Some clients get Message removed by system administrator
Problem reported by Toni Iribarren - January 19 at 2:18 AM
Not A Problem
Hello,
Some of my account recive a message with the subject.
 
Message removed.
 
With this text.
 
A message has been removed from this mailbox by an entity other than this program, probably by a virus scanner.
This message is a replacement for the missing message.
 
Is this generated by smartermail, is a secutiry issue ?
 
Thank's

20 Replies

Reply to Thread
0
Derek Curtis Replied
Employee Post
Hi, Toni
 
So, that message indicates that SmarterMail can't load the message from the .grp. Either the .grp is corrupt or your AV/Anti-malware scanner deleted the .grp or a specific message inside the .grp. (Though, generally, if AV detects a virus it will delete the entire .grp..so corruption is probably the issue.)
 
Make sure you have exclusions in place for C:\SmarterMail\Domains -- or whatever path you're using for the domains folder -- within your AV/AM software. That would remove those services as the cause. This includes making sure Windows Defender has the same exclusion, if it's not in place already.
 
If you're not running AV/AM, then the .grp was definitely corrupted somehow. So..no, it's not a security issue. 
Derek Curtis
COO
SmarterTools Inc.
(877) 357-6278
1
kk tiu Replied
Dear Sir
we also encounter this issue before upgrade to SmarterMail Enterprise Edition
Version: 16.3.6585, we dont have this issue.
it happens for few client not all.
our Action
removed client AV but problem still occurred
I need your help how to fix this issue because of that it had impact our company business, many of our respected customer mail been removed and this is a serious issue fro us
Thank You
From Dominic
 
0
kk tiu Replied
Dear Sir
as example
-----Original Message-----
From: System Administrator [mailto:System Administrator] 
Sent: Wednesday, January 24, 2018 7:37 PM
To: XXX@XXX.com
Subject: Message removed

A message has been removed from this mailbox by an entity other than this
program, probably by a virus scanner.
This message is a replacement for the missing message.
 
From Dominic
0
Robert Emmett Replied
Employee Post
This type of message only occurs if there is an error feeding the message headers or body from the group file during a POP session. As Derek Curtis responded above, this usually indicates that the grp file is corrupt or a 3rd party app removed or modified the grp file.
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
jorge.mx.neto Replied
@kk tiu, are you using Microsoft Security Essentials AV? Check the logs ( C:\Users\All Users\Microsoft\Microsoft Antimalware) to make sure it's not removing files from SM folders and if it's add to exclusion list.
0
kk tiu Replied
Dear Sir

No, we dont use Microsoft Security Essentials AV btw i had upgrade to latest build and will keep monitor today.
my question why only selected account been affected?

same massage send to 2 user but only 1 user received massage removed and another received with no problem, why?

Please guild us how to resolved this issue because customer mail is important for us

Client PC did not install any AV but why massage still be removed it by virus scanner?

Thank You
1
Hemen Shah Replied
Hi,
I have similar issue today with one of customer getting below message, at the same time i have verified that AV scanned is excluding required dirs of SM including mail storage path, spool, setup folder
 
A message has been removed from this mailbox by an entity other than this
program, probably by a virus scanner.
This message is a replacement for the missing message.
 
What can be other cause of getting above message
 
Thanks
 
 
0
Tina Cline Replied
Same here - just started happening after upgraded this past weekend to version 15.7.6663
No antivirus on server.
0
Tina Cline Replied
Reported by 3 users in the same domain so far.
0
Robert Emmett Replied
Employee Post
That message is only reported for accounts syncing with POP in which the GRP file could not be read for a particular message. This indicates that either the GRP file itself has corruption or an external program modified it. Do your customers have the client set to remove the message from the server?
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Robert Emmett Replied
Employee Post
That message is only reported for accounts syncing with POP in which the GRP file could not be read for a particular message. This indicates that either the GRP file itself has corruption or an external program modified it. Do your customers have the client set to remove the message from the server?
Robert Emmett
Software Developer
SmarterTools Inc.
(877) 357-6278
www.smartertools.com
0
Tina Cline Replied
Thanks for the reply! No - they do not have Outlook to delete from the server, to my knowledge. I do not see the actual "Message Removed" notice in their Inbox on the server. The "Message Removed" only resides in their Outlook.
So the POP communication is forcing the Smartermail System Administrator to put this placeholder message in their Outlook? If it was a corrupt grp, would it not also have the same message in their server Inbox?
0
Tina Cline Replied
Also: I set up an Outlook profile with one of the users that is reporting this issue and I do not see the "Message Removed" email. And since this is all occurring on one Domain (3 users on same domain) could I be making a correct statement to the customer that it might be on their end? Perhaps a firewall or AV interfering with the POP sessions?
0
Tina Cline Replied
Here is what I see in the logs:
[2018.04.23] 13:35:18 [][43047994] retr completed for message 2520
[2018.04.23] 13:35:18 [][43047994] RETR 2519
[2018.04.23] 13:35:18 [][43047994] retr completed for message 2519
[2018.04.23] 13:35:18 [][43047994] RETR 2518
[2018.04.23] 13:35:18 [][43047994] retr completed for message 2518
[2018.04.23] 13:35:18 [[43047994] RETR 2517
[2018.04.23] 13:35:18 [[43047994] RETR failed to FeedMessage for message 2517; sending generic missing message.
[2018.04.23] 13:35:18 [][43047994] retr completed for message 2517
[2018.04.23] 13:35:18 [][43047994] RETR 2516
[2018.04.23] 13:35:19 [][43047994] retr completed for message 2516
0
azad z Replied
We have same problem with exact message
 
-----Original Message-----
From: System Administrator [mailto:System Administrator] 
To: XXX@XXX.net
Subject: Message removed

A message has been removed from this mailbox by an entity other than this
program, probably by a virus scanner.
This message is a replacement for the missing message.
 
we use kaspersky internet security 2018 and in the report log of KIS2018 there is no log about removed message in email (outlook 2016) at that time .  even after disable and remove antivirus (kis2018/windows defender ) temporally , still randomly we get (Message removed) .
FYI only two user struggling with that issue ,,, we use shared host server and we don't have access to smartmail server (SmarterMail Enterprise EditionVersion: 16.3.6585) 
so after call our host support company they have't any idea why this happen.!
anyway base on @derek-curtisi said about corrupted .GRP file , what we can do to solve this weird issue ?
 
0
Richard Frank Replied
does your host have AV on the server, that might corrupt the .grp file?
the message only occurs when one is using pop to download messages, but the message isn't there/not readable/corrupt, or locked by the AV?
So ask your host about the setup.
I have 1400 users, haven't had this problem. I have no AV on the server, turned off windows defender (Windows 2016 server) I only use the ClamAV delivered with Smartermail.
0
azad z Replied
thanks Richard
i am curious if i delete that specific account and recreate it on our admin panel in smarter mail...that's mean the GRP file for that user also deleted an recreated ?
i was assumed the GRP file is one big size database file included all users with their data...now after some searching occur to me Smarter mail create GRP file for each user . that's mean if i have 30 user i can find 30 GRP file on server ... am i wrong?
0
Richard Frank Replied
if you delete that account mail is gone
test i make a dummy account.. put som mail in it, delete the account and recreate it. mail is gone. The windows folder containing user's mail is deleted.
1
Richard Frank Replied
to answer your answer with a picture
every day all mail in one grp file


every folder is a folder containing grp files

0
azad z Replied
wow that's solid answer.thanks
FYI whats going on after you replied my first post.
i just asked my host support company "do you have any anti virus on your server" they said "NO"
so i deleted that problematic account ( please note that only one of my users would receive "Message Removed" ) then recreate it ..but noting change and still he receives the message randomly.
any idea?

Reply to Thread