Build a great reporting interface using Splunk, one of the leaders in the Security Information and Event Management (SIEM) field, linking the collected Windows events to www.eventid.net. The EventId.Net for Splunk Add-on assumes that Splunk is collecting information from Windows servers and workstation via the Splunk Universal Forwarder.
A message could not be virus scanned - this operation will be retried later. Internet Message ID <6B909A01FBA732458FCEF70C0A141D2DD500@user-name.<domain>>, Error Code 0x0.
|English: Request a translation of the event description in plain English.|
I had this problem in spite of installing SP2 on my Exchange 2003 server. I discovered that a space shortage on my system partition was causing the problem. After an upgrade to GroupShield 6.02, the old DATs were not being deleted. You should use the command "purgeOldDefinition <number of DATs to be retained>".
In addition, I changed the Virtual Memory configuration to use another partition with more free space.
McAfee Support Document ID: KB47356 has information on this event.
See ME842801 and ME843545 for two hotfixes applicable to Microsoft Exchange Server 2003.
As per Microsoft: "This event indicates that a message could not be scanned for viruses. This can occur if the following conditions are true:
- An antivirus program that uses the Virus Scanning Application Program Interface (VSAPI) is running on the Exchange server.
- The VSAPI-based antivirus program is configured to use transport scanning.
- The message that could not be scanned is digitally signed". See MSEX2K3DB and the link to "Trend Micro Support Solution ID: 121448" for additional information on this issue.
From a newsgroup post: "We experienced similar problems after upgrading Exchange 2000/Windows 2000 to Exchange 2003 SP1/Windows 2003. We have ISA 2000 (FP1, SP1) installed on the same server, which is a DC at the same time. There is also SMSMSE 4.5 for Exchange installed on it.
After we finished the upgrade to Windows 2003, we noticed that messages in the "Pending submission" queue were “waiting” for approximately 60 seconds before leaving the queue in the order they arrived. All of them were delivered but with a delay of 1 to 10 minutes. We suspected that AV for Exchange caused the problem and uninstalled the Antivirus, but this did not help.
After enumerating SMTP sinks with the SMTPreg.vbs script, we checked OnSubmission sinks. Finally, the problem was solved by deregistration and registration of URLScan SMTP sink called FltrSnk1 with class name FltrSnk1.Sink2". SMTP filters were never installed nor used with ISA server.
See "Trend Micro Support Solution ID: 127211" and "Trend Micro Support Solution ID: 1031044" for additional information on this problem.
This problem has multiple causes. See the link to "Symantec Knowledge Base ID: 2004102615323554" for the most common causes and fixes.
|Private comment: Subscribers only. See example of private comment|
|Links: ME842801, ME843545, Trend Micro Support Solution ID: 121448, Trend Micro Support Solution ID: 127211, Trend Micro Support Solution ID: 1031044, Symantec Knowledge Base ID: 2004102615323554, McAfee Support Document ID: KB47356, MSEX2K3DB|
|Search: Google - Bing - Microsoft - Yahoo - EventID.Net Queue (0) - More links...|
Send comments or solutions
- Notify me when updated