Symantec Mail Security for Microsoft Exchange (SMSMSE) has added a mechanism to ensure virus definitions are correct before using them. This ability is in the following versions of SMSMSE:
This document explains how this mechanism works and error codes associated with it.
|6.5.X Event ID
||6.0.X Event ID||Description||Details||Action to Take|
|399||393||Virus definitions authenticity check failed. Server will try to use previous virus definitions <Directory path of previous virus definition folder> Error code: <error encountered while processing definitions>||If the latest definition inside the Hawking structure is corrupt, SMSMSE identifies a previous set of good definitions, and points to it. This event is written into the Windows application event log indicating the rollback to the previous known good definition set along with the path of valid virus definition directory.||This event will be corrected automatically the next time LiveUpdate runs on its schedule.|
|400||394||No valid virus definitions are available. Server will attempt to download new virus definitions. Error code: <error encountered while processing definitions>||If all virus definitions at Hawking structure are either corrupt or missing, SMSMSE generates event 400 into Windows event log. SMSMSE will trigger a silent LiveUpdate session to attempt to replace the definitions with a working set after checking the availability of valid content license.||This event will be self correcting, no action is needed unless this event is accompanied by an Event ID 401/395.|
|401||395||Failed to initialize AV scanner. The virus definitions are either missing or corrupt. Error code: <error encountered while processing definitions>||This event is written only if the previous self-remediation process fails. This event indicates no valid virus definitions are available for the scanner to use in either the Hawking structure or CSAPI.||Follow the steps in the Solution section of document 'The Exchange server is beeping, and / or you are getting the following SMSMSE events: 110, 168, 68, and 167, in Windows Application Event log.' to replace the definitions with a working set.|