Content filtering was created to check against message body. When certain emails were scanned by SMSMSE and checked against this policy, scan process SAVFMSESp.exe crashed.
Event ID 218 was observed under Windows System Event log with "Unscannable File Rule" triggered instead. If the actions for unscannable policies "UFR - Scanning Limits" and "UFR - Malformed Files" were set to quarantined, the quarantine action will fail and the message will be marked for quarantine.
Errors found in Application Event log:
Event ID 168:
The process SAVFMSESp.exe was restarted.
Event ID 218:
The message "<<Message Subject>>" located in SMTP has
violated the following policy settings:
Rule: Unscannable File Rule
The following actions were taken on it:
The message "<<Message Subject>>" was marked
for Quarantine for the following reason(s):
Scan Engine error. Error code: 0xC0090086
Scan process crashed due to buffer overflow condition from the functions within.
Symantec is aware of this issue and will update this document when a solution becomes available. It may not be necessary to log a support case on this issue. Please subscribe to this article to be notified of any updates.
Hotfix has been created for this issue. Instruction to install the hotfix can be found under the readme.txt file.