Content filtering was created to check against message body. When certain emails were scanned by SMSMSE and checked against this policy, scan process SAVFMSESp.exe crashed.
Event ID 218 was observed under Windows System Event log with "Unscannable File Rule" triggered instead. If the actions for unscannable policies "UFR - Scanning Limits" and "UFR - Malformed Files" were set to quarantined, the quarantine action will fail and the message will be marked for quarantine.
Scan process crashed due to buffer overflow condition from the functions within.
Symantec is aware of this issue and will update this document when a solution becomes available. It may not be necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates.
Hotfix has been created for this issue. Instruction to install the hotfix can be found under the readme.txt file.