Security firm in email deletion fiasco

It's a case of 'you had mail' for companies who use GFI's email security service, after a BitDefender bug scuppered a service update. Was the update tested properly?
Written by Dan Ilett, Contributor

An email security scanning company has accidentally deleted thousands of its customers' emails.

GFI, a Microsoft "gold certified partner", is now offering free upgrades to all its customers after it trashed their emails by sending out incorrect update information.

According to GFI, the problem occurred because of a change in BitDefender's technology, one of the products that GFI uses for its email scanning. When the GFI MailSecurity update mechanism tried to install BitDefender updates on customer networks, the service started to delete all emails by default. BitDefender and GFI then rolled back the updates.

"We've learned our lesson," said a BitDefender spokesman. "From now on we'll try to give more support to our integration partners. The other companies that integrate our scanning engine did not have the same problem."

A ZDNet UK reader affected by the problem says a GFI salesman told him the update had not been tested.

"We were pretty surprised this morning to find that all of the email which arrived overnight had been deleted," wrote Jeremy Whiteley, chief executive officer at Promarketing Gear. "Even more troubling was the fact that, according to GFI's US sales manager, they released this update without testing it! I guess they expect me and my IT staff to play the role of tester, regardless of the cost to my business…We're reconsidering our reliance on GFI going forward."

GFI denied not testing the update, but apologised for the blunder and has promised all customers a free upgrade to its MailSecurity 9 product, which is available in two months' time. The company has also released a tool that can tell customers which emails were deleted and when.

"All our updates are tested before issue," insisted Angelica Micalleff-Trigona, PR manager for GFI. "Unfortunately, some changes had been made to BitDefender. We were not aware of this and we did not forsee this problem. We are deeply sorry for what happened. It took us by surprise."

Editorial standards