Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

SEP 12.1.2 internet email scanning stopping the flow of mail in an in-house app

Created: 20 Dec 2012 | 10 comments

We just upgraded all clients to 12.1.2 and one of our developers is complaining that a job that he runs sends emails using SMTP port 25 but the email never gets to him.  He is the only one who this is affecting and the app is his own.  We know that he probably needs to change his code but is there anyone out there who knows exactly what the endpoint client is scanning, looking for or does to the emails that are received?  Just a little information just to pass along to him so that he can tinker with his code to correct it.  

Comments 10 CommentsJump to latest comment

.Brian's picture

What is showing in your logs?

What happens when you disable the email plugin?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

David.H's picture

Nothing in the logs.  Everything works when the internet email scanning is disabled. 

.Brian's picture

Is the email that is generated contain an attachment of any kind or is it simply just text based?

Is a host based SMTP client on his PC being used to send the message or is it being relayed through an external one?

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

.Brian's picture

As a test, disable the "Outbound worm heuristics" option and check the result

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

Mithun Sanghavi's picture

Hello,

Internet Email Auto-Protect: 

Scans Internet email (POP3 or SMTP) and attachments for viruses and security risks; also performs outbound email heuristics scanning.

By default, Internet Email Auto-Protect supports encrypted passwords and email over POP3 and SMTP connections. If you use POP3 or SMTP with Secure Sockets Layer (SSL), then the client detects secure connections but does not scan encrypted messages.

Note: For performance reasons, Internet Email Auto-Protect for POP3 is not supported on server operating systems. Internet email scanning is not supported for 64-bit computers.

Email scanning does not support IMAP, AOL, or HTTP-based email such as Hotmail or Yahoo! Mail.

You can configure connection settings for Auto-Protect scans of Internet email under Internet Email Auto-Protect: Advanced Settings.

Auto-Protect scanning for Internet email uses the standard SMTP email ports by default. If you configure your network to use a different port, you must change the port setting here to match the port that you selected.

Hope that helps!!

Mithun Sanghavi
Senior Consultant
MIM | MCSA | MCTS | STS | SSE | SSE+ | ITIL v3

Don't forget to mark your thread as 'SOLVED' with the answer that best helped you.

RGB IT Support's picture

About your last paragraph, in our network some stations, including my own, we are "suffering" with the following problem when trying to send e-mails:

"Your e-mail could not be sent because your mail server rejected the sender

 

 
421 4.7.0 smtpout7.whservidor.com Error: too many errors"
 

after some tests with SEP client on my station i've discovered that if the SMTP port is changed to other than the default 25, this error message immediately occur. In our case we use have to use port 587. When returns to 25 everything works fine. 

 

The version used here is 12.1.1101.401 RU1 MP1

 

My best.

 

 

David.H's picture

All of that has been checked and and each setting has been changed as a test to see what is causing it.  The email does get sent with an attachment(a single text file) and the attachment has been removed as a test and the email still gets blocked.  There is no logs or quarantines that show the email getting blocked.  Is this normal for email scanning?  

Is there any way to find out exactly what the antivirus program checks for when scanning the email to that this person may come closer to finding the flaw in their program code?  That is the only way, I think, that he is going to be able to fix whatever it is that is broken.  

.Brian's picture

Your best bet at this point is to open a support case.

Please click the "Mark as solution" link at bottom left on the post that best answers your question. This will benefit admins looking for a solution to the same problem.

zedly's picture

David,

Curious, did you have any luck with your issue? I'm seeing the same behavior... Thanks!

David.H's picture

No, I had no luck solving the problem.  I believe that the user having the problem has changed the way that the mail is sent in his program code to avoid this.  Besides, I don't think it would be worth our time nor Symantecs time to diagnose something that only one person out of +-160 users is having a problem with. 
Sorry I couldn't be of any help to anyone else with this.