Article ID: 920200
Article Last Modified on 6/20/2006
APPLIES TO
- Sybari Antigen 8.0 for Microsoft Exchange
SYMPTOMS
In an organization that is running Sybari Antigen 8.0 for Microsoft Exchange, you experience the following symptoms:
The following event is logged in the Application log of the server that is running Microsoft Exchange Server:
Event Source: AntigenService
Event Category: Scan Error
Event ID: 5066
Date:date
Time:time
User: N/A
Computer:ServerName
Description: Realtime scan exceeded the allowed scan time limit.- If you are running Microsoft Exchange Server 2003 or Microsoft Exchange 2000 Server, e-mail messages are queued in the Messages awaiting directory lookup queue on the Exchange server.
- If you are running Microsoft Exchange Server 5.5, the Microsoft Exchange Information Store service appears to stop responding (hang). And, mail flow stops.
You experience this problem if the following conditions are true:
- The Kaspersky scan engine is enabled in Antigen 8.0 for Microsoft Exchange.
- You updated the Kaspersky scan engine to version 2006021609.
CAUSE
This problem occurs because of a problem in the version of the Kaspersky scan engine that was released on February 16, 2006. This scan engine version number is version 2006021609. This version causes the Kaspersky scan engine to stop responding. When this occurs, the AntigenSMTP scan job and the AntigenRealtime scan job also stop responding.
RESOLUTION
To resolve this problem, update the Kaspersky scan engine to the latest version. This problem is resolved in version 2006022101 and in later versions. To update the Kaspersky scan engine, follow these steps:
- If the Sybari Client program does not respond, stop the AntigenService service.
- Start the Sybari Client program, and then disable the Kaspersky file scanner. To do this, follow these steps:
- In the left pane, click SETTINGS, and then click Anti-Virus.
- In the Name list, click a scan job, and then click to clear the Kaspersky check box in the File Scanners list.
- Follow step b to disable the Kaspersky file scanner for each scan job.
- Click Save.
- Restart the AntigenService service.
- In the left pane, click Scanner Updates, click Kaspersky in the Name list, and then click Update Now.
- Perform a real-time update in Antigen 8.0 for Microsoft Exchange.
- Enable the Kaspersky file scanner for each scan job.
Note If you cannot update the Kaspersky scan engine by using the Sybari Client program, manually update the Kaspersky scan engine. To do this, follow these steps:
- Obtain the latest Kaspersky_engine.exe file from the Antigen Update Web site. To do this, visit the following Sybari Web site:
- Start Windows Explorer, and then locate the following folder:
%PROGRAMFILES%\Sybari Software\Antigen for Exchange\Kaspersky\KasperskyEngine
- Stop all the following services:
- The Antigen-related services
- The Microsoft Internet Information Services (IIS)-related services
- The Exchange-related services
- Rename the KasperskyEngine folder to "KasperskyEngine_bak".
- Create a new folder that is named "KasperskyEngine".
- Double-click the Kaspersky_engine.exe file to extract the contents of this file. Then, copy the contents of the Kaspersky_engine.exe file to the new KasperskyEngine folder that you created.
- If the KasperskyEngineNew folder exists, remove it.
- Restart all the services that you stopped in step 3.
MORE INFORMATION
To determine the version number of the current scan engine update, view the contents of the Update.ini file. This file is located in the following folder:
%PROGRAMFILES%\Sybari Software\Antigen for Exchange\Kaspersky\KasperskyEngine
When you open this file by using a text editor, such as Notepad, information that resembles the following data is displayed:
[GENERAL] Update=2060610008
Use the information in the following table to help determine whether you may experience the problem that is mentioned in this article.
The problem occurs | Update number |
Yes | Update=2006021610 |
Yes | Update=2006021609 |
No | Update=2006021611 |
No | Update=2006021608 (or an earlier update) |
Keywords: kbprb KB920200