Filter-hub reaches 100% CPU usage and mail flow stops when scanning RAR encrypted files
| Article:TECH89903 | | | Created: 2008-01-14 | | | Updated: 2008-01-06 | | | Article URL http://www.symantec.com/docs/TECH89903 |
Problem
You are using a Symantec Brightmail Gateway Appliance version 7.6.x or earlier, and you noticed that the mail flow stops at certain times.
Symptoms
Common symptoms for this issue are:
- Messages stuck in the inbound queue.
- Filterhub process at 100% CPU usage.
- The appliance stops answering on port 25.
- If MTA is restarted manually, then the filter-hub crashes on signal 9, and the following notification is sent to the administrator:
Subject: filter-hub crashed on signal 9 on host.domain.com
filter-hub crashed on signal 9 on host.domain.com
exit code: 0x0009
Program output:
Warning: recursive semaphore lock detected!
Warning: recursive semaphore lock detected!
Warning: recursive semaphore lock detected!
Warning: recursive semaphore lock detected!
Warning: recursive semaphore lock detected!
Warning: recursive semaphore lock detected!
Warning: recursive semaphore lock detected!
Storing data in /data/scanner/jobs/filter-hub/2008.07.14-08.50.21
- Also, the following lines may be found in filter-hub debug log right before it stops:
2008-07-14T21:39:26+01:00 (INFO:27562.2954075056): [46022] Transforming message with MTE action Deliver.
2008-07-14T21:39:26+01:00 (INFO:27562.2954075056): [46022] Transforming message with MTE action Strip.
2008-07-14T21:39:26+01:00 (INFO:27562.2954075056): [24041] Scanning top-level-msg through decomposer at depth 0.
2008-07-14T21:39:26+01:00 (DEBUG:27562.2954075056): [46040] File top-level-msg is of type Encapsulation Format:MIME
2008-07-14T21:39:26+01:00 (INFO:27562.2954075056): [24041] Scanning Unknown00000610.data through decomposer at depth 1.
2008-07-14T21:39:26+01:00 (DEBUG:27562.2954075056): [46040] File Unknown00000610.data is of type Word Processor Document:Text
2008-07-14T21:39:26+01:00 (INFO:27562.2954075056): [24041] Scanning lavasoft.rar through decomposer at depth 1.
2008-07-14T21:39:26+01:00 (DEBUG:27562.2954075056): [46040] File lavasoft.rar is of type Encapsulation Format:RAR
Cause
The problem occurs when a compliance policy or the virus policy for encrypted attachments are set to "strip the attachments" on all file types except "archive." For example, the virus policy on encrypted attachments is set to "strip the attachments" for the file types "Executable, Multimedia, Document"
Solution
The problem is fixed in Symantec Brightmail Gateway Software Version 7.7.
Please upgrade to Symantec Brightmail Gateway Software Version 7.7 in order to solve this problem.
|
|
| Source | ETrack |
| Value | http://bugzilla.brightmail.com/show_bug.cgi?id=31967 |
Legacy ID
2008071415421154
Article URL http://www.symantec.com/docs/TECH89903
Terms of use for this information are found in Legal Notices
Thank you.