Jump to page content

Bug of the moment 2008-02-05


Some of you may remember a bizarre problem with Thunderbird where mails were being declared sent and unsent simultaneously. I never did find the cause (although I did report it to Bugzilla) but I did discover that with mailnews.show_send_progress reset to true – i.e. use a send progress dialog and not just the status bar – you do get the option to retry.

I wasn’t pleased however when that error message started showing again, when sending e-mails with large attachments:

I would send the message again, and again, and every time, it would fail with this same error. Sending any message with a large attachment (where “large” can be as small as 200 kilobytes) fails with a pretty unhelpful error message.

This started a while ago, and I forget what steps I took next, but I discovered that a process was intercepting my messages:

TCPView showing Thunderbird connected to vsserv.exe instead of the mail transfer agent

vsserv.exe is SOFTWIN’s Virus Shield service, part of their BitDefender 10 anti-virus suite. However, I use the free version with no active scanning, so why does this process exist? I first encountered it through the following error message, triggered by logging into Windows as soon as the login prompt appeared:

BitDefender Console complains that Virus Shield service is not started

The processor and drive contention of the log-in process slows down loading the Scan Server service, on which the Virus Shield service depends, so Virus Shield never gets loaded. Why it’s possible to log into windows before the anti-virus is even running, I have no idea, but you can.

So, what is Virus Shield? It turns out that it’s almost completely undocumented. I thought it was entirely undocumented, but it does show up on the help page about manual updates. It has no documented purpose, no settings, and from the above error from BitDefender Console (a user process) you’re not supposed to turn it off. The service description is “Scans media for viruses and other threats” but that was just lifted from Scan Server’s description.

So far, we know that it scans outbound mail. And this is where it fails. When Thunderbird tries to access a mail server, it instead connects to Virus Shield without realising. It sends the message at high speed into Virus Shield, which scans it and then sends it on its way. Now, supposing it’s going to take a while to send the message: you’re on dial-up, or your broadband upstream isn’t terribly fast, or the mail server has a headache, or the attachment is huge. Thunderbird thinks that the message is already sent, but Virus Shield is going to spend the next minute or two, or five, sending the e-mail.

Thunderbird of course promptly times out the attempt.

In the background, Virus Shield continues sending the message, so every time you retry in despair, another copy of the message ends up on its way to the recipient.

I never had problems of this variety with Norton’s outbound mail scanner, even with large attachments, so I presume that it’s possible to make this work. Clearly, though, SOFTWIN don’t know how to do it. This would be fine, as long as Virus Shield was configurable, but it isn’t even documented and all but doesn’t exist.

The installer also registers two non-existent drivers, which doesn’t reassure me either:

I’ve tried to contact SOFTWIN about the problems with Virus Shield, but so far without success. As far as I can see, it’s a catastrophic design flaw, as there is simply no way to send larger attachments without the mail client throwing up its arms.

I entertained the possibility that it was an incompatibility with Thunderbird, but I ran a test with Outlook Express and received similar results:

Outlook Express notifies the user that the SMTP server has not responded in 60 seconds

Clearly, Virus Shield is a lemon.


Posted 5th February 2008 – Comments and questions?