What's in this file

The following are the minimum server and workstation requirements for Microsoft Antigen for Exchange.

The new General Option Deliver From Quarantine Security has been added to give administrators more flexibility for handling messages and attachments that are forwarded from quarantine. The options for this setting are Secure Mode and Compatibility Mode.

• Secure Mode is the default. It causes all messages and attachments delivered from quarantine to be re-scanned for viruses and filter matches.
  
  
• Compatibility Mode allows messages and attachments to be delivered from quarantine without being scanned for filter matches. (Messages and attachments are always scanned for viruses.) Antigen identifies these messages by placing a special tag text in the subject line of all messages that are delivered from quarantine.
  
  

During installation, you are now asked if you would like to run in Secure Mode or Compatibility Mode. If you would like Antigen to continue to allow messages and attachments to be delivered from quarantine without being rescanned for filter matches, select Compatibility Mode. If you would like messages and attachments to be rescanned, select Secure Mode. This setting applies to the Realtime and Internet Scan Jobs.

You can customize the subject line tag text used when messages are delivered from quarantine by using the new registry key ForwardedAttachmentSubject. The subject line tag text can be changed to a unique string for the organization or changed into a local language.

Exchange 2000: The ASM junk mail folder feature is disabled by default. In order to enable this feature, the Microsoft hotfix specified in Knowledge Base article KB884035 must be installed on the server. In order to obtain this fix, contact Microsoft Product Support Services.

Exchange 2003: ASM Junk Mail Folders are removed for Exchange 2003 to promote integration with Exchange.

1. Upgrades from releases earlier than Antigen 8.0SR3 are not supported.
   
   
2. When upgrading from Antigen 8.0SR3, if proxy information is needed for file scanner updates, the information must be re-entered into the Antigen Administrator in the General Options pane.
   
   
3. After a fresh installation, new signature files must be downloaded to ensure the most up-to-date protection. For an upgrade, a one time scanner update for each licensed engine will be scheduled. For a fresh installation, a daily scanner update for each licensed engine will be scheduled. These updates will start 5 minutes after the Antigen services are started. However, if a proxy is being used for scanner updates, these scheduled updates will fail. Use the Antigen Administrator to enter the proxy information. After this is done, click the Update Now button in the Scanner Updates pane to perform an immediate scanner update for each engine.
   
   

   Note:
   Until all the licensed engines have been successfully downloaded, errors may appear in the ProgramLog.txt file. These errors include "ERROR: Could not load SpamCure mapper" and "ERROR: Could not create mapper object".

4. Upgrading from Antigen 8.0SR3 may take longer than expected if the existing quarantine folder contains a large number of files.
   
   
5. In order for Microsoft Antigen Enterprise Manager to retrieve statistics from Antigen for Exchange when running on an Exchange 2000 server, Exchange 2000 SP2 or higher must be installed.
   
   
6. The ASM Junk Mail folder processing on Exchange 2000 requires that .NET Framework 1.1 be installed on the server.
   
   
7. Antigen is no longer supported running on two-node active/active Exchange cluster configurations.
   
   
8. Antigen users should be aware of a problem installing ASP.NET 1.1 on a computer running on a Windows 2000 Server domain controller with Service Pack 4 (SP4) installed. The IWAM account is not granted impersonate user rights for ASP.NET 1.1. When you request an ASP.NET 1.1 page, you may receive the following error message:
   
   Server Error in '/AntigenJunkMail' Application.
   
   Access is denied.
   
   Microsoft posted Knowledge Base Article number 824308 (http://support.microsoft.com/?id=824308) describing the problem and providing a workaround solution.
   
   
9. Antigen users should be aware of an issue where the AntigenStoreEvent service uses large amounts of memory. If you think you are experiencing this issue, contact your Microsoft representative to obtain the fix.
   
   
10. The ASM Junk Mail folder processing requires that the World Wide Web Publishing Service be started.
    
    
11. When changing the Enable Junk Mail Folders General Option setting, Antigen will begin to create or disable ASM Junk Mail Folders for all users when the Save button is clicked. It is important to let Antigen finish this process before changing the option again. The start and completion of these operations are written to the ProgramLog.txt file.
    
    
12. The ASM Junk Mail folder displays/updates ASM settings for the user currently logged on to Outlook even when other users' mailboxes are displayed. To administer settings for these other users' mailboxes, you must log on to Outlook as that user.
    
    
13. If the SharePoint portal alert service is running on the server, an upgrade or uninstall of Antigen might require a restart.
    
    
14. When using the ASM Junk Mail Folder feature, if your IIS server is configured to use SSL, then you must set the Antigen registry DWORD value named UsingSSL to 1.
    
    
15. If a client's Internet Explorer settings are configured to use a proxy server, the Tools->Internet Options->Connections->LAN Settings->Bypass proxy server for local addresses option must be checked for that client to be able to access the ASM Junk Mail home page.
    
    
16. If an Antigen for Exchange installation is performed without an ASM license, and a subsequent ASM license is required, you must reinstall the product to enable the ASM Junk Mail features.
    
    
17. To enable the Antigen Administrator to run on Windows XP SP2, two steps need to be taken.
    
    First, run dcomcnfg. Navigate to MyComputer in Component Services, right-click My Computer, and then select Properties. Click the COM Security tab. Under Access Permissions, click Edit Limits and add Remote Access privileges for the Anonymous Logon user.
    
    The second step is to allow the Antigen Administrator application. Access Control Panel, choose Security Center. Enter the Windows Firewall administrator and click the Exceptions tab. Select Add Program, select Antigen Administrator from the list, and then click OK. Now, check Antigen Administrator. Choose Add port. Add 135 for the port number, with TCP checked, and any name. Click OK.
    
    If there is concern about opening port 135 to all computers, it can be opened for only the Antigen servers. When adding port 135, click Change Scope and select Custom List. Type the IP addresses of all Antigen servers to which you want to connect.
    
    
18. The Exchange 2003 UCE setting of the SCL Property requires Exchange 2003 and the Outlook 2003 client for mail to be routed to the Junk E-mail folder.
    
    

    Note:
    The Exchange 2003 SCL rating feature does not work on an SMTP Windows 2000/Windows 2003 only server.

19. ASM Using SpamCure Engine: Reporting False Positives and False Negatives.
    
    If you notice that the SpamCure engine is reporting False Positives (identifying legitimate e-mail as Spam) or False Negatives (failing to identify Spam e-mail), you can forward these e-mail messages to Microsoft for analysis by mail filters. The following addresses have been created to process these messages:
    
    spam.mail-filters@antigen.microsoft.com - Use this address to submit spam e-mail that was not detected (False Negatives) by the SpamCure engine.
    
    notspam.mail-filters@antigen.microsoft.com - Use this address to submit legitimate e-mail messages that were identified as spam (false positives) by the SpamCure engine.
    
    

    Note:
    These addresses are only for SpamCure engine detection problems.

20. When installing an AV solution using VSAPI2, a registry key is created to save information concerning the VSAPI library. If this key is present when you attempt to install Antigen, the installation fails. You must delete the key before attempting to reinstall Antigen.
    
    The registry key you must delete is:
    
    HKEY_LOCAL_MACHINE->System->CurrentControlSet->Services-> MSExchangeIS->VirusScan
    
    Delete the entire VirusScan key. Additionally, VSAPI will not allow you to run multiple AV software solutions concurrently.
    
    
21. When Antigen appends a disclaimer to an e-mail that has a different encoding, such as iso-2022-jp, it uses the MS API WideCharToMultiByte to convert the Unicode disclaimer text to the format needed before appending it to the e-mail. If support for that particular encoding has not been installed on the server, (Control Panel->Regional and Language Options, Languages tab) Antigen cannot create a disclaimer in the appropriate encoding. If this occurs, a blank disclaimer is added to the e-mail, and the following error is logged to the Program Log: "WideCharToMultiByte returns an empty string for the Unicode plaintext disclaimer using the %s encoding" (where %s is replaced by the charset name.)
    
    
22. If you are using the ASM Junk Mail Folder and want to host the Antigen ASM Web application on a different server, create a string registry key named JunkMailHostName. Antigen then uses this value (instead of the local host name) when setting the home page for the ASM Junk Folder for each Outlook user.
    
    
23. When installed in a cluster environment, if you manually fail over an Exchange Virtual Server and you are using the ASM Junk Mail Folder feature, you must also manually fail over the 'Cluster Group'. Otherwise, Outlook users will be unable to use any of the features of ASM Junk Folders. On an automatic failover, the 'Cluster Group' fails over with the Exchange Virtual Server and this is not an issue.
    
    
24. Antigen is able to scan the first part of a multi-part RAR file. Any other part of a multi-part RAR will be treated as CorruptedCompressed, and be treated according to the Delete Corrupted Compressed Files General Option setting.
    
    
25. After an upgrade of Antigen, any monitoring software should be recycled to use the new Antigen monitoring library.
    
    
26. Antigen no longer supports the ability of customers to host their own engine updates.
    
    
27. Antigen database path names (DatabasePath registry key) greater than 216 characters are not supported.
    
    
28. When installing Antigen, the length of the installation path must be less than 170 characters.
    
    
29. UNC paths specified for engine updates must not end with a backslash ("\").
    
    
30. The CA InoculateIT scan engine is no longer available as a separate engine. This engine and its functionality have been merged with the CA Vet engine.
    
    
31. To change the server profile for notification purposes, you must modify the FromAddress registry value. In the registry editor, the FromAddress registry value is located under HKEY_LOCAL_MACHINE\SOFTWARE\SybariSoftware\Notifications\. For details about modifying this value, refer to the "Sending notifications" section in the "Using e-mail notifications" chapter in the "Microsoft Antigen for Exchange User Guide," which is available at the Microsoft Antigen TechNet Library.
    
    

    Note:
    In previous releases, the FromAddress registry value was named ServerProfile. If the user guide erroneously lists the value as ServerProfile, change it to FromAddress.

Build 9.1.1097.00 (Includes all features from Antigen 9.0.1055):

1. Antigen now supports globalization. Although Antigen is not localized, the English version of the Antigen product can now be installed on local language versions of Windows Server and Exchange.
   
   
2. Antigen now supports Office 2007 file formats (.docx, .xlsx, and so on.)
   
   
3. A new General Option setting Treat multipart RAR archives as corrupted compressed has been added. When this option is enabled (the default setting), files determined by Antigen to be multipart RAR will be treated as corrupted compressed and acted on according to the Delete Corrupted Compressed Files General Option setting. When this option is disabled, Antigen will pass each file within the RAR volume to the scan engines.
   
   

   Note:
   If a file spans RAR volumes, Antigen will only be able to pass the partial file to the scan engines and file type filtering may not work.

4. A new General Option setting Treat high compression ZIP files as corrupted compressed has been added. When this option is enabled (the default setting), if a zip archive is found to contain one or more highly compressed files, it will be treated as corrupted compressed, and acted on according to the Delete Corrupted Compressed Files General Option setting. When this option is disabled, any file within a zip archive that is highly compressed with either the Deflated64, Bzip2, or PPMD algorithms will be sent to the scan engines in its compressed form. In this case, the entire zip archive will not be treated as corrupted compressed as long as no other files are compressed using other high compression algorithms.
   
   
5. If Microsoft Updates (MU) has not already been activated for the server, an option to opt into the MU program will be presented during the installation.
   
   
6. Antigen scheduled tasks will now be handled using Task Scheduler. Each repeated task will now show as one scheduled task in the Scheduled Tasks UI.
   
   
7. A new Product Licensing Agreement and Expiration entry screen has been added. After you have activated your product, you should enter licensing information (obtained from Microsoft Sales). If you license your product, you can align when your product expires with your license agreement (otherwise, the expiration will be three years from the installation date). In addition, you can easily renew your license by entering a new expiration date. To license Antigen, select Product License from the Help menu. The Product License Agreement and Expiration dialog box appears. Enter your 7-digit License Agreement Number and then enter an Expiration Date. You should enter a date that corresponds to the expiration of your license agreement. That will coordinate the expiration of both the license agreement and the product. When the product nears its expiration, you should renew your license agreement and enter the new license information into the Product Licensing Agreement and Expiration dialog box.
   
   
8. Cluster installations have been enhanced. The following changes were made:
   
   
   • Auto-discovery of install candidate volumes located on shared drives was added. The user can now choose an install volume from a drop-down list. This drop-down list replaces the current manual entry of drive information (Installing to drives without mount volume information must use a command line option.)
     
     
   • Support for mount point drives.
     
     
   • Support for drives with no mount volume information via command line option. This is similar to mount point drives, but did not work when installing to a Veritas VMDG (Volume Manager Disk Group). This issue is corrected by allowing a command line bypass to the drive letter during the installation process.
     
     
   • Support for choosing from multiple volumes on a disk. This corrected an issue where the installation was always choosing the first volume on a drive, instead of allowing the user to choose the intended volume.
     
     
9. A new General Option setting Treat concatenated gzips as corrupted compressed has been added.
   
   Multiple Gnu zip (gzip) files can be concatenated into a single file. Although Antigen recognizes concatenated gzips, it may not recognize individual files split across concatenated gzips. Therefore, Antigen treats concatenated gzips as corrupted compressed by default. In combination with the Delete Corrupted Compressed Files option, this default behavior prevents all concatenated gzips from passing through, thereby preventing potential infections.
   
   Disabling the treat concatenated gzips as corrupted compressed option enables you to receive concatenated gzips. However, in this case, a virus may escape detection.
   
   
10. The default value for the Max Program Log Size General Option setting has been changed from 0 (no limit to the maximum size) to 25600 KB. This change affects new installations only and does not affect the settings if you are upgrading from a prior release.
    
    

Build 9.0.1055 (Includes all features from Antigen 8.0.1517):

1. For each scan engine, a secondary update path can be entered. If using the network update path to get an engine update fails for any reason, the secondary update path will be tried.
   
   
2. A new General Option setting Purge message if Message Body Deleted - Internet has been added. This setting gives you the option to purge a message if any of the message body parts is deleted and there are no attachments.
   
   
3. The default InternetProcessCount and RealtimeProcessCount values on fresh installations will be set to 2. The existing value will not be changed during upgrades. In addition, two new General Options are exposed in the UI to allow the user to change these settings without editing the registry.
   
   

   Note:
   Services still must be recycled for these values to take effect.

4. Separate notifications are now available for Spam/RBL, keywords, and sender-domains/subject line filters. Keyword filter notifications are available for the sender and recipients as well as the administrator. A new Spam Administrator is available for the Spam/RBL filters. Content Filter notifications are available for the sender and recipients, as well as the administrator, and include Sender and Subject Line filter notifications.
   
   
5. Cluster support on Active/Passive clusters has been enhanced. Configuration data and scanner signature data are associated with an Exchange Virtual Server. Registry data is replicated on an Exchange Virtual Server basis.
   
   

Build 8.0.1517 (Includes all features from Antigen 8.0.1494):

1. By default, Antigen scans mail on all SMTP Virtual Servers when the SMTP Scan Job is enabled. If you do not want Antigen to scan all enabled SMTP Virtual Servers, you can create a STRING registry value named DisableSMTPVS. The STRING value must be populated with a comma-delimited list of numbers from 1 through 10 representing the Virtual Servers you would like Antigen to skip during scanning. For example, if you have four Virtual Servers and only want Antigen to scan on VS1 and VS3, the STRING value would be: 2,4.
   
   

   Note:
   Placing anything other than the numbers 1 through 10 in the STRING causes unpredictable results.

   In order for this change to take effect, the Simple Mail Transport Protocol (SMTP) service must be stopped. Next, the following three commands must be executed from the command prompt in the Antigen for Exchange folder:
   
   
   • AntigenIMC.exe /unregserver
     
     
   • AntigenIMC.exe /regserver
     
     
   • AntigenIMC.exe /service
     
     
   The value in the DisableSMTPVS will be recognized on the next start of the SMTP service.
   
   If the first Virtual Server needs to be disabled, the registry key PickupFolderPath must be deleted.
   
   
2. By default, Antigen performs file filtering within compressed archives. An existing feature allows Antigen to skip file filtering within zip archives by setting a *.zip file filter with its Action set to Skip-Detect. When Antigen is processing a file filter list, once a match is made with the filter, the remaining file filters within the file filter list are not processed for files within the zip archive.
   
   A new feature now extends the same functionality to several compressed file formats: TAR, GZIP, RAR, Macintosh, SMIME, and self extracting ZIP archives. To activate this new functionality one or more of the following new DWORD registry keys must be created and set to 1, depending on the scan job type. To activate this new feature for AntigenRealtime, set the registry key SkipFileFilterWithinCompressedRealtime to 1. To activate this new feature for AntigenManual, set the registry key SkipFileFilterWithinCompressedManual to1. To activate this new feature for AntigenInternet, set the registry key SkipFileFilterWithinCompressedInternet to 1.
   
   
3. By default, Antigen does not scan MTA traffic at the SMTP level. If you want to enable scanning of MTA traffic on the SMTP level, create a DWORD registry key named ForceMTAScanonSMTP and set the value to 1.
   
   

Build 8.0.1494:

Same features as 8.0.1492

Build 8.0.1492:

Same features as 8.0.1484

Build 8.0.1484

1. Added a new setting to the Incident Logging General Option to allow spam/RBL incident logging to be disabled.
   
   

Build 8.0.1470 (Includes all features from Antigen 7.5.1314):

1. Added client side features that provide Outlook users with the ability to approve and block senders. Please see important notes above regarding these new features.
   
   
2. Added the ability to purge the Incidents database.
   
   
3. Added the ability to upgrade Antigen without needing to shut down the Exchange services.
   
   
4. Support for multiple disclaimers is configurable for senders, recipients, and domains.
   
   
5. Added support for allowed senders lists to be configurable for different scanning functions.
   
   
6. Added the ability to perform scanner updates through a proxy server that requires HTTP authentication. The Antigen Client provides you with the ability to set the proxy server IP address, port, username, and password. Proxy server settings can also be deployed using templates.
   
   
7. When performing checks against the allowed mailhosts list, domain names in the InternalAddress list will not be checked.
   
   
8. The Statistics pane has been enhanced to include message statistics as well as attachment statistics.
   
   
9. An option is available to use the MAIL FROM: sender address from the SMTP protocol instead of the MIME FROM: sender for the SMTP Scan Job.
   
   
10. Added scanning support for opaque signed S/MIME files.
    
    

Build 9.1.1097.00 (Includes all software fixes from Antigen 9.0.1055):

This release includes fixes identified in these Knowledge Base articles:

• KB 924008—An outgoing e-mail message that includes disclaimer text causes the AntigenInternet.exe process to stop responding in Antigen 9.0 for Exchange.
  
  
• KB 923877—Quarantined items have an English (United States) date format (MM/DD/YYYY) instead of the date format that is configured in the regional settings on the server when you use the Antigen 9.0 for Exchange client to view the items.
  
  
• KB 924602—The HTML format of an e-mail message is incorrectly converted to plain text when the contact user opens an e-mail message if Antigen 9.0 for Exchange is installed.
  
  
• KB 924600—Antigen 9.0 for Exchange performance counters do not report data in Performance Monitor.
  
  
• KB 924705—The update operation times out when you try to update Antigen 9.0 for Exchange scan engines.
  
  
• KB 925784—Antigen 9.0 for Exchange may block legitimate e-mail messages because they may include some redundant Content-Transfer-Encoding items.
  
  
• KB 925781—The Microsoft Exchange Information Store resource unexpectedly fails over when you install Antigen 9.0 on a node in a server cluster.
  
  
• KB 928082—Size of SMTP messages may increase during the scanning process in Antigen.
  
  
• KB 923869—Event ID 100 is logged in the Application log when you perform an MTA scan job in Antigen 9.0 for Exchange.
  
  
• KB 928003—You receive many spam e-mail messages in the Inbox even though you use Antigen 9.0 for Exchange.
  
  
• KB 928281—You are limited to 255 characters when you add multiple domain names in the Internal Address box of the Antigen Administrator console.
  
  
• KB 933675—No items appear in the Antigen Quarantine and no entries are logged in the Incidents work pane when you run Antigen 9.0.
  
  
• KB 928081—Antigen 9.0 for Exchange or Antigen 9.0 for SMTP Gateways incorrectly detects a uuencode file as a virus.
  
  
• KB 932642—Event ID: 100 occurs after you install a Microsoft Antigen 9.0 for Exchange-based server.
  
  
• KB 933639—Antigen 9.0 cannot retrieve scan jobs, and e-mail messages begin to queue up in an active/passive cluster environment.
  
  
• KB 933544—Event ID 100 is logged in Antigen 9.0 for Exchange.
  
  
• KB 934636—The Antigen Worm List engine version is "0" in the Scanner Information area when you use Antigen Enterprise Manager 9.0 to gather the engine information.
  
  
• KB 935401—Antigen 9.0 had problems scanning certain structured storage files.
  
  
• KB 938100—A "ConvertLegacyExchangeDNToSMTPAddress - GetFirstRow failed. Error code: 8007203E" entry may be logged when Antigen 9.0 is installed on an Exchange server.
  
  

Build 9.0.1055 (Includes all software fixes from Antigen 8.0.1517)

Build 8.0.1517 (Includes all software fixes from Antigen 8.0.1494)

1. Fixed a problem to improve performance in VSAPI mode. When the store.exe process starts, Antigen would search Active Directory to retrieve information about all of the Storage Groups contained on the server. Antigen would also research Active Directory for the same Storage Group information whenever there was a configuration change or a scan engine update. If you set a new DWORD registry key SkipADonReload to 1, Antigen will cache the results of the first query and skip the query on configuration changes or scan engine updates.
   
   
2. AntigenInternet scans winmail.dat files for viruses. Exchange uses winmail.dat files for several purposes, and to facilitate public folder replication it sends winmail.dat files between servers. If Antigen modifies any of these winmail.dat files, the public folder replication process fails. Set a new DWORD registry key named DoNotScanIPMReplicationMessages to 1 and AntigenInternet will not scan IPM replication messages. (Note: If a virus is replicated via public folder replication, even if you enable this new registry key, Antigen will still detect the virus on the Realtime Scan Job.)
   
   
3. Fixed a problem that caused Antigen to log repetitive cosmetic errors to the Program log on STMP only servers that did not have access to Active Directory.
   
   
4. Fixed a problem that caused Antigen to stop processing any generic list (such as content filter list) if any entry in the list ended with a space character.
   
   
5. Fixed a problem that caused an AntigenRealtime abort when a the file deletion text had a keyword (for example: %virusengines%) that had a NULL value.
   
   
6. Fixed a problem that prevented Antigen from being able to PURGE inbound SMTP messages that are destined for a public folder.
   
   
7. Fixed a problem that caused Antigen to misidentify images within spreadsheets as corrupted compressed gzip files.
   
   
8. Fixed a problem that prevented Antigen from properly parsing .zip files that contained random binary data in the beginning of the .zip file.
   
   
9. Fixed a problem that could cause AntigenInternet to match an erroneous file filter, or cause AntigenInternet to abort when processing an e-mail that contained Japanese encoded characters.
   
   
10. Antigen will now correctly parse .zip files that list an uncompressed size equal to zero in either the local file header or central directory.
    
    
11. Fixed a problem that caused Antigen to timeout when processing RAR files that contained subdirectories.
    
    
12. Fixed a problem that caused Antigen to not create ASM Junk Mail Folders for all users on servers that contained a very large Active Directory database, or in configurations that contained child domains.
    
    
13. Fixed a problem that could cause a potential deadlock if two AntigenInternet scanning processes both timed out scanning a file at approximately the same time.
    
    
14. Fixed Antigen to correctly remove all scheduled scanner updates from the AT scheduler when AntigenService stops.
    
    
15. Fixed a problem that could cause a third party desktop scanner to catch a virus in the TEMP folder when Antigen was scanning a MIME message that was within a zip archive.
    
    
16. Fixed a problem that caused Antigen to always update every MIME message that it scanned when the General Option setting Fix Bare CR or LF in Mime Headers was enabled, instead of only updating MIME messages that contained bare CRs, bare LFs or NULs.
    
    
17. Antigen will now use the long filename, if present, within TNEF attachments when applying file filter rules.
    
    
18. Fixed a problem that caused Antigen to report an 'Unknown' sender in a notification when a using Outlook Web Access.
    
    
19. Improved scanning performance during scan engine updates.
    
    
20. Fixed a problem that caused Antigen to use a previously licensed engine after deploying a new license file that did not contain that engine.
    
    

Build 8.0.1494

1. Fixed an issue that prevents Antigen and the Exchange services from starting on Windows NT 4.0 and Exchange 5.5 servers that do not have the Internet Information Services (IIS) installed.
   
   

Build 8.0.1492

1. Fixed a timing issue that could allow a message to get past Antigen unscanned if the server was flooded with incoming mail when it was restarting.
   
   
2. Fixed a timing issue that could cause the wrong AntigenInternet process to be restarted when a scan timeout occurs.
   
   

Build 8.0.1484 (Includes all software fixes from Antigen 7.5.1315):

1. Antigen will now automatically scan .jpg files for viruses without the need to make any configuration changes.
   
   
2. Antigen will now correctly handle self extracting RAR files.
   
   
3. When installed in VSAPI mode on a cluster, fixed an issue that caused a performance problem because Antigen was unnecessarily searching into Active Directory on the receipt of each message.
   
   
4. Fixed a problem that caused an HTML formatting error when using the ACM job 'Generate HTML report'.
   
   
5. Fixed an issue which caused Antigen to always set the SCL level to a zero even if the property was not present in the original e-mail.
   
   
6. Antigen will now scan e-mails for Spam (using the SpamCure engine) before doing an RBL check.
   
   
7. Fixed the SybariClient to allow the proxy server value to be entered as a server name instead of just as an IP address.
   
   
8. For Exchange 2000/2003 servers, fixed the ASM 'Junk Mail Folder' feature to work correctly on non-English servers when the name of a user's 'Inbox' was something else, as in the case of foreign languages.
   
   
9. For Exchange 5.5 servers, fixed a problem which caused Antigen to erroneously create 'Junk Mail Folders' on the wrong server.
   
   
10. Reduced the maximum number of multiple AntigenRealtime processes from 10 to 4.
    
    
11. Fixed the improper updating of some uuencoded and multipart SMTP e-mails in the Exchange Store when running in ESE mode that would cause Error -613 during an Online Backup on Exchange 2000 Server and Exchange 2003 Server.
    
    
12. Fixed an issue which caused AntigenInternet to incorrectly parse invalid Quoted-Printable MIME messages.
    
    
13. Fixed a parsing issue which caused Antigen to not see all attachments with TNEF encoded messages.
    
    
14. Fixed an install issue which occurred when upgrading Antigen on a server that has Exchange being monitored by an external server using system monitoring software.
    
    
15. Fixed an issue that caused a VSAPI background scan to unnecessarily start after a spam engine update. Also prevented a VSAPI background scan from starting after a virus engine update on an engine that is not selected by any AntigenRealtime.
    
    
16. Provided two new General Options settings to control whether or not a VSAPI background scan is started after a Scanner Update or Scan Job Update.
    
    
17. Changed zip file handling to return UnReadable Compressed if a file within a zip has an actual uncompressed file size that does not match what is in the central directory for that file. The Delete Corrupted Compressed Files General Option setting will control the action taken on the zip file.
    
    
18. Fixed an issue which caused an AntigenInternet abort if using a XML disclaimer that was more than 512 bytes.
    
    
19. Fixed a timing issue that could possibly allow e-mails to bypass AntigenInternet during a server restart.
    
    
20. Fixed an issue where the Manual Scan Job in VSAPI mode would not be scheduled with AT after a recycle of services.
    
    
21. Fixed two issues when using the XML multiple disclaimer feature. In one instance AntigenInternet aborted, in the other instance the wrong disclaimer was being added to e-mails.
    
    

Build 8.0.1470 (Includes all software fixes from Antigen 7.5.1314):

1. Antigen is unable to send notifications to Internal Senders from the MTA Scan Job when running in VSAPI 2 mode. When Antigen's VirusScanandClean routine is called to scan a file, it is given access to certain properties of the message through the VSAPI. One of these properties is the Sender Name. Normally, this property has a value in it. However, when Antigen is called to scan a file in the MTA, the Sender name is NULL thus making it impossible to send a notification to the Internal Sender.
   
   Because of this limitation, anywhere Antigen uses the Sender Information, the value will be NULL when scanning a file in the MTA.
   
   
2. The AntigenService is dependent on the NT Schedule service. The Schedule service must have the ability to start successfully for Antigen to initialize.
   
   
3. Attachments compressed with PKWARE's DCL-Implode are not scanned.
   
   
4. Attachments compressed with PKWARE's Deflate64(tm) are not scanned.
   
   
5. A rare case has been seen where the AntigenManual process occasionally hangs. This has only been seen on Exchange 2003 when running in VSAPI mode if the system is under heavy load and many messages are being purged.
   
   
6. During a Hot Upgrade, the user has the option to "Stop Waiting" if the upgrade is taking too long to process or if it has caused Antigen to hang. If the "Stop Waiting" option is selected too soon after starting the process, there is a risk that Antigen may be left in an off-line state. (Please allow 3-5 minutes before using the "Stop Waiting" option.) If this happens, the Exchange services may need to be recycled to restart Antigen.
   
   
7. The Perform Updates at Startup General Option setting will be set to Off after an upgrade. If this setting was previously set to On, use the Antigen Administrator to set this option back on after the upgrade.
   
   
8. If the Service Control Manager is open, an install or upgrade may fail with "Setup failed in SetupRegistry".
   
   
9. Installing Antigen 9.0 in a folder that contains non-ASCII characters is not supported. Please choose a path that contains only characters from the following groups: letters (A-Z, a-z), numbers (0-9) or the symbols :\/!#$%'()+,-.;=@[]^_`{}~
   
   

The documentation for this product is distributed in HTML format and is provided with this package. After installation, access help either from the Antigen Administrator interface, or use the Help icon in the Antigen for Exchange program group. You can also access the latest documentation at the Microsoft Antigen TechNet Library

Regularly updated lists of frequently asked questions are available on Microsoft's web site (http://support.microsoft.com/ph/9881):

Q: How can I restrict who can administer Antigen?

A: The Antigen Administrator uses DCOM to connect to the Antigen server component. DCOM settings for the AntigenService application are set to initially allow the Administrators group and SYSTEM full access.

You can change the Access and Launch settings in DCOM to restrict access. You do this by launching the DCOMCNFG.EXE program and selecting AntigenService from the Application tab.

Once completed, you will need to restart the Exchange Services.

Q: When I uninstall Antigen, there seems to be a file left behind. Is that by design?

A: When uninstalling Antigen, the process will not remove the file IsUnist.EXE from the Windows (e.g. c:\winnt) directory. It is possible for this file to be shared and used by other applications. If you determine that no other application is using this file, you may safely remove it from your system.

Provided below is the code for the EICAR standard antivirus test file.

To test your installation, copy the following line into its own text file and name it EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 

When done, you will have a 69-byte or 70-byte file.

You can then attach this to an Exchange message for testing. Antigen will report finding the EICAR-STANDARD-AV-TEST-FILE virus. If you have "cleaning" enabled, Antigen will also report the attachment as being deleted. The infected attachment will be removed from the test message or post and be replaced with a text file. The new file will contain the following string when viewed: "Antigen for Exchange found a virus and deleted this file."

It is important to know that THIS IS NOT A VIRUS. However, users often have the need to test that installations function correctly. The antivirus industry, through the European Institute for Computer Antivirus Research, has adopted this standard to facilitate this need.

Please delete the file when installation testing is completed so that unsuspecting users are not unnecessarily alarmed.