Malwarebytes False Positive Causing MDaemon DKIM Issues

Just a quick notification post this morning as we’ve had several calls from customers,  all experiencing the same issue.

It seems Malwarebytes is currently detecting an MDaemon component as a potential threat, but fear not, there is a simple fix.

Overview

You’ll know if you’re affected as MDaemon will suddenly start blocking all inbound email because it’s seeing a false result that a DKIM message check has failed.

At first this would appear to be the fault of MDaemon but on closer inspection the libdkim.dll file that MDaemon uses as part of the DKIM check is actually being blocked by the third party antivirus program Malwarebytes.

This can be seen in the Malwarebytes program under the Quarantine History…

This program has falsely detected the file as a potential threat and is blocking all process access to it, as a result breaking the DKIM checks.

The solution

As a general rule of thumb, we always recommend you put in an exclusion for the MDaemon folder if you’re using software that performs any real time or scheduled antivirus checks.

For Malwarebytes, doing exactly that should sort the issue, so simply exclude the MDaemon folder under  ‘Settings > Malware Exclusions‘.

Just a note – if you’re still seeing the issue after you’ve put in an exclusion for MDaemon, you may find you need to restore a copy of the affected libdkim.dll file.

Related posts

This is a popular article relating to antivirus best practice:

Top 8 Antivirus issues that catch customers out 

One thought on “Malwarebytes False Positive Causing MDaemon DKIM Issues

  1. Pingback: Malwarebytes False Positive Causing MDaemon DKIM Issues | blogs.mdaemon.com

Let us know what you think....

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s