XADM: Contents of the .stm File Are Not Scanned When Using Antivirus API (286638)


The information in this article applies to:

  • Microsoft Exchange 2000 Enterprise Server
  • Microsoft Exchange 2000 Server
This article was previously published under Q286638

SYMPTOMS

If you are using antivirus application programming interface (API)-based scanning solutions on Exchange 2000 Server, e-mail based viruses may not be detected when you are using Internet-based clients such as Post Office Protocol 3 (POP3), Internet Message Access Protocol 4 (IMAP4), and Outlook Web Access (OWA) for sending and receiving e-mail.

CAUSE

The antivirus API that is present in Exchange 2000 Server does not contain the capability to properly scan the contents of the streaming media (.stm) file. Because Internet-based clients store the message content in the .stm file in native MIME format, the content is not scanned when the message is accessed by any other client, including MAPI-based clients. For more information about the conditions that must be present for the antivirus API to properly scan message attachments, see the "More Information" section later in this article.

WORKAROUND

To work around this issue, use only MAPI-based clients to send and receive messages until Exchange 2000 Server Service Pack 1 (SP1) is available.

STATUS

Microsoft has confirmed that this is a problem in Microsoft Exchange 2000 Server.

MORE INFORMATION

The antivirus API successfully scans messages if:
  • Messages arrive through the Message Transfer Agent (MTA), such as an Exchange Server 5.5 to Exchange 2000 migration or coexistence scenario, and are retrieved using a MAPI-based client such as Microsoft Outlook.
  • New messages are submitted from a MAPI-based client such as Microsoft Outlook.
  • The MAPI-based client opens an attachment from an Internet user or an Internet protocol (IP) client, the user makes a modification, and then attempts to save the message.
The antivirus API does not successfully scan messages if:
  • On an Exchange 2000-based server that is responsible for sending and receiving Internet mail, a message is received and then opened by any supported client.
  • When an Internet message is received by an Exchange 2000-based server from the Internet or from an internal Simple Mail Transfer Protocol (SMTP) service, and then is routed over one of the following connectors:
    • Lotus Notes Connector
    • Lotus cc:Mail Connector
    • Microsoft Exchange Connector for SNADS
    • Microsoft Exchange Connector for IBM OfficeVision/VM (PROFS)
    • Groupwise Connector
    • Any third-party gateway that is based on the Exchange Gateway Development Kit.
  • When a message is received by an Exchange 2000-based server that was sent directly from another Exchange 2000-based server, and a user on the recipient server attempts to open the message by using any supported client.
For further analysis of how this issue may affect you, contact Microsoft Product Support Services for analysis of your topology.
Modification Type:MinorLast Reviewed:4/25/2005
Keywords:kbbug kbnofix KB286638
©2004 Microsoft Corporation. All rights reserved.