Symantec Mail Security for Exchange (SMSMSE) has quarantined email. The Administrator uses the SMSMSE Administration Console to release the email from the quarantine by email. The email is then quarantined by SMSMSE again.
Use the following steps to reproduce the issue:
1. Open the SMSMSE Administration Console.
2. Click on the Monitors icon. Then click Views|Quarantine to view the quarantine.
3. Right click on a quarantined email and select Release by mail....
The following is the behavior for the following versions:
6.5.4 and lower
Email is rescanned for viruses and content filtering and file filtering.
6.5.5 and higher
Email quarantined for content filtering violations is rescanned for file filtering and Antivirus.
Email quarantined for Antivirus or file filtering violations is not rescanned.
This behavior is by design.
Workarounds
1. Open the SMSMSE Administration console.
2. Click the Policies menu item. Then click Views|Content Enforcement|Content Filtering Rules.
3. Right click on the rule and select Edit.... Uncheck Internal Messages (store) and Outbound messages. Click OK.
4. Click the Deploy Changes button.
Technical Information
With version 6.5.5 and higher the default behavior is not to rescan items (as described above). Use the following steps to configure SMSMSE to always rescan items released from quarantine by mail:
1. Open the registry editor.
2. Create the following DWORD key and set the value to on:
32-bit OS: HKEY_LOCAL_MACHINE\SOFTWARE\Symantec\SMSMSE\<version>\Server\Components\Quarantine\RescanReleasedItemBool
64-bit OS: HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SMSMSE\<version>\Server\Components\Quarantine\RescanReleasedItemBool
NOTE: Change <version> to the version of SMSMSE installed. The following is an example for 6.5 on Windows 2008 64 bit:
HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Symantec\SMSMSE\6.5\Server\Components\Quarantine\RescanReleasedItemBool
3. Restart the following services:
Symantec Mail Security for Microsoft Exchange