You receive many spam e-mail messages in the Inbox even though you use Microsoft Antigen 9.0 for Exchange.
This problem may occur if you receive spam e-mail messages that include multiple Subject fields in the message header. Antigen 9.0 for Exchange does not correctly tag spam messages that have multiple Subject fields in the message header.
Note Although such messages contain multiple Subject fields, you see only one Subject field when you view the message.
A supported hotfix is available from Microsoft. However, this hotfix is intended to correct only the problem that is described in this article. Apply this hotfix only to systems that are experiencing this specific problem. This hotfix might receive additional testing. Therefore, if you are not severely affected by this problem, we recommend that you wait for the next software update that contains this hotfix.
If the hotfix is available for download, there is a "Hotfix download available" section at the top of this Knowledge Base article. If this section does not appear, contact Microsoft Customer Service and Support to obtain the hotfix. Note
If additional issues occur or if any troubleshooting is required, you might have to create a separate service request. The usual support costs will apply to additional support questions and issues that do not qualify for this specific hotfix. For a complete list of Microsoft Customer Service and Support telephone numbers or to create a separate service request, visit the following Microsoft Web site: Note
The "Hotfix download available" form displays the languages for which the hotfix is available. If you do not see your language, it is because a hotfix is not available for that language.
Hotfix installation information
After you apply this hotfix, Antigen 9.0 for Exchange will stamp incoming messages that include multiple headers as IllegalMIMEHeader. Illegal MIME headers are headers that have multiple Content-Type, Content-Transfer Encoding, or Content-Disposition headers. Additionally, Antigen 9.0 for Exchange will stamp messages in which the Content-Disposition or Content-Type header is longer than it should be. By default, messages that are identified as IllegalMIMEHeader are quarantined. If you do not want these messages to be quarantined, create the DisableQuarantineForIllegalMimeHeader registry entry under the following registry subkey:
HKEY_LOCAL_MACHINE\SOFTWARE\Sybari Software\Antigen for Exchange
Value type: DWORD.69+
Value data: 1
If Antigen 9.0 for Exchange encounters an illegal MIME header during a scan, you can configure Antigen to remove the message (the default setting) or to ignore the message.Note
You can configure this option in the General Options
section of the Antigen Administrator Console. The option is located under Scanning
in the Illegal Mime Header Action
Additionally, whenever such a message is removed, an entry that resembles the following is logged in the ProgramLog.txt file:
Day Date Time (2644-2064), "INFORMATION: Internet scan found virus:Folder: SMTP Messages\InboundMessage: Text from Subject fieldFile:Incident: IllegalMimeHeaderState: Purged"
Typically, the ProgamLog.txt file is located in the following folder:
Drive_Letter:\Program Files\Sybari Software\Antigen for Exchange\
If you enabled the default option to remove such messages, and if you also enabled post-scan archiving, you can view the removed messages. If you view such a message, you will find that the message body contains the following replacement text:
FILE DELETED------------The original contents of this file have been replaced withthis message because of its characteristics.File name: "Body of Message"Virus name: "IllegalMimeHeader"
- You can enable post-scan archiving in the General Options section under Diagnostics in the Archive SMTP Mail box.
- Archived messages are stored in the In folder and in the Out folder in the Antigen installation folder.
There are no prerequisites for installing this hotfix.
You do not have to restart your computer after you apply this hotfix.
Hotfix replacement information
This hotfix does not replace a previously released hotfix.
The global version of this hotfix has the file attributes (or later file attributes) that are listed in the following table. The dates and times for these files are listed in Coordinated Universal Time (UTC). When you view the file information, it is converted to local time. To find the difference between UTC and local time, use the Time Zone
tab in the Date and Time item in Control Panel.
|File name||File version||File size||Date||Time||Platform|
Microsoft has confirmed that this is a problem in the Microsoft products that are listed in the "Applies to" section.