BLANK Email / Signature

Discussion in 'NOD32 version 2 Forum' started by api984, Mar 16, 2009.

Thread Status:
Not open for further replies.
  1. api984

    api984 Registered Member

    Joined:
    Mar 16, 2009
    Posts:
    10
    Hello. I encountered two strange things.

    1. Email signature won't come off / Nod is uninstalled.
    This comes when sending mail using PHP . Smtp service is on the main server IIS / Exchange. Apache and PHP also. Pending for server restart once more.
    Now I have 2 Signatures. Strange.

    __________ Information from ESET NOD32 Antivirus, version of virus signature database 3930 (20090312) __________

    The message was checked by ESET NOD32 Antivirus.

    http://www.eset.com


    __________ Information from ESET NOD32 Antivirus, version of virus signature database 3938 (20090316) __________

    The message was checked by ESET NOD32 Antivirus.

    http://www.eset.com

    2. Blank emails

    When sending mail in Outlook some mail come out BLANK. No body. I turned off EMON, Outlook plugin.

    We installed some trial versions from this Nod32 2.70.32. because we were fighting conficker.c worm.

    I have a hunch that something is messed up really. Tryed lots of tricks with RTF,PlainT, HTML, Word (turned off). Tryed Systemmanager MIME types. Etc.... Planing on making a scheme to see whats been missed. Any idea how to catch this inside a log. Sent items show this mail sent OK. I can see the body in sent items.
     
  2. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
    Hello api984,

    Have you restarted? NOD32 will not be fully removed until you perform a restart. Also, do you have NOD32 installed anywhere else?

    Our customer Care Engineers can take a look into this for you. Please log a support request here: http://www.eset.com/support/contact.php

    Thank you,
    Richard
     
  3. api984

    api984 Registered Member

    Joined:
    Mar 16, 2009
    Posts:
    10
    Server that has exchange has not yet been restarted. Little hard to get company permissions to restart server during work days. Takes 10-15min for restart and startup about 10min. So I think I will able to do that during weekend Saturday or Friday night.

    Nod32 was installed on all computers as Trial version just to block a virus using IMON and also on this server (is a PDC/AD). Until we cleaned PC and done Updates on 100pcs at least.

    I don't get how can exchange be messed up. I did restart the first time nod32krn.exe was not active and other DLLs. However I reinstalled it back to make sure and did uninstall once more.

    Example is :

    Client Browser -> (Server/IIS) -> PHP backend -> SMTP connection -> (Nod32 uninstalled and disabled) -> Mail comes to me as example (thunderbird/ubuntu) -> I see 2 nod32 signatures. Don't know how. Exchange maybe loaded something at this point.

    Another PC on the network can't scan main server while its doing outgoing mail or incoming right? That would be a little off the hook.

    I sent a message to customer care on friday 13th. No answer yet. Maybe just my luck because its 13th.

    I will not be sure on anything until I restart the server. I don't want to kill the process because I don't know what to expect. Because it's ran using vital windows process.

    Done so far:

    1. Uninstalled NOD32 on clients
    2. Added these trouble domains in SystemManager (Mesage format/Plain text)
    3. Added a seperated account (pop3/smtp) SMTP (worked, but also got complaints)
    4. Will try Outlook2003 UPDATE
    5. Last solution - exchange UPDATE (version is exch2000)
    6. Set outllook on all clients to plain text if all fails
    7. Charset was left and never changed.
    8. Reinstall Client Computer and test.

    still thinking.
    did a diff on messages that are blank and full. not much difference. will analyze that too a little deeper.
     
    Last edited: Mar 19, 2009
  4. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
    Hello api984,

    Uninstalling prompts you to restart your server. The restart finalizes the uninstall and fully removes NOD32. I'd recommend a restart before you try any other ideas.

    Also, I have sent you a PM.

    Thank you,
    Richard
     
  5. api984

    api984 Registered Member

    Joined:
    Mar 16, 2009
    Posts:
    10
    Yup. Did a restart. Now I will have some tests again to see if there is trouble. Thanks.

    I am not sure If I also added that :
    Windows 2003 SBS was UPDATED to SP2
    Exchange 2000 SP1 to SP2

    However there were no errors in logs and so....
    Just one because of emon i think. Something about corrupted RTF.

    Event Type: Error
    Event Source: MSExchangeIS Mailbox Store
    Event Category: General
    Event ID: 1084
    Date: 09.03.2009
    Time: 14:21:38
    User: N/A
    Computer: ULFS01
    Description:
    There is corruption in rich text format (RTF).

    Compressed RTF size 0x1f9c.Extra data: dwMagic 0x75465a4c. size 0x1f9e, raw size 0xabc8, CRC-32 0x8719529d.
    -checked on eventid.net
    -its about 3rd party addon
    -didn't try to remove Nod32 on Client yet so be 100% sure.
     
  6. api984

    api984 Registered Member

    Joined:
    Mar 16, 2009
    Posts:
    10
    OK. Testing blank email not yet done.

    But.

    Nod32 signature still remains on the server.

    I checked in OWA.
     
  7. api984

    api984 Registered Member

    Joined:
    Mar 16, 2009
    Posts:
    10
    Sorry. I think i know why signatures are added.

    Another PC on the network is reading the same mailbox and adds the signature automatically....

    Blank email must be another story....

    I'll check things out....

    Should thought of that earlier.... My concentration has fallen low... Need some rest...
     
  8. Rmuffler

    Rmuffler Former Eset Moderator

    Joined:
    Jun 26, 2008
    Posts:
    995
    Location:
    San Diego, CA USA
    Hello api984,

    Yep, that would do it. That would have been the second question after trying the restart. Thank you for the update.

    Customer Care should be contacting you to help with resolving this.

    If you have any further concerns or issues be sure to respond to our Customer Care Engineer with them. This way we can keep track of these and possibly use the gained knowledge to help others if they have a similar issue.

    Thank you,
    Richard
     
  9. api984

    api984 Registered Member

    Joined:
    Mar 16, 2009
    Posts:
    10
    Hi. I got 2 emails from ESET. Standard things if I may add. But fair and clear solutions. I think its safe to say at least for now that BLANK EMAIL error is not related with Nod32. I re installed 2 PCs from scratch. Installed standard software and not with
    nod32 to make sure.

    However blank email still go. I read a few forums on this. There was no direct approach for this error or a fix.

    I think I will have to go with alternates.
    Plain text, Attachments. And so on....
    I will post my findings when I find some accurate data for this problem.

    Thanks
     
  10. zhenyavish

    zhenyavish Registered Member

    Joined:
    Mar 23, 2009
    Posts:
    2
    Hello there !
    I have exactly the same symptoms in my company
    Every time when we send emails to Company.All group, some people are receiving them blank. And some are having NOD signature, even if they don’t have it on their system and it's disabled on the senders PC. :mad:

    We have no idea what is going on. Api984, did you find a solution for at least one problem here? :) I'm googling like crazy and nothing so far. I'll post any suitable solution, if I'll find one :)
    thx
     
  11. api984

    api984 Registered Member

    Joined:
    Mar 16, 2009
    Posts:
    10
    For Nod32 Signature in version 2.70+ there is an option to disable Email notification.
    However I also read that Nod32 Could also be a cause to blank email.Read on some forums But In my situation it does not look like it. UNINSTALL && RESTART

    I uninstalled nod32 on the server and a few clients (those that sent mail blank).
    If your users read multiple mailboxes you can expect messages to be signed twice.
    I was also thinking about wide nod32 uninstall.

    My system spec:
    WINDOWS 2003 SBS SP2
    EXCHANGE2000 SP2
    OUTLOOK2003 SP3
    -nod32 2.70.32
    -nod32 3.0.64

    Messages come blank in most cases when they are replied.
    -check messages headers (make sure you receive blank messages as attachment)
    -so you can diff the headers in blank and complete

    My alternative to this was:
    I added so far one pop3 account. entered name, email, smtp, pop3 set to just x.
    smtp server is a local server (my case can be linux with postfix, windows2000 server with SMTPsvc) whitch have a smarthost set up to send mail outside. So far these mail came out correct. I am still guesing at content type and encoding when doing a reply.

    Inside System Manager in Exchange there is nothing much to configure. Only internet message format. That can be specified per domain. I added some trouble domains to that list but I think outlook overrides those settings.

    As for Outllok you can try:
    -Tools Message format:
    -Disable use word as editor... both ticks i think
    -Disable Stationary
    -Set default fonts (Arial)
    -Also check if nod32 emon disabled in AddIns
    -Check encoding (we used iso-8859-1 as default)

    What changed on the System:
    -Clients updated to latest version (Windows SP2, we did not update to SP3)
    -good reason is that PCs are slow and old (no need to make them slower)
    -Windows 2003 SBS was updates from SP1 to SP2
    -Exchange was Updated from SP1 to SP2 (think this might be a problem)

    Things i tryed so far:
    -Uninstalled Nod32 from server
    -Uninstalled Nod32 from clients (few of those who have blank email problem)
    -Updated Outlook to SP3 (waiting for results), checked DOES NOT WORK!
    -Recreated client profiles
    -Format c: /u (my common joke when windows fails to do things) - Reinstalled PCs

    However people refused to use plain text, and print data to PDF from browsers.
    I was thinking about kicking plain text in for safe cause. But I am not sure if I will win this one.
    Some links:

    http://groups.google.com/group/micr...fb226a?lnk=gst&q=blank email#87175e8f24fb226a

    http://www.archivum.info/microsoft.public.exchange.admin/2007-12/msg00879.html

    http://www.petri.co.il/forums/archive/index.php/t-19549.html

    http://support.microsoft.com/kb/883490/

    http://www.tek-tips.com/viewthread.cfm?qid=1524752&page=1

    http://techrepublic.com.com/5208-6230-0.html?forumID=101&threadID=224443&messageID=2245841

    http://www.petri.co.il/forums/archive/index.php/t-6867.html

    No solution for this one yet. At least for my Exchange version i think.
     
    Last edited: Mar 24, 2009
  12. api984

    api984 Registered Member

    Joined:
    Mar 16, 2009
    Posts:
    10
    Server :What Windows OS and Exchange version do you have?
    Clients : OS? Outlook2003?

    PS. I forgot to say those some people also downgraded Outlook. They used version 2002 for this problem too (some said it worked).

    Not on EMON module for Outlook:
    -This module block some email with no reason. You can get an error: CAN'T OPEN ITEM.
    Reproduce with: Outlook - LOOKFOR (search) an old email.

    Also I think you can also get CORRUPT RTF error like one below (but I did not test that because I am still trying to resolve BLANK EMAIL now).
    "Event Type: Error
    Event Source: MSExchangeIS Mailbox Store
    Event Category: General
    Event ID: 1084
    Date: 09.03.2009
    Time: 14:21:38
    User: N/A
    Computer: ULFS01
    Description:
    There is corruption in rich text format (RTF).
    "
     
  13. api984

    api984 Registered Member

    Joined:
    Mar 16, 2009
    Posts:
    10
    Hello.

    Today we also tested plain text.

    Some messages came out ok. Some reported blank.

    Damm. This is really bad.
     
  14. zhenyavish

    zhenyavish Registered Member

    Joined:
    Mar 23, 2009
    Posts:
    2
    Oh... it is really f@cked up.

    We do not have NOD on our server. But when persone with no NOD installed on a local PC sends an email to distribution group inside the company - everybody are getting emails with signature from NOD, even people without this antivirus. And some people are geting blank emails as well...

    Hello!!! People from ESET! Help plz :)
     
  15. api984

    api984 Registered Member

    Joined:
    Mar 16, 2009
    Posts:
    10
    You should uninstall nod32 from Client machines. I made a silent uninstall script that uninstalled nod32 from all PC. When clients start windows this script is ran. PS. When users read multiple mailboxes on exchange and send or receive mail the mail gets signed. NOD32 add-on for Outlook has a bug also I think.... When using search, some mail do not open. You get an error can't open item. So I uninstalled nod on all PCs.

    I was thinking of implementing Deep Freeze to solve most PC problems on Client machines (when PC infected with a virus, on restart pc goes to last state when set-up and configured).

    However I still did not apply latest patch (UPGRADE) on exchange server.
    I resolved blank email using 2 methods:
    -setting clients to send mail using plain text (seems to work at 95%).
    -5% not sure, got some replys from some domains that said it was blank
    -set up a reserve pop3/smtp account (use only SMTP, set pop3 to localhost)
    -smtp was used only (I have 3 smtp servers inside intranet that use smarthosts). So when clients sends mail he or she must select that special account to send mail out.

    I need to talk to my supervisor about installing latest UPGRADE on exchange. Don't wish to mess up thing even more if I apply the latest upgrade.
    Because in most cases always something gets f**ked up on Windows.

    Linux does not have these problems. I have a few linux machines and one giant linux server that work with no problems whatsoever.
    I have made Linux use AD,KRB5 for mail, samba auth. Works ok.
    Some distros don't work well with LDAP on port 389 and you need to try 3268.
    -Samba was used to escape Windows CAL limit (sbs 75 CALS)

    Thats for now.
     
Thread Status:
Not open for further replies.