High CPU usage when Symantec Mail Security for Microsoft Exchange (SMSMSE) has Corrupt AntiSpam Rules
search cancel

High CPU usage when Symantec Mail Security for Microsoft Exchange (SMSMSE) has Corrupt AntiSpam Rules

book

Article ID: 177366

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

You may see any of the following symptoms: 

  • Exchange server is running slow.
  • Conduit is running at high CPU usage.
  • SMSUtility is running at 98% CPU usage.
  • Spam effectiveness is low.

The SMSMSE debug log conduit.log may show the following error message:

NOTE:  The debug log is in the following directory:

32-bit Operating System: C:\Program Files\Symantec\SMSMSE\<version>\Server\logs
64-bit Operating System: C:\Program Files (x86)\Symantec\SMSMSE\<version>\Server\logs

8 Dec 2010 16:49:17 (WARNING:6132.1712): [63101] Regexfilter module: read_existing_timestamps(): malformed line in previous timestamp file. 



 

Cause

SMSMSE AntiSpam rulesets are corrupt.

Resolution

Symantec is aware of this issue.  This article is updated as more information is available.  Subscribe to the article to receive updates.

Workaround

Removing existing AntiSpam rulesets.  Then SMSMSE downloads new rulesets.

A. Stop SMSMSE services 

  1. On the Windows task bar, click Start > Run.
  2.  Open the Windows services control panel by typing the following in the Open dialog box:

    services.msc
  3. In the right pane of the Services window right-click Symantec Mail Security for Microsoft Exchange and click Stop
  4. In the right pane of the Services window right-click Symantec Mail Security Utility Service and click Stop. This service is only present when Symantec Mail Security for Microsoft Exchange 6.x is installed.


 

B. Clear out existing rules

  1. Open the following directory in Windows explorer:

    32-bit Operating System: C:\Program Files\Symantec\SMSMSE\<version>\Server
    64-bit Operating System: C:\Program Files (x86)\Symantec\SMSMSE\<version>\Server



    Where <version> is the version number that you have installed. For example, C:\Program Files\Symantec\SMSMSE\5.0\Server.
     
  2. Delete any files or folders that match the following:

    • Folders with names that begin with "BM_Ruleset"
    • .sequence.0
    • .sequence.2
    • hashes
    • blrm

C. Start SMSMSE services


To start Symantec Mail Security services

  1. On the Windows task bar, click Start > Run.
  2.  Open the Windows services control panel by typing the following in the Open dialog box:

    services.msc
  3. In the right pane of the Services window right-click Symantec Mail Security for Microsoft Exchange and click Start
  4. In the right pane of the Services window right-click Symantec Mail Security Utility Service and click Start. This service is only present when Symantec Mail Security for Microsoft Exchange 6.x is installed



Now you should see the new BM_Rulesets, .sequence.0, .sequence.2, blrm, and hashes.

Check and see if the CPU usage has dropped on the Conduit and SMSUtility processes.




 

 


Powered by Wolken Software