Description of Hotfix Rollup 1 for Antigen 9.0 Service Pack 2

Article translations Article translations
Article ID: 975355 - View products that this article applies to.
Expand all | Collapse all

On This Page

SUMMARY

Microsoft has released Hotfix Rollup 1 for Microsoft Antigen 9.0 Service Pack 2. This article contains information about how to obtain the rollup and about the issues that are fixed by the rollup.

This rollup includes all fixes in Antigen 9.0 Service Pack 2. For more information about the fixes included in Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:
971063 Description of Antigen 9.0 with Service Pack 2

MORE INFORMATION

New features in the hotfix rollup

  • The StarEngine service is stopped when SpamCure is deselected
    In versions of Antigen earlier than Antigen 9.0 Service Pack 2 Rollup 1, the StarEngine service would continue to run even though the SpamCure anti-spam engine was no longer being used, and either the Cloudmark anti-spam engine was selected or no anti-spam engines were selected. This meant that the StarEngine service continued to use memory and resources. In Rollup 1, the StarEngine service will now be stopped if it is not selected in the Antigen Administrator and the scan jobs are disabled. For example, this can occur when an engine update occurs or the services are recycled. After the scan jobs are re-enabled, the StarEngine service will remain stopped.
  • Rollup 1 for Antigen for Exchange version 9.0 with SP2 contains additional diagnostic logging features for the Cloudmark engine
    Rollup 1 for Antigen for Exchange version 9.0 SP2 adds new features that let you log additional diagnostic information about the Cloudmark engine. We recommend that you enable this logging only when instructed to do so by Microsoft Customer Service and Support (CSS).

    Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
    322756 How to back up and restore the registry in Windows

    If instructed to enable additional Cloudmark diagnostic logging, install Rollup 1 for Microsoft Antigen for Exchange version 9.0 SP2, and then follow these steps:

    For Cloudmark Content Scanner Diagnostics
    These diagnostics log additional Cloudmark information to the ProgramLog.txt file.
    1. Click Start, click Run, type regedit, and then click OK.
    2. Locate and then click the following registry key:

      For Antigen for Exchange:
      HKEY_LOCAL_MACHINE/SOFTWARE/Sybari Software/Antigen for Exchange
      For Antigen for SMTP:
      HKEY_LOCAL_MACHINE/SOFTWARE/Sybari Software/Antigen for SMTP
    3. On the Edit menu, point to New, and then click DWORD Value.
    4. Type ContentScannerDiagnosticsLevel, and then press ENTER.
    5. On the Edit menu, click Modify.
    6. Type 1, and then click OK.
    7. Exit Registry Editor
    To enable the new setting, make a change in the General options area of the Antigen Administrator UI. This causes Antigen to reread the registry settings and see the new registry value.

    Registry values correspond to settings as follows.
    ContentScannerDiagnosticsLevel:
    • 0: Disables logging for all Cloudmark signature update information.
    • 1: Enables logging for all Cloudmark signature update information.
    • 6: Enables logging for error information only.
    For Cloudmark Engine Adaptor ETW Logging
    These diagnostics log additional Cloudmark Engine Adaptor information to a separate ETW trace file:
    1. Open a command prompt, and then run the following command to create a new trace:
      logman create trace Forefront -o c:\CloudmarkAdapterLog.etl -p "{b873680d-be62-4181-b678-bb651fa11c25}" -f bincirc -max 1000
    2. Run the following command to start data collection:
      Logman start Forefront
    3. Reproduce the issue.
    4. Run the following command to stop data collection:
      Logman stop Forefront
    5. Run the following command to remove the trace from ETW:
      Logman delete Forefront
    6. Collect the trace file from your output folder. For example, collect the file from c:\CloudmarkAdapterLog.etl.
  • Antigen 9.0 Service Pack 2 Rollup 1 displays the current signature version of the Cloudmark Authority Engine in the Antigen console
    As the Cloudmark Authority Engine updates throughout the day, administrators can now view the specific Signature Version in the Antigen Administrator under Scanner Updates. Cloudmark downloads new micro-updates approximately every minute. This is displayed as a version number in the Signature Version box for the selected engine. The version number is constructed from the date and time (in 24-hour time) of the last micro-update download. For example, the following Signature Version indicates that Cloudmark was last updated on September 23 at 4:18 P.M.:
    9.23.16.18
    To view the Cloudmark signature version in the Antigen Administrator, click Settings, and then click Scanner Updates.
  • Antigen 9.0 Service Pack 2 Rollup 1 provides performance counters for the Cloudmark Authority Engine and SpamCure engines

    The following performance counters are added for SpamCure and Cloudmark Authority engines in Antigen 9.0 Service Pack 2 Rollup 1:
    • Average Cloudmark Scan Time
    • Average Cloudmark Message Scan Rate
    • Average Spamcure Scan Time
    • Average Spamcure Message Scan Rate
  • Additional information added to the headers of e-mail messages for anti-spam detection
    For every e-mail that is scanned by Cloudmark for spam detection, Antigen adds the following information to the mail header, regardless of whether the message was detected as spam or not:
    X-MS-Antispam-Report: data
    Note The placeholder data is Cloudmark-specific data that explains to Cloudmark why the mail was determined to be spam or not spam. This information assists Cloudmark with their spam detection.

Issues that are fixed in the Hotfix Rollup 1 for Antigen 9.0 SP2

In addition to the fixes included in all service packs and rollups for Antigen 9.0, this hotfix rollup fixes the following issues:

Details of the issues that are fixed in the hotfix rollup

  1. Scan engine updates fail, and the Antigen logs do not provide a valid error
  2. Mail is not scanned after you apply a new template in Antigen 9.0
  3. The AntigenClient.exe process in Antigen for Exchange version 9.0 may crash. This generates a Dr. Watson crash that references Bucket ID 1177692600
  4. Engine deprecation notifications continue to be sent even though the engine was disabled from all scan jobs and scanner updates.
  5. AntigenService crashes in Antigen 9.0 after you save changes that you made in the Antigen General Options panel
  6. Antigen 9.0 may detect that valid Office 2003 Word documents contain CorruptedComperssedFile viruses
  7. Antigen 9.0 may generate the following error in the ProgramLog.txt: "ERROR: AntigenInternet process returned 80010105 while processesing message"
  8. A scan engine update fails and generates a warning in the ProgramLog.txt file

Note All the fixes that are listed in this section apply to the following products, unless otherwise stated:
Antigen for Exchange version 9.0
Antigen for Exchange version 9.0 with SP1
Antigen for Exchange version 9.0 with SP2
Antigen for SMTP Gateways version 9.0
Antigen for SMTP Gateways version 9.0 with SP 1
Antigen for SMTP Gateways version 9.0 with SP 2
  1. Scan engine updates fail, and the Antigen logs do not provide a valid error
    Symptoms
    When scan engine updates fail, there is typically an error logged to the ProgramLog.txt file that indicates a possible cause. However, in this case, the errors that are logged to the ProgramLog.txt are insufficient for troubleshooting the engine update failure.

    The following error message is logged to the ProgramLog.txt file. The placeholder ScanEngineName contains the actual name of the scan engine that did not update.
    INFORMATION: The ScanEngineName scan engine for Antigen has been downloaded
    INFORMATION: The ScanEngineName scan engine for Antigen has been staged.
    INFORMATION: Testing the ScanEngineName scan engine."
    ERROR: Unable to load the ScanEngineName scan engine. hr = 0x800C0102. An error occurred while loading the ScanEngineName scan engine.
    ERROR: (0x00000002) The system cannot find the file specified. The ScanEngineName scan engine test failed. hr = 0x80004005

    Cause
    This issue occurs when the DatabasePath registry key contains invalid characters. Therefore, the engine test that occurs during all engine updates fails and causes every consecutive update to fail.

    For example, this occurs if the DatabasePath registry key has the following configuration:
    J:\\\\ProgramFiles\\AntigenCluster
    In this example, the additional backslash (\\) characters are invalid.

    Resolution
    After you install Rollup 1, the following error message will be logged in the ProgramLog.txt file instead of the previous error message:
    ERROR: The database path in the registry does not exist.
  2. Mail is not scanned after you apply a new template in Antigen 9.0
    Symptoms
    After you apply a new template in Antigen version 9.0, SMTP mail is no longer scanned for viruses.

    The following error message is logged to the ProgramLog.txt file:
    ERROR: scanjob.cpp::Load(): pStream->Read() returned 0x80010108
    ERROR: scanjob.cpp::Load(): Invalid signature.

    Cause
    Before Rollup 1, when templates were pushed out, the ScanJob settings were cleared out before the new settings replace them through the template push. During that process, an issue could occur in which the new settings do not replace the old settings that have already been cleared. Because of this, the ScanJob no longer contains the necessary settings. Therefore, it cannot scan mail.
  3. The AntigenClient.exe process in Antigen for Exchange version 9.0 may crash. This generates a Dr. Watson crash that references Bucket ID 1177692600
    Symptoms
    The AntigenClient.exe process in Antigen for Exchange version 9.0 may crash. This generates a Dr. Watson crash that references Bucket ID 1177692600. The crash generates the following Call Stack Dump:
    ANTIGENCLIENT.EXE!memcpy [MEMCPY.ASM]
    ANTIGENCLIENT.EXE!CScanJob::ChangeFilterListName [scanjob.cpp]
    ANTIGENCLIENT.EXE!ChangeFilterList [antigenfiltering.cpp]
    ANTIGENCLIENT.EXE!CListNamesPane::OnNotify [antigenfiltering.cpp]
    ANTIGENCLIENT.EXE!CRoundedWnd::WndProc [roundedwnd.cpp]
    USER32.DLL!InternalCallWinProc [callproc.asm]
    USER32.DLL!UserCallWinProcCheckWow [clmsg.c]
    USER32.DLL!SendMessageWorker [clmsg.c]
    USER32.DLL!SendMessageW [cltxt.h]
    COMCTL32.DLL!CCSendNotify [notify.c]
    COMCTL32.DLL!ListView_DismissEdit [lvicon.c]
    COMCTL32.DLL!ListView_OnCommand [listview.c]
    COMCTL32.DLL!ListView_WndProc [listview.c]
    USER32.DLL!InternalCallWinProc [callproc.asm]
    USER32.DLL!UserCallWinProcCheckWow [clmsg.c]
    USER32.DLL!CallWindowProcAorW [clmsg.c]
    USER32.DLL!CallWindowProcW [clmsg.c]
    ANTIGENCLIENT.EXE!CListPane::SubclassListViewProc [roundedwnd.cpp]
    USER32.DLL!InternalCallWinProc [callproc.asm]
    USER32.DLL!UserCallWinProcCheckWow [clmsg.c]
    USER32.DLL!SendMessageWorker [clmsg.c]
    USER32.DLL!SendMessageW [cltxt.h]
    USER32.DLL!ECNotifyParent [editec.c]
    USER32.DLL!SLKillFocus [editsl.c]
    USER32.DLL!SLEditWndProc [editsl.c]
    USER32.DLL!EditWndProc [editec.c]
    USER32.DLL!EditWndProcWorker [editec.c]
    USER32.DLL!EditWndProcW [editec.c]
    USER32.DLL!InternalCallWinProc [callproc.asm]
    USER32.DLL!UserCallWinProcCheckWow [clmsg.c]
    USER32.DLL!CallWindowProcAorW [clmsg.c]
    USER32.DLL!CallWindowProcW [clmsg.c]
    COMCTL32.DLL!ListView_EditWndProc [lvicon.c]
    USER32.DLL!InternalCallWinProc [callproc.asm]
    USER32.DLL!UserCallWinProcCheckWow [clmsg.c]
    USER32.DLL!DispatchClientMessage [client.c]
    USER32.DLL!__fnDWORD [ntcb.h]
    NTDLL.DLL!KiUserCallbackDispatcher [userdisp.asm]
    USER32.DLL!NtUserSetFocus [usrstubs.c]
    USER32.DLL!InternalCallWinProc [callproc.asm]
    USER32.DLL!UserCallWinProcCheckWow [clmsg.c]
    USER32.DLL!DispatchMessageWorker [clmsg.c]
    USER32.DLL!DispatchMessageW [cltxt.h]
    ANTIGENCLIENT.EXE!wWinMain [antigenclient.cpp]
    ANTIGENCLIENT.EXE!__tmainCRTStartup [crt0.c]
    KERNEL32.DLL!BaseProcessStart [support.c]

    Applies to
    Rollup 5 for Microsoft Antigen for Exchange version 9.0 SP1
    Antigen for Exchange version 9.0 SP2
  4. Engine deprecation notifications continue to be sent even though the engine was disabled from all scan jobs and scanner updates
    Symptoms
    A new feature was added to Service Pack 2 for Antigen version 9.0 in which scan engines that are discontinued are removed from the product. E-mail alerts are sent out to the administrator before the retirement. However, in Antigen version 9.0 for SMTP Gateways with Service Pack 2, administrators still receive these retirement notifications even when the discontinued engine is disabled from all scan jobs and for engine updates.

    Cause
    This issue is caused because the code to check which scan engines are enabled for the scan jobs is the same in Antigen for Exchange Server and Antigen for SMTP Gateways. However, Antigen for SMTP Gateways does not contain a Quick Scan so that you cannot confirm that the engines were disabled in the Quick Scan on an Antigen for SMTP Gateway installation.

    Applies to
    Antigen 9.0 for SMTP Gateways SP2
  5. AntigenService crashes in Antigen 9.0 after you save changes that you made in the Antigen General Options panel
    Symptoms
    After you make any changes in the Antigen General Options panel, and then click Save, the AntigenService service may crash.

    The crash will be confirmed when going to the Scan Jobs panel of the Antigen administrator. The following error is displayed at the bottom of the console:
    Cannot Connect to RealTime Scanjob.
    The following Application log error is also logged:
    The AntigenService service terminated unexpectedly.
    TheProgramLog.txt will not log an error.
  6. Antigen 9.0 may detect that valid Office 2003 Word documents contain CorruptedCompressedFile viruses
    Symptoms
    Antigen 9.0 falsely detects valid Office 2003 Word documents as CorruptedCompressedFiles. The attachment is removed as a virus.

    An e-mail attachment is removed, and an incident is logged in the Incidents panel stating that Antigen removed the file as a CorruptedCompressedFile virus. The ProgramLog.txt file contains the following entry:
    INFORMATION: Realtime scan found virus: Folder: Folder Name Storage Group\file name Message: subject line Incident: CorruptedCompressedFile State: Removed
    Where the placeholder Folder Name is the name of the folder where Antigen found the virus.

    Cause
    This error is caused by the method in which Antigen tries to parse the Word document.
  7. Antigen 9.0 may generate the following error in the ProgramLog.txt: "ERROR: AntigenInternet process returned 80010105 while processesing message"
    Symptoms
    Antigen 9.0 may generate the following error in the ProgramLog.txt:
    ERROR: AntigenInternet process returned 80010105 while processesing message

    Cause
    This error is caused by an issue in the Antigen MimeNavigator.dll file.
  8. A scan engine update fails and generates a warning in the ProgramLog.txt file
    Symptoms
    If any of Antigen’s external engine vendors release an engine update incorporating files packaged within subdirectories, the Antigen engine update will fail. The following warning is logged in the ProgramLog.txt file:
    A failure was reported by the synchronization observer when you installed the scanner. Action = 0x00000001. C:\Program Files\Microsoft Antigen for Exchange\Engines\x86\(EngineName)\Bin\bases/stt/

    Cause
    This issue is caused when Antigen cannot successfully update any engines that contain subdirectories within its update packages.

How to install the hotfix rollup

  1. Run the installer by double-clicking the service pack or rollup executable file.

    Note When the installer is running, the Exchange and Antigen services are stopped, and your mail flow is temporarily stopped.
  2. After the installation is complete, and the Exchange and Antigen services were restarted (this occurs automatically during the installation), verify that Antigen is working correctly.

    Note Antigen service packs or rollups can also be installed by using the FFSMC Deployment job. For more information, see Deployment Jobs in the Forefront Server Security Management Console User Guide. In this case, the installer runs in silent mode and there is no user input required. The rest of the process remains the same as when you run the installer by double-clicking the executable file.

Prerequisites

This hotfix rollup requires Antigen 9.0 Service Pack 2. For more information about how to obtain Antigen 9.0 Service Pack 2, click the following article number to view the article in the Microsoft Knowledge Base:
971063 Description of Antigen 9.0 with Service Pack 2

File information

This hotfix may not contain all the files that you must have to fully update a product to the latest build. This hotfix contains only the files that you must have to correct the issues that are listed in this article.

The English (United States) version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
Collapse this tableExpand this table
File nameFile versionFile sizeDateTimePlatform
Aexmladapter.dll9.2.1097.60525,82403-Sep-200917:48x86
Ant5inst.dll9.2.1097.60963,07203-Sep-200917:48x86
Antigenasj.dll9.2.1097.60313,85603-Sep-200917:48x86
Antigenclient.exe9.2.1097.601,185,28003-Sep-200917:48x86
Antigendiag.exe9.2.1097.60286,72003-Sep-200917:48x86
Antigeninternet.exe9.2.1097.60823,29603-Sep-200917:48x86
Antigenmanual.exe9.2.1097.60813,56803-Sep-200917:48x86
Antigenpmdll.dll9.2.1097.60294,91203-Sep-200917:48x86
Antigenpmsetup.exe9.2.1097.60272,38403-Sep-200917:49x86
Antigenrealtime.exe9.2.1097.60794,11203-Sep-200917:49x86
Antigenservice.exe9.2.1097.601,499,64803-Sep-200917:49x86
Antigensmtpsink.dll9.2.1097.60430,08003-Sep-200917:49x86
Antutil.exe9.2.1097.60316,92803-Sep-200917:49x86
Fsecontentscanner.exe9.2.15.0670,06403-Sep-200919:33x86
Getenginefiles.exe9.2.1097.60600,06403-Sep-200917:49x86
Mimenavigator.dll9.2.1097.60296,96003-Sep-200917:49x86
Scanenginetest.exe9.2.1097.60527,36003-Sep-200917:48x86
Sfxcab.exe9.2.1097.5643,00803-Sep-200919:36x86
Smimenavigator.dll9.2.1097.60221,69603-Sep-200917:48x86
Structstgnavigator.dll9.2.1097.60272,89603-Sep-200917:48x86
Sybariave.dllNot Applicable557,56803-Sep-200919:35x86
Synchelper.dll1.2.0.110474,11203-Sep-200919:34x86
Tnefnavigator.dll9.2.1097.60283,13603-Sep-200917:48x86
Custom.dllNot Applicable73,72803-Sep-200919:37x86
Updspapi.dll6.3.13.0382,84027-Jul-200717:41x86

Properties

Article ID: 975355 - Last Review: March 19, 2010 - Revision: 8.0
APPLIES TO
  • Microsoft Antigen 9.0 for Exchange Service Pack 2
  • Microsoft Antigen 9.0 for SMTP Gateways Service Pack 2
Keywords: 
kbautohotfix atdownload kbregistry kbhotfixserver kbexpertiseadvanced kbhotfixrollup kbsurveynew kbfix KB975355

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com