Symantec Mail Security (SMSDOM) can break replication

hcl-bot · February 5, 2009, 5:10pm

Every time SMSDOM runs a scan, it seems to modify every document that contains an attachment, in every Notes database on the server. In a clustered environment, this problem can create a “replication storm” because one server updates the document, replicates it to other servers in the cluster, then those servers modify the document, and the process continues. On my servers, it created thousands of replication conflicts.

Cause of the problem:

SMSDOM is not “cluster aware”
A “cool” new setting called “Secure Scanning Optimization.” This must have been designed by some clown at Symantec who doesn’t understand how Domino works. What does it do? It adds a field (X-SSOTag) to every document that it scans. Why? This field tells SMSDOM that the document has already been scanned. So if a document is sent to 100 users, it only gets scanned once instead of 100 times.

Why is this flawed?

Duh! Modifying every document (regardless of the reason) breaks replication!
It makes sense to scan an email only once, instead of once for every recipient. But it doesn’t make sense to use an email-tracking mechanism for existing documents. I’m curious what the Symantec clowns think they gain by such methods. If I forward an existing document, it gets put into a new message without the internal tracking-field, thereby making that field useless.

How can you avoid this problem?

Change your SMSDOM settings to disable “Secure Scanning Optimization.”

How can Symantec fix this?

Change the process so that X-SSOTag is only used for documents that come into mail.box and for real-time scans; DO NOT use that process for scheduled scans!

hcl-bot · May 28, 2009, 8:09am

Subject: Symantec Mail Security (SMSDOM) can break replication

Yesterday Upgraded SMS 5.4 to SMS 7.5 on one of our server.Activated the new setting “Enable secure scanning optimization”

Guess what, this morning, we had to deal with lot of replication conflict just like you.

SO I do agree with you “DISABLE” that option…

hcl-bot · June 9, 2010, 11:39pm

Subject: RE: Symantec Mail Security (SMSDOM) can break replication

Some reading about this feature actually shows that this can work effectively but you need to know it works before implementing this. If the feature is on as a whole the program creates an encrypted key against several pieces of information and then stores this on the document. Being the key changes it makes it impossible for someone to guess at what the key will be and therefore then not spoof this field to get pass the product. When other servers with this feature on sees the key it will honor this and then not rescan the message. Less scans means better performance.

Replication storms as some call them happens if you run a manual or scheduled scan with SSO on. If the SSO tag has to be changed this change then will have to replicate over to another server. Therefore if you have a total of 100 databases with 100 messages each, then there will 10000 changes that will replicate. But within the manul/scheduled scan settings you can disable the SSO so this can not occur.

hcl-bot · February 7, 2009, 6:46pm

Subject: which SMS version?

Which SMS version are you running?