Symantec Mail Security for Microsoft Exchange (SMSMSE) is enabled on my Exchange server. The processes SAVFMSESp.exe slowly consume more and more memory until all available memory on the server is consumed. In addition to this leaking of memory, you may also see this accompanied by a handle leak, causing the SAVFMSESp.exe processes to consume handles until all available handles are exhausted. This may also result in a memory leak in the process svchost.exe
At least one content filtering rule is enabled that specifies a user condition.
To verify whether a content filtering rule has a user condition enabled:
Open the SMSMSE console and navigate to Policies -> Content filtering rules.
Right click each enabled rule in the list one by one and click Edit rule....
Click the Users tab.
If anything is listed in either the SMTP Addresses (one per line) box or the Active Directory groups box then this condition is met.
Debug logs for SMSMSE show "unspecified error" when trying to resolve LDAP queries
SMSMSE is receiving X.400 addresses or Short (display) names from Exchange during scanning that cannot be resolved to an SMTP address via Lightweight Directory Access Protocal (LDAP) in Active Directory (AD).