This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Antispam filter fails to filter after last update?

I see that a lot of spam messages passing my smg.  And it seems that it started after my last update.

Unfortunately it is not only me ... at least two other customers are complaining and suffer the same behavior. One of them has enhanced filters, for the second one I have opened a case (no results so far).

Here is an example from one customer .. 


Use "Verified Answers" if your problem/issue has been solved!

Parents
  • 0  

    Hello Diethmar,

    so far i have not yet noticed something llike that, but if this is an issue, we have problem. 


    During the last update, we updated the Bitdefender API.

    It should now be bumped to version: 

    BitDefender bdavserver version 3.3.2

    If you execute this command on your SMG Server, you should be able to verify, which version your SMG service is using.

    /opt/microfocus/smg/services/av-as/app/bdamserver -version

    Besides checking the actual In-Use version, for troubleshooting purposes monitoring the API scans and results we get back from Bitdefender might be an option to check if the results are now 'worse' than with the older API.

    Therefor you could enable a more verbose logging on the SMG-level. 

    In the file bdasserver.conf, which you can find  below /opt/microfocus/smg/services/av-as/app directory there are logging options.

    #PathLog=/opt/microfocus/smg/services/logs/bdas.log
    PathLog=/vastorage/smg/services/logs/bdas.log
    #PathLog=

    # Enables debugging log. Grows up very fast, do not use for production!
    #
    LogDebug=1

    # Enables scan request logging.
    #
    LogScanRequests=1

    # Enables opening the log file in APPEND mode. Do not enable on NFS!
    #
    LogAppend=0

    If you enable these 3 options, or 4 if you like appending on log-files, after a SMG-service restart via '$ service smg restart' you should get more information on what actually is communicated between SMG and the Bitdefender API and are able to see if there are communication-problems appearing.

    Thank you,

    Georg

  • 0   in reply to   

    Well, my server seems to be on current version. I will enable logging ...


    Use "Verified Answers" if your problem/issue has been solved!

  • 0   in reply to   

    I see something like that:

    Tue Aug 15 17:55:52 2023 [B0AF1100] DEBUG: Starting client thread
    Tue Aug 15 17:55:52 2023 [AB73B700] DEBUG: A new client connection thread is started successfully
    Tue Aug 15 17:55:52 2023 [AB73B700] ERROR: Invalid scan options: anti-malware license is not configured, but anti-malware related scan options are present: 0x00000000
    Tue Aug 15 17:55:52 2023 [B0AF1100] DEBUG: Accepted a new Unix socket connection at /vastorage/smg/services/av-as/app/bdassock
    Tue Aug 15 17:55:52 2023 [B0AF1100] DEBUG: Starting client thread
    Tue Aug 15 17:55:52 2023 [B0AF1100] DEBUG: Accepted a new Unix socket connection at /vastorage/smg/services/av-as/app/bdassock
    Tue Aug 15 17:55:52 2023 [B0AF1100] DEBUG: Starting client thread


    Use "Verified Answers" if your problem/issue has been solved!

  • 0   in reply to   

    A successful scan in the logs, would look something like this:


    Mon Aug 14 12:55:34 2023 [6DB48100] DEBUG: Accepted a new Unix socket
    connection at /vastorage/smg/services/av-as/app/bdassock
    Mon Aug 14 12:55:34 2023 [6DB48100] DEBUG: Starting client thread
    Mon Aug 14 12:55:34 2023 [683CF700] DEBUG: A new client connection
    thread is started successfully
    Mon Aug 14 12:55:34 2023 [687D1700] DEBUG: A new client connection
    thread is started successfully
    Mon Aug 14 12:55:34 2023 [687D1700] SCAN: Scanning file
    /opt/microfocus/smg/smg-smtp/private/1_11011/temp/~3v62v7vho0.71idk216948fusg63d.tmp
    for spam
    Mon Aug 14 12:55:34 2023 [687D1700] DEBUG: AntiSpam SDK: scan succeed,
    result 00000000, header Build: [Engines: 2.17.4.1488, Stamp: 3], Multi:
    [Enabled, t: (0.000021,0.006722)], BW: [Enabled, t:
    (0.000027,0.000001)], RTDA: [Enabled, t: (0.076349), Hit: No, Details:
    v2.56.0; Id: 15.vlnn8.1h7pqvm0o.47f3; mclb;
    wl[sign_wl(99f91655f35e9db05a099af0cefec56f:ai)]], total: 0(775)
    Mon Aug 14 12:55:34 2023 [687D1700] SCAN: Anti-spam scan completed for
    file
    /opt/microfocus/smg/smg-smtp/private/1_11011/temp/~3v62v7vho0.71idk216948fusg63d.tmp,
    status: CLEAN
    Mon Aug 14 12:55:34 2023 [687D1700] DEBUG: Scan took 84msec
    Mon Aug 14 12:55:34 2023 [687D1700] DEBUG: Client closed connection
    (read).

    Also should be lines in that log-file  indicating the correct loaded license:
    Mon Aug 14 12:50:07 2023 [6DB48100] INFO: Configured licenses
    functionality: "antispam"

    As this goes very much into detail, let us discuss this further via your already opened service-request, so we can present our solution here, once we have found the cause of the bad spam detection.

  • 0 in reply to   

    we have the same issues

    BitDefender bdavserver version 3.3.2, Copyright (C) BitDefender SRL 2009-2023, built at Jun 30 2023, 15:41:29

    Wed Aug 16 11:20:54 2023 [5D159100] DEBUG: Accepted a new Unix socket connection at /vastorage/smg/services/av-as/app/bdassock
    Wed Aug 16 11:20:54 2023 [5D159100] DEBUG: Starting client thread
    Wed Aug 16 11:20:54 2023 [53FFF700] DEBUG: A new client connection thread is started successfully
    Wed Aug 16 11:20:54 2023 [5D159100] DEBUG: Accepted a new Unix socket connection at /vastorage/smg/services/av-as/app/bdassock
    Wed Aug 16 11:20:54 2023 [5D159100] DEBUG: Starting client thread
    Wed Aug 16 11:20:54 2023 [53DFE700] DEBUG: A new client connection thread is started successfully
    Wed Aug 16 11:20:54 2023 [53DFE700] ERROR: Invalid scan options: anti-malware license is not configured, but anti-malware related scan options are present: 0x00000000
    Wed Aug 16 11:20:54 2023 [53DFE700] DEBUG: Client closed connection (read).
    Wed Aug 16 11:20:54 2023 [53DFE700] DEBUG: Exiting client thread

  • 0 in reply to 

    i've installed a new SMG with the most current OVA Image for testing purpuse.

    and bitdefender is working

     A new client connection thread is started successfully
    Tue Aug  8 16:39:18 2023 [8C77E700] SCAN: Scanning file /opt/microfocus/smg/smg-smtp/private/1_11010/temp/~3v7s1vvto0.11id4ksm6ud01673kvd.tmp for spam
    Tue Aug  8 16:39:19 2023 [8C77E700] DEBUG: AntiSpam SDK: scan succeed, result 00000000, header  Build: [Engines: 2.17.4.1488, Stamp: 3], Multi: [Enabled, t: (0.000004,0.011131)], BW: [Enabled, t: (0.000013)], RTDA: [Enabled, t: (0.937655), Hit: No, Details: v2.56.0; Id: 15.zr47v.1h7usdd8q.3m2f; mclb], total: 0(775)
    Tue Aug  8 16:39:19 2023 [8C77E700] SCAN: Anti-spam scan completed for file /opt/microfocus/smg/smg-smtp/private/1_11010/temp/~3v7s1vvto0.11id4ksm6ud01673kvd.tmp, status: CLEAN
    Tue Aug  8 16:39:19 2023 [8C77E700] DEBUG: Scan took 963msec
    Tue Aug  8 16:39:19 2023 [8C77E700] DEBUG: Client closed connection (read).
    Tue Aug  8 16:39:19 2023 [8C77E700] DEBUG: Exiting client thread

  • 0   in reply to 

    The difference is - I and others updated to current version. And it was working before ...


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    we have the same issue with all updated machines too

  • 0   in reply to 

    I hope Georg and devs are working in the background Thinking


    Use "Verified Answers" if your problem/issue has been solved!

  • 0 in reply to   

    How is it possible, that the devs obviously did not test update to new version?

  • 0   in reply to   
    I hope Georg and devs are working in the background Thinking

    I'm glad I waited to install the update. Slight smile

    I'll wait a little longer to see what transpires. Unamused

    __________
    Kevin Boyle, 
    Knowledge Partner

    Calgary, Alberta, Canada

  • 0   in reply to   

    So early birds will be punished Disappointed relieved


    Use "Verified Answers" if your problem/issue has been solved!

Reply Children
  • 0   in reply to   

    Everyone,

    This has been duplicated in house and the issue is in the engine code from Bit Defender.  We reached out to them yesterday and they did acknowledge that the defect is on their side.  We are now just waiting for a fix from them.  Right now, we do not have an ETA but I hope it won't be too long.

    Pam

  • 0   in reply to   

    Pam, thank you for your feedback.

    So I have two kinds of customers now.

    • My early birds (including myself) who have been already upgraded. They are not happy and suffer this issue now.
    • And my late birds, who are still on the older build. They are happy and antispam is working as desired ..

    Use "Verified Answers" if your problem/issue has been solved!

  • 0   in reply to   

    Any news from devs? Antispam is basic feature we want/have to use ...


    Use "Verified Answers" if your problem/issue has been solved!

  • 0   in reply to   

    They haven't notified me yet of the progress so let ping them when they come online.  I should have something for you later today.

    Pam

  • 0   in reply to   

    All - I do apologize for not getting back to this yesterday.  We heard from the folks at BitDefender on Monday.  They said at that time they were reporting this to their development team.  They did not give us an ETA for a solution.  Our SMG dev team is working on a "fix" that will roll out the BitDefender fixes that caused this issue.  If we have not heard anything from them, we will release this patch early next week.  I will makes sure to post that information as soon as I have it.

    Pam

  • 0   in reply to   

    All - I just posted in the Tips/News/Events community.  We will be posting the fix for this later this afternoon or evening.  This is readme that will go with it:

    A problem was found with the latest bitdefender update that was included in the 23.3.1 SMG release.  This problem resulted in the Anti-Spam filter failing to successfully scan the message.  This release restores the prior bitdefender components until the problem is resolved with the new bitdefender components.

    So  you will be able to grab this at the start of your day and get your early bird customers fixed  :-)

  • Verified Answer

    +1   in reply to   

    We had some network issues yesterday which delayed the posting of the patch but it is out there now!

  • 0   in reply to   
    it is out there now!

    That's good news.

    It's difficult to believe that any QA testing was done before the OCT738115 - Update Bitdefender engine was released. How could such an obvious issue simply be overlooked?

    __________
    Kevin Boyle, 
    Knowledge Partner

    Calgary, Alberta, Canada

  • 0   in reply to   

    That's not an answer I have Kevin, sorry

  • 0   in reply to   
    That's not an answer I have Kevin, sorry

    No... in hindsight it was unfair of me to direct it at you. Still though, it is a question that needs to be asked and answered if for no other reason than to mitigate the risk of it happening again.

    __________
    Kevin Boyle, 
    Knowledge Partner

    Calgary, Alberta, Canada