High CPU usage when Symantec Mail Security for Microsoft Exchange (SMSMSE) has Corrupt AntiSpam Rules

Article:TECH90420  |  Created: 2008-01-02  |  Updated: 2013-10-23  |  Article URL http://www.symantec.com/docs/TECH90420
NOTE: If you are experiencing this particular known issue, we recommend that you Subscribe to receive email notification each time this article is updated. Subscribers will be the first to learn about any releases, status changes, workarounds or decisions made.
Article Type
Technical Solution


Issue



You may see any of the following symptoms: 

  • Exchange server is running slow.
  • Conduit is running at high CPU usage.
  • SMSUtility is running at 98% CPU usage.
  • Spam effectiveness is low.

The SMSMSE debug log conduit.log may show the following error message:

NOTE:  The debug log is in the following directory:

32-bit Operating System: C:\Program Files\Symantec\SMSMSE\<version>\Server\logs
64-bit Operating System: C:\Program Files (x86)\Symantec\SMSMSE\<version>\Server\logs

8 Dec 2010 16:49:17 (WARNING:6132.1712): [63101] Regexfilter module: read_existing_timestamps(): malformed line in previous timestamp file. 



 


Cause



SMSMSE AntiSpam rulesets are corrupt.


Solution



Symantec is aware of this issue.  This article is updated as more information is available.  Subscribe to the article to receive updates.

Workaround

Removing existing AntiSpam rulesets.  Then SMSMSE downloads new rulesets.

A. Stop SMSMSE services 

  1. On the Windows task bar, click Start > Run.
  2.  Open the Windows services control panel by typing the following in the Open dialog box:

    services.msc
  3. In the right pane of the Services window right-click Symantec Mail Security for Microsoft Exchange and click Stop
  4. In the right pane of the Services window right-click Symantec Mail Security Utility Service and click Stop. This service is only present when Symantec Mail Security for Microsoft Exchange 6.x is installed.


 

B. Clear out existing rules

  1. Open the following directory in Windows explorer:

    32-bit Operating System: C:\Program Files\Symantec\SMSMSE\<version>\Server
    64-bit Operating System: C:\Program Files (x86)\Symantec\SMSMSE\<version>\Server



    Where <version> is the version number that you have installed. For example, C:\Program Files\Symantec\SMSMSE\5.0\Server.
     
  2. Delete any files or folders that match the following:

    • Folders with names that begin with "BM_Ruleset"
    • .sequence.0
    • .sequence.2
    • hashes
    • blrm

C. Start SMSMSE services


To start Symantec Mail Security services

  1. On the Windows task bar, click Start > Run.
  2.  Open the Windows services control panel by typing the following in the Open dialog box:

    services.msc
  3. In the right pane of the Services window right-click Symantec Mail Security for Microsoft Exchange and click Start
  4. In the right pane of the Services window right-click Symantec Mail Security Utility Service and click Start. This service is only present when Symantec Mail Security for Microsoft Exchange 6.x is installed



Now you should see the new BM_Rulesets, .sequence.0, .sequence.2, blrm, and hashes.

Check and see if the CPU usage has dropped on the Conduit and SMSUtility processes.




 

 


Supplemental Materials

SourceETrack
Value2221687


Legacy ID



2008100209265454


Article URL http://www.symantec.com/docs/TECH90420


Terms of use for this information are found in Legal Notices