What's in this file

The following are the minimum server and workstation requirements for Antigen for SMTP Gateways.

The new General Option Deliver From Quarantine Security has been added to give administrators more flexibility for handling messages and attachments that are forwarded from quarantine. The options for this setting are Secure Mode and Compatibility Mode.

• Secure Mode is the default. It causes all messages and attachments delivered from quarantine to be re-scanned for viruses and filter matches.
  
  
• Compatibility Mode allows messages and attachments to be delivered from quarantine without being scanned for filter matches. (Messages and attachments are always scanned for viruses.) Antigen identifies these messages by placing a special tag text in the subject line of all messages that are delivered from quarantine.
  
  

During installation, you are now asked if you would like to run in Secure Mode or Compatibility Mode. If you would like Antigen to continue to allow messages and attachments to be delivered from quarantine without being rescanned for filter matches, select Compatibility Mode. If you would like messages and attachments to be rescanned, select Secure Mode.

You can customize the subject line tag text used when messages are delivered from quarantine by using the new registry key ForwardedAttachmentSubject. The subject line tag text can be changed to a unique string for the organization or changed into a local language.

Exchange 2000: The ASM junk mail folder feature is disabled by default. In order to enable this feature, the Microsoft hotfix specified in Knowledge Base article KB884035 must be installed on the server. In order to obtain this fix, contact Microsoft Product Support Services.

Exchange 2003: ASM Junk Mail Folders are removed for Exchange 2003 to promote integration with Exchange.

1. Upgrades from releases earlier than Antigen 8.0SR3 are not supported.
   
   
2. Antigen for SMTP Gateways is compatible with ISA Server 2004. When both Antigen and ISA Server 2004 are installed on the same Windows server, Antigen can scan the SMTP message stream for viruses, spam, and undesirable content. Note that this version of Antigen does not protect HTTP and FTP traffic.
   
   
3. When upgrading from Antigen 8.0SR3, if proxy information is needed for file scanner updates, the information must be re-entered into the Antigen Administrator in the General Options pane.
   
   
4. After a fresh installation, new signature files must be downloaded to ensure the most up-to-date protection. For an upgrade, a one time scanner update for each licensed engine will be scheduled. For a fresh installation, a daily scanner update for each licensed engine will be scheduled. These updates will start 5 minutes after the Antigen services are started. However, if a proxy is being used for scanner updates, these scheduled updates will fail. Use the Antigen Administrator to enter the proxy information. After this is done, click the Update Now button in the Scanner Updates pane to perform an immediate scanner update for each engine.
   
   

   Note:
   Until all the licensed engines have been successfully downloaded, errors may appear in the ProgramLog.txt file. These errors include "ERROR: Could not load SpamCure mapper" and "ERROR: Could not create mapper object".

5. Upgrading from Antigen 8.0SR3 may take longer than expected if the existing quarantine folder contains a large number of files.
   
   
6. The ASM Junk Mail folder processing on Exchange 2000 requires that .NET Framework 1.1 be installed on the server.
   
   
7. Antigen users should be aware of a problem installing ASP.NET 1.1 on a computer running on a Windows 2000 Server domain controller with Service Pack 4 (SP4) installed. The IWAM account is not granted impersonate user rights for ASP.NET 1.1. When you request an ASP.NET 1.1 page, you may receive the following error message:
   
   Server Error in '/AntigenJunkMail' Application.
   
   Access is denied.
   
   Microsoft posted Knowledge Base Article number 824308 (http://support.microsoft.com/?id=824308) describing the problem and providing a workaround solution.
   
   
8. Antigen users should be aware of an issue where the AntigenStoreEvent service uses large amounts of memory. If you think you are experiencing this issue, contact your Microsoft representative to obtain the fix.
   
   
9. The ASM Junk Mail folder processing requires that the World Wide Web Publishing Service be started.
   
   
10. When changing the Enable Junk Mail Folders General Option setting, Antigen will begin to create or disable ASM Junk Mail Folders for all users when the Save button is clicked. It is important to let Antigen finish this process before changing the option again. The start and completion of these operations are written to the ProgramLog.txt file.
    
    
11. The ASM Junk Mail folder displays/updates ASM settings for the user currently logged on to Outlook even when other users' mailboxes are displayed. To administer settings for these other users' mailboxes, you must log on to Outlook as that user.
    
    
12. When using the ASM Junk Mail Folder feature, if your IIS server is configured to use SSL, then you must set the Antigen registry DWORD value UsingSSL to 1.
    
    
13. To enable the Antigen Administrator to run on Windows XP SP2, two steps need to be taken.
    
    First, run dcomcnfg. Navigate to MyComputer in Component Services, right-click My Computer, and then select Properties. Click the COM Security tab. Under Access Permissions, click Edit Limits and add Remote Access privileges for the Anonymous Logon user.
    
    The second step is to allow the Antigen Administrator application. Access Control Panel and choose Security Center. Enter the Windows Firewall administrator and click the Exceptions tab. Select Add Program, select Antigen Administrator from the list, and then click OK. Now, check Antigen Administrator. Choose Add port. Add 135 for the port number, with TCP checked, and any name. Click OK.
    
    If there is concern about opening port 135 to all computers, it can be opened for only the Antigen servers. When adding port 135, click Change Scope and select Custom List. Type the IP addresses of all Antigen servers to which you want to connect.
    
    
14. The Exchange 2003 UCE setting of the SCL Property requires Exchange 2003 and the Outlook 2003 client for mail to be routed to the Junk E-mail folder.
    
    

    Note:
    The Exchange 2003 SCL rating feature does not work on an SMTP Windows 2000/Windows 2003 only server.

15. ASM Using SpamCure Engine: Reporting False Positives and False Negatives.
    
    If you notice that the SpamCure engine is reporting false positives (identifying legitimate e-mail as Spam) or false negatives (failing to identify spam e-mail), you can forward these e-mail messages to Microsoft for analysis by mail filters. The following addresses have been created to process these messages:
    
    spam.mail-filters@antigen.microsoft.com - Use this address to submit spam e-mail that was not detected (False Negatives) by the SpamCure engine.
    
    notspam.mail-filters@antigen.microsoft.com - Use this address to submit legitimate e-mail messages that were identified as spam (false positives) by the SpamCure engine.
    
    

    Note:
    These addresses are only for SpamCure engine detection problems.

16. Skip Content Filtering How-To
    
    In order for the bypassing content filter feature to work properly, the system administrator must do the following:
    
    
    1. In General Options, select Skip Content Filtering for Allowed Mailhosts.
       
       
    2. Either edit an existing allowed mailhosts list or create a new filter list containing each of the internal public IP addresses that you trust. This ensures that they will be trusted and not checked.
       
       To create a new allowed mailhosts filter list, under FILTERING, select Filter Lists and then Allowed Mailhosts. Enter the public IPs or domains that you trust, and then enable the list (under FILTERING, select Mailhost, select the list you want to enable, and then select Enabled from the drop-down menu.)
       
       
    3. In General Options, set the Maximum Allowed Mailhost Lookups to a number appropriate for your organization's topology. The Maximum Allowed Mailhost Lookups should be set to the number of relay servers with public IP addresses within your organization plus one. This ensures that the last external IP address that any given e-mail passes through is checked.
       
       For example, if your topology has a maximum of 2 public addresses that an e-mail could pass through, then the Maximum Allowed Mailhost Lookups should be set to 3. The internal public IP addresses may be relay servers that are located inside the perimeter network.
       
       
17. When installing Antigen on an SMTP only server, Windows Messaging must also be installed on the server to provide the MAPI interface to ensure the proper parsing of message bodies in .msg files and/or TNEF-encoded messages. (You may install MS Outlook on the server to provide the required functionality.)
    
    
18. When Antigen appends a disclaimer to an e-mail that has a different encoding, such as iso-2022-jp, it uses the MS API WideCharToMultiByte to convert the Unicode disclaimer text to the format needed before appending it to the e-mail. If support for that particular encoding has not been installed on the server (Control Panel->Regional and Language Options, Languages tab), Antigen cannot create a disclaimer in the appropriate encoding. If this occurs, a blank disclaimer is added to the e-mail, and the following error is logged to the Program Log: "WideCharToMultiByte returns an empty string for the Unicode plaintext disclaimer using the %s encoding" (where %s is replaced by the charset name.)
    
    
19. If you are using the ASM Junk Mail Folder and want to host the Antigen ASM Web application on a different server, create a string registry key named JunkMailHostName. Antigen then uses this value (instead of the local host name) when setting the home page for the ASM Junk Folder for each Outlook user.
    
    
20. Antigen is able to scan the first part of a multi-part RAR file. Any other part of a multi-part RAR will be treated as CorruptedCompressed, and be treated according to the Delete Corrupted Compressed Files General Option setting.
    
    
21. After an upgrade of Antigen, any monitoring software should be recycled to use the new Antigen monitoring library.
    
    
22. Antigen no longer supports the ability of customers to host their own engine updates.
    
    
23. Antigen database path names (DatabasePath registry key) greater than 216 characters are not supported.
    
    
24. When installing Antigen, the length of the installation path must be less than 170 characters.
    
    
25. UNC paths specified for engine updates must not end with a backslash ("\").
    
    
26. The CA InoculateIT scan engine is no longer available as a separate engine. This engine and its functionality have been merged with the CA Vet engine.
    
    
27. To change the server profile for notification purposes, you must modify the FromAddress registry value. In the registry editor, the FromAddress registry value is located under HKEY_LOCAL_MACHINE\SOFTWARE\SybariSoftware\Notifications\. For details about modifying this value, refer to the "Sending notifications" section in the "Using e-mail notifications" chapter in the "Microsoft Antigen for SMTP Gateways User Guide," which is available at the Microsoft Antigen TechNet Library.
    
    

    Note:
    In previous releases, the FromAddress registry value was named ServerProfile. If the user guide erroneously lists the value as ServerProfile, change it to FromAddress.

Build 9.1.1097.00 (Includes all features from Antigen 9.0.1055):

1. Antigen now supports globalization. Although Antigen is not localized, the English version of the Antigen product can now be installed on local language versions of Windows Server and Exchange.
   
   
2. Antigen now supports Office 2007 file formats (.docx, .xlsx, and so on.)
   
   
3. A new General Option setting Treat multipart RAR archives as corrupted compressed has been added. When this option is enabled (the default setting), files determined by Antigen to be multipart RAR will be treated as corrupted compressed and acted on according to the Delete Corrupted Compressed Files General Option setting. When this option is disabled, Antigen will pass each file within the RAR volume to the scan engines.
   
   

   Note:
   If a file spans RAR volumes, Antigen will only be able to pass the partial file to the scan engines and file type filtering may not work.

4. A new General Option setting Treat high compression ZIP files as corrupted compressed has been added. When this option is enabled (the default setting), if a zip archive is found to contain one or more highly compressed files, it will be treated as corrupted compressed, and acted on according to the Delete Corrupted Compressed Files General Option setting. When this option is disabled, any file within a zip archive that is highly compressed with either the Deflated64, Bzip2, or PPMD algorithms will be sent to the scan engines in its compressed form. In this case, the entire zip archive will not be treated as corrupted compressed as long as no other files are compressed using other high compression algorithms.
   
   
5. If Microsoft Updates (MU) has not already been activated for the server, an option to opt into the MU program will be presented during the installation.
   
   
6. Antigen scheduled tasks will now be handled using Task Scheduler. Each repeated task will now show as one scheduled task in the Scheduled Tasks UI.
   
   
7. A new Product Licensing Agreement and Expiration entry screen has been added. After you have activated your product, you should enter licensing information (obtained from Microsoft Sales). If you license your product, you can align when your product expires with your license agreement (otherwise, the expiration will be three years from the installation date). In addition, you can easily renew your license by entering a new expiration date. To license Antigen, select Product License from the Help menu. The Product License Agreement and Expiration dialog box appears. Enter your 7-digit License Agreement Number and then enter an Expiration Date. You should enter a date that corresponds to the expiration of your license agreement. That will coordinate the expiration of both the license agreement and the product. When the product nears its expiration, you should renew your license agreement and enter the new license information into the Product Licensing Agreement and Expiration dialog box.
   
   
8. A new General Option setting Treat concatenated gzips as corrupted compressed has been added.
   
   Multiple Gnu zip (gzip) files can be concatenated into a single file. Although Antigen recognizes concatenated gzips, it may not recognize individual files split across concatenated gzips. Therefore, Antigen treats concatenated gzips as corrupted compressed by default. In combination with the Delete Corrupted Compressed Files option, this default behavior prevents all concatenated gzips from passing through, thereby preventing potential infections.
   
   Disabling the treat concatenated gzips as corrupted compressed option enables you to receive concatenated gzips. However, in this case, a virus may escape detection.
   
   
9. The default value for the Max Program Log Size General Option setting has been changed from 0 (no limit to the maximum size) to 25600 KB. This change affects new installations only and does not affect the settings if you are upgrading from a prior release.
   
   

Build 9.0.1055 (Includes all features from Antigen 8.0.1517):

1. For each scan engine, a secondary update path can be entered. If using the network update path to get an engine update fails for any reason, the secondary update path will be tried.
   
   
2. A new General Option setting Purge message if Message Body Deleted - Internet has been added. This setting gives you the option to purge a message if any of the message body parts is deleted and there are no attachments.
   
   
3. The default InternetProcessCount value on fresh installations will be set to 2. The existing value will not be changed during upgrades. In addition, a new General Option is exposed in the UI to allow the user to change this setting without editing the registry.
   
   

   Note:
   Services still must be recycled for this value to take effect.

4. Separate notifications are now available for Spam/RBL, keywords, and sender-domains/subject line filters. Keyword filter notifications are available for the sender and recipients as well as the administrator. A new Spam Administrator is available for the Spam/RBL filters. Content filter notifications are available for the sender and recipients, as well as the administrator, and include sender and subject line filter notifications.
   
   

Build 8.0.1517 (Includes all features from Antigen 8.0.1494):

1. By default, Antigen scans mail on all SMTP Virtual Servers when the SMTP Scan Job is enabled. If you do not want Antigen to scan all enabled SMTP Virtual Servers, you can create a STRING registry value named DisableSMTPVS. The STRING value must be populated with a comma-delimited list of numbers from 1 through 10 representing the Virtual Servers you would like Antigen to skip during scanning. For example, if you have four Virtual Servers and only want Antigen to scan on VS1 and VS3, the STRING value would be: 2,4.
   
   

   Note:
   Placing anything other than the numbers 1 through 10 in the STRING causes unpredictable results.

   In order for this change to take effect, the Simple Mail Transport Protocol (SMTP) service must be stopped. Next, the following three commands must be executed from the command prompt in the Antigen for SMTP folder:
   
   
   • AntigenIMC.exe /unregserver
     
     
   • AntigenIMC.exe /regserver
     
     
   • AntigenIMC.exe /service
     
     
   The value in the DisableSMTPVS will be recognized on the next start of the SMTP service.
   
   If the first Virtual Server needs to be disabled, the registry key PickupFolderPath must be deleted.
   
   
2. By default, Antigen performs file filtering within compressed archives. An existing feature allows Antigen to skip file filtering within zip archives by setting a *.zip file filter with its Action set to Skip-Detect. When Antigen is processing a file filter list, once a match is made with the filter, the remaining file filters within the file filter list are not processed for files within the zip archive.
   
   A new feature now extends the same functionality to several compressed file formats: TAR, GZIP, RAR, Macintosh, SMIME, and self extracting ZIP archives. To activate this new feature for AntigenInternet, set the DWORD registry key SkipFileFilterWithinCompressedInternet to 1.
   
   

Build 8.0.1494:

Same features as 8.0.1484

Build 8.0.1484

1. Added a new setting to the Incident Logging General Option to allow spam/RBL incident logging to be disabled.
   
   

Build 8.0.1470 (Includes all features from Antigen 7.5.1314):

1. Added the ability to purge the Incidents database.
   
   
2. Added the ability to upgrade Antigen without needing to shut down the SMTP services.
   
   
3. Support for multiple disclaimers is configurable for senders, recipients, and domains.
   
   
4. Added support for allowed senders lists to be configurable for different scanning functions.
   
   
5. Added the ability to perform scanner updates through a proxy server that requires HTTP authentication. The Antigen Client provides you with the ability to set the proxy server IP address, port, username, and password. Proxy server settings can also be deployed using templates.
   
   
6. When performing checks against the allowed mailhosts list, domain names in the InternalAddress list will not be checked.
   
   
7. The Statistics pane has been enhanced to include message statistics as well as attachment statistics.
   
   
8. You now have the option to use the MAIL FROM: sender address from the SMTP protocol instead of the MIME FROM: sender for the SMTP Scan Job.
   
   
9. Added scanning support for opaque signed S/MIME files.
   
   

Build 9.1.1097.00 (Includes all software fixes from Antigen 9.0.1055):

This release includes fixes identified in these Knowledge Base articles:

• KB 924008—An outgoing e-mail message that includes disclaimer text causes the AntigenInternet.exe process to stop responding in Antigen 9.0.
  
  
• KB 923877—Quarantined items have an English (United States) date format (MM/DD/YYYY) instead of the date format that is configured in the regional settings on the server when you use the Antigen 9.0 client to view the items.
  
  
• KB 924602—The HTML format of an e-mail message is incorrectly converted to plain text when the contact user opens an e-mail message if Antigen 9.0 is installed.
  
  
• KB 924600—Antigen 9.0 performance counters do not report data in Performance Monitor.
  
  
• KB 924705—The update operation times out when you try to update Antigen 9.0 scan engines.
  
  
• KB 925784—Antigen 9.0 may block legitimate e-mail messages because they may include some redundant Content-Transfer-Encoding items.
  
  
• KB 928082—The size of SMTP messages may increase during the scanning process in Antigen.
  
  
• KB 928281—You are limited to 255 characters when you add multiple domain names in the Internal Address box of the Antigen Administrator console.
  
  
• KB 933675—No items appear in the Antigen Quarantine and no entries are logged in the Incidents work pane when you run Antigen 9.0.
  
  
• KB 928081—Antigen 9.0 incorrectly detects a Uuencode file as a virus.
  
  
• KB 932642—Event ID: 100 occurs after you install a Microsoft Antigen 9.0 server.
  
  
• KB 933544—Event ID 100 is logged in Antigen 9.0.
  
  
• KB 934636—The Antigen Worm List engine version is "0" in the Scanner Information area when you use Antigen Enterprise Manager 9.0 to gather the engine information.
  
  
• KB 935401—Antigen 9.0 had problems scanning certain structured storage files.
  
  

Build 9.0.1055 (Includes all software fixes from Antigen 8.0.1517)

Build 8.0.1517 (Includes all software fixes from Antigen 8.0.1494)

1. AntigenInternet scans winmail.dat files for viruses. Exchange uses winmail.dat files for several purposes, and to facilitate public folder replication it sends winmail.dat files between servers. If Antigen modifies any of these winmail.dat files, the public folder replication process fails. Set a new DWORD registry key named DoNotScanIPMReplicationMessages to 1 and AntigenInternet will not scan IPM replication messages.
   
   
2. Fixed a problem that caused Antigen to log repetitive cosmetic errors to the Program log on STMP only servers that did not have access to Active Directory.
   
   
3. Fixed a problem that caused Antigen to stop processing any generic list (such as content filter list) if any entry in the list ended with a space character.
   
   
4. Fixed a problem that caused an AntigenRealtime abort when a the file deletion text had a keyword (for example: %virusengines%) that had a NULL value.
   
   
5. Fixed a problem that prevented Antigen from being able to purge inbound SMTP messages that are destined for a public folder.
   
   
6. Fixed a problem that caused Antigen to misidentify images within spreadsheets as corrupted compressed gzip files.
   
   
7. Fixed a problem that prevented Antigen from properly parsing .zip files that contained random binary data in the beginning of the .zip file.
   
   
8. Fixed a problem that could cause AntigenInternet to match an erroneous file filter, or cause AntigenInternet to abort when processing an e-mail that contained Japanese encoded characters.
   
   
9. Antigen now correctly parses .zip files that list an uncompressed size equal to zero in either the local file header or central directory.
   
   
10. Fixed a problem that caused Antigen to timeout when processing RAR files that contained subdirectories.
    
    
11. Fixed a problem that caused Antigen to not create ASM Junk Mail Folders for all users on servers that contained a very large Active Directory database, or in configurations that contained child domains.
    
    
12. Fixed a problem that could cause a potential deadlock if two AntigenInternet scanning processes both timed out scanning a file at approximately the same time.
    
    
13. Fixed Antigen to correctly remove all scheduled scanner updates from the AT scheduler when AntigenService stops.
    
    
14. Fixed a problem that could cause a third party desktop scanner to catch a virus in the TEMP folder when Antigen was scanning a MIME message that was within a zip archive.
    
    
15. Fixed a problem that caused the Exchange services to not start after installing Antigen 8.0.1494.
    
    
16. Fixed a problem that caused Antigen to always update every MIME message that it scanned when the General Option setting Fix Bare CR or LF in Mime Headers was enabled, instead of only updating MIME messages that contained bare CRs, bare LFs or NULs.
    
    
17. Antigen now uses the long filename, if present, within TNEF attachments when applying file filter rules.
    
    
18. Fixed a problem that caused Antigen to report an 'Unknown' sender in a notification when a using Outlook Web Access.
    
    
19. Improved scanning performance during scan engine updates.
    
    

Build 8.0.1494

1. Fixed a timing issue that could allow a message to get past Antigen unscanned if the server was flooded with incoming mail when it was restarting.
   
   
2. Fixed a timing issue that could cause the wrong AntigenInternet process to be restarted when a scan timeout occurs.
   
   

Build 8.0.1484 (Includes all software fixes from Antigen 7.5.1315):

1. Antigen now automatically scans .jpg files for viruses without the need to make any configuration changes.
   
   
2. Antigen now correctly handles self extracting RAR files.
   
   
3. Fixed a problem that caused an HTML formatting error when using the ACM job 'Generate HTML report'.
   
   
4. Fixed an issue that caused Antigen to always set the SCL level to a zero even if the property was not present in the original e-mail.
   
   
5. Antigen now scans e-mails for Spam (using the SpamCure engine) before doing an RBL check.
   
   
6. Fixed the SybariClient to allow the proxy server value to be entered as a server name instead of just as an IP address.
   
   
7. For Exchange 2000/2003 servers, fixed the ASM 'Junk Mail Folder' feature to work correctly on non-English servers when the name of a user's 'Inbox' was something else, as in the case of foreign languages.
   
   
8. Fixed a problem that prevented the KVS service from starting correctly during Exchange startup.
   
   
9. Fixed an issue which caused AntigenInternet to incorrectly parse invalid Quoted-Printable MIME messages.
   
   
10. Fixed a parsing issue which caused Antigen to not see all attachments with TNEF encoded messages.
    
    
11. Fixed an installation issue that occurred when upgrading Antigen on a server that has Exchange being monitored by an external server using system monitoring software.
    
    
12. Changed zip file handling to return UnReadable Compressed if a file within a zip has an actual uncompressed file size that does not match what is in the central directory for that file. The Delete Corrupted Compressed Files General Option setting will control the action taken on the zip file.
    
    
13. Fixed an issue that caused an AntigenInternet abort if using a XML disclaimer that was more than 512 bytes.
    
    
14. Fixed a timing issue that could possibly allow e-mails to bypass AntigenInternet during a server restart.
    
    
15. Fixed two issues when using the XML multiple disclaimer feature. In one instance AntigenInternet aborted, in the other instance the wrong disclaimer was being added to e-mails.
    
    

Build 8.0.1470 (Includes all software fixes from Antigen 7.5.1314):

1. Attachments compressed with PKWARE's DCL-Implode are not scanned.
   
   
2. Attachments compressed with PKWARE's Deflate64(tm) are not scanned.
   
   
3. During a Hot Upgrade, the user has the option to "Stop Waiting" if the upgrade is taking too long to process or if it has caused Antigen to hang. If the "Stop Waiting" option is selected too soon after starting the process, there is a risk that Antigen may be left in an off-line state. (Allow 3-5 minutes before using the "Stop Waiting" option.) If this happens, the Exchange services may need to be recycled to restart Antigen.
   
   
4. The Perform Updates at Startup General Option setting will be set to Off after an upgrade. If this setting was previously set to On, use the Antigen Administrator to set this option back on after the upgrade.
   
   
5. If the Service Control Manager is open, an install or upgrade may fail with "Setup failed in SetupRegistry".
   
   
6. Installing Antigen 9.0 in a folder that contains non-ASCII characters is not supported. Choose a path that contains only characters from the following groups: letters (A-Z, a-z), numbers (0-9) or the symbols :\/!#$%'()+,-.;=@[]^_`{}~
   
   

The documentation for this product is distributed in HTML format and is provided with this package. After installation, access help either from the Antigen Administrator interface, or use the Help icon in the Antigen for SMTP program group. You can also access the latest documentation at the Microsoft Antigen TechNet Library

Regularly updated lists of frequently asked questions are available on Microsoft's Web site (http://support.microsoft.com/ph/9881):

Q: How can I restrict who can administer Antigen?

A: The Antigen Administrator uses DCOM to connect to the Antigen server component. DCOM settings for the AntigenService application are set to initially allow the Administrators group and SYSTEM full access.

You can change the Access and Launch settings in DCOM to restrict access. You do this by launching the DCOMCNFG.EXE program and selecting AntigenService from the Application tab.

Once completed, you will need to restart the Exchange Services.

Q: When I uninstall Antigen, there seems to be a file left behind. Is that by design?

A: When uninstalling Antigen, the process will not remove the file IsUnist.EXE from the Windows (e.g. c:\winnt) directory. It is possible for this file to be shared and used by other applications. If you determine that no other application is using this file, you may safely remove it from your system.

Provided below is the code for the EICAR standard antivirus test file.

To test your installation, copy the following line into its own text file and name it EICAR.COM.

X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* 

When done, you will have a 69-byte or 70-byte file.

You can then attach this to an SMTP message for testing. Antigen will report finding the EICAR-STANDARD-AV-TEST-FILE virus. If you have "cleaning" enabled, Antigen will also report the attachment as being deleted. The infected attachment will be removed from the test message or post and be replaced with a text file. The new file will contain the following string when viewed: "Antigen for SMTP found a virus and deleted this file."

It is important to know that THIS IS NOT A VIRUS. However, users often have the need to test that installations function correctly. The antivirus industry, through the European Institute for Computer Antivirus Research, has adopted this standard to facilitate this need.

Please delete the file when installation testing is completed so that unsuspecting users are not unnecessarily alarmed.