Article ID: 928003
Article Last Modified on 6/14/2007
APPLIES TO
- Microsoft Antigen for Exchange
SYMPTOMS
You receive many spam e-mail messages in the Inbox even though you use Microsoft Antigen 9.0 for Exchange.
CAUSE
This problem may occur if you receive spam e-mail messages that include multiple Subject fields in the message header. Antigen 9.0 for Exchange does not correctly tag spam messages that have multiple Subject fields in the message header.
Note Although such messages contain multiple Subject fields, you see only one Subject field when you view the message.
RESOLUTION
Hotfix information
A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Microsoft Antigen 9.0 for Exchange service pack that contains this hotfix.
To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:
Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:
Hotfix installation information
After you apply this hotfix, Antigen 9.0 for Exchange will stamp incoming messages that include multiple headers as IllegalMIMEHeader. Illegal MIME headers are headers that have multiple Content-Type, Content-Transfer Encoding, or Content-Disposition headers. Additionally, Antigen 9.0 for Exchange will stamp messages in which the Content-Disposition or Content-Type header is longer than it should be. By default, messages that are identified as IllegalMIMEHeader are quarantined. If you do not want these messages to be quarantined, create the DisableQuarantineForIllegalMimeHeader registry entry under the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Sybari Software\Antigen for Exchange
Name: DisableQuarantineForIllegalMimeHeader
Value type: DWORD.69+
Value data: 1
If Antigen 9.0 for Exchange encounters an illegal MIME header during a scan, you can configure Antigen to remove the message (the default setting) or to ignore the message.
Note You can configure this option in the General Options section of the Antigen Administrator Console. The option is located under Scanning in the Illegal Mime Header Action box.
Additionally, whenever such a message is removed, an entry that resembles the following is logged in the ProgramLog.txt file:
Day Date Time (2644-2064), "INFORMATION: Internet scan found virus: Folder: SMTP Messages\Inbound Message: Text from Subject field File: Incident: IllegalMimeHeader State: Purged"
Note Typically, the ProgamLog.txt file is located in the following folder:
Drive_Letter
:\Program Files\Sybari Software\Antigen for Exchange\
If you enabled the default option to remove such messages, and if you also enabled post-scan archiving, you can view the removed messages. If you view such a message, you will find that the message body contains the following replacement text:
FILE DELETED ------------ The original contents of this file have been replaced with this message because of its characteristics. File name: "Body of Message" Virus name: "IllegalMimeHeader"
Notes
- You can enable post-scan archiving in the General Options section under Diagnostics in the Archive SMTP Mail box.
- Archived messages are stored in the In folder and in the Out folder in the Antigen installation folder.
Prerequisites
There are no prerequisites for installing this hotfix.
Restart requirement
You do not have to restart your computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace a previously released hotfix.
File information
The global version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
File name | File version | File size | Date | Time | Platform |
---|---|---|---|---|---|
Mimenavigator.dll | 9.0.1055.34 | 186,880 | 07-Nov-2006 | 09:03 | x86 |
Sfxcab.exe | 9.0.1055.34 | 39,424 | 09-Nov-2006 | 03:11 | x86 |
STATUS
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.
MORE INFORMATION
For more information about the terminology that is used to describe Microsoft software updates, click the following article number to view the article in the Microsoft Knowledge Base:
824684 Description of the standard terminology that is used to describe Microsoft software updates
Additional query words: antivirus virus
Keywords: kbspam kbexpertiseadvanced kbhotfixserver kbqfe KB928003