Like all of the well known computer geek peeps, I understand the importance of logging events. On a day in history I like to refer to as a what-is-in-my-log-file? kind of day, I found some events that I have not previously played around with, so I started searching for an answer, the answer wasn’t found online using Google or Yahoo! or Bing (sometimes I’ll try anything). What is a BarExAv and what is it doing in my log files?
Spoiler alert, you can scroll to BarExAv reason or keep reading.
When I find an error in a log file (or anytime I have Internet access and something to search the Internet using) I will search online for others that have written, blogged, asked, queried, or just left a footprint of search residue somewhere. When I found BarExAv I was nearly left alone with my searches. It seems that there are not other people asking or commenting about the BarExAv event item, which comes up with the Event ID 0 which is something that most computer geek peeps know is a bad thing.
Why is it a bad thing?
(if you want to know, just leave a comment and I’ll share in the comments with you)
I’ve included some screen shots of the event logs for help in answering the question posed to the Internet, what is BarExAv and why is BarExAv in my Event log?
But before I give the reason why, first some lovely pictures:
Now, the reason for the BarExAv event is that a virus, malware, or other infected email item was found and the Barracuda Spam & Virus Firewall which is communicating with your Microsoft Exchange email server is informing you, with too little of information, about what is occurring.
That’s it. Nothing more, you are free to go now. . . . . What, still here? Well, since you are still reading I can be of a little more help to you, sometimes you will see something about the BarExWizard causing problems but the source “Application Error” and Event ID 1000 does not lead you to anything much useful. Restart the service associated or restart your Exchange server (I know people don’t like restarting servers, but what’s a few extra seconds of delay when you’re curious?).
Unlike many of the alleged computer geek wanna-be’s, logging events is not always enough, so I also read through the log files. Though it’s not an every day occurrence like it probably should be, it’s not always the slow that lose the race, remember the turtle beat the bunny in their encounter.
Here’s one more for the road, but this is something mostly uninteresting:
Below is only for search engine purposes, it’s the actual event log messages.
Log Name: Application
Date: 2/15/2012 9:46:28 AM
Event ID: 0
Task Category: None
File is infected: SFP.Malware.19409.Web (Malware)
<Provider Name="BarExAv" />
<TimeCreated SystemTime="2012-02-15T17:46:28.000000000Z" />
<Data>File is infected: SFP.Malware.19409.Web (Malware)</Data>
Log Name: Application
Source: Application Error
Date: 1/9/2012 10:14:35 AM
Event ID: 1000
Task Category: (100)
Faulting application name: BarExWizard.exe, version: 184.108.40.206, time stamp: 0x4dee5448
Faulting module name: unknown, version: 0.0.0.0, time stamp: 0x00000000
Exception code: 0xc0000005
Fault offset: 0x0000000000000000
Faulting process id: 0x2d00
Faulting application start time: 0x01cccefa51112985
Faulting application path: C:\Program Files\Barracuda\Spam & Virus Firewall\Antivirus for Exchange\BarExWizard.exe
Faulting module path: unknown
Report Id: c8e28bfd-3aed-11e1-be6d-a4badb479022
<Provider Name="Application Error" />
<TimeCreated SystemTime="2012-01-09T18:14:35.000000000Z" />
<Data>C:\Program Files\Barracuda\Spam & Virus Firewall\Antivirus for Exchange\BarExWizard.exe</Data>