Symantec Mail Security for Microsoft Exchange (SMSMSE) does not detect and block SPAM when BM_Rulesets directories accumulate

Article:TECH84147  |  Created: 2006-01-17  |  Updated: 2014-02-04  |  Article URL http://www.symantec.com/docs/TECH84147
Article Type
Technical Solution


Issue



The Symantec Premium AntiSpam (SPA) Add-on for Microsoft Exchange is not detecting large amounts of mail that are SPAM.

Conditions

SPA bm_ruleset folders are more than a few hours old.

Perform the following steps to check the date/time of the bm_ruleset folders: 

1. Open Windows explorer to the following directory: 

32-bit Operating System default: C:\Program Files\Symantec\SMSMSE\<version>\Server 
64-bit Operating System default: C:\Program Files (x86)\Symantec\SMSMSE\<version>\Server

where <version> is the version of SMSMSE installed.  The following is an example for 6.5 installed on 64-bit OS:

C:\Program Files (x86)\Symantec\SMSMSE\6.5\Server

3. If there are several bm_ruleset folders that are a few hours old or older, then this criteria has been met.
 

 


Cause



SMSMSE is not removing old rulesets. When rulesets accumulate SMSMSE cannot load the current set of rules correctly.  This results in reduced or little SPAM effectiveness.


Solution



Upgrade to Symantec Mail Security for Microsoft Exchange 6.5.5 or later. To download the latest release, read Obtaining an update or an upgrade for a Symantec Corporate product. After upgrading, follow the steps in the Workaround section to clear out old rulesets.

Workaround

Clear out the rules and restart IIS (for Exchange 2000/2003) or restart the Microsoft Exchange Transport service (for Exchange 2007/2010/2013).


1.    Stop the following Windows Services:


Symantec Mail Security for Microsoft Exchange
Symantec Mail Security Utility Service


2.    Open Windows Explorer and navigate to:

32-bit operating system: C:\Program Files\Symantec\SMSMSE\<version>\Server
64-bit operating system: C:\Program Files (x86)\Symantec\SMSMSE\<version>\Server
 
Where <version> is the version of SMSMSE installed.  The following is an example for SMSMSE 6.5 installed on Exchange 2010:


C:\Program Files (x86)\Symantec\SMSMSE\6.5\Server


3.    In the sidebar, in the All or part of the file name box enter brightmail_ref and click Search. Search results return a number of files and in some cases hundreds. Delete all resulting files.
4.    Move all folders starting with bm_ruleset to a temporary folder.
5.    Move the following files to a backup folder:


.sequence.0
.sequence.2
blrm
hashes


NOTE: Some or all of these files may not exist depending on the specific version of SMSMSE installed.


6.    Wait approximately five minutes for SMSMSE to refresh the rules. Refresh the Server directory in Windows Explorer and see a small number of bm_ruleset folders.
7.    For Exchange 2000/2003 restart IIS by clicking Start -> Run and typing iisreset.exe and click Ok.
8.    For Exchange 2007/2010 restart the following Windows service:  Microsoft Exchange Transport.
9.    Start the following Windows Services:


Symantec Mail Security for Microsoft Exchange
Symantec Mail Security Utility Service

 

 

 


Supplemental Materials

SourceETrack
Value1899637


Legacy ID



2006011716254054


Article URL http://www.symantec.com/docs/TECH84147


Terms of use for this information are found in Legal Notices