Microsoft KB Archive/920200

From BetaArchive Wiki
Knowledge Base


Mail flow stops and an event ID 5066 message is logged after you update the Kaspersky scan engine in Sybari Antigen 8.0 for Microsoft Exchange

Article ID: 920200

Article Last Modified on 6/20/2006


APPLIES TO

  • Sybari Antigen 8.0 for Microsoft Exchange



SYMPTOMS

In an organization that is running Sybari Antigen 8.0 for Microsoft Exchange, you experience the following symptoms:

  • The following event is logged in the Application log of the server that is running Microsoft Exchange Server:

    Event Source: AntigenService
    Event Category: Scan Error
    Event ID: 5066
    Date: date
    Time: time
    User: N/A
    Computer: ServerName
    Description: Realtime scan exceeded the allowed scan time limit.

  • If you are running Microsoft Exchange Server 2003 or Microsoft Exchange 2000 Server, e-mail messages are queued in the Messages awaiting directory lookup queue on the Exchange server.
  • If you are running Microsoft Exchange Server 5.5, the Microsoft Exchange Information Store service appears to stop responding (hang). And, mail flow stops.

You experience this problem if the following conditions are true:

  • The Kaspersky scan engine is enabled in Antigen 8.0 for Microsoft Exchange.
  • You updated the Kaspersky scan engine to version 2006021609.


CAUSE

This problem occurs because of a problem in the version of the Kaspersky scan engine that was released on February 16, 2006. This scan engine version number is version 2006021609. This version causes the Kaspersky scan engine to stop responding. When this occurs, the AntigenSMTP scan job and the AntigenRealtime scan job also stop responding.

RESOLUTION

To resolve this problem, update the Kaspersky scan engine to the latest version. This problem is resolved in version 2006022101 and in later versions. To update the Kaspersky scan engine, follow these steps:

  1. If the Sybari Client program does not respond, stop the AntigenService service.
  2. Start the Sybari Client program, and then disable the Kaspersky file scanner. To do this, follow these steps:
    1. In the left pane, click SETTINGS, and then click Anti-Virus.
    2. In the Name list, click a scan job, and then click to clear the Kaspersky check box in the File Scanners list.
    3. Follow step b to disable the Kaspersky file scanner for each scan job.
    4. Click Save.
  3. Restart the AntigenService service.
  4. In the left pane, click Scanner Updates, click Kaspersky in the Name list, and then click Update Now.
  5. Perform a real-time update in Antigen 8.0 for Microsoft Exchange.
  6. Enable the Kaspersky file scanner for each scan job.

Note If you cannot update the Kaspersky scan engine by using the Sybari Client program, manually update the Kaspersky scan engine. To do this, follow these steps:

  1. Obtain the latest Kaspersky_engine.exe file from the Antigen Update Web site. To do this, visit the following Sybari Web site:

    http://www.sybari.com/scan_engine_updates/intel/kaspersky

  2. Start Windows Explorer, and then locate the following folder:

    %PROGRAMFILES%\Sybari Software\Antigen for Exchange\Kaspersky\KasperskyEngine

  3. Stop all the following services:
    • The Antigen-related services
    • The Microsoft Internet Information Services (IIS)-related services
    • The Exchange-related services
    Note After you stop these services, start Windows Task Manager to make sure that no Antigen processes are listed.
  4. Rename the KasperskyEngine folder to "KasperskyEngine_bak".
  5. Create a new folder that is named "KasperskyEngine".
  6. Double-click the Kaspersky_engine.exe file to extract the contents of this file. Then, copy the contents of the Kaspersky_engine.exe file to the new KasperskyEngine folder that you created.
  7. If the KasperskyEngineNew folder exists, remove it.
  8. Restart all the services that you stopped in step 3.


MORE INFORMATION

To determine the version number of the current scan engine update, view the contents of the Update.ini file. This file is located in the following folder:

%PROGRAMFILES%\Sybari Software\Antigen for Exchange\Kaspersky\KasperskyEngine


When you open this file by using a text editor, such as Notepad, information that resembles the following data is displayed: 

[GENERAL]
Update=2060610008

Use the information in the following table to help determine whether you may experience the problem that is mentioned in this article.

The problem occurs Update number
Yes Update=2006021610
Yes Update=2006021609
No Update=2006021611
No Update=2006021608 (or an earlier update)


Keywords: kbprb KB920200



Send feedback to Microsoft

© Microsoft Corporation. All rights reserved.


Retrieved from ‘https://www.betaarchive.com/wiki/index.php?title=Microsoft_KB_Archive/920200&oldid=221898
the Creative Commons 3.0 ShareAlike (except the Microsoft KB Archive).
Powered by MediaWiki