This article applies to:
- Trustwave MailMarshal (SEG)
- Trustwave ECM/MailMarshal Exchange
Question:
- Why does the MailMarshal Engine not start?
- Why do MailMarshal directories need to be excluded from virus scanning?
Symptoms:
- MailMarshal Engine Service does not start after a new installation.
- Error: 'It appears that the following directory: <directory name> is being checked by a virus scanner without MailMarshal's direction.'
Causes:
This error is normally caused by a resident or "on-access" virus scanner attempting to scan the MailMarshal working directories on the local MailMarshal server. MailMarshal periodically creates a message with a standard pseudo virus file, eicar.com (not a real virus) in its working directories to test if a virus scanner will intercept it. MailMarshal will not process email if it detects a resident virus scanner.
Background:
MailMarshal checks a message for viruses by unpacking the message into its various parts, and then invoking the configured virus scanners against the resulting files.
If a resident virus scanner, not in MailMarshal's control, processes one of the unpacked components before MailMarshal runs its virus scanner, MailMarshal will not detect that the message contained a virus. MailMarshal will then mark the original email message as clean and possibly deliver it, when in fact it still contains a virus.
Resolution:
For details of the directories you must exclude from scanning, see the following Trustwave Knowledgebase article:
- Q10850: What directories need to be excluded from resident virus scanning and regular backups?
After excluding the directories, remember to start the Engine (from the MailMarshal Configurator > Server and Array Configuration > Server Properties, or from the Windows Services control panel).
- This article was previously published as:
- NETIQKB40099