InterScan Messaging Security Suite

Troubleshooting Guide for Common Issues

Content:

y Installation Issues

y Trouble in Opening the Console

y Mail Scanning Problem

y Performance Issues

y Spam

y Issues when Sending Mail

 InterScan Messaging Security Suite
Troubleshooting Guide for Common Issues
Copyright 1989-2002 Trend Micro, Inc. All rights reserved.

What part
of
Start
installation Installation Issues
did it fail?

Is IIS installed? NO Install IIS

YES

Run
Installed on
NO vc6redistsetup_enu.exe
Win2k?
MSRedist
END

YES

1. Add Shares and make sure you

have permissions to the share.
\\127.0.0.1\C$
No 2. Check if File and Print Sharing
is accessible
Service is installed?
3. Check SB12008 for Manual Install

YES

Case Closed
1. Try to Install again
2. If client agrees, do a unistall and
reinstall. Make sure you use the uninstall
of IMSS; NOT the Add/Remove
Programs
YES

All Service Problem

Now Installed? YES YES Open Console YES
running? Solved?

NO NO NO NO

Change Install path as 1. Get What service is not running Escalate to Tracker:
Check TSG for
C:\Trend\IMSS 2. Get Install Logs (\IMSS_RILOG) Console Problems
(Dos Format name) 3. Check Install Logs for clue, Errors 1. Gather all Findings
4. Do telnet test on port 25 2. Coordinate with RD and Client
5. Check SB for known solutions 3. Get Solution from RD

Do necessary Changes Found

based on found clues. YES Something to NO
errors try

Page 2 of 7
 InterScan Messaging Security Suite
Troubleshooting Guide for Common Issues
Copyright 1989-2002 Trend Micro, Inc. All rights reserved.

Error
Start
Message Trouble in Opening the Console

1. Stop and Start Services in the following order.

a. Start service "World Wide Web Publishing Service"
b. Start service "Trend Mirco Management Infrastructure"
c. Start service "TrendCCGI"
d. Start service "Trend Mirco Interscan MSS for SMTP System Monitor"
e. Start service "Trend Mirco Interscan Messaging Security Suite for SMTP"

1. Determine if Error Messsage Changed

2. Get new Error Message as console is opened Problems
3. What service did not start? Any Errors? YES Starting
4. Start Service via Command line, any errors? Services
5. Any Event Log Errors

NO

Access http://127.0.0.1 or
http://ipaddress or http://hostname

Default
Most probably an IIS Problem; Try opening
Website NO
other hosted websites
opened?

YES
Problem
NO
Isolated to IIS

1. Check SB for known solutions

2. Run CCGI_IISCFG.exe tool
(SB 12599) YES

Problem
NO YES Close Case
solved?
Escalate to Tracker:
1. Get IMSS\ccgi\tomcat\logs
2. IIS LockDown Templetes
3. Gather all Findings
NO
4. Coordinate with RD and
Client
YES
5. Get Solution from RD
END

RD Solution
Works

Page 3 of 7
 InterScan Messaging Security Suite
Troubleshooting Guide for Common Issues
Copyright 1989-2002 Trend Micro, Inc. All rights reserved.

Virus not
Start
detected Mail Scanning Problem

Updated
Upgrade Pattern,
NO Scanning END
Engine, and Hotfix
Components?

YES

Apply TICK/ Tracker Solution Now Detected YES Close Case

NO
1. Check if other AV product is installed and
Exclude IMSS folders as needed
2. Check Client Configurations
Can detect
NO 3. Check if it passed through the Virus Filter
other Viruses
4. Check Sub Policy rules
5. Check Diagnostic Logs for clues
6. Check if mail even passed through IMSS

YES

Get Sample in AF/

Probably a new virus
DF and try to
Submit to TICK
Replicate

NO

Other AV
Replicated
product can YES
(detected)
detect it

YES NO

Check if replicated
properly and if yes,
then it tells that
Probably an old virus
IMSS can detect
Escalate to Tracker
the virus
1. Submit sample AF/DF
1. Check
Configuration

Page 4 of 7
 InterScan Messaging Security Suite
Troubleshooting Guide for Common Issues
Copyright 1989-2002 Trend Micro, Inc. All rights reserved.

Start

Performance Issues
Get
problem

Latest hotfix No Install latest hotfix

YES
Suggestions to make IMSS use more CPU
Try to determine if IMSS problem
1. Make IMSS scan more mails at a time
1. What process in Task Manager?
ISNTPerformance High CPU
NO YES
Usage
2. What changes were made before problem
2. Check Simulatneous Connections
happened? (Check for Pattern, Engine, or Rule
File Problems)
3. Queue Steps (only in 5.1) SB 12325

NO IMSS problem

YES
Escalate to Tracker:

1. Gather all Findings Problem Suggesrtions to lower CPU Utilization

NO
2. Coordinate with RD and Client Solved
3. Get Solution from RD 1. Suggest an upgrade to IMSS 5.1 for better
4. Give Client RD Solution performance

2. Get Machine Specs and how much average

YES mails they get.

3. What are happening to in/ out mails?

4. Check for Critical.log

END Case closed

Page 5 of 7
 InterScan Messaging Security Suite
Troubleshooting Guide for Common Issues
Copyright 1989-2002 Trend Micro, Inc. All rights reserved.

Get Get IP of Sending MTA by looking at

Start Problem Is Spam
YES the mail headers
details Ongoing
(SB12547)

NO

sender faking a 1. Enable RDNS (SB12051)

YES
connection 2. Block NULL Senders (SB11354)

NO

1. Rollback to the old working rule

Is there an
file
error in Trend's YES
2. Inform PH Antispam,
rule file
3. Wait for new rule fiile

Trouble with Spam NO

1. Email spam@trendmicro.com for
additions

2. Email
Request for
antispamQ@trendmicro.com.ph for
Rule File YES
removals
Changes
3. Create rule based on Email
Address, Phone Number, or URL's
found in the message body

NO

Rule File 90% not working

1. Get rule file Number and sample
mail if possible
2. Get sample spam mail
Rule File
3. Try to replicate the problem
partially not YES
4. Check Logs, and critical.log for
working
clues and errors END
5. Check effect on other eManager
6. Verify that sample should be
blocked

Rule File 100% not working

1. Check Configuration; if passes

Problem
through the ANTISPAM Filter YES Case Closed
Resolved
2. Make sure Registration for the
emanager part is entered properly

Escalate to Tracker:

1. Gather all Findings

2. Coordinate with RD and Client
3. Get Solution from RD

Page 6 of 7
 InterScan Messaging Security Suite
Troubleshooting Guide for Common Issues
Copyright 1989-2002 Trend Micro, Inc. All rights reserved.

Inbound mail problem

1. Check If the IMSS services are running
2. Telnet port 25 of the IMSS IP
NO mails 3. Check DNS; if MX is IMSS
Start Inbound? YES 4. Send client a test message and see
flowing
what happens
5. Get Error and try to search SB
6. Check Domain Based Delivery Config
NO 7. Check Allowed Relay Destinations

Outbound Mail Problem

1. Check IP is in Permitted Senders of
Relayed Mail
2. Determine who is giving the error
(IMSS or receiving MTA) A
3. Get Error and try to search SB A
4.

NO

NO
1. Explain problem to client; how
Error it is not a IMSS problem
Problem
Generated by NO 2. Provide a overview of possible
Resolved
IMSS solution
3. Close case

Issues when Sending Mail YES

YES

Problem to all Check System's

Yes
domains DNS Settings
Case Closed

NO

1. Check AF file for Errors

2. Get Mail Header information END
TimeStamp
NO 2. Try to send mail by doing a
Problem?
telnet to the problematic
domain

YES

1. Check AF file for Errors (wrong address,

LOG-LRT)
2. Do NSLOOKUP tests on the particular domain
3. Get IP of Primary MX
4. See if you could PING that IP

Probably not an IMSS problem;

Errors
YES Confirm by sending mail through a
encountered
Web Mail Account

NO

1. Check Domain Based Delivery

2. Use External DNS in querying the
problem domain just for testing purposes.
3. Redeliver thru Retry Queue Viewer

Page 7 of 7