Description of Hotfix Rollup 2 for Antigen 9 for Exchange Server with Service Pack 2 and for Antigen 9 for SMTP Gateways with Service Pack 2

Article translations Article translations
Article ID: 980586 - View products that this article applies to.
Expand all | Collapse all

On This Page

SUMMARY

Microsoft has released Hotfix Rollup 2 for Antigen 9 for Exchange Server with Service Pack 2 and for Antigen 9 for SMTP Gateways with Service Pack 2. This article contains information about how to obtain the hotfix rollup and about the issues that are fixed by the hotfix rollup.

MORE INFORMATION

Issues that are fixed in Hotfix Rollup 2 for Antigen 9 for Exchange Server with Service Pack 2 and for Antigen 9 for SMTP Gateways with Service Pack 2

This hotfix rollup fixes the following issues:

Details of the issues that are fixed in the hotfix rollup

  • Antigen 9 for Exchange and Antigen 9 for SMTP Gateways do not send notifications to internal e-mail addresses

    Symptoms

    Internal recipients that are specified in any notifications do not receive the expected e-mail notification. To view the internal recipients that are supposed to receive notifications, click Notifications on the Report menu of the Antigen Administrator console.

    Cause

    This problem occurs when you use the DomainDatFilename feature in Antigen 9 for Exchange and in Antigen 9 for SMTP Gateways to specify internal domains.
  • The Cluster Service cannot create or restore Crypto Checkpoints on a Microsoft Exchange 2003 cluster

    Symptoms

    The Cluster Service cannot create or restore Crypto Checkpoints for an Exchange 2003 Information Store instance in Antigen 9 for Exchange or for an Exchange SMTP instance in Antigen 9 for SMTP Gateways.

    During the installation of Antigen 9 for Exchange or Antigen 9 for SMTP Gateways on an Exchange cluster, the installation stops, and you receive the following error message:
    Setup failed to create the Antigen resource and configuration in the EVS.
    When a cluster resource is brought online, an event type that resembles the following is logged in the System log:


    Event Type: Error Event
    Source: ClusSvc
    Event Category: Checkpoint Mgr
    Event ID: 1121
    Description:
    The crypto checkpoint for cluster resource 'Exchange Information Store Instance could not be restored to the container name
    'C44FBC30-1445-11d3-8CAA-00104B9C5823'. The resource may not function correctly.

    Cause

    This problem occurs because the Local Administrators account does not have sufficient permissions on the following folder:
    %drive%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys
    The permissions that are applied to this folder are inherited by the file that is created in the following folder when either of these symptoms occurs:
    {47bea955279d0bff4b03ff43cad2cab7_80331190-c9c2-4bc8-b3da-6baffb106058}
    Workaround

    If you experience this problem and cannot install this rollup package to resolve this problem immediately, you can work around this problem by adding the following local accounts with Full Control to the "%Drive%\Documents and Settings\All Users\Application Data\Microsoft\Crypto\RSA\MachineKeys" folder:
    • local_computer\Administrators
    • local_computer\System
    • local_computer\Network Service


    Note Make sure that the option to propagate permissions to all child objects is selected for each account.
  • The Antigen 9 for Exchange and Antigen 9 for SMTP Gateways services cannot start if the installation root directory contains a file that is named "Program"

    Symptoms

    The Antigen 9 for Exchange and Antigen 9 for SMTP Gateways services cannot start if the installation root directory contains a file that is named Program.

    Cause

    This problem occurs when the executable services file for Antigen 9 for Exchange or for Antigen 9 for SMTP Gateways do not contain quotation marks around the path of the executable file. This causes the system to look for any file in the path. For example, the file "C:\Program" may be found for a path of the file "C:\Program Files\Microsoft Antigen for Exchange\AntigenService.exe." This means that Antigen 9 for Exchange and Antigen 9 for SMTP Gateways finds the wrong file and cannot start the service.

    Workaround

    To temporarily work around this problem if you cannot immediately install this hotfix rollup, do one of the following:
    • Rename the file that is named "Program."
    • Put quotation marks around the executable file path in the Services registry. For more information about how to do this, click the following article number to view the article in the Microsoft Knowledge Base:
      812486 Event ID 7000 and "%1 Is Not a Valid Win32 Application" error message when you start a service
  • All engine updates roll back in Antigen 9 for Exchange and in Antigen 9 for SMTP Gateways if the installation root directory contains a file that is named "Program"

    Symptoms

    When you try to update a scan engine in Antigen 9 for Exchange and in Antigen 9 for SMTP Gateways, the update rolls back. After the new scan engine is downloaded, it cannot be integrated. The new scan engine is rolled back, and Antigen 9 for Exchange and in Antigen 9 for SMTP Gateways reverts to the old scan engine.

    Additionally, the following entries may be logged in the Application log and in the ProgramLog.txt file for the time that you try to update a scan engine. The following example is for the Microsoft scan engine.

    "INFORMATION: The Microsoft scan engine has been downloaded"
    "INFORMATION: The Microsoft scan engine has been staged."
    "ERROR: (0x000000c1) %1 is not a valid Win32 application. Unable to launch ScanEngineTest for the Microsoft scan engine."
    "INFORMATION: The Microsoft scan engine has been rolled back."

    Cause

    This problem occurs when the path of ScanEngineTest.exe is not enclosed in quotation marks for the engine update code in Antigen 9 for Exchange and Antigen 9 for SMTP Gateways. This causes the system to look for any file in the path. For example, the file "C:\Program" may be found for a path of the file "C:\Program Files\Microsoft Antigen for Exchange\ScanEngineTest.exe." This means that Antigen 9 for Exchange and Antigen 9 for SMTP Gateways finds the wrong file and cannot complete the scan engine test. In this scenario, the scan engine is rolled back.
  • Template settings cannot be deployed to Antigen 9 for Exchange and Antigen 9 for SMTP Gateways servers when you use the Forefront Server Security Management Console

    Symptoms

    You use the Forefront Server Security Management Console to deploy template settings to an Antigen 9 for Exchange or an Antigen 9 for SMTP Gateways server. The job is completed successfully. However, when you check the Antigen Administrator console, you find that the settings from the template are not applied to the scan jobs.

    Cause

    AntigenStarter.exe is used to deploy the template settings on the local Antigen 9 for Exchange and Antigen 9 for SMTP Gateways server. When this problem occurs, the AntigenStarter.exe file is called before the template.adb file is copied to the local server.

    Therefore, AntigenStarter.exe integrates the current settings that are already applied to the scan jobs. AntigenStarter.exe does not apply the new template.adb settings.

    Workaround

    To work around this problem, use AntigenStarter.exe locally to deploy template settings after Forefront Server Security Management Console has deployed your template.adb to the server. For more information about AntigenStarter.exe and command-line parameters, see Chapter 11 - Using templates in the Antigen for Exchange User Guide. To obtain this User's Guide, visit the following Microsoft TechNet Web site:
    http://technet.microsoft.com/en-us/library/bb914041.aspx
  • Sender notifications are not sent in Antigen for Exchange if the "From" field in the original e-mail message header has a single display name that occupies more than one line

    Symptoms

    Sender notifications are not sent in Antigen for Exchange if the "From" field in the original e-mail message header has a single display name that contains a lots of characters and bridges more than one line. For example, this problem occurs with the following encoded header:
    From: =?iso-2022-jp?B?YUEyMzQ1Njc2ISAxMjM3NPS2ODkwMTIzTNW2Nw==?=
     =?iso-2022-jp?B?ODkwISIzNDQ32Nzg5MDEyMzL1Nhc9OTAxMjM9XO==?=
     =?iso-2022-jp?B?Tjc2ORskPiVERXklSIsoQg==?= <user@contoso.com>
    


    More information

    Typically, when an e-mail message is detected as matching a virus, a file filter, or some other relevant entity in Antigen for Exchange, Antigen sends the original sender of an e-mail message a notification that contains details of the event. However, when the "From" field of the original e-mail message header contains multiple lines because of the length of the display name, sender notifications are not sent.

    Additionally, the following error messages may be logged in the Programlog.txt file:
    ERROR: Could not retrieve next row of data from AD. Error code: 00005012.

    WARNING: The user does not have an SMTP address. User:
  • A scan engine update fails and logs a warning message in the ProgramLog.txt file

    Symptoms

    If any of the Antigen for Exchange Server or the Antigen for SMTP Gateways external scan engine vendors release a scan engine update that incorporates files that are packaged in sub-directories, the scan engine update will fail. Additionally, a warning message is logged in the ProgramLog.txt file that resembles the following:
    WARNING: A failure was reported by the synchronization observer while installing the scanner. Action = 0x00000001. C:\<Forefront Installation Directory>\<EngineName>\Bin\bases/stt/
    Cause

    This problem occurs because Antigen cannot update a scan engine that contains one or more sub-directories in its update package.
  • The settings in a new Antigen installation remain unconfigured after you apply an existing Antigen <template>.adb file to Antigen by using the AntigenStarter command

    Symptoms

    The Antigen administrative console contains blank configurations such as the File Filter lists and the Allowed Sender lists.

    More information

    In order to duplicate settings from an existing Antigen server to a new Antigen server, an administrator can copy the Antigen template.adb file to the new server and then run the AntigenStarter command. In some instances, the settings from the template.adb file are not fully applied.
  • Antigen generates notifications on obsolete scan engines even though they are not being used

    Symptoms

    Administrators on the critical notification list in Antigen continue to receive e-mail requests to stop using a deprecated scan engine. This problem occurs even though the scan engine is disabled in the Antigen administrator.

    Additionally, the following is logged in the event log:
    The engine_display_name scan engine is no longer supported. Updates are no longer available for this engine, and therefore the update check for this engine has been disabled. Please review the scan engines chosen for your scan jobs and make another selection to ensure up-to-date protection.
  • Antigen incorrectly detects PDF files as UNICODE files when it is configured to filter PDF files

    Symptoms

    You configure Antigen to filter PDF files. When a PDF file is filtered, the following entries are logged in the ProgramLog.txt file:
    date time (812- 2468), "DIAGNOSTIC: The IMS scanner detected a FileType of 2 (FOBTYPE_UNICODE)"

    date time (812- 2468), "DIAGNOSTIC: The IMS Virus scanner is scanning the file named "file_name.pdf" from the message named subject located in the "Outbound" folder"
    More information

    When a File Filter is set up for Portable Document Format (PDF) files in Antigen, and UNICODE is selected under the File Type list, Antigen successfully filters the file. However, it will incorrectly logs that a UNICODE file was filtered.
  • E-mail may queue in the Exchange Directory Lookup queues, e-mail flow is slow, or longer send and receive wait times in Exchange when Antigen for Exchange is installed

    Symptoms

    You may experience one or more of the following symptoms in Exchange when Antigen for Exchange is installed:
    • E-mail may queue in the Exchange Directory Lookup queues.
    • E-mail flow is slow.
    • Users report longer wait times to send and receive e-mail.
    • CPU utilization may be high.
    Cause

    This problem may occur in Exchange when Antigen is installed. This occurs because of a performance issue in Antigen's keyword filtering component.
  • Antigen for Exchange Service Pack 2 Rollup 2 provides improved performance for incidents logging

    More information

    When Antigen makes lots of detections, these have to be logged in the Incident.mdb database. When this occurs, there is an increase in CPU utilization. For example, you may see an increase in CPU utilization by the AntigenService.exe process at this point. This occurred because Antigen accesses the incident count table two times to update the table.

    After you install Hotfix Rollup 2 for Antigen 9 for Exchange Service Pack 2, performance for incident logging is improved.

Hotfix rollup information

Download information

A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem.

If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, submit a request to Microsoft Customer Service and Support to obtain the hotfix.

Note If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site:
http://support.microsoft.com/contactus/?ws=support
Note The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.

How to install the hotfix rollup

To install the hotfix rollup, follow these steps:
  1. Run the installer by double-clicking the hotfix rollup executable file.

    Note When the installer is running, the Exchange and Antigen services are stopped, and your mail flow is temporarily stopped.
  2. After the installation is complete and the Exchange and Antigen services are restarted, make sure that Antigen is working correctly.

    Notes
    • The Exchange and Antigen services are restarted automatically during the installation.
    • Antigen service packs or hotfix rollups can be installed by using the FFSMC Deployment job. For more information, see "Deployment Jobs" in the Forefront Server Security Management Console User's Guide. In this case, the installer runs in silent mode and no user input is required. The rest of the process remains the same as it is when you run the installer by double-clicking the executable file.

Prerequisites

This hotfix rollup requires that one of the following to be installed:
  • Microsoft Antigen 9 for Exchange Service Pack 2
  • Microsoft Antigen 9 for SMTP Gateways Service Pack 2
For more information about these service packs, click the following article number to view the article in the Microsoft Knowledge Base:
971063 Description of Antigen 9.0 with Service Pack 2

File information

This hotfix may not contain all the files that you must have to fully update a product to the latest build. This hotfix contains only the files that you must have to correct the issues that are listed in this article.

The English (United States) version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone tab in the Date and Time item in Control Panel.
For Antigen 9 for Exchange Service Pack 2
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Aexmladapter.dll 9.2.1097.63 525,824 23-Feb-2010 15:28
Ant5inst.dll 9.2.1097.63 967,168 23-Feb-2010 15:28
Antigenasj.dll 9.2.1097.63 313,856 23-Feb-2010 15:28
Antigenclient.exe 9.2.1097.63 1,185,280 23-Feb-2010 15:28
Antigendiag.exe 9.2.1097.63 286,720 23-Feb-2010 15:28
Antigenimc.exe 9.2.1097.63 265,216 23-Feb-2010 15:28
Antigeninternet.exe 9.2.1097.63 823,296 23-Feb-2010 15:28
Antigenmanual.exe 9.2.1097.63 813,568 23-Feb-2010 15:28
Antigenmonitor.exe 9.2.1097.63 241,152 23-Feb-2010 15:28
Antigenpmdll.dll 9.2.1097.63 294,912 23-Feb-2010 15:28
Antigenpmsetup.exe 9.2.1097.63 272,384 23-Feb-2010 15:28
Antigenrealtime.exe 9.2.1097.63 794,624 23-Feb-2010 15:28
Antigenservice.exe 9.2.1097.63 1,511,936 23-Feb-2010 15:28
Antigensmtpsink.dll 9.2.1097.63 430,080 23-Feb-2010 15:28
Antigenstarter.exe 9.2.1097.63 209,920 23-Feb-2010 15:28
Antigenstore.exe 9.2.1097.63 231,936 23-Feb-2010 15:28
Antigenvsapi.dll 9.2.1097.63 326,144 23-Feb-2010 15:28
Antutil.exe 9.2.1097.63 317,440 23-Feb-2010 15:28
Fsecontentscanner.exe 9.2.0015.0 670,064 11-Sep-2009 21:53
Getenginefiles.exe 9.2.1097.63 60,0576 23-Feb-2010 15:28
Mimenavigator.dll 9.2.1097.63 296,960 23-Feb-2010 15:27
Scanenginetest.exe 9.2.1097.63 527,360 23-Feb-2010 15:28
Smimenavigator.dll 9.2.1097.63 221,696 23-Feb-2010 15:27
Statisticsmanager.dll 9.2.1097.63 509,952 23-Feb-2010 15:27
Structstgnavigator.dll 9.2.1097.63 272,896 23-Feb-2010 15:27
Sybariave.dll Not Applicable557,568 07-Feb-2010 02:39
Sybariengine.dll 9.2.1097.63 136,704 23-Feb-2010 15:27
Tnefnavigator.dll 9.2.1097.63 283,136 23-Feb-2010 15:27
For Antigen 9 for SMTP Gateways Service Pack 2
Collapse this tableExpand this table
File nameFile versionFile sizeDateTime
Aexmladapter.dll 9.2.1097.63 525,824 23-Feb-2010 15:28
Ant5inst.dll 9.2.1097.63 967,168 23-Feb-2010 15:28
Antigenasj.dll 9.2.1097.63 313,856 23-Feb-2010 15:28
Antigenclient.exe 9.2.1097.63 1,185,280 23-Feb-2010 15:28
Antigendiag.exe 9.2.1097.63 286,720 23-Feb-2010 15:28
Antigenimc.exe 9.2.1097.63 265,216 23-Feb-2010 15:28
Antigeninternet.exe 9.2.1097.63 823,296 23-Feb-2010 15:28
Antigenmanual.exe 9.2.1097.63 813,568 23-Feb-2010 15:28
Antigenmonitor.exe 9.2.1097.63 241,152 23-Feb-2010 15:28
Antigenpmdll.dll 9.2.1097.63 294,912 23-Feb-2010 15:28
Antigenpmsetup.exe 9.2.1097.63 272,384 23-Feb-2010 15:28
Antigenrealtime.exe 9.2.1097.63 794,624 23-Feb-2010 15:28
Antigenservice.exe 9.2.1097.63 1,511,936 23-Feb-2010 15:28
Antigensmtpsink.dll 9.2.1097.63 430,080 23-Feb-2010 15:28
Antigenstarter.exe 9.2.1097.63 209,920 23-Feb-2010 15:28
Antigenstore.exe 9.2.1097.63 231,936 23-Feb-2010 15:28
Antigenvsapi.dll 9.2.1097.63 326,144 23-Feb-2010 15:28
Antutil.exe 9.2.1097.63 317,440 23-Feb-2010 15:28
Fsecontentscanner.exe 9.2.0015.0 670,064 11-Sep-2009 21:53
Getenginefiles.exe 9.2.1097.63 600,576 23-Feb-2010 15:28
Mimenavigator.dll 9.2.1097.63 296,960 23-Feb-2010 15:27
Scanenginetest.exe 9.2.1097.63 527,360 23-Feb-2010 15:28
Smimenavigator.dll 9.2.1097.63 221,696 23-Feb-2010 15:27
Statisticsmanager.dll 9.2.1097.63 509,952 23-Feb-2010 15:27
Structstgnavigator.dll 9.2.1097.63 27,2896 23-Feb-2010 15:27
Sybariave.dll 557,568 07-Feb-2010 02:39
Sybariengine.dll 9.2.1097.63 136,704 23-Feb-2010 15:27
Tnefnavigator.dll 9.2.1097.63 283,136 23-Feb-2010 15:27

Properties

Article ID: 980586 - Last Review: March 3, 2010 - Revision: 1.1
APPLIES TO
  • Microsoft Antigen 9.0 for Exchange Service Pack 2
  • Microsoft Antigen 9.0 for SMTP Gateways Service Pack 2
Keywords: 
kbautohotfix kbdownload kbhotfixrollup kbfix kberrmsg kbbug atdownload kbexpertiseinter kbsurveynew kbqfe kbhotfixserver KB980586

Give Feedback

 

Contact us for more help

Contact us for more help
Connect with Answer Desk for expert help.
Get more support from smallbusiness.support.microsoft.com