cancel
Showing results for 
Search instead for 
Did you mean: 
DBO
Level 9

AV load failed

Yesterday, for the first time in at least 2 years, I have started receiving the following messages (at least 200 copies) from 207.67.117.137, a Secure Computing (McAfee) address from Minneapolis.  At the same time, one of our appliance was reporting problem updating it's AV sig...  So, the question now is How is it that the warning e-mail is coming from McAfee and not from the appliance itself???

----------

Dear administrator,

AV Engine load for 'SCANM7.11.37.154.2799' failed. Webwasher uses previous version 'SCANM7.11.27.14.2776'.

--------------

Received: from ([207.67.117.137]) by smtp2.loto-quebec.com with SMTP  id

1FDHWG1.33554424; Wed, 25 Jul 2012 13:51:39 -0400

Date: Wed, 25 Jul 2012 17:33:54 +0000

Subject: AV load failed

Content-Type: text/plain

From: <lq500-sw01@webwasher.com>

Return-Path: lq500-sw01@webwasher.com

X-Auto-Response-Suppress: DR, OOF, AutoReply

X-OriginalArrivalTime: 26 Jul 2012 12:12:54.0521 (UTC) FILETIME=[FC592690:01CD6B27]

0 Kudos
8 Replies
eelsasser
Level 15

Re: AV load failed

Do you have email notifications turned on?

Have you defined a FROM address for the notification as @webwasher.com?

What version?

0 Kudos
DBO
Level 9

Re: AV load failed

Yes and I just change the source e-mail adresss from @webwasher.com to our own domain but, whatever the source address, the e-mail is coming from the outside...  From your own server!!!  That is the strange thing...

Version 6.8.7 build 9396

Ce message a été modifié par: DBO on 26/07/12 22:00:20 CDT
0 Kudos
asabban
Level 17

Re: AV load failed

Hello,

as far as I know this is the external IP address the support lab over there uses. Is it maybe possible that they have setup a feedback with your configuration for troubleshooting that has your eMail notification settings still in place? This is something I have seen in the past. If the SMTP server configured on your machine is available from the outside also a node running in our labs will be able to send notifications and they may look closely like your notifications, but certainly come from the outside.

Can you let us know if you have provided a feedback to support in the last days ?

If there is an open SR in regards to this system where you have provided a feedback please reply to the SR owner and ask if this is possible.

Note: Usually when setting up a customers configuration all notifications are turned off automatically. In some cases it is required  to manually set up ALL the customers settings manually, in this case the above can happen.

Note2: This is just an idea how this could happen...

Best,

Andre

0 Kudos
DBO
Level 9

Re: AV load failed

No open case as far as I know but I just ask around..  There is a feedback file dating from july 12th on the server but I doubt that we ever had a live feedback to support, ever... 

Funny thing is that If I run an alert test for the av, the warning come from our internal smtp server.  This morning, I have received another warning about the AV engine having problem with it's update, again coming from a McAfee external server...  Our proxy don't have smtp active and are not accesible from the outside.

0 Kudos
asabban
Level 17

Re: AV load failed

Hello,

very strange. Do you mind sending me one of those eMails in its complete source? I would like to have a look at all the headers, maybe that helps finding our where that eMail comes from. You could contact me via IM and I will share my eMail address. We probably do not want to expose all the information on the community.

Best,

Andre

0 Kudos
DBO
Level 9

Re: AV load failed

No problem.  How can I send that via private mail?

0 Kudos
DBO
Level 9

Re: AV load failed

Evidently, found out just after posting...

0 Kudos
asabban
Level 17

Re: AV load failed

No problem :-)

I asked some colleagues to research. I will get back to you shortly.

Best,

Andre

0 Kudos