Why a file triggers the Unscannable File Rule

Article:HOWTO82492  |  Created: 2012-11-30  |  Updated: 2014-06-25  |  Article URL http://www.symantec.com/docs/HOWTO82492
Article Type
How To


Subject


Why a file triggers the Unscannable File Rule

A file can trigger the Unscannable File Rule when Mail Security is unable to scan the file.

Some examples of when a file might trigger the Unscannable File Rule are as follows:

Mail Security cannot access the file.

Mail Security cannot access the file to scan it.

This can occur when another thread or process is accessing the file. For example, two separate antivirus software programs (a file system-based program and an email-based program) attempt to scan the same file simultaneously.

Configure your other antivirus programs to exclude certain folders from scanning. If another antivirus program scans the Exchange directory structure or the Mail Security processing folder, it can cause false-positive threat detection, unexpected behavior on the Exchange server, or damage to the Exchange databases.

See About using Mail Security with other antivirus products.

For information about how to prevent Symantec antivirus products from scanning the Exchange directory, go to the following Symantec Knowledge Base article:

http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2000110108382454?Open&src=w

The file is corrupt.

Mail Security correctly identifies the file, but the file is corrupt.

The file is incorrectly identified.

Mail Security misidentifies the file based on the message header. The actions that the program performs on the file are incorrect and invalid for the file type.

This can also occur in a file that contains invalid characters or values in the header.

The scanner or decomposer times out.

The antivirus scanner or decomposer times out while attempting to scan the file.

This can occur when a file meets or exceeds the scanning limits that you specify.

See Configuring file scanning limits.

The temporary working directory is missing, or the path to the directory is incorrect.

This could occur if the temporary working directory is deleted or moved. Check to see if the \Temp directory exists. If it has been deleted, create it in the following location:

C:\Program Files (x86)\Symantec\SMSMSE\7.5\Server \Temp

The file contains a large compressed attachment.

A file that contains a large attachment (for example, a 100 MB attachment that is compressed into a 4 MB .zip file) might trigger the Unscannable File Rule.

See Configuring file scanning limits.

See Configuring rules to address unscannable and encrypted files.

A Symantec antivirus product is attempting to scan files in Mail Security folders.

You must configure the Symantec antivirus product to exclude Mail Security folders from being scanned.

See About using Mail Security with other antivirus products.

Note:

If the Encrypted File Rule is enabled, encrypted files will trigger the Encrypted File Rule instead of the Unscannable File Rule.

See Configuring rules to address unscannable and encrypted files.


Legacy ID



v6340381_v82634657


Article URL http://www.symantec.com/docs/HOWTO82492


Terms of use for this information are found in Legal Notices