Some messages appear to be stuck in either the inbound, outbound, or the Thread Defense resubmission queues and are scanned multiple times without being acted on or delivered.
The Brightmail Client logs show the following errors and warnings:
2020-09-21T00:12:58+02:00 (WARNING:9165.440395520): [46061] Unable to scan and/or modify the message in action 'Reconstruct'. 2020-09-21T00:13:27+02:00 (ERROR:9165.52422400): [42121] SG Decomposer: Internal error (80800204).
The SMG system is attempting to reconstruct the message after taking the configured modify action but is unable to complete the message modification due to an error in the malware decomposer component. Since the message action / reconstruction is not complete, the message remains in the queue and may be repeatedly scanned and may generate multiple failures.
This is an known issue with the decomposer engine which will be automatically corrected via remote malware engine update once the software issue has been resolved.
Workaround
This may also occur for Disarm scanning. To work around the issue for messages which cannot be disarmed, please do the following. Note that these steps may need to be adapted depending on your policy group configuration.
Note: Messages are still scanned for malware even is Disarm is temporarily disabled for a recipient.