Some default deletion messages in Forefront Security for Exchange Server may mislead a user or an administrator to assume that an error occurred or that a virus was found

Symptoms

Microsoft Forefront Security for Exchange Server currently uses the following default deletion messages:
  • CorruptedCompressedFile
  • CorruptedCompressedUuencodeFile
  • EncryptedCompressedFile
  • Exceedingly compressed size
  • ExceedinglyInfected
  • ExceedinglyNested
  • Exceedingly nested folder structure
  • LargeInfectedContainerFile
  • UnReadableCompressedFile
  • UnWritableCompressedFile
Forefront Security for Exchange Server uses these default deletion messages to describe the file types that are found to contain certain compressed characteristics on which Forefront Security for Exchange Server acts. These default deletion messages may mislead a user or an administrator to assume that an error occurred or that a virus was found.

Resolution

To resolve this issue, install Forefront Security for Exchange Server with Service Pack 2. This service pack lets an administrator customize the default deletion messages by using the registry.


For more information, click the following article number to view the article in the Microsoft Knowledge Base:

960465 Description of Forefront Security for Exchange Server with Service Pack 2

Important This section, method, or task contains steps that tell you how to modify the registry. However, serious problems might occur if you modify the registry incorrectly. Therefore, make sure that you follow these steps carefully. For added protection, back up the registry before you modify it. Then, you can restore the registry if a problem occurs. For more information about how to back up and restore the registry, click the following article number to view the article in the Microsoft Knowledge Base:
322756 How to back up and restore the registry in Windows
After you install Forefront Security for Exchange Server Service Pack 2, you can customize the messages by manually creating the following String registry entries:
  • OverrideCorruptedCompressedFile
  •  OverrideCorruptedUuencode
  • OverrideCorruptedCompressedFile
  • OverrideEncyptedCompressedFile
  • OverrideExceedinglyInfected
  • OverrideExceedinglyNested
  • OverrideFragmentedMessage
  • OverrideLargeInfectedContainerFile
  • OverrideScanTimeExceeded
  • OverrideUnReadableCompressedFile
  • OverrideUnWritableCompressedFile
  • OverrideIllegalMimeHeader
You can create these String registry entries in the following registry subkeys:
  • For 32-bit computers:
    HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Forefront Server Security\Exchange Server
  • For 64-bit computers
    HKEY_LOCAL_MACHINE\SOFTWARE\Wow6432Node\Microsoft\Forefront Server Security\Exchange Server
After you create the registry entries, edit the values to contain the messages that you want. You do not have to restart any services after you create and edit these registry entries.

Status

Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.