/Plain text)
3. Added a seperated account (pop3/smtp) SMTP (worked, but also got complaints)
4. Will try Outlook2003 UPDATE
5. Last solution - exchange UPDATE (version is exch2000)
6. Set outllook on all clients to plain text if all fails
7. Charset was left and never changed.
8. Reinstall Client Computer and test.

still thinking.
did a diff on messages that are blank and full. not much difference. will analyze that too a little deeper.

 

Hello api984,

Uninstalling prompts you to restart your server. The restart finalizes the uninstall and fully removes NOD32. I'd recommend a restart before you try any other ideas.

Also, I have sent you a PM.

Thank you,
Richard

 

Yup. Did a restart. Now I will have some tests again to see if there is trouble. Thanks.

I am not sure If I also added that :
Windows 2003 SBS was UPDATED to SP2
Exchange 2000 SP1 to SP2

However there were no errors in logs and so....
Just one because of emon i think. Something about corrupted RTF.

Event Type: Error
Event Source: MSExchangeIS Mailbox Store
Event Category: General
Event ID: 1084
Date: 09.03.2009
Time: 14:21:38
User: N/A
Computer: ULFS01
Description:
There is corruption in rich text format (RTF).

Compressed RTF size 0x1f9c.Extra data: dwMagic 0x75465a4c. size 0x1f9e, raw size 0xabc8, CRC-32 0x8719529d.
-checked on eventid.net
-its about 3rd party addon
-didn't try to remove Nod32 on Client yet so be 100% sure.

 

OK. Testing blank email not yet done.

But.

Nod32 signature still remains on the server.

I checked in OWA.

 

Sorry. I think i know why signatures are added.

Another PC on the network is reading the same mailbox and adds the signature automatically....

Blank email must be another story....

I'll check things out....

Should thought of that earlier.... My concentration has fallen low... Need some rest...

 

Hello api984,

Yep, that would do it. That would have been the second question after trying the restart. Thank you for the update.

Customer Care should be contacting you to help with resolving this.

If you have any further concerns or issues be sure to respond to our Customer Care Engineer with them. This way we can keep track of these and possibly use the gained knowledge to help others if they have a similar issue.

Thank you,
Richard

 

Hi. I got 2 emails from ESET. Standard things if I may add. But fair and clear solutions. I think its safe to say at least for now that BLANK EMAIL error is not related with Nod32. I re installed 2 PCs from scratch. Installed standard software and not with
nod32 to make sure.

However blank email still go. I read a few forums on this. There was no direct approach for this error or a fix.

I think I will have to go with alternates.
Plain text, Attachments. And so on....
I will post my findings when I find some accurate data for this problem.

Thanks

 

Hello there !
I have exactly the same symptoms in my company
Every time when we send emails to Company.All group, some people are receiving them blank. And some are having NOD signature, even if they don’t have it on their system and it's disabled on the senders PC.

We have no idea what is going on. Api984, did you find a solution for at least one problem here? I'm googling like crazy and nothing so far. I'll post any suitable solution, if I'll find one
thx

 

For Nod32 Signature in version 2.70+ there is an option to disable Email notification.
However I also read that Nod32 Could also be a cause to blank email.Read on some forums But In my situation it does not look like it. UNINSTALL && RESTART

I uninstalled nod32 on the server and a few clients (those that sent mail blank).
If your users read multiple mailboxes you can expect messages to be signed twice.
I was also thinking about wide nod32 uninstall.

My system spec:
WINDOWS 2003 SBS SP2
EXCHANGE2000 SP2
OUTLOOK2003 SP3
-nod32 2.70.32
-nod32 3.0.64

Messages come blank in most cases when they are replied.
-check messages headers (make sure you receive blank messages as attachment)
-so you can diff the headers in blank and complete

My alternative to this was:
I added so far one pop3 account. entered name, email, smtp, pop3 set to just x.
smtp server is a local server (my case can be linux with postfix, windows2000 server with SMTPsvc) whitch have a smarthost set up to send mail outside. So far these mail came out correct. I am still guesing at content type and encoding when doing a reply.

Inside System Manager in Exchange there is nothing much to configure. Only internet message format. That can be specified per domain. I added some trouble domains to that list but I think outlook overrides those settings.

As for Outllok you can try:
-Tools Message format:
-Disable use word as editor... both ticks i think
-Disable Stationary
-Set default fonts (Arial)
-Also check if nod32 emon disabled in AddIns
-Check encoding (we used iso-8859-1 as default)

What changed on the System:
-Clients updated to latest version (Windows SP2, we did not update to SP3)
-good reason is that PCs are slow and old (no need to make them slower)
-Windows 2003 SBS was updates from SP1 to SP2
-Exchange was Updated from SP1 to SP2 (think this might be a problem)

Things i tryed so far:
-Uninstalled Nod32 from server
-Uninstalled Nod32 from clients (few of those who have blank email problem)
-Updated Outlook to SP3 (waiting for results), checked DOES NOT WORK!
-Recreated client profiles
-Format c: /u (my common joke when windows fails to do things) - Reinstalled PCs

However people refused to use plain text, and print data to PDF from browsers.
I was thinking about kicking plain text in for safe cause. But I am not sure if I will win this one.
Some links:

http://groups.google.com/group/micr...fb226a?lnk=gst&q=blank email#87175e8f24fb226a

http://www.archivum.info/microsoft.public.exchange.admin/2007-12/msg00879.html

http://www.petri.co.il/forums/archive/index.php/t-19549.html

http://support.microsoft.com/kb/883490/

http://www.tek-tips.com/viewthread.cfm?qid=1524752&page=1

http://techrepublic.com.com/5208-6230-0.html?forumID=101&threadID=224443&messageID=2245841

http://www.petri.co.il/forums/archive/index.php/t-6867.html

No solution for this one yet. At least for my Exchange version i think.

 

Server :What Windows OS and Exchange version do you have?
Clients : OS? Outlook2003?

PS. I forgot to say those some people also downgraded Outlook. They used version 2002 for this problem too (some said it worked).

Not on EMON module for Outlook:
-This module block some email with no reason. You can get an error: CAN'T OPEN ITEM.
Reproduce with: Outlook - LOOKFOR (search) an old email.

Also I think you can also get CORRUPT RTF error like one below (but I did not test that because I am still trying to resolve BLANK EMAIL now).
"Event Type: Error
Event Source: MSExchangeIS Mailbox Store
Event Category: General
Event ID: 1084
Date: 09.03.2009
Time: 14:21:38
User: N/A
Computer: ULFS01
Description:
There is corruption in rich text format (RTF).
"

 

Hello.

Today we also tested plain text.

Some messages came out ok. Some reported blank.

Damm. This is really bad.

 

Oh... it is really f@cked up.

We do not have NOD on our server. But when persone with no NOD installed on a local PC sends an email to distribution group inside the company - everybody are getting emails with signature from NOD, even people without this antivirus. And some people are geting blank emails as well...

Hello!!! People from ESET! Help plz

 

You should uninstall nod32 from Client machines. I made a silent uninstall script that uninstalled nod32 from all PC. When clients start windows this script is ran. PS. When users read multiple mailboxes on exchange and send or receive mail the mail gets signed. NOD32 add-on for Outlook has a bug also I think.... When using search, some mail do not open. You get an error can't open item. So I uninstalled nod on all PCs.

I was thinking of implementing Deep Freeze to solve most PC problems on Client machines (when PC infected with a virus, on restart pc goes to last state when set-up and configured).

However I still did not apply latest patch (UPGRADE) on exchange server.
I resolved blank email using 2 methods:
-setting clients to send mail using plain text (seems to work at 95%).
-5% not sure, got some replys from some domains that said it was blank
-set up a reserve pop3/smtp account (use only SMTP, set pop3 to localhost)
-smtp was used only (I have 3 smtp servers inside intranet that use smarthosts). So when clients sends mail he or she must select that special account to send mail out.

I need to talk to my supervisor about installing latest UPGRADE on exchange. Don't wish to mess up thing even more if I apply the latest upgrade.
Because in most cases always something gets f**ked up on Windows.

Linux does not have these problems. I have a few linux machines and one giant linux server that work with no problems whatsoever.
I have made Linux use AD,KRB5 for mail, samba auth. Works ok.
Some distros don't work well with LDAP on port 389 and you need to try 3268.
-Samba was used to escape Windows CAL limit (sbs 75 CALS)

Thats for now.