Antivirus Activity Log missing

Discussion forum for Enterprise Edition.
Post Reply
Matth
Posts: 101
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

Antivirus Activity Log missing

Post by Matth » Wed Mar 25, 2020 2:58 pm

I have configured the ClamAV antivirus on the server.

The Message Filter is enabled and when I Test the settings, then I get a positive result with a return code: 1

The Activity Log is set to: D:\Program Files (x86)\Mail Enable\Logging\MTA

Yet when I check there, or in the Antivirus Logs, there is only an old log file from September 2019. Nothing after that, despite having restarted the MTA service and disabled/enabled the Antivirus Filter.

Is the Antivirus scan even working? How can I check if the messages are scanned?

MailEnable-Ian
Site Admin
Posts: 9106
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Antivirus Activity Log missing

Post by MailEnable-Ian » Mon Apr 06, 2020 2:10 am

Hi,

Have you created a Filter for AV checks under the "Filter" node within the administration console and configured an action to delete etc?
Regards,

Ian Margarone
MailEnable Support

Matth
Posts: 101
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

Re: Antivirus Activity Log missing

Post by Matth » Mon Apr 06, 2020 3:07 am

Yes. There is a enabled filter for "Where the message contains a virus". It copies it to the Quarantine directory and then deletes the message.

But no logs show up.

MailEnable-Ian
Site Admin
Posts: 9106
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Antivirus Activity Log missing

Post by MailEnable-Ian » Thu Apr 09, 2020 12:39 am

Hi,

Download process monitor and then configure it to filter on the memta.exe (MTA agent) process. Run the service and check for access denied errors on the logging paths.
Regards,

Ian Margarone
MailEnable Support

Matth
Posts: 101
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

Re: Antivirus Activity Log missing

Post by Matth » Fri Apr 17, 2020 8:05 am

I tried that. There's a whole bunch of lines, and most of them have a result of "SUCCESS". A few show other messages, but none is with an error or access denied. I copied a part out:

Code: Select all

15:57:20.8070407	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Resident	SUCCESS	Desired Access: Query Value
15:57:20.8070521	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Resident\Status	SUCCESS	Type: REG_DWORD, Length: 4, Data: 0
15:57:20.8070593	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Resident	SUCCESS	
15:57:20.8070683	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8070743	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER	SUCCESS	Desired Access: Query Value
15:57:20.8070827	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER\Antivirus Scratch Directory	SUCCESS	Type: REG_SZ, Length: 86, Data: D:\Program Files (x86)\Mail Enable\Scratch
15:57:20.8070893	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER\Antivirus Scratch Directory	SUCCESS	Type: REG_SZ, Length: 86, Data: D:\Program Files (x86)\Mail Enable\Scratch
15:57:20.8070953	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER	SUCCESS	
15:57:20.8071406	MEMTA.EXE	6092	CreateFile	D:\Program Files (x86)\Mail Enable\Queues	NAME COLLISION	Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0
15:57:20.8072421	MEMTA.EXE	6092	CreateFile	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Create, Options: Directory, Synchronous IO Non-Alert, Open Reparse Point, Attributes: N, ShareMode: Read, Write, AllocationSize: 0, OpenResult: Created
15:57:20.8072988	MEMTA.EXE	6092	CloseFile	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	
15:57:20.8073186	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8073261	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	Desired Access: Query Value
15:57:20.8073366	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Status	SUCCESS	Type: REG_DWORD, Length: 4, Data: 1
15:57:20.8073438	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	
15:57:20.8073900	MEMTA.EXE	6092	CreateFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	Desired Access: Generic Read, Disposition: Open, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Open Reparse Point, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8074077	MEMTA.EXE	6092	QueryAttributeTagFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	Attributes: A, ReparseTag: 0x0
15:57:20.8074162	MEMTA.EXE	6092	QueryStandardInformationFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	AllocationSize: 12,288, EndOfFile: 8,435, NumberOfLinks: 1, DeletePending: False, Directory: False
15:57:20.8074219	MEMTA.EXE	6092	QueryBasicInformationFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	CreationTime: 17/04/2020 15:57:17, LastAccessTime: 17/04/2020 15:57:17, LastWriteTime: 17/04/2020 15:57:18, ChangeTime: 17/04/2020 15:57:18, FileAttributes: A
15:57:20.8074300	MEMTA.EXE	6092	QueryStreamInformationFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	0: ::$DATA
15:57:20.8074414	MEMTA.EXE	6092	QueryBasicInformationFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	CreationTime: 17/04/2020 15:57:17, LastAccessTime: 17/04/2020 15:57:17, LastWriteTime: 17/04/2020 15:57:18, ChangeTime: 17/04/2020 15:57:18, FileAttributes: A
15:57:20.8074486	MEMTA.EXE	6092	QueryEaInformationFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	EaSize: 0
15:57:20.8074945	MEMTA.EXE	6092	CreateFile	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT	SUCCESS	Desired Access: Generic Read/Write, Delete, Write DAC, Disposition: OverwriteIf, Options: Sequential Access, Synchronous IO Non-Alert, Non-Directory File, Attributes: A, ShareMode: None, AllocationSize: 8,435, OpenResult: Created
15:57:20.8075731	MEMTA.EXE	6092	QueryAttributeInformationVolume	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT	SUCCESS	FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00000, MaximumComponentNameLength: 255, FileSystemName: NTFS
15:57:20.8075818	MEMTA.EXE	6092	QueryBasicInformationFile	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT	SUCCESS	CreationTime: 17/04/2020 15:57:20, LastAccessTime: 17/04/2020 15:57:20, LastWriteTime: 17/04/2020 15:57:20, ChangeTime: 17/04/2020 15:57:20, FileAttributes: A
15:57:20.8075884	MEMTA.EXE	6092	QueryAttributeInformationVolume	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	FileSystemAttributes: Case Preserved, Case Sensitive, Unicode, ACLs, Compression, Named Streams, EFS, Object IDs, Reparse Points, Sparse Files, Quotas, Transactions, 0x3c00000, MaximumComponentNameLength: 255, FileSystemName: NTFS
15:57:20.8076062	MEMTA.EXE	6092	QueryRemoteProtocolInformation	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI	INVALID PARAMETER	
15:57:20.8076164	MEMTA.EXE	6092	QuerySecurityFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	Information: Attribute
15:57:20.8076287	MEMTA.EXE	6092	SetEndOfFileInformationFile	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT	SUCCESS	EndOfFile: 8,435
15:57:20.8076611	MEMTA.EXE	6092	ReadFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	Offset: 0, Length: 8,435, Priority: Normal
15:57:20.8076824	MEMTA.EXE	6092	WriteFile	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT	SUCCESS	Offset: 0, Length: 8,435, Priority: Normal
15:57:20.8077094	MEMTA.EXE	6092	SetBasicInformationFile	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT	SUCCESS	CreationTime: 01/01/1601 08:00:00, LastAccessTime: 01/01/1601 08:00:00, LastWriteTime: 17/04/2020 15:57:18, ChangeTime: 17/04/2020 15:57:18, FileAttributes: n/a
15:57:20.8077280	MEMTA.EXE	6092	QueryRemoteProtocolInformation	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT	INVALID PARAMETER	
15:57:20.8077361	MEMTA.EXE	6092	CloseFile	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT	SUCCESS	
15:57:20.8077460	MEMTA.EXE	6092	CloseFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\Messages\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	
15:57:20.8077601	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8077682	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER	SUCCESS	Desired Access: Query Value
15:57:20.8077793	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER\Antivirus Scratch Directory	SUCCESS	Type: REG_SZ, Length: 86, Data: D:\Program Files (x86)\Mail Enable\Scratch
15:57:20.8077860	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER\Antivirus Scratch Directory	SUCCESS	Type: REG_SZ, Length: 86, Data: D:\Program Files (x86)\Mail Enable\Scratch
15:57:20.8077929	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MTAFILTER	SUCCESS	
15:57:20.8078001	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8078064	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters	SUCCESS	Desired Access: Query Value
15:57:20.8078151	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Processing Order	BUFFER OVERFLOW	Length: 144
15:57:20.8078208	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Processing Order	SUCCESS	Type: REG_SZ, Length: 216, Data: MEAVCLM,MEAVFPI,MEAVFPI6,MEAVGR7,MEAVGR8,MEAVGRI,MEAVMAC,MEAVNAV,MEAVNOR,MEAVPAN,MEAVSOP,MTAFILTER,Resident
15:57:20.8078259	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Processing Order	BUFFER OVERFLOW	Length: 144
15:57:20.8078304	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Processing Order	SUCCESS	Type: REG_SZ, Length: 216, Data: MEAVCLM,MEAVFPI,MEAVFPI6,MEAVGR7,MEAVGR8,MEAVGRI,MEAVMAC,MEAVNAV,MEAVNOR,MEAVPAN,MEAVSOP,MTAFILTER,Resident
15:57:20.8078364	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters	SUCCESS	
15:57:20.8078436	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8078496	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	Desired Access: Query Value
15:57:20.8078571	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Status	SUCCESS	Type: REG_DWORD, Length: 4, Data: 1
15:57:20.8078631	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	
15:57:20.8078700	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8078757	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	Desired Access: Query Value
15:57:20.8078826	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Status	SUCCESS	Type: REG_DWORD, Length: 4, Data: 1
15:57:20.8078886	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	
15:57:20.8078952	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8079009	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	Desired Access: Query Value
15:57:20.8079078	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Status	SUCCESS	Type: REG_DWORD, Length: 4, Data: 1
15:57:20.8079153	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	
15:57:20.8079225	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8079285	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	Desired Access: Query Value
15:57:20.8079363	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Antivirus Agent Plugin Enabled	NAME NOT FOUND	Length: 144
15:57:20.8079420	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	
15:57:20.8079982	MEMTA.EXE	6092	QueryOpen	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT	SUCCESS	CreationTime: 17/04/2020 15:57:20, LastAccessTime: 17/04/2020 15:57:20, LastWriteTime: 17/04/2020 15:57:18, ChangeTime: 17/04/2020 15:57:18, AllocationSize: 12,288, EndOfFile: 8,435, FileAttributes: A
15:57:20.8080207	MEMTA.EXE	6092	CreateFile	D:\	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8080360	MEMTA.EXE	6092	QueryDirectory	D:\Program Files (x86)	SUCCESS	Filter: Program Files (x86), 1: Program Files (x86), FileInformationClass: FileBothDirectoryInformation
15:57:20.8080531	MEMTA.EXE	6092	CloseFile	D:\	SUCCESS	
15:57:20.8081002	MEMTA.EXE	6092	CreateFile	D:\Program Files (x86)	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8081146	MEMTA.EXE	6092	QueryDirectory	D:\Program Files (x86)\Mail Enable	SUCCESS	Filter: Mail Enable, 1: Mail Enable, FileInformationClass: FileBothDirectoryInformation
15:57:20.8081275	MEMTA.EXE	6092	CloseFile	D:\Program Files (x86)	SUCCESS	
15:57:20.8081726	MEMTA.EXE	6092	CreateFile	D:\Program Files (x86)\Mail Enable\Scratch	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8081867	MEMTA.EXE	6092	QueryDirectory	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	Filter: 4CEDA2502BE0430BB4DF436F3489741F.MAI, 1: 4CEDA2502BE0430BB4DF436F3489741F.MAI, FileInformationClass: FileBothDirectoryInformation
15:57:20.8081999	MEMTA.EXE	6092	CloseFile	D:\Program Files (x86)\Mail Enable\Scratch	SUCCESS	
15:57:20.8082578	MEMTA.EXE	6092	CreateFile	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT	SUCCESS	Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, Write, AllocationSize: n/a, OpenResult: Opened
15:57:20.8082752	MEMTA.EXE	6092	QueryStandardInformationFile	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT	SUCCESS	AllocationSize: 12,288, EndOfFile: 8,435, NumberOfLinks: 1, DeletePending: False, Directory: False
15:57:20.8082827	MEMTA.EXE	6092	CloseFile	D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT	SUCCESS	
15:57:20.8083013	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8083088	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	Desired Access: Query Value
15:57:20.8083184	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Antivirus Agent	SUCCESS	Type: REG_SZ, Length: 96, Data: C:\Program Files (x86)\ClamWin\bin\clamscan.exe
15:57:20.8083241	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Antivirus Agent	SUCCESS	Type: REG_SZ, Length: 96, Data: C:\Program Files (x86)\ClamWin\bin\clamscan.exe
15:57:20.8083301	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	
15:57:20.8083370	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8083427	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	Desired Access: Query Value
15:57:20.8083503	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Antivirus Parameters	BUFFER OVERFLOW	Length: 144
15:57:20.8083560	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Antivirus Parameters	BUFFER OVERFLOW	Length: 144
15:57:20.8083608	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Antivirus Parameters	SUCCESS	Type: REG_SZ, Length: 282, Data: "[AGENT]" "[FILENAME]" --no-summary --database="C:\ProgramData\.clamwin\db\main.cld"  --tempdir="C:\Program files (x86)\Mail Enable\Scratch"
15:57:20.8083671	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	
15:57:20.8083725	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8083782	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	Desired Access: Query Value
15:57:20.8083854	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Parse Result Status	NAME NOT FOUND	Length: 144
15:57:20.8083908	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	
15:57:20.8083959	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8084013	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	Desired Access: Query Value
15:57:20.8084082	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM\Single Instance	NAME NOT FOUND	Length: 144
15:57:20.8084133	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\MEAVCLM	SUCCESS	
15:57:20.8084220	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:20.8084274	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters	SUCCESS	Desired Access: Query Value
15:57:20.8084346	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters\Process Timeout	SUCCESS	Type: REG_DWORD, Length: 4, Data: 20000
15:57:20.8084403	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\Agents\MTA\Filters	SUCCESS	
15:57:20.8085712	MEMTA.EXE	6092	CreateFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8085880	MEMTA.EXE	6092	QueryBasicInformationFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	CreationTime: 28/05/2019 10:42:43, LastAccessTime: 28/05/2019 10:42:43, LastWriteTime: 03/03/2018 18:27:34, ChangeTime: 28/05/2019 10:42:43, FileAttributes: A
15:57:20.8085955	MEMTA.EXE	6092	CloseFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	
15:57:20.8087032	MEMTA.EXE	6092	CreateFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	Desired Access: Read Attributes, Disposition: Open, Options: Open Reparse Point, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8087164	MEMTA.EXE	6092	QueryBasicInformationFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	CreationTime: 28/05/2019 10:42:43, LastAccessTime: 28/05/2019 10:42:43, LastWriteTime: 03/03/2018 18:27:34, ChangeTime: 28/05/2019 10:42:43, FileAttributes: A
15:57:20.8087231	MEMTA.EXE	6092	CloseFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	
15:57:20.8087921	MEMTA.EXE	6092	CreateFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	Desired Access: Read Data/List Directory, Execute/Traverse, Read Attributes, Synchronize, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: n/a, ShareMode: Read, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:20.8088092	MEMTA.EXE	6092	CreateFileMapping	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	FILE LOCKED WITH ONLY READERS	SyncType: SyncTypeCreateSection, PageProtection: 
15:57:20.8088236	MEMTA.EXE	6092	CreateFileMapping	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	SyncType: SyncTypeOther
15:57:20.8088464	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\Image File Execution Options\clamscan.exe	NAME NOT FOUND	Desired Access: Query Value, Enumerate Sub Keys
15:57:20.8088857	MEMTA.EXE	6092	QueryNameInformationFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	Name: \Program Files (x86)\ClamWin\bin\clamscan.exe
15:57:20.8089998	MEMTA.EXE	6092	Process Create	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	PID: 6184, Command line: "C:\Program Files (x86)\ClamWin\bin\clamscan.exe" "D:\Program Files (x86)\Mail Enable\Scratch\4CEDA2502BE0430BB4DF436F3489741F.MAI\0.ATT" --no-summary --database="C:\ProgramData\.clamwin\db\main.cld"  --tempdir="C:\Program files (x86)\Mail Enable\Scratch"
15:57:20.8090361	MEMTA.EXE	6092	QuerySecurityFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	Information: Owner, Group, DACL, SACL, Label
15:57:20.8090847	MEMTA.EXE	6092	QueryNameInformationFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	Name: \Program Files (x86)\ClamWin\bin\clamscan.exe
15:57:20.8090962	MEMTA.EXE	6092	QueryBasicInformationFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	CreationTime: 28/05/2019 10:42:43, LastAccessTime: 28/05/2019 10:42:43, LastWriteTime: 03/03/2018 18:27:34, ChangeTime: 28/05/2019 10:42:43, FileAttributes: A
15:57:20.8091187	MEMTA.EXE	6092	RegOpenKey	HKU\.DEFAULT\Software\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Layers	NAME NOT FOUND	Desired Access: Query Value
15:57:20.8091286	MEMTA.EXE	6092	RegOpenKey	HKLM\SOFTWARE\Microsoft\Windows NT\CurrentVersion\AppCompatFlags\Custom\clamscan.exe	NAME NOT FOUND	Desired Access: Query Value
15:57:20.8091463	MEMTA.EXE	6092	RegOpenKey	HKLM\Software\Microsoft\Windows\CurrentVersion\SideBySide	SUCCESS	Desired Access: Read
15:57:20.8091574	MEMTA.EXE	6092	RegQueryValue	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide\PreferExternalManifest	NAME NOT FOUND	Length: 20
15:57:20.8091652	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Microsoft\Windows\CurrentVersion\SideBySide	SUCCESS	
15:57:20.8093951	MEMTA.EXE	6092	QuerySecurityFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	Information: Owner, Group, DACL, SACL, Label
15:57:20.8094056	MEMTA.EXE	6092	QueryNameInformationFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	Name: \Program Files (x86)\ClamWin\bin\clamscan.exe
15:57:20.8094341	MEMTA.EXE	6092	QueryBasicInformationFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	CreationTime: 28/05/2019 10:42:43, LastAccessTime: 28/05/2019 10:42:43, LastWriteTime: 03/03/2018 18:27:34, ChangeTime: 28/05/2019 10:42:43, FileAttributes: A
15:57:20.8094644	MEMTA.EXE	6092	CloseFile	C:\Program Files (x86)\ClamWin\bin\clamscan.exe	SUCCESS	
15:57:21.1923192	MEMTA.EXE	6092	CreateFile	D:\Program Files (x86)\Mail Enable\Config\CLUSTER\MTA-SMTP.BLK	SUCCESS	Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Overwritten
15:57:21.1925017	MEMTA.EXE	6092	CreateFile	D:\Program Files (x86)\Mail Enable\Config\CLUSTER\MTA-SMTP.ACT	SUCCESS	Desired Access: Generic Write, Read Attributes, Disposition: OverwriteIf, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: None, AllocationSize: 0, OpenResult: Overwritten
15:57:21.1925722	MEMTA.EXE	6092	WriteFile	D:\Program Files (x86)\Mail Enable\Config\CLUSTER\MTA-SMTP.ACT	SUCCESS	Offset: 0, Length: 22, Priority: Normal
15:57:21.1926055	MEMTA.EXE	6092	CloseFile	D:\Program Files (x86)\Mail Enable\Config\CLUSTER\MTA-SMTP.ACT	SUCCESS	
15:57:21.1926523	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0
15:57:21.1926667	MEMTA.EXE	6092	RegCreateKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\CONNECTORS\SMTP	SUCCESS	Desired Access: All Access, Disposition: REG_OPENED_EXISTING_KEY
15:57:21.1926869	MEMTA.EXE	6092	RegSetValue	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\CONNECTORS\SMTP\Inbound Queue Last Poll	SUCCESS	Type: REG_DWORD, Length: 4, Data: 1587110241
15:57:21.1927604	MEMTA.EXE	6092	RegCloseKey	HKLM\SOFTWARE\Wow6432Node\Mail Enable\Mail Enable\CONNECTORS\SMTP	SUCCESS	
15:57:21.1928264	MEMTA.EXE	6092	CreateFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound	SUCCESS	Desired Access: Read Data/List Directory, Synchronize, Disposition: Open, Options: Directory, Synchronous IO Non-Alert, Attributes: n/a, ShareMode: Read, Write, Delete, AllocationSize: n/a, OpenResult: Opened
15:57:21.1928513	MEMTA.EXE	6092	QueryDirectory	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\*.MAI	SUCCESS	Filter: *.MAI, 1: 4CEDA2502BE0430BB4DF436F3489741F.MAI, FileInformationClass: FileBothDirectoryInformation
15:57:21.1929420	MEMTA.EXE	6092	CreateFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	Desired Access: Generic Read, Disposition: Open, Options: Synchronous IO Non-Alert, Non-Directory File, Attributes: N, ShareMode: Read, AllocationSize: n/a, OpenResult: Opened
15:57:21.1929720	MEMTA.EXE	6092	ReadFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	Offset: 0, Length: 326, Priority: Normal
15:57:21.1930107	MEMTA.EXE	6092	ReadFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\4CEDA2502BE0430BB4DF436F3489741F.MAI	END OF FILE	Offset: 326, Length: 4,096
15:57:21.1930239	MEMTA.EXE	6092	CloseFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound\4CEDA2502BE0430BB4DF436F3489741F.MAI	SUCCESS	
15:57:21.1930552	MEMTA.EXE	6092	QueryDirectory	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound	NO MORE FILES	
15:57:21.1930696	MEMTA.EXE	6092	CloseFile	D:\Program Files (x86)\Mail Enable\Queues\SMTP\Inbound	SUCCESS	
15:57:21.1930960	MEMTA.EXE	6092	RegQueryKey	HKLM	SUCCESS	Query: HandleTags, HandleTags: 0x0

MailEnable-Ian
Site Admin
Posts: 9106
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Antivirus Activity Log missing

Post by MailEnable-Ian » Wed Apr 22, 2020 12:07 am

Hi,

Best way forward here is to lodge a support ticket and provide access to the server to a technician can troubleshoot in more detail.
Regards,

Ian Margarone
MailEnable Support

Matth
Posts: 101
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

Re: Antivirus Activity Log missing

Post by Matth » Wed Apr 22, 2020 2:28 pm

Oh well. Yet another support call for you, and I can then wait two months plus and not get a reply? Honestly, no thanks. I really don't feel like paying upfront for such a service.

MailEnable-Ian
Site Admin
Posts: 9106
Joined: Mon Mar 22, 2004 4:44 am
Location: Melbourne, Victoria, Australia

Re: Antivirus Activity Log missing

Post by MailEnable-Ian » Fri Apr 24, 2020 12:28 am

Hi,

You have the option of lodging the ticket as installation or upgrade which are free submission. We require access to the server to check further. This cannot be done via the forum because of our support policies.
Regards,

Ian Margarone
MailEnable Support

Matth
Posts: 101
Joined: Fri Nov 08, 2002 8:34 am
Location: Hong Kong

Re: Antivirus Activity Log missing

Post by Matth » Sat Apr 25, 2020 6:04 am

Made the support ticket.

Post Reply