Some clients get Message removed by system administrator

Problem reported by Toni Iribarren - January 19 at 2:18 AM

Not A Problem

Hello,

Some of my account recive a message with the subject.

Message removed.

With this text.

A message has been removed from this mailbox by an entity other than this program, probably by a virus scanner.

This message is a replacement for the missing message.

Is this generated by smartermail, is a secutiry issue ?

Thank's

20 Replies

Reply to Thread

Derek Curtis Replied

January 19 at 9:09 AM

Employee Post

Hi, Toni

So, that message indicates that SmarterMail can't load the message from the .grp. Either the .grp is corrupt or your AV/Anti-malware scanner deleted the .grp or a specific message inside the .grp. (Though, generally, if AV detects a virus it will delete the entire .grp..so corruption is probably the issue.)

Make sure you have exclusions in place for C:\SmarterMail\Domains -- or whatever path you're using for the domains folder -- within your AV/AM software. That would remove those services as the cause. This includes making sure Windows Defender has the same exclusion, if it's not in place already.

If you're not running AV/AM, then the .grp was definitely corrupted somehow. So..no, it's not a security issue.

Derek Curtis

COO

SmarterTools Inc.

(877) 357-6278

www.smartertools.com

kk tiu Replied

January 24 at 6:32 AM

Dear Sir

we also encounter this issue before upgrade to SmarterMail Enterprise Edition

Version: 16.3.6585, we dont have this issue.

it happens for few client not all.

our Action

removed client AV but problem still occurred

I need your help how to fix this issue because of that it had impact our company business, many of our respected customer mail been removed and this is a serious issue fro us

Thank You

From Dominic

kk tiu Replied

January 24 at 6:36 AM

Dear Sir

as example

-----Original Message-----
From: System Administrator [mailto:System Administrator]
Sent: Wednesday, January 24, 2018 7:37 PM
To: XXX@XXX.com
Subject: Message removed

A message has been removed from this mailbox by an entity other than this
program, probably by a virus scanner.
This message is a replacement for the missing message.

From Dominic

Robert Emmett Replied

January 24 at 7:05 AM

Employee Post

This type of message only occurs if there is an error feeding the message headers or body from the group file during a POP session. As Derek Curtis responded above, this usually indicates that the grp file is corrupt or a 3rd party app removed or modified the grp file.

Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

jorge.mx.neto Replied

January 24 at 7:07 AM

@kk tiu, are you using Microsoft Security Essentials AV? Check the logs ( C:\Users\All Users\Microsoft\Microsoft Antimalware) to make sure it's not removing files from SM folders and if it's add to exclusion list.

kk tiu Replied

January 24 at 5:10 PM

Dear Sir

No, we dont use Microsoft Security Essentials AV btw i had upgrade to latest build and will keep monitor today.
my question why only selected account been affected?

same massage send to 2 user but only 1 user received massage removed and another received with no problem, why?

Please guild us how to resolved this issue because customer mail is important for us

Client PC did not install any AV but why massage still be removed it by virus scanner?

Thank You

Hemen Shah Replied

April 21 at 1:35 AM

Hi,

I have similar issue today with one of customer getting below message, at the same time i have verified that AV scanned is excluding required dirs of SM including mail storage path, spool, setup folder

A message has been removed from this mailbox by an entity other than this
program, probably by a virus scanner.
This message is a replacement for the missing message.

What can be other cause of getting above message

Thanks

Tina Cline Replied

April 24 at 8:52 AM

Same here - just started happening after upgraded this past weekend to version 15.7.6663

No antivirus on server.

Tina Cline Replied

April 24 at 9:10 AM

Reported by 3 users in the same domain so far.

Robert Emmett Replied

April 24 at 9:39 AM

Employee Post

That message is only reported for accounts syncing with POP in which the GRP file could not be read for a particular message. This indicates that either the GRP file itself has corruption or an external program modified it. Do your customers have the client set to remove the message from the server?

Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Robert Emmett Replied

April 24 at 9:39 AM

Employee Post

Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com

Tina Cline Replied

April 24 at 10:46 AM

Thanks for the reply! No - they do not have Outlook to delete from the server, to my knowledge. I do not see the actual "Message Removed" notice in their Inbox on the server. The "Message Removed" only resides in their Outlook.
So the POP communication is forcing the Smartermail System Administrator to put this placeholder message in their Outlook? If it was a corrupt grp, would it not also have the same message in their server Inbox?

Tina Cline Replied

April 24 at 11:03 AM

Also: I set up an Outlook profile with one of the users that is reporting this issue and I do not see the "Message Removed" email. And since this is all occurring on one Domain (3 users on same domain) could I be making a correct statement to the customer that it might be on their end? Perhaps a firewall or AV interfering with the POP sessions?

Tina Cline Replied

April 24 at 11:13 AM

Here is what I see in the logs:
[2018.04.23] 13:35:18 [][43047994] retr completed for message 2520
[2018.04.23] 13:35:18 [][43047994] RETR 2519
[2018.04.23] 13:35:18 [][43047994] retr completed for message 2519
[2018.04.23] 13:35:18 [][43047994] RETR 2518
[2018.04.23] 13:35:18 [][43047994] retr completed for message 2518
[2018.04.23] 13:35:18 [[43047994] RETR 2517
[2018.04.23] 13:35:18 [[43047994] RETR failed to FeedMessage for message 2517; sending generic missing message.
[2018.04.23] 13:35:18 [][43047994] retr completed for message 2517
[2018.04.23] 13:35:18 [][43047994] RETR 2516
[2018.04.23] 13:35:19 [][43047994] retr completed for message 2516

azad z Replied

June 11 at 4:45 AM

We have same problem with exact message

-----Original Message-----
From: System Administrator [mailto:System Administrator]
To: XXX@XXX.net
Subject: Message removed

A message has been removed from this mailbox by an entity other than this
program, probably by a virus scanner.
This message is a replacement for the missing message.

we use kaspersky internet security 2018 and in the report log of KIS2018 there is no log about removed message in email (outlook 2016) at that time . even after disable and remove antivirus (kis2018/windows defender ) temporally , still randomly we get (Message removed) .

FYI only two user struggling with that issue ,,, we use shared host server and we don't have access to smartmail server (SmarterMail Enterprise EditionVersion: 16.3.6585)
so after call our host support company they have't any idea why this happen.!

anyway base on @derek-curtisi said about corrupted .GRP file , what we can do to solve this weird issue ?

Richard Frank Replied

June 11 at 5:22 AM

does your host have AV on the server, that might corrupt the .grp file?
the message only occurs when one is using pop to download messages, but the message isn't there/not readable/corrupt, or locked by the AV?
So ask your host about the setup.
I have 1400 users, haven't had this problem. I have no AV on the server, turned off windows defender (Windows 2016 server) I only use the ClamAV delivered with Smartermail.

azad z Replied

July 4 at 8:39 AM

thanks Richard
i am curious if i delete that specific account and recreate it on our admin panel in smarter mail...that's mean the GRP file for that user also deleted an recreated ?
i was assumed the GRP file is one big size database file included all users with their data...now after some searching occur to me Smarter mail create GRP file for each user . that's mean if i have 30 user i can find 30 GRP file on server ... am i wrong?

Richard Frank Replied

July 4 at 9:13 AM

if you delete that account mail is gone
test i make a dummy account.. put som mail in it, delete the account and recreate it. mail is gone. The windows folder containing user's mail is deleted.

Richard Frank Replied

July 4 at 9:22 AM

to answer your answer with a picture
every day all mail in one grp file

every folder is a folder containing grp files

azad z Replied

July 4 at 10:03 AM

wow that's solid answer.thanks
FYI whats going on after you replied my first post.
i just asked my host support company "do you have any anti virus on your server" they said "NO"
so i deleted that problematic account ( please note that only one of my users would receive "Message Removed" ) then recreate it ..but noting change and still he receives the message randomly.
any idea?

Back to Community Threads

Please leave this box unchecked

Reply to Thread

Related Community Threads

New SmarterMail BETA Release Available - Build 6893Announcement by Andrea Rogers-November 15SmarterMail 16.3.6893 Now AvailableAnnouncement by Andrea Rogers-November 15SmarterMail 15.7.6885 Now AvailableAnnouncement by Andrea Rogers-November 7Show Password in 15.xIdea by David Young-July 12, 2017Getting Started with the latest version of SmarterMailAnnouncement by Andrea Rogers-October 8

20 Replies

Reply to Thread

Tags

Related Community Threads

Related Knowledge Base Articles