Symantec Mail Security for Microsoft Exchange crashes IIS

Whenever a Windows component crashes, my first instinct is to check to see if any third-party programs have been installed on the system. This also applies to Exchange servers, which can play host to any number of add-ons -- antispam software, antivirus applications, and so on.

    Requires Free Membership to View

If a third-party program malfunctions, it can manifest in any number of ways, not the least of which is the malfunction or failure of a Windows or Exchange Server subsystem.

A recent and unfortunately common example is an issue with Symantec Mail Security for Microsoft Exchange that causes Internet Information Services (IIS) to crash unexpectedly.

Logged errors reveal that a problem in the Symantec Mail Security component \Program Files\Symantec\SMSMSE\5.0\Server\bin\libspamhunter.dll is to blame.

Symantec has apparently been aware of the Symantec MailSecurity problem on Microsoft Exchange for some time and has released an update that specifically addresses it (it's in version of the product). Unfortunately, some people continue to report problems even after applying the recommended update.

There is a workaround that was recommended by Symantec before the fix was made available. It continues to be used even after applying the fix, since the fix doesn't seem to be a universal remedy:

  1. On the affected Exchange Server system, look for the file \Program Files\Symantec\SMSMSE\5.0\Server\SpamPrevention\bmiconfig.xml, and open it with a text editor or XML editor (Notepad is fine).

  2. Make a backup copy of the file as bmiconfig.xml.old.

  3. Edit the current bmiconfig.xml and remove the following lines:

  4. Save the bmiconfig.xml file and restart the Symantec Mail Security service.

The problem appears to be related to one of the above rulesets. People who have experimented with removing each rule type in turn have found that the body_regex ruleset is the most problematic; it should be removed first for the most immediate results. Remove the others one by one from the top down if that doesn't solve the problem.

Also, if you're dealing with a multi-node Exchange Server system, the same fix must be applied across each node of the cluster, in exactly the same manner (i.e., you need to delete the same lines in each node's .XML file).

Finally, it doesn't hurt to upgrade to the most recent version of a third-party program whenever possible, but bear in mind that this alone may not solve this particular issue.

About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.


Symantec Mail Security 6 fixes this (finally). It's a free upgrade for currently licensed users. (You would not have this problem if you were not current, anyway.)
—David W.


This issue has been resolved with Symantec Mail Security (SMS) for Microsoft Exchange 5.0.6 and Symantec Information Foundation Mail Security for Microsoft Exchange 6.0 (the new name for SMS.)
—John G.


Just an FYI that I still had this problem with a brand new Microsoft Windows 2003 SP2 and Exchange 2003 SP2 server with Symantec Information Foundation (Mail Security) version 6.0. I still had to remove the lines from the file bmiconfig.xml for virtual memory and IIS issues to go away.
—John D.

Do you have comments on this tip? Let us know.

Related information from SearchExchange.com:

  • Tip: Common Microsoft Outlook .DLL errors
  • Tip: Exchange Server diagnostics – digging into IIS logs
  • Step-by-Step Guide: How to repair Exchange-related IIS virtual directories
  • Reference Center: Exchange Server and IIS tips and resources

    Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a thank-you gift only an IT geek could love.

    This was first published in April 2007

  • There are Comments. Add yours.

    TIP: Want to include a code block in your comment? Use <pre> or <code> tags around the desired text. Ex: <code>insert code</code>

    REGISTER or login:

    Forgot Password?
    By submitting you agree to receive email from TechTarget and its partners. If you reside outside of the United States, you consent to having your personal data transferred to and processed in the United States. Privacy
    Sort by: OldestNewest

    Forgot Password?

    No problem! Submit your e-mail address below. We'll send you an email containing your password.

    Your password has been sent to:

    Disclaimer: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.