Some messages appear to be stuck in either the inbound, outbound, or the Thread Defense resubmission queues and are scanned multiple times without being acted on or delivered.

The Brightmail Client logs show the following errors and warnings:

2020-09-21T00:12:58+02:00 (WARNING:9165.440395520): [46061] Unable to scan and/or modify the message in action 'Reconstruct'.
2020-09-21T00:13:27+02:00 (ERROR:9165.52422400): [42121] SG Decomposer: Internal error (80800204).

The SMG system is attempting to reconstruct the message after taking the configured modify action but is unable to complete the message modification due to an error in the malware decomposer component. Since the message action / reconstruction is not complete, the message remains in the queue and may be repeatedly scanned and may generate multiple failures.

This is an known issue with the decomposer engine which will be automatically corrected via remote malware engine update once the software issue has been resolved.

Workaround

1. Review the message audit log (Status > Message Audit Logs) to determine which policy and action are being applied to the message.
2. Change the policy action to an action that does not modify the message: Hold in Spam Quarantine, Delete, Route
3. Once the message or messages have cleared the queue, reset the policy action back to the original policy action

This may also occur for Disarm scanning. To work around the issue for messages which cannot be disarmed, please do the following. Note that these steps may need to be adapted depending on your policy group configuration.

1. Create a policy group with Disarm filtering disabled
2. Look up the queued message in the Message Audit Logs and not the recipient (sender for outbound)
3. Assign the recipient or sender from step 2 to this Disarm disabled policy group
4. Once the message has cleared the queue remove the recipient from the Disarm disabled policy group and return them to their original policy group

Note: Messages are still scanned for malware even is Disarm is temporarily disabled for a recipient.