ALERT: Some images may not load properly within the Knowledge Base Article. If you see a broken image, please right-click and select 'Open image in a new tab'. We apologize for this inconvenience.

Symantec Mail Security for Microsoft Exchange (SMSMSE) scan process crashed due to message triggered content filtering rule.

book

Article ID: 161367

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

Content filtering was created to check against message body. When certain emails were scanned by SMSMSE and checked against this policy, scan process SAVFMSESp.exe crashed.

Event ID 218 was observed under Windows System Event log with "Unscannable File Rule" triggered instead. If the actions for unscannable policies "UFR - Scanning Limits" and "UFR - Malformed Files" were set to quarantined, the quarantine action will fail and the message will be marked for quarantine.

Errors found in Application Event log:
 
Event ID 168:
 
The process SAVFMSESp.exe was restarted.
 
Event ID 218:
 
The message "<<Message Subject>>" located in SMTP has
violated the following policy settings:
Scan: Auto-Protect
Rule: Unscannable File Rule
The following actions were taken on it:
The message "<<Message Subject>>" was marked
for Quarantine for the following reason(s):
Scan Engine error. Error code: 0xC0090086

 

Cause

Scan process crashed due to buffer overflow condition from the functions within.

Resolution

Symantec is aware of this issue and will update this document when a solution becomes available. It may not be necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates.

Workaround:

Hotfix has been created for this issue. Instruction to install the hotfix can be found under the readme.txt file.

 

Applies To

 

SMSMSE 7.5.0

Attachments

hotfix.zip get_app