Yes, this problem sounds extremely familiar. We ran into a similar issue
with TrendMicro's VirusWall (v2 thru 3.5 tested) product working with FW-1
v4.0 SP5. Our issue was based around the security server connection being
maintained while the VirusWall box was under heavy load. Things improved
marginally by putting the VirusWall app directly on the firewall, but this
caused unacceptable latency on the firewall for processing other traffic.
Things improved (again) marginally by upgrading to FW-1 v4.1 SP2. I'm sorry
to say that I finally had to give up on the VirusWall product after fighting
with CP / TrendMicro tech support for over a month about where the problem
was. Mostly it was TrendMicro's tech support that was giving me the grief
(3 hours hold time before leaving a message, then no callback, then always
talking to the same 2 people that had no clue and had to have CP's security
server explained to them).
To test your theory you could set the resend_period to a higher value in the
$FWDIR/conf/smtp.conf file.
Kudos if you resolve this issue.
Greg S.
-----Original Message-----
From: Joerg Oertel [mailto:[EMAIL PROTECTED]]
Sent: Monday, August 07, 2000 9:37 AM
To: [EMAIL PROTECTED]
Subject: [FW1] FW-1 w/ CVP - resending mail endlessly
Hello,
today we received a mail addressed to 40+ recipients
containing the
Melissa virus.
The virus filter had no problem to detect the malicious
content and
sent out warnings to all recipients as well as to the
postmaster and
the sender of the mail.
So far all is working as expected.
Then FW-1 logs: Connection to Content Security Server
failed.
Short after this FW-1 tries again to deliver the infected
and let the
virus scanner inspect the mails.
This repeats every 5 minutes (the configured resend period
of the SMTP
security server).
Obviously the virus scanner (Trendmicro Viruswall 3.5 on
Solaris Sparc
2.6) is acting as it should except that it doesn't notify
FW-1 about
the result. Hence FW-1 treat this as an error in the
connection and
starts over with this mail.
It looks like a problem with timing. Our first guess is that
FW-1 gets
a timeout while the Viruswall is still sending the
notification mails.
Second guess is that while Viruswall is still sending
notification
mails, FW-1 hits its SMTP security servers resend time and
resends the
mail before the virusscanner has finished and thus
disrupting the
previous scan.
Does this problem sound familiar to someone?
Kind regards,
Joerg
// pallas GmbH ............ Joerg Oertel ...........
Hermuelheimer Str. 10 System engineer
D-50321 Bruehl, Germany [EMAIL PROTECTED]
phone +49-(0)2232-1896-0
http://www.pallas.de fax +49-(0)2232-1896-29
........................................................
============================================================================
====
To unsubscribe from this mailing list, please see the
instructions at
http://www.checkpoint.com/services/mailing.html
============================================================================
====
================================================================================
To unsubscribe from this mailing list, please see the instructions at
http://www.checkpoint.com/services/mailing.html
================================================================================
