This article has been archived. It is offered "as is" and will no longer be updated.
When you use one of the following programs, the program may detect a file as being infected with the UnwritableCompressedFile virus:
Microsoft Antigen 9.0 for Exchange
Sybari Antigen 8.0 for Microsoft Exchange
Sybari Antigen 8.0 for Microsoft SharePoint Portal Server
Microsoft Forefront Security for Exchange Server
Microsoft Forefront Security for SharePoint
2007 Office files (DocX, PptX, XlsX, and so on) are detected as “UnwritableCompressedFile virus” files, and they are removed. This behavior occurs when an embedded file is removed from a 2007 Office system. Microsoft Antigen and Microsoft Forefront server products cannot subsequently write to the 2007 Office file.
This issue occurs if the following conditions are true:
Antigen or Microsoft Forefront server security products can parse the file successfully to read the contents of the file.
Antigen or Microsoft Forefront server security products cannot perform a write operation to the compressed file or to one or more of the files that are contained in the archive package.
For example, this issue occurs if the following conditions are true:
A file filter is configured to delete a particular file type or to remove a particular file type.
A compressed file contains one or more files that match the file filter that is configured.
Antigen or Microsoft Forefront server security products cannot delete the file or the files from inside the compressed file.
For 2007 Office files, this issue occurs because of the current navigator for Antigen 9 and Forefront 10. Neither Antigen nor Forefront can update 2007 Office files after an embedded file has been removed.
To work around this issue, create a "Skip: detect only" file filter for OPENXML files (2007 Office files). If you have XML file filters set, make sure that the OPENXML entries appear before the XML file filters in the list of filters that you configure. For example, set the following filter to prevent 2007 Office files from being filtered.
Filter name Filter type Action ----------- ----------- ---------- * OPENXML Skip: detect only
When you apply this file filter configuration to either Forefront or Antigen 9.0, the contents of Office 2007 files are not checked against file filtering. If a file matches a "Skip: detect only" filter, Forefront does not compare the file with any other file filters for the particular scan job.
Note The "Skip: detect only" action applies only to file filtering. Other kinds of filtering and virus scanning are still applied.
Microsoft Antigen 9.0 for Exchange, Sybari Antigen 8.0 for Microsoft Exchange, Sybari Antigen 8.0 for Microsoft SharePoint Portal Server, Microsoft Forefront Security for Exchange Server, Microsoft Forefront Security for SharePoint