Some emails cannot be opened when Mail Security for Exchange is enabled
search cancel

Some emails cannot be opened when Mail Security for Exchange is enabled

book

Article ID: 164286

calendar_today

Updated On:

Products

Mail Security for Microsoft Exchange

Issue/Introduction

With Symantec Mail Security for Microsoft Exchange (SMSMSE) enabled, some items are not accessible until the service is stopped.

In the Application event log, an event ID 218 is logged from source "Symantec Mail Security for Microsoft Exchange" with details similar to the following:

The message "<Message Subject>" located in <location> has violated the following policy settings:
    Scan: Auto-Protect
    Rule: <rule name> (User defined action failed - Deny Access used instead)
The following actions were taken on it:
    The message "<Message Subject>" was Denied Access for the following reason(s)

Scan Engine Error.  <error code>

 

Cause

These errors occur when a scan request is sent to SMSMSE, but for some underlying reason SMSMSE cannot access the item in question. As a result, SMSMSE cannot verify whether the file violates one of the security policies implemented in the SMSMSE configuration (virus policy, content policy, attachment policy, etc.). Because the file in question cannot be accessed, SMSMSE takes the "Quarantine in Store" action inside the Exchange database (Deny Access), instead of the action configured for the policy in question.

 

 

Resolution

Some memory related causes for this behavior have been addressed in SMSMSE 7.9.1 MP1 (also known as SMSMSE 7.9.2). Please upgrade to at least SMSMSE 7.9.1 MP1.

Workaround

With SMSMSE 7.5.4 or later, SMSMSE can bypass the Quarantine in Store (Deny access) action if configured to do so.

To bypass Quarantine in Store with 7.5.4, 7.5.5 or 7.5.6

  1. On the Exchange server in question, open the registry editor (Start -> Run, Regedit)
  2. Navigate to HKEY_LOCAL_MACHINE\Software\Wow6432Node\Symantec\SMSMSE\7.5\Server.
  3. Create a new DWORD value, and name it ByPassQIS (case sensitive).
  4. Set the ByPassQIS value to 1.
  5. Restart the Symantec Mail Security for Microsoft Exchange service.

 

To bypass Quarantine in Store with 7.9.0 and later

  1. On the Exchange server in question, open the registry editor (Start -> Run, Regedit)
  2. Navigate to HKEY_LOCAL_MACHINE\Software\Symantec\SMSMSE\7.9\Server.
  3. Create a new DWORD value, and name it ByPassQIS (case sensitive).
  4. Set the ByPassQIS value to 1.
  5. Restart the Symantec Mail Security for Microsoft Exchange service.

 

Effects of setting this registry key

When an item is inaccessible to the SMSMSE scanner for some reason, instead of Denying Access to the item (Default behavior), SMSMSE will instead allow access to the item. Because it cannot access the item to scan, this means that SMSMSE will allow access to items that potentially violate some of its policies (virus policy, content policy, attachment policy, etc.) without being scanned. It is up to the security posture of the individual organization whether this potential security risk is acceptible in order to improve availability of emails under this condition.