Microsoft KB Archive/286638

= XADM: Contents of the .stm File Are Not Scanned When Using Antivirus API =

Article ID: 286638

Article Last Modified on 2/26/2007

-

APPLIES TO


 * Microsoft Exchange 2000 Enterprise Server
 * Microsoft Exchange 2000 Server Standard Edition

-



This article was previously published under Q286638



SYMPTOMS
If you are using antivirus application programming interface (API)-based scanning solutions on Exchange 2000 Server, e-mail based viruses may not be detected when you are using Internet-based clients such as Post Office Protocol 3 (POP3), Internet Message Access Protocol 4 (IMAP4), and Outlook Web Access (OWA) for sending and receiving e-mail.



CAUSE
The antivirus API that is present in Exchange 2000 Server does not contain the capability to properly scan the contents of the streaming media (.stm) file. Because Internet-based clients store the message content in the .stm file in native MIME format, the content is not scanned when the message is accessed by any other client, including MAPI-based clients. For more information about the conditions that must be present for the antivirus API to properly scan message attachments, see the &quot;More Information&quot; section later in this article.



WORKAROUND
To work around this issue, use only MAPI-based clients to send and receive messages until Exchange 2000 Server Service Pack 1 (SP1) is available.



STATUS
Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server.



MORE INFORMATION
The antivirus API successfully scans messages if:
 * Messages arrive through the Message Transfer Agent (MTA), such as an Exchange Server 5.5 to Exchange 2000 migration or coexistence scenario, and are retrieved using a MAPI-based client such as Microsoft Outlook.
 * New messages are submitted from a MAPI-based client such as Microsoft Outlook.
 * The MAPI-based client opens an attachment from an Internet user or an Internet protocol (IP) client, the user makes a modification, and then attempts to save the message.

The antivirus API does not successfully scan messages if:
 * On an Exchange 2000-based server that is responsible for sending and receiving Internet mail, a message is received and then opened by any supported client.
 * When an Internet message is received by an Exchange 2000-based server from the Internet or from an internal Simple Mail Transfer Protocol (SMTP) service, and then is routed over one of the following connectors:
 * Lotus Notes Connector
 * Lotus cc:Mail Connector
 * Microsoft Exchange Connector for SNADS
 * Microsoft Exchange Connector for IBM OfficeVision/VM (PROFS)
 * Groupwise Connector
 * Any third-party gateway that is based on the Exchange Gateway Development Kit.
 * When a message is received by an Exchange 2000-based server that was sent directly from another Exchange 2000-based server, and a user on the recipient server attempts to open the message by using any supported client.

For further analysis of how this issue may affect you, contact Microsoft Product Support Services for analysis of your topology.

Additional query words: AVAPI anti-virus scan failure detect vapi

Keywords: kbbug kbnofix KB286638

-

[mailto:TECHNET@MICROSOFT.COM Send feedback to Microsoft]

© Microsoft Corporation. All rights reserved.