So that would be one quite long holidays that he is taking, since I sent the first crash log two months ago. I don't blame him since this is a free software and he is not obligated to watch for it. But actually I wouldn't mind optionally * POLICY VIOLATION ! * for it, if there would be a real support provided as with other software. I know it's basically software targeted at advanced users, but hey, there are always few thinks that only the developer can fix.
Back to the topic. Injecting DLLs means, that a software was forced by other program to load it. This is quite easy to spot, since the only normal DLLs Spami is using for its threads is msvcr90.dll and mscowrks.dl (since it's written in C), dccfilter.dll (it seems to be loaded even when not scanning any mails) and ntdll.dll (system stuff). Every other DLL is suspcious, and based on their names I've located them, checked their version, comment etc. Kat Mouse is used for every application to replace their native mouse scroll handling, Window Blinds is for skinning, Norton Internet Security is for protection (probably part of their "sonar" technology) and Actual Window Manager monitors windows and adjusts their size, position, monitor placement etc.
I almost knew it was one of them and I installed them one by one on the virtual machine. It seems that Actual Window Manager has a conflict with Spamhilator. It does few things with Spami windows such as addings titlebar button for moving to the other monitor. It seems that Spami is the only software that doesn't like it for some reason. I've added Recycle Bin and Training Area windows to AWM exclusion list and it's working great.
Maybe it would be nice to add it to FAQ too. I also did write AWM developers, and there will be an exclusion for Spami windows by default, until Michel traces why does it happens. I have to admit that it was all inspred by Mark Russinovich (sysinternals.com) "the case of..." computer detective blog series, and I'm proud of it
Ok. So, once it stopped crashing I did install and configure all of the plugins I wanted to have again. It took some more testing, since not all of them are UAC compatible, and because of that I had few more crashes or they were loosing settings after Spami restart. So I had to change their INI/LOG file access rights to allow writing to them by normal users, even when they are located in a protected folder. Few more tweaks and it seems no more crashes and every plugin settings is saved and changable via settings dialog.
Now, I've got another problem. I configured everything including copying of learning filter memory, and my spam catching rate should be near 99 % again. So I stared my e-mail client, and Spami started downloading mails. Since I've been checking them everyday via webmail, I know that almost all of them are spam (well, maybe there are near 50 non-spams of all 15.000 mails). But the progress window states it detected very few of them. That's strange. So I did cancel the download progress. If I would allow it to continue I would get around 14.000 spam mails directed to my e-mail client, and it's hard to tell if it's not a problem for it, plus I would need to filter them manually. Of course after that I would check Training Area and knew which filter and why marked all those mails as non-spam. But it would be way to late. I was also looking for filters.log file, but it seems it's written after downloading all mails...