Duncan Mac Leod

Member
  • Content Count

    35
  • Joined

  • Last visited

Everything posted by Duncan Mac Leod

  1. Ok, thank you, I'll give it a try. Didn't look at the parameters the last year(s) ­čśë ! When I coded our Virus Check, there was no /am switch.
  2. Hi, we are using the CommandLine Scanner to detect Malware in Email-Message-Source-Format (RAW). Works with EICAR-Test-Virus and we often detect viruses in our mails (source) before they are received by our backend-servers. I must admit, we did not go into further debugging as it works with EICAR and we usually catch some viruses from time to time. But today we noticed that an attached Word-Document (infected) passes the command-line scanner in Email-Message-Source-Format (RAW) with the attachment in MIME encoded and didn't get recognized by the command-line scanner. But as we put the Document from our Mail as File on Disk, it was recognized (File-Explorer Menu-Scan) as VB:Trojan.Agent.DLEJ (B). Strange! FYI: any Mail that is received by our servers is put to disk (file - raw mail source), then scanned by the command-line scanner and if it is OK (checking return code and output from the scanner), post-processing continues to our backend-servers. Unfortunately, our Admin has deleted the Mail and the File on Disk, so we neither cannot provide you the file nor the mail - sorry! Are there any differences in scanning Mail-Source (MIME-Attachments)?
  3. Everything seems to work again. No more issues on 2012 R2 servers. Indeed there is a connection between AV scanner in file explorer (right mouse click on file -> scan) and the Command Line Scanner. Tested first in file explorer, no more hangs. Then we used the Command Line Scanner, no problems so far. Thank you for fixing (whatever you did ;-) !). P.S.: I DID NOT disable self-protection.
  4. We had the same problem with a Win 2K8 R2 server. I 've read in another posting on this forum that reset to default settings will solve the problem. We did not test this, but we did a complete uninstall (cleaned also all settings) and did install EMSIsoft again. No more crashes, no more errors. HTH
  5. Yes, all 2012 R2 Servers are 64-bit! Any ETA for the fix? Should we switch to Beta-Channel to get the fix asap?
  6. Sorry, memory dump not possible as our company has very strict policy for data security. I try to ask a friend of mine for a memory dump as he has exact the same issue on his 2012 R2 server. Oh, one more thing. My friend send me the file logs.db3 of his system and I am allowed to provide you with that data. If you want it for debugging, please mail me at: ******** and I'll send it to you. We also found out that using AV scanner in file explorer (selected some files for scanning, right mouse click -> scan with EMSI) hangs EMSI completely (see our screenshot). This occured on our system and on my friend's system, so I am sure you can reproduce this behavior on every 2012 R2 server. I also assume that this error/behavior is connected to our command line scanner problem.
  7. I 've installed the EMSIsoft AV Software for Windows Server (a2cmd.exe is part of it). Downloaded LATEST Version yesterday from your Site to make a reinstall, after I could not fix the problem. After reinstall problems still exist. Parameters are: /f="<Filename>" /s /pup /a Please read my posting exactly. My application is running for YEARS without any problems. The problem occured yesterday for the very first time. A friend of mine who is also running EMSIsoft on a 2012 R2 server told me that he noticed the same 'HANG' of his service (completely different software, not my software) using the scanner. As I reported in my previous post, our two Win 2008 R2 server are not affected so far. These 'hangs' started yesterday before MS released their patches and after the patches the situation is still the same.
  8. I am using the Command Line Scanner within my Application scanning incoming files in a certain directory. My Application opens a DOS process in which we run the command line scanner, capturing the output and analysing the results (I wrote a little parser for the output). This worked for the last years without any problems. We use it on three servers, 2 of them are running Windows Server 2008 R2 and 1 server runs on Windows Server 2012 R2. Since yesterday the 2012 R2 server had problems running the command line scanner, the process hangs and did not finish. The other 2 servers on 2008 R2 are still running without any problems. I did a reinstall of EMSIsoft on the 2012 R2, the problem still exists. Are there any known problems on 2012 R2 using the Command Line Scanner?
  9. Hallo EMSIsoft, bitte um kurze Stellungnahme zu FinFisher - erkennt eure AV dies? In der CHIP (http://www.chip.de/news/Nach-CCleaner-Hack-Verseuchte-Versionen-von-WhatsApp-VLC-und-Skype_123962083.html) wird n├Ąmlich behauptet, dass ESET dies k├Ânnte. Zitat aus dem o.g. Artikel: "Die betroffenen infizierten Dateien von VLC & Co. wurden aber unter anderem auch in Deutschland gesichtet. ESET will die Spionage-Software mit seinem Free Online Scanner entdecken und entfernen k├Ânnen."
  10. Hallo EMSIsoft, kurze Frage: heisst das konkrekt, dass der normale AV eine Firewallintegration (der Windows-Firewall) bekommt, oder betrifft dies nur die EIS version? M├Âchte n├Ąmlich nicht, dass sich unser AV an der Firewall zu schaffen macht!
  11. Thank you! Using the new BETA fixed the problem - any news on the release date?
  12. Running Windows 10 workstations (members of an AD-Domain) with EMSIsoft freezes Workstations after User Logoff. Even local User Accounts (i.e. local Administrator, or some other local User) are affected, not only Domain Users. Tested it with 3 different AD Domains(!!)/Networks. As soon as we disable all EMSIsoft components, the logoffs are working again with no freeze. Is there anything special/different during the logoff event if EMSIsoft is enabled? As I said, it only happens on Win10 stations, which are Domain-Members (every account, local AND domain accounts). Please help!
  13. Wow! Thank you! You pointed me in the right direction -> doesn't regognize as Server OS !! I had one Worksation key left and was able to successfully register EMSI AntiMalware with a Workstation Key(!!) on Server 2016 :-) ! Hope this helps you to fix your software! Best regards and have a nice weekend. P.S.: I will use my workstation key on my server till this issue is fixed.
  14. WHEN will EMSIsoft AntiMalware run on Windows Server 2016 ? Please release an update soon, cause my 30 days trial will expire in 9 days and it does not recognize/register with one of my server licenses. EMSI support says that EMSIsoft AntiMalware currently does not support Windows Server 2016 and I should use it in trial mode till this issue is fixed.
  15. The Update issues on all 11 servers have been resolved due to the latest updates some days ago (6/20/2016). No more problems.
  16. Same issues here on 11 Servers! Workstations seem to be OK. No more automatic updates - need to go on every server each day and have to run a manual update :-( ! StartScreen show 42 objects in Quarantine, but we cleared the Quarantine for nearly over a week. So it seems that the StartScreen does not reflect the *real* situation. Some days ago (03. June 2016 / 15:28) the machine stopped with automatic updates till 12. June 09:53, the hourly updates worked again over the day till 18:53. Since then no more automatic updates. And I've noticed some event log entries like: Name der fehlerhaften Anwendung: a2service.exe, Version: 11.8.0.6465, Zeitstempel: 0x574f37f3 Name des fehlerhaften Moduls: ntdll.dll, Version: 6.1.7601.23418, Zeitstempel: 0x5708a857 Ausnahmecode: 0xc0000374 Fehleroffset: 0x00000000000bf262 ID des fehlerhaften Prozesses: 0x1b0 Startzeit der fehlerhaften Anwendung: 0x01d1c02d9c54a22b Pfad der fehlerhaften Anwendung: C:\Program Files (x86)\Emsisoft Anti-Malware\a2service.exe Pfad des fehlerhaften Moduls: C:\Windows\SYSTEM32\ntdll.dll Berichtskennung: e86b8167-316b-11e6-930e-40f2e9248522
  17. Weird????? We have 10 Windows Servers up and running, 5 of them are Domain Controllers. 2x SQL Server failure, total crash of the service. Need to take off every service on 5 locations, complete reboot. We really had a 'nice' evening. THANK YOU! :-(
  18. That's really bad ! Cause I have a lot of Eureka pop-ups using the command line scanner...
  19. I want to test the Beta with my Commandline-Scanner version of EMSIsoft. Unfortunately I cannot get the new BETA Engine if I trigger the Beta-Update with /s /ub ! The Engine stays on version: 9.0.0.4570
  20. same here on 2 servers (command line scanner) Version : 7.0.6.0 Date : Wed, 29 Oct 2014 17:27:41 +0100 OS : Microsoft Windows 2008 R2 (64 bit) RAD : BDS 7.0 Dump : $8B $40 $08 $89 $45 $F8 $33 $C0 $5A $59 $59 $64 $89 $10 $68 $BB $2D $54 $00 $8B $45 $FC $E8 $F1 $DC $FF $FF $C3 $E9 $DF $37 $EC Section : ExceptionHandlerHook Descr : Address : $00542D98 - [00400000] a2cmd.exe - - - - 0[0] Module : a2cmd.exe Exception : EAccessViolation Message : Access violation at address 00542D98 in module 'a2cmd.exe'. Read of address 414C4F51 Call Stack : 00 $00542D98 - [00400000] a2cmd.exe 01 $00542D98 - [00400000] a2cmd.exe LastAddr : LastModule : LastException : LastMessage : Call Stack : ActiveObj : (Non-Delphi exception) External exception C0000005 00000008 00000000 ActiveAddr : $00000000 - [00000000] a2cmd.exe - - - - 0[0]
  21. Ich w├╝rde eher mal testen, ob es am AUTH LOGIN liegt, unabh├Ąngig jetzt vom STARTTLS. Wir setzen unseren eigenen Mail-Server (selbst gecoded wg, SPAM-Problemem mit Standard-Mail-Servern) ein und hatten Probleme, da EMSIsoft (weiss jetzt nicht mehr genau, ob es die Enterprise Console oder der Scanner selbst war), bei der ├ťbermittlung von AUTH LOGIN gleich den Username mit ├╝bermittelt, was zwar un├╝blich, aber laut RFC -der an dieser Stelle etwas 'ungenau' ist- dennoch erlaubt ist. Die ├╝berwiegende Mehrheit sendet ein AUTH LOGIN, darauf der Server ein: 334 VXNlcm5hbWU6 => VXNlcm5hbWU6 ist BASE64 encoded => Username:, dann erst sendet der Client den Username in Base64 und der Server fragt in Base64 nach: Password: (334 UGFzc3dvcmQ6), dann sendet der Client das Password. Es ist aber erlaubt, wenn auch sehr 'un├╝blich', dass man den Username gleich nach dem AUTH LOGIN ├╝bertr├Ągt: z.B. AUTH LOGIN ZHVtbXk= Wir haben daraufhin das Handling unseres AUTH LOGIN innerhalb unserer SMTP Engine angepasst (kann aber leider nicht mehr sagen, ob es der EMSIsoft Client, oder die Enterprise Console war, die sich so verhalten haben). Vielleicht ist das bei Dir ja auch der Grund, warum es nicht geht. Wenn Du willst, teste ich das gerne hier noch mal bei uns durch. NACHTRAG: Port 465 (SMTPS) ist eigentlich obsolet (durch STARTTLS auf Port 587/25 abgel├Âst) und sollte nicht mehr daf├╝r verwendet werden (587 ist der Standard Submission Port, auf 25 'sollte' eigentlich auch nix mehr client-seitig eingeliefert werden), da Port 465 mittlerweile f├╝r Source Specific Multicast f├╝r Audio und Video reserviert ist.
  22. ...poppt ein Fenster mit Aktionen hoch. Wie bekomme ich das weg? Ich m├Âchte keine Extra-Best├Ątigung machen, da bei uns Java-Updates silent im Hintergrund laufen sollen. Das liegt doch bestimmt an der Verhaltens├╝berwachung? Welchen Haken muss ich deaktivieren?
  23. Hallo, habe den folgenden Artikel auf heise.de gefunden: http://www.heise.de/newsticker/meldung/Schutzlose-Waechter-Antiviren-Software-als-Sicherheitsluecke-2277782.html Vielleicht kann ja mal jemand von EMSIsoft das kommentieren..? DANKE!