Whenever a Windows component crashes, my first instinct is to check to see if any third-party programs have been installed on the system. This also applies to Exchange servers, which can play host to any number of add-ons -- antispam software, antivirus applications, and so on.
A recent and unfortunately common example is an issue with Symantec Mail Security for Microsoft Exchange that causes Internet Information Services (IIS) to crash unexpectedly.
Logged errors reveal that a problem in the Symantec Mail Security component \Program Files\Symantec\SMSMSE\5.0\Server\bin\libspamhunter.dll is to blame.
Symantec has apparently been aware of the Symantec MailSecurity problem on Microsoft Exchange for some time and has released an update that specifically addresses it (it's in version 126.96.36.1996 of the product). Unfortunately, some people continue to report problems even after applying the recommended update.
There is a workaround that was recommended by Symantec before the fix was made available. It continues to be used even after applying the fix, since the fix doesn't seem to be a universal remedy:
- On the affected Exchange Server system, look for the file \Program Files\Symantec\SMSMSE\5.0\Server\SpamPrevention\bmiconfig.xml, and open it with a text editor or XML editor (Notepad is fine).
- Make a backup copy of the file as bmiconfig.xml.old.
- Edit the current bmiconfig.xml and remove the following lines:
<ruleType>header_regex</ruleType> <ruleType>body_regex</ruleType> <ruleType>lang_header_regex</ruleType> <ruleType>lang_body_regex</ruleType> <ruleType>bodysig</ruleType>
- Save the bmiconfig.xml file and restart the Symantec Mail Security service.
The problem appears to be related to one of the above rulesets. People who have experimented with removing each rule type in turn have found that the body_regex ruleset is the most problematic; it should be removed first for the most immediate results. Remove the others one by one from the top down if that doesn't solve the problem.
Also, if you're dealing with a multi-node Exchange Server system, the same fix must be applied across each node of the cluster, in exactly the same manner (i.e., you need to delete the same lines in each node's .XML file).
Finally, it doesn't hurt to upgrade to the most recent version of a third-party program whenever possible, but bear in mind that this alone may not solve this particular issue.
About the author: Serdar Yegulalp is editor of Windows Insight, a newsletter devoted to hints, tips, tricks, news and goodies for all flavors of Windows users.
Symantec Mail Security 6 fixes this (finally). It's a free upgrade for currently licensed users. (You would not have this problem if you were not current, anyway.)
This issue has been resolved with Symantec Mail Security (SMS) for Microsoft Exchange 5.0.6 and Symantec Information Foundation Mail Security for Microsoft Exchange 6.0 (the new name for SMS.)
Just an FYI that I still had this problem with a brand new Microsoft Windows 2003 SP2 and Exchange 2003 SP2 server with Symantec Information Foundation (Mail Security) version 6.0. I still had to remove the lines from the file bmiconfig.xml for virtual memory and IIS issues to go away.
Do you have comments on this tip? Let us know.
Related information from SearchExchange.com:
Please let others know how useful this tip was via the rating scale below. Do you have a useful Exchange Server or Microsoft Outlook tip, timesaver or workaround to share? Submit it to SearchExchange.com. If we publish it, we'll send you a thank-you gift only an IT geek could love.