How to submit malicious software files to Microsoft for analysis if you are using Forefront Server or Antigen products

This article describes the methods that Microsoft Forefront Security and Sybari Antigen customers can use to submit malicious software files to Microsoft for analysis. This article also describes how to prepare these files for submission.

You can use one of the following methods to submit malicious software files to Microsoft for analysis:

• E-mail submission
• Submission by Microsoft Customer Support Services

E-mail submission

To send files to Microsoft for analysis, use the following e-mail address:To prepare an archive file that contains the files that you want to submit, follow the steps in the "How to prepare files for submission" section. Attach the archive file to the e-mail message. When you submit the file, make sure that you include the following data. Place the word "Submission" at the beginning of the message subject line.

• Your name, e-mail address, and telephone number
  Microsoft will send all responses to the e-mail address that you use to submit the files. When you submit the archive file, Microsoft processes the file and then sends a determination of the files that is based on the current Microsoft malicious software definitions. If it is necessary, adjust your incoming mail filters to make sure that you receive this message.
  
  If you want to add additional e-mail contacts to receive updates about the status of the submission, include these contacts in the original e-mail. Also, add the following note in the body of the message: “Please Reply All”
• Sample type
  If the submission includes files that you believe were incorrectly determined to be malicious software, add the words "False Positive" to the e-mail Subject line. Otherwise, the files will be assumed to be malicious software. If there are multiple submissions in a single e-mail, identify which are the most critical to help expedite triage.
• Support case number (optional)
  A support case number is not required to submit files for analysis. However, if a support case is already open for this submission, you can include this case number on the message Subject line.
Other information to include
• The names of any scan engines that you are using.
• Forefront Security products that you are using. For example, these might include Forefront Security for Exchange Server or Forefront Security for SharePoint.
• Platform information. For example, this might be Windows Vista, Windows Server 2003, Windows 2000, or another version of Windows.
• Description of the virus activity.

The response message
After you submit malicious software files by e-mail, we will send you a response to confirm the receipt of the submission. We will then follow up with the results of our analysis and with responses from our partners. If you want more frequent updates through sample review, such as for high-priority submissions, we recommend that you open a support case.

Submission by Microsoft Customer Support Services

Microsoft Customer Support Services can submit files on your behalf. If you have an urgent malicious software situation that Forefront Server Security does not address, or if it is after regular business hours, we recommend that you contact Customer Support Services for help. To do this, use the support information that was provided to you when you purchased Forefront Server Security. Or, visit the following Microsoft Web site:

How to prepare files for submission

Use care when you handle files that may be classified as malicious software. Add suspected malicious software files to a compressed archive file that uses a password. By doing this, you avoid infecting other computers when the files are in transit or when you submit the files. To add the files to an archive file that uses a password, follow these steps.

Note If you have WinZip or a similar compression utility installed, you can use it to create the archive. However, you must use the same file name and the same password that are included in these steps.

1. In Windows Explorer, open the folder that contains the suspected malicious software files.
2. Right-click a blank area in the window, point to New, and then click Compressed (zipped) Folder.
3. Type malware.zip to name the new archive file, and then press ENTER.
4. Drop the suspected malicious software files into the archive file as you would drop them into a typical Windows folder.
5. Double-click the archive file.
6. On the File menu, click Add a Password.
7. In the Password box, type infected.
8. In the Confirm Password box, retype infected, and then click OK.