RESOLUTION

Hotfix information

A supported hotfix is now available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next Microsoft Antigen 9.0 for Exchange service pack that contains this hotfix.

To resolve this problem, submit a request to Microsoft Online Customer Services to obtain the hotfix. To submit an online request to obtain the hotfix, visit the following Microsoft Web site:

Note If additional issues occur or any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. To create a separate service request, visit the following Microsoft Web site:

Hotfix installation information

After you apply this hotfix, Antigen 9.0 for Exchange will stamp incoming messages that include multiple headers as IllegalMIMEHeader. Illegal MIME headers are headers that have multiple Content-Type, Content-Transfer Encoding, or Content-Disposition headers. Additionally, Antigen 9.0 for Exchange will stamp messages in which the Content-Disposition or Content-Type header is longer than it should be. By default, messages that are identified as IllegalMIMEHeader are quarantined. If you do not want these messages to be quarantined, create the DisableQuarantineForIllegalMimeHeader registry entry under the following registry subkey:

If Antigen 9.0 for Exchange encounters an illegal MIME header during a scan, you can configure Antigen to remove the message (the default setting) or to ignore the message.
Note You can configure this option in the General Options section of the Antigen Administrator Console. The option is located under Scanning in the Illegal Mime Header Action box.

Additionally, whenever such a message is removed, an entry that resembles the following is logged in the ProgramLog.txt file:

Day Date Time (2644-2064), "INFORMATION: Internet scan found virus:
Folder: SMTP Messages\Inbound
Message: Text from Subject field
File:
Incident: IllegalMimeHeader
State: Purged"

Note Typically, the ProgamLog.txt file is located in the following folder:

If you enabled the default option to remove such messages, and if you also enabled post-scan archiving, you can view the removed messages. If you view such a message, you will find that the message body contains the following replacement text:

FILE DELETED
------------
The original contents of this file have been replaced with
this message because of its characteristics.
File name: "Body of Message"
Virus name: "IllegalMimeHeader"

Notes

• You can enable post-scan archiving in the General Options section under Diagnostics in the Archive SMTP Mail box.
• Archived messages are stored in the In folder and in the Out folder in the Antigen installation folder.

Prerequisites

There are no prerequisites for installing this hotfix.

Restart requirement

You do not have to restart your computer after you apply this hotfix.

Hotfix replacement information

This hotfix does not replace a previously released hotfix.

File information

The global version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.