Symantec Mail Security for Microsoft Exchange 6.5.0 experiences virus definition loading failure due to rollback failure resulting in the Exchange server beeping and Windows Events: 110, 168, 68, and 167
|Article:TECH132624|||||Created: 2010-01-20|||||Updated: 2012-04-20|||||Article URL http://www.symantec.com/docs/TECH132624|
Symantec Mail Security for Microsoft Exchange (SMSMSE) has trouble loading new virus definitions. Issues may include mail flow slowdowns or stopping and event ID 110, 167, 168 and 68 being written to the application event log.
Symptoms will be identical to those described in this document:'The Exchange server is beeping, and / or you are getting the following SMSMSE events: 110, 168, 68, and 167, in Windows Application Event log.'
- If an upgrade has occurred you notice an increase in the number of times virus definitions become corrupted, resulting in stoppages of mail flow, and event ID 110, 167, 168 and 68 being written to the application event log.
- You may also see a virus definition date in the SMSMSE console of 1/1/1601
- SMSMSE build number is 6.5.x.
- To verify build number perform the following steps:
1. Open the SMSMSE Administration Console.
2. Click Help -> About.
- An excessive number of folders with names similar to VirusDefs0000000XXX located in the SMSMSE virus definitions directory.
- 1. Open Windows explorer on the SMSMSE computer.
2. Open the following folder:
- 32-bit Systems
- C:\Program Files\Common Files\Symantec Shared\Definitions\AntiVirus
- C:\Program Files (x86)\Common Files\Symantec Shared\Definitions\AntiVirus
3. If this directory contains more than 3 folders with this naming convention then this condition is met.
When SMSMSE receives a new virus definition set it tries to load them. If SMSMSE is unable to use the new virus definition set then it attempts to roll back to a previous version of the virus definitions. SMSMSE is unable to roll back and this issue occurs. The roll back functionality is not functioning as expected.
This problem is fixed in Symantec Mail Security 6.5.1 for Microsoft Exchange. To download the latest release, read Obtaining an update or an upgrade for a Symantec Corporate product.
NOTE: All file paths will be in Program Files (x86) on 64 bit systems
Run Rapid Release definitions in SMSMSE.
- Open SMSMSE.
- Click Admin > LiveUpdate/Rapid Release Status.
- Click Run Rapid Release Definitions (via FTP).
Stop the SMSMSE service
- Click Start > Run.
- Type: net stop smsmse
Clear the existing definitions from SMSMSE to allow SMSMSE to process new definitions
- Remove VirusDefs0000000x folders from C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus (where 'x' is a number).
- Remove all files from C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus\incoming.
- Copy all files from the latest definition folder to C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus\incoming.
NOTE: The latest definition folder can be found in
- 32 bit: C:\Program Files\Common Files\Symantec Shared\VirusDefs\
- Server 2003 64 bit: C:\Program Files (x86)\Common files\Symantec Shared\SymcData\virusdefs32
- 64 bit: C:\ProgramData\Symantec\Definitions\SymcData\virusdefs32
For example, copy all files from C:\Program Files\Common Files\Symantec Shared\VirusDefs\2010XXXX.XXX to C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus\incoming.
Start the SMSMSE service
- Click Start > Run.
- Type: net start smsmse
When the service starts up, SMSMSE will read the definition files from the incoming folder and create a new virus definition folder under the Antivirus folder. For example, a folder, A VirusDefs00000001 is created in C:\Program Files\Common Files\Symantec Shared\definitions\Antivirus.
Article URL http://www.symantec.com/docs/TECH132624