Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations gkittelson on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

Symantec Mail Security Scan Engine Failure 1

Status
Not open for further replies.
dhenry

dhenry

MIS
Jun 11, 2002
17
US
This morning viruses were getting through my Symantec Mail Security (version 4.5.2.736) on my Exchange 2003 server on Server 2000. NAVCE was catching them on the workstation. I rebooted, but that did not help. I am seeing many errors in the Mail Security like the following:

Scan Engine Failure.
HRESULT = 0x80004005. This error occurred while scanning the attachment " of message "Don`t worry, be happy!" located in "exampleuser".

During a manual message store scan I get:
The attachment "mail8164.pif" located in message with subject "Mail Delivery System (exampleuser@domain.edu)", located in SMTP has violated the following policy settings:
Policy: Standard
SubPolicy: Exception SubPolicy
Rule: Unscannable File Rule
The following actions were taken on it:
The attachment "mail8164.pif" was Logged Only for the following reason(s):
Scan Engine Failure (0xC009008F)

or

The attachment "mail8164.pif" located in message with subject "Mail Delivery System (exampleuser@domain.edu)", located in SMTP has violated the following policy settings:
Policy: Standard
SubPolicy: Exception SubPolicy
Rule: Unscannable File Rule
The following actions were taken on it:
The attachment "mail8164.pif" was Logged Only for the following reason(s):
Scan Engine Failure (0xC009007E)

Is anyone else seeing these errors?

I have tried a fresh install and continue to see the errors. I have it deleting unscannable attachments right now, but it may be deleting good attachemnts as well.
 
Sort by date Sort by votes
Check your congiration. You will want to make sure that the option is to quarantime first (and remove the 'Log Only' option).

 
Upvote 0 Downvote
Check your configuration. You will want to make sure that the option is to quarantime first (and remove the 'Log Only' option).

 
Upvote 0 Downvote
Got it solved with a helpful tech @ Symantec (Tony). We looked at the c:\program files\common files\symantec shared\virus defs directory. It showed a few tmp directories. This with some other indications told us that we had corrupted virus defs. Usually you can just stop the services and delete the tmp and numbered folders, download the intelligent updater, run it and restart the services. My corruption had gone to far and needed a uninstall/reinstall of all symantec products on that server. He said the reason this occurred is that I was downloading virus defs from several sources: Liveupdate, scheduled ftp secession, and a managed NAVCE client. He said the solution was only to have updates occur from one place. He sent me a link for the current way to do ftp updates:
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

SaltyTheFrog
  • Locked
  • Question
Nearby Share security exposure
Replies
3
Views
447
goombawaho
goombawaho
CDIV
  • Locked
  • Question
port 8080 monitoring -Trend micro deep security agent
Replies
0
Views
211
CDIV
CDIV
Macola10
  • Locked
  • Question
Kapersky Small Office Security
Replies
0
Views
121
Macola10
Macola10
dan2229
  • Locked
  • Question
McAfee Security Scan Plus
Replies
3
Views
214
dan2229
dan2229
Tiffc0922
  • Locked
  • Question
Virus / Malware Scans on Local PCs
Replies
5
Views
189
goombawaho
goombawaho

Part and Inventory Search

Sponsor

Back
Top