symantec mail security for exchange 6 error
Hi guys
can you help me on this problem
running windows server 2000, exchange 2000 and symantec mail security version 6.0.9.286
ive noticed these warning in the logs today which im putting down to a possible spam issue
3 Nov 2009 08:55:50 (WARNING:4464.4560): [27115] read_spamwall_config: //totalProfiling missing settings.
3 Nov 2009 09:02:44 (WARNING:4464.4560): [27115] read_spamwall_config: //totalProfiling missing settings.
3 Nov 2009 09:11:10 (WARNING:4464.4560): [27115] read_spamwall_config: //totalProfiling missing settings.
3 Nov 2009 09:16:39 (WARNING:4464.4560): [27115] read_spamwall_config: //totalProfiling missing settings.
3 Nov 2009 09:27:00 (WARNING:4464.4560): [27115] read_spamwall_config: //totalProfiling missing settings.
3 Nov 2009 09:35:10 (WARNING:4464.4560): [27115] read_spamwall_config: //totalProfiling missing settings.
2 Nov 2009 20:11:31 (ERROR:7164.4612): [10026] Unable to remove directory C:\Program Files\Symantec\SMSMSE\6.0\Server\bm_ruleset.1.intsig_rules.1257192622.
2 Nov 2009 20:11:31 (ERROR:7164.4612): [12063] Cannot process 'BrightSig3 Rules'.
2 Nov 2009 20:14:28 (ERROR:7164.4612): [12093] Unable to process rule set.
2 Nov 2009 20:14:28 (ERROR:7164.4612): [12052] Unable to parse message.
2 Nov 2009 20:14:28 (ERROR:7164.4612): [12063] Cannot process 'BrightSig3 Rules'.
1 Nov 2009 12:20:30 (ERROR:4612.4632): [12034] Network error occurred, SSL: error:00000000:lib(0):func(0):reason(0) (35), check your network connection settings, check your proxy settings (if applicable), and check to ensure that port 443 (HTTPS) is open through any relevant firewalls.
1 Nov 2009 21:14:52 (ERROR:4612.4632): [12034] Network error occurred, SSL: error:00000000:lib(0):func(0):reason(0) (35), check your network connection settings, check your proxy settings (if applicable), and check to ensure that port 443 (HTTPS) is open through any relevant firewalls.
any idea where i should be looking for to check this port 443, theres a group policy setup in the active directory that over rules the local policy
thanks for any help
Comments
Check the port!
Hi Jabba316,
Hope I can shed some light....
The first set of warnings can safely be ignored. Details are in the following article:
Symantec Mail Security for MS Exchange's bmserver.log Contains Entries: "read_spamwall_config: //totalProfiling missing settings" after Upgrading to Version 6.0.8
The second set of error messages is probably where your problem lies. SMSMSE needs access to certain network ports in order to download what it needs to run. Details are in this article:
What Ports Does Symantec Mail Security for Microsoft Exchange Use?
The first thing that I would check is the firewall (either on the server or elsewhere in your network) is blocking port 443. When Symantec Premium AntiSpam is enabled, it needs port 443 open on the firewall for bi-directional traffic to aztec.brightmail.com. One easy test of that is to open Internet Explorer on the Exchange server and try to acces sthe address https://aztec.brightmail.com/ . If you see an "OK" on the screen, then your server can communicate and the problem is not with the port.
Thanks and best regards,
Mick
With thanks and best regards,
Mick
Hi Mick, Thank you for your
Hi Mick,
Thank you for your reply
yesterday i managed to sort the first issue out with a lot of help from an expert of experts exchange, ive just tried the website from the exchange server and i do get the ok on the website.
i have symantec endpoint protection manager installed on another server with endpoint on the users and the exchange server, when this was installed i installed antivirus and antispam/proactive threat protection and network threat protection.
ive been getting a lot of mails comming in at the moment from Mail Delivery System with this in the top of the email
This message was created automatically by mail delivery software.
A message that you sent could not be delivered to one or more of its
recipients. This is a permanent error. The following address(es) failed:
obviously these emails wernt sent by us as i can see the senders ip in the email, just trying to eliminate symantec with me getting these errors in case it causing the problems
thanks
errors i had this morning - 5
errors i had this morning -
5 Nov 2009 10:11:00 (ERROR:4692.5492): [12039] Error reading instruction in update.
5 Nov 2009 10:11:01 (ERROR:4692.5492): [10026] Unable to remove directory C:\Program Files\Symantec\SMSMSE\6.0\Server\bm_ruleset.1.spamhunter_rules.1257415765.
5 Nov 2009 10:11:01 (ERROR:4692.5492): [12063] Cannot process 'Heuristic and URL Rules'.
5 Nov 2009 10:18:36 (ERROR:4692.5492): [12093] Unable to process rule set.
5 Nov 2009 10:18:36 (ERROR:4692.5492): [12052] Unable to parse message.
5 Nov 2009 10:18:36 (ERROR:4692.5492): [12063] Cannot process 'Heuristic and URL Rules'.
all the rules i have in the directory have
bm_ruleset.2.intsig_rules
not
bm_ruleset.1.intsig_rules
6 Nov 2009 08:01:02
6 Nov 2009 08:01:02 (ERROR:4692.5492): [12034] Network error occurred, SSL: error:00000000:lib(0):func(0):reason(0) (35), check your network connection settings, check your proxy settings (if applicable), and check to ensure that port 443 (HTTPS) is open through any relevant firewalls.
this mornings error, any ideas why i would be getting the port 443 error if the exchange server can get to that site?
thanks
We sometiems see ISA and
We sometiems see ISA and proxy servers will sometimes allow a user using the browser to access a site or network resouce but not the system account that may be trying to run an update utility such as conduit.exe or liveupdate.
Hi BenDC, Thanks for your
Hi BenDC,
Thanks for your reply and sorry ive not answered sooner.
Any ideas why i have bm_ruleset.2.intsig_rules instead of bm_ruleset.1.intsig_rules
the errors ive received today (had none since the 7th) keep saying that it cant delete the bm_ruleset.1.intsig_rules rule
10 Nov 2009 00:56:51 (ERROR:7036.2984): [10026] Unable to remove directory C:\Program Files\Symantec\SMSMSE\6.0\Server\bm_ruleset.1.intsig_rules.1257814553.
10 Nov 2009 00:56:51 (ERROR:7036.2984): [12063] Cannot process 'BrightSig3 Rules'.
10 Nov 2009 00:59:42 (ERROR:7036.2984): [12093] Unable to process rule set.
10 Nov 2009 00:59:42 (ERROR:7036.2984): [12052] Unable to parse message.
10 Nov 2009 00:59:42 (ERROR:7036.2984): [12063] Cannot process 'BrightSig3 Rules'.
10 Nov 2009 08:37:45 (ERROR:7036.2984): [12039] Error reading instruction in update.
10 Nov 2009 08:37:45 (ERROR:7036.2984): [10026] Unable to remove directory C:\Program Files\Symantec\SMSMSE\6.0\Server\bm_ruleset.1.regexfilter_rules.1257842177.
10 Nov 2009 08:37:45 (ERROR:7036.2984): [12063] Cannot process 'Header Rules'.
10 Nov 2009 08:38:32 (ERROR:7036.2984): [12093] Unable to process rule set.
10 Nov 2009 08:38:32 (ERROR:7036.2984): [12052] Unable to parse message.
10 Nov 2009 08:38:33 (ERROR:7036.2984): [12063] Cannot process 'Header Rules'.
i have admin rights so thats probably why i can get to that page with no problems, the symantec is running under system account which i changed to admin on the services to see if that will deal with the error 443, not had the error since just this other 1
thanks for the reply and help, really appreciate your time
and it continues :) not had
and it continues :)
not had the error with the port 443 for a few days so im hoping thats been sorted
12 Nov 2009 03:55:51 (ERROR:7036.2984): [12037] Could not find "update for: : " in ïß|Ó.
12 Nov 2009 03:55:52 (ERROR:7036.2984): [10026] Unable to remove directory C:\Program Files\Symantec\SMSMSE\6.0\Server\bm_ruleset.1.intsig_rules.1257998090.
12 Nov 2009 03:55:52 (ERROR:7036.2984): [12063] Cannot process 'BrightSig3 Rules'.
12 Nov 2009 03:58:12 (ERROR:7036.2984): [12093] Unable to process rule set.
12 Nov 2009 03:58:12 (ERROR:7036.2984): [12052] Unable to parse message.
12 Nov 2009 03:58:13 (ERROR:7036.2984): [12063] Cannot process 'BrightSig3 Rules'.
12 Nov 2009 03:55:52 (ERROR:7036.2984): [10026] Unable to remove directory C:\Program Files\Symantec\SMSMSE\6.0\Server\bm_ruleset.1.intsig_rules.1257998090.
this part is always in the warning but the folder doesnt exist
thanks
errors on the 17th 17 Nov
errors on the 17th
17 Nov 2009 18:34:46 (ERROR:5080.5076): [10026] Unable to remove directory C:\Program Files\Symantec\SMSMSE\6.0\Server\bm_ruleset.1.spamsig_rules.1258482837.
17 Nov 2009 18:34:46 (ERROR:5080.5076): [12063] Cannot process 'BrightSig2 Rules'.
17 Nov 2009 18:34:48 (ERROR:5080.5076): [12093] Unable to process rule set.
17 Nov 2009 18:34:48 (ERROR:5080.5076): [12052] Unable to parse message.
17 Nov 2009 18:34:48 (ERROR:5080.5076): [12063] Cannot process 'BrightSig2 Rules'.
errors on the 18th
18 Nov 2009 04:51:05 (ERROR:5080.5076): [10026] Unable to remove directory C:\Program Files\Symantec\SMSMSE\6.0\Server\bm_ruleset.1.spamsig_rules.1258519823.
18 Nov 2009 04:51:05 (ERROR:5080.5076): [12063] Cannot process 'BrightSig2 Rules'.
18 Nov 2009 04:51:06 (ERROR:5080.5076): [12093] Unable to process rule set.
18 Nov 2009 04:51:06 (ERROR:5080.5076): [12052] Unable to parse message.
18 Nov 2009 04:51:06 (ERROR:5080.5076): [12063] Cannot process 'BrightSig2 Rules'.
whats happening here and why dont these rules exist which symantec is trying to delete?
do i need to uninstall and reinstall? repair? upgrade to a better antivirus/antispyware than symantec?
Brightmail Signatures Could Be Corrupted
Hi Jabba,
Have you noticed any lessening in the effectiveness of SMSMSE catching spam-?
The timestamps (1257998090, 1258482837, 1258519823) keep incrementing up, so it looks like Premium AntiSpam definitions are being downloaded- are they being applied?
I have seen cases where those tyope of errors indicated that the downloaded ruleset was corrupt, contained a bad rule, or had not completely replicated to the download site. Those generally only happened once or twice, and the root of the problem was in connectivity.
You might be best off clearing out all of the existing signatures and allowing SMSMSE to download a completely new, good set of them. If trouble continues, I recommend that you contact Symantec Technical Support- there are tools and techniques available to troubleshoot what is happening. A look at a debug conduit.log or bmserver.log might enable them to give you an answer that peers in the forum have not seen.
Thanks and best regards,
Mick
With thanks and best regards,
Mick
Hi Jabba, Take a look inside
Hi Jabba,
Take a look inside the folder:
C:\Program Files\Symantec\SMSMSE\6.0\Server\bm_ruleset.1.spamsig_rules.1258519823
If the folder does not currently exist, this is an indication of a transitory error, you can safely ignore the Error. Essentially this just means that the process conduit.exe attempted to delete the ruleset while it was still held in use by inetinfo.exe. A reload of the antispam engine will stop the files from being held in use (this occurs every 5 minutes without any user interaction)
If the folder is still there, will you check the presence of a file with a name similar to brightmail_ref.1258519823 inside the folder? If that file is there, this is a known issue with ruleset deletion, it is currently being addressed in development.
"do i need to uninstall and reinstall? repair? upgrade to a better antivirus/antispyware than symantec?" Regarding this statement, you can safely ignore errors in the bmserver.log or conduit.log unless you are using these logs to troubleshoot an antispam effectiveness issue. These rulesets are solely for the purpose of indentifying and stopping spam, they do not affect the operation of antivirus/antispyware.
Errors and warnings are normal in the bmserver.log and conduit.log during normal operation, it is only if the errors are extreme (i.e. a new one written every 30 seconds or so) or you see a decrease in spam effectiveness should you be concerned with errors written to those logs.
thanks guys, sorry ive not
thanks guys, sorry ive not been back to this but at least i know i can safely ignore these
Would you like to reply?
Login or Register to post your comment.