Memory Leak in SAVFMSESp.exe When X.400 or Display Names Cannot be Resolved to an SMTP Address

Article:TECH131272  |  Created: 2010-01-26  |  Updated: 2014-05-06  |  Article URL http://www.symantec.com/docs/TECH131272
Article Type
Technical Solution


Issue



Symantec Mail Security for Microsoft Exchange (SMSMSE) is enabled on my Exchange server. The processes SAVFMSESp.exe slowly consume more and more memory until all available memory on the server is consumed.
In addition to this leaking of memory, you may also see this accompanied by a handle leak, causing the SAVFMSESp.exe processes to consume handles until all available handles are exhausted. This may also result in a memory leak in the process svchost.exe
 

Conditions

  • At least one content filtering rule is enabled that specifies a user condition.
    To verify whether a content filtering rule has a user condition enabled:
    1. Open the SMSMSE console and navigate to Policies -> Content filtering rules.
    2. Right click each enabled rule in the list one by one and click Edit rule....
    3. Click the Users tab.
    4. If anything is listed in either the SMTP Addresses (one per line) box or the Active Directory groups box then this condition is met.
  • Debug logs for SMSMSE show "unspecified error" when trying to resolve LDAP queries
    Use the following KB article to collect a DebugView debug log: How to obtain a DebugView log file from Symantec Mail Security for Microsoft Exchange

    If the issue described in this document is the root cause of the memory leak, you'll see repeated entries similar to the following:
      12:44:50.901 PM [10852] DllHost(2A64)[3A3C] 2010-03-19 12:44:50 0901ms:
      12:44:50.901 PM [10852] ..\..\..\src\Server\SAVFMSESHARED\SMSMSEMailStoreClientCDO.cpp(220) :
      12:44:50.901 PM [10852] CheckName for /O=/OU=/CN=/CN= is UnResolved
      12:44:50.901 PM [10852] DllHost(2A64)[3A3C] 2010-03-19 12:44:50 0901ms:
      12:44:50.901 PM [10852] ..\..\..\src\Server\StoreAccess\SMSStoreAccess.cpp(47) :
      12:44:50.901 PM [10852] Debug Trace: HRESULT=0x80004005 - Unspecified error
      12:44:50.916 PM [17660] SAVFMSESp(44FC)[2670] 2010-03-19 12:44:50 0916ms:
      12:44:50.916 PM [17660] ..\..\..\src\Server\SAVFMSESHARED\SMSMSEMailStoreClientCDO.cpp(166) :
      12:44:50.916 PM [17660] Debug Trace: HRESULT=0x80004005 - Unspecified error
      12:44:50.916 PM [17660] SAVFMSESp(44FC)[2670] 2010-03-19 12:44:50 0916ms:
      12:44:50.916 PM [17660] ..\..\..\src\Server\SAVFMSESHARED\MailStoreClient.cpp(441) :
      12:44:50.916 PM [17660] Debug Trace: HRESULT=0x80004005 - Unspecified error



 


Cause



SMSMSE is receiving X.400 addresses or Short (display) names from Exchange during scanning that cannot be resolved to an SMTP address via Lightweight Directory Access Protocal (LDAP) in Active Directory (AD).


Solution



Upgrade to SMSMSE 6.5.2 or later. To download the latest release, read Obtaining an update or an upgrade for a Symantec Corporate product.

For details about the fix included in 6.5.2, see Details about the User Address caching feature of Symantec Mail Security for Microsoft Exchange (SMSMSE)

Workaround

Disable any content filtering rule that contains a user condition, this will disable the need for name resolution in SMSMSE.

For each enabled content filtering rule in the SMSMSE console under Policies -> Content filtering rules, complete the following steps:
 

    1. Right click the enabled rule in the list, and click Edit rule....
    2. Click the Users tab.
    3. Note whether anything is listed in either the SMTP Addresses (one per line) box or the Active Directory groups box.
        4. For each rule that has a user condition enabled, either disable the rule, or remove all user conditions from the rule (once complete, the boxes should be completely blank).






 


Supplemental Materials

SourceETrack
Value2001159; 2104845

Legacy ID



2010032610484754


Article URL http://www.symantec.com/docs/TECH131272


Terms of use for this information are found in Legal Notices