Sign In with your
Trend Micro Account
Need Help?
Need More Help?

Create a technical support case if you need further support.

Troubleshooting high CPU usage caused by malformed emails on InterScan Messaging Security Suite (IMSS)

    • Updated:
    • 6 Mar 2014
    • Product/Version:
    • InterScan Messaging Security Suite 7.1 Windows
    • InterScan Messaging Security Suite 7.5 Windows
    • Platform:
    • Windows 2003 Enterprise Server
    • Windows 2003 Standard Server Edition
    • Windows 2003 Standard Server Edition 64-bit
    • Windows 2008 Standard Server Edition
    • Windows 2008 Standard Server Edition 64-bit
Summary
When there are many outbound email messages, the IMSS server experiences high CPU usage problems and there are a lot of connections coming from 127.0.0.1 seen on the real-time monitor.
In addition, IMSSChild.exe has multiple copies that trigger high CPU utilization on the machine hosting IMSS.
Details
Public
When this happens, check the following:
  • Scanning Exceptions Policy
  • Actions against malformed messages
Checking these two areas will help determine the cause of the issue. There are instances when malformed messages are looping inside the IMSS server because of inappropriate action defined under Scanning Exceptions Policy, and therefore triggering high CPU problems.
To resolve the issue:
  1. Make sure that the action for Malformed Messages in the Scanning Exceptions Policy is Delete Entire Message instead of Log Only.
  2. Check the Message Tracking Log. No messages sent to xxx@xxx.com should appear.
  3. If messages are still received, do the following:
    1. Log in to the IMSS server console.
    2. Go to Administration > SMTP Routing > Connections > Connection Control.
    3. Under Accept all, except the following list, add 127.0.0.1.
  4. Observe the IMSS Monitor for a few minutes and check if the mail messages are received from xxx@xxx.com.
  5. Check the Message Tracking Log and see if there are mail messages received from xxx@xxx.com.
  6. Go back to the IMSS server console and under Accept all, except the following list, remove 127.0.0.1.
  7. Observe the IMSS Monitor for a few minutes. This time, no mail message should be received from xxx@xxx.com.
  8. Check the Message Tracking Log. No other mail messages should be received from xxx@xxx.com.
Premium
Internal
Rating:
Category:
Troubleshoot
Solution Id:
1057626
Feedback
Did this article help you?

Thank you for your feedback!

To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.

If you need additional help, you may try to contact the support team. Contact Support


To help us improve the quality of this article, please leave your email here so we can clarify further your feedback, if neccessary:
We will not send you spam or share your email address.

*This form is automated system. General questions, technical, sales, and product-related issues submitted through this form will not be answered.


Need More Help?

Create a technical support case if you need further support.