20 Jul Malwarebytes False Positive Causing MDaemon DKIM Issues
Just a quick notification post this morning as we’ve had several calls from customers, all experiencing the same issue.
It seems Malwarebytes is currently detecting an MDaemon component as a potential threat, but fear not, there is a simple fix.
Overview
You’ll know if you’re affected as MDaemon will suddenly start blocking all inbound email because it’s seeing a false result that a DKIM message check has failed.
At first this would appear to be the fault of MDaemon but on closer inspection the libdkim.dll file that MDaemon uses as part of the DKIM check is actually being blocked by the third party antivirus program Malwarebytes.
This can be seen in the Malwarebytes program under the Quarantine History…
This program has falsely detected the file as a potential threat and is blocking all process access to it, as a result breaking the DKIM checks.
The solution
As a general rule of thumb, we always recommend you put in an exclusion for the MDaemon folder if you’re using software that performs any real time or scheduled antivirus checks.
For Malwarebytes, doing exactly that should sort the issue, so simply exclude the MDaemon folder under ‘Settings > Malware Exclusions‘.
Just a note – if you’re still seeing the issue after you’ve put in an exclusion for MDaemon, you may find you need to restore a copy of the affected libdkim.dll file.
Related posts
This is a popular article relating to antivirus best practice: