After upgrading to Symantec Mail Security for Microsoft Exchange (SMSMSE) 7.5.5, some properly formed PDF files are deemed malformed and the action configured in the SMSMSE console under Policies -> Exceptions -> UFR- Malformed files is taken.
In the application event log, an event id 218 is logged from source "Symantec Mail Security for Microsoft Exchange" with the following details:
The message "<message subject>" located in <message location> has violated the following policy settings:
Scan: Auto-Protect
Rule: UFR - Malformed Files
The following actions were taken on it:
The message "<message subject>" was <action>:
Scan Engine Error. CSAPI DEC result: 0xA. A malformed container is detected. Engine Name: PDF.
For more information, visit https://entced.symantec.com/entt?product=SMSMSE&build=symantec_ent&version=7.5.5.128&language=english&module=event_logging&error=218 .
A problem in the component that breaks files down to their component parts for scanning (Decomposer engine) causes files to be misidentified as Malformed despite containing all the proper elements.
This issue is resolved in SMSMSE 7.9.1 and later. Upgrade to 7.9.1 to resolve this issue.
Workaround
There are multiple possible workarounds to this behavior. For details on the options available in SMSMSE 7.5.5, see Unscannable file handling options available with Symantec Mail Security for Microsoft Exchange 7.5 and later