Symantec AVF 3.0 for Exchange & Symantec Antivirus 9.0 Corp

Posted on 2004-04-25
Medium Priority
Last Modified: 2007-12-19

Can any one shed some light on this issue?

I used to run AVF 3.0 for Exchange & SAV 8.1 Corp edition on Exchange 2000. Worked great. Whenever there was infected email, e.g. W32.Netsky.C@mm, AVF 3.0 could catch it and replace the attachment with text message, notifying me there was virus.

However, recently, I upgrade SAV 8.1 to 9.0, and ever since that, AVF no longer works properly:

- AVF service can never start at server reboot, I have to configure the service to restart itself after failure, otherwise I will have to manually start it.

- AVF cannot detect the virus properly. Instead, it tells me "detected a message with unscannable attachment"

Have tried uninstall and reinstall Symantec, no improve.
Any idea? Thanks in advance!!
Question by:robinluo
  • 5
  • 2
LVL 27

Expert Comment

by:Asta Cu
ID: 10914102
I believe this will assist you.

Clients and secondary servers do not receive updates after updating Symantec AntiVirus Corporate Edition 8.x parent server with Intelligent Updater

After updating a Symantec AntiVirus Corporate Edition parent server by using the Intelligent Updater, you find that the clients do not receive virus definitions using the Virus Definition Transport Method (VDTM).

This is expected behavior with Symantec AntiVirus. The Intelligent Updater updates definitions by delivering a .vdb file, which was the standard method of delivery for previous versions. Symantec AntiVirus uses an .xdb file instead, which includes technology to allow incremental updates of clients. Since the Intelligent Updater does not include .xdb files, the Symantec AntiVirus server cannot update secondary servers or clients (including legacy clients) with definitions delivered by the Intelligent Updater. Similarly, Symantec AntiVirus cannot update secondary servers or clients if it has been updated manually with a .vdb file.

To update a Symantec AntiVirus server manually, download the most current .xdb file from the Symantec Security Response Web page and copy it to the server. For complete instructions, including steps to automate the process, read the document How to update virus definitions for Symantec AntiVirus Corporate Edition.

Source for more:  http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2003061714012048?OpenDocument&src=ent_hot&dtype=corp&prod=Symantec%20AntiVirus%20Corporate%20Edition&ver=9.0&tpre=
LVL 27

Expert Comment

by:Asta Cu
ID: 10914135
This and Intelligent Updater and more omitted above, sorry.  Long day.  Hopefully, some viable workarounds for you as well.
Did the EVENT LOGS show any problems?


How to automatically update Symantec AntiVirus Corporate Edition 8.x definitions without using LiveUpdate

Noted similar problems to yours because system wasn't rebooted after the upgrade, and other roadblocks; this may help as well to add insight and possibilities for you.
Upgrading to Symantec AntiVirus Corporate Edition 9.0 requires restarting the computer
When performing an upgrade from previous versions of Symantec AntiVirus Corporate Edition to version 9, you must restart the computer.
New features in Symantec AntiVirus Corporate Edition 9.0
Symantec AntiVirus™ Corporate Edition 9.0 includes a number of new and improved features. This document lists and describes what's new in this release.

Manually uninstalling Symantec AntiVirus Corporate Edition 9.x client from Windows NT/2000/ ...
This document describes how to uninstall Symantec AntiVirus Corporate Edition 9.x client from Windows NT/2000/XP or Windows Server 2003 (32-bit) manually.

How to install Symantec AntiVirus Corporate Edition 9.x clients using a logon script
This document gives step-by-step instructions to set up Symantec AntiVirus Corporate Edition 9.x client logon installation.

Four additional services appear after installing the Symantec AntiVirus Corporate Edition™ ...
You just installed only the Symantec AntiVirus Corporate Edition 9.0 client (not Symantec Client Firewall™), and you notice that four additional services are present on your computer. You want to know what they do.

Setting up Symantec AntiVirus Corporate Edition 9.x for Web-based deployment using IIS 4.x ...
This document explains how to set up Symantec AntiVirus™ Corporate Edition 9.x for Web-based deployment, using Microsoft Internet Information Server (IIS) 4.x or 5.x.

General overview of a Group Policy Object (GPO) installation using Symantec AntiVirus ...
You want a to install Symantec AntiVirus Corporate Edition 9.x using a Windows 2000 Active Directory Group Policy Object.

Many more, but hope this helps; off to work for me.  Good luck,



Author Comment

ID: 10914417
Thanks Asta,

I don't really think this is defination updating issue. AVF runs on server end. In my case, it resides on the same server where SAV and Exchange are installed. Therefore, AVF and SAV are sharing the same virus defination file, which is always up to date via liveupdate.

To me, it seems to be a setting somewhere not configured properly, so AVF cannot identify a virus attachment but instead treats it as "unscannable attachment".

I will read the links you provided in your 2nd post and see if there is any hint in here. Will get back to you ASAP.
7 new features that'll make your work life better

It’s our mission to create a product that solves the huge challenges you face at work every day. In case you missed it, here are 7 delightful things we've added recently to monday to make it even more awesome.

LVL 27

Accepted Solution

Asta Cu earned 2000 total points
ID: 10914455
When you had version 3 installed, you likely updated to apply this patch ...
The Unscannable File rule is triggered and the Application Log references the attached Message Body

You have installed Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange ( AV/F for Exchange). Your Unscannable File rule is triggered. The Application Log contains a reference to the attachment "Message Body." However, the email message did not have an associated attachment.

This problem is resolved in Symantec AntiVirus/Filtering 3.02 build 96 for Microsoft Exchange or newer. Please update to this build or to a newer version. For information on obtaining this update, see the document How to obtain an update or an upgrade for your Symantec Corporate product.

Technical Information:
The decomposer used in versions of AV/F for Exchange prior to 3.02 build 96 triggered the unscannable file rule when some message bodies and attachments could not be properly decomposed.


I've been looking for an equivalent for version 9, but no luck (yet).

What criteria can cause an "unscannable file" violation within Symantec AntiVirus/Filtering 3.x for Microsoft Exchange?

Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange (Symantec AV/Filter for MSE) is installed on your Exchange 2000 Server. When you attempt to scan a .tar file which is 1 MB or greater, an unscannable file violation message appears. Other file types do not trigger the unscannable file rule for any file size. Also many more hits or possibilities here:

A built-in feature of SMS for Exchange is Maximum Scan Time. This feature prevents attacks designed to monopolize the scanning subsystem. A time limit on the scanning subsystem maintains security and performance. The default time limit is set to 300 seconds (5 minutes). Attachments exceeding 5 minutes are unscannable and the unscannable file rule is applied.

An example of when the Maximum Scan Time needs changed is compressed files that expand to many times their original size and exceed the default 5-minute time limit. When this happens the file is unscannable and the unscannable file rule is applied.

LVL 27

Expert Comment

by:Asta Cu
ID: 10914481
How to verify that a Symantec corporate antivirus product is set to scan all files
Norton AntiVirus 2003 and 2004 scan all files by default. Do the following to insure that you are using the default settings.
Start Norton AntiVirus. If Norton AntiVirus is installed as a part of Norton Internet Security or Norton SystemWorks, then start that program.
Click Options. If a menu appears, click Norton AntiVirus.
When the Norton AntiVirus Options dialog box appears, in the left pane, click Manual Scan.

Setting up Symantec AntiVirus Corporate Edition 9.x exclusions for NetWare 5.x and 6.x

Custom-scheduled scan settings disappear after the primary master server is restarted

Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange (AV/F Exchange) is installed and is enabled to protect your Exchange server. Some text attachments that are sent through the Exchange 2000 email server are quarantined for a violation of the unscannable file rule. These text attachments open normally with no sign of corruption. Duplicating the text in a new message and then sending it through the email server triggers the unscannable file rule.

My thinking is that perhaps the Default settings for the old version didn't get translated to the upgrade; more here on the default settings for V3 and Server 2000
Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange 2000 default settings

Situation: You want to know the default settings for a fresh installation of Symantec AntiVirus/Filtering 3.0 for Microsoft Exchange 2000 (SAVFMSE).
Solution:   This table shows the default settings:

I'm amazed at the number of possibilities that can trigger this problem, and losing my vision for the day, so off to spend time with the family.  I hope this has helped some.

Best of luck,


Author Comment

ID: 10914914
Asta, thanks for your help. Your post led me to the final solution:

I need to exclude the AVF's working folder from SAV, otherwise both antivirus programs touch their hands on it (not recommended by Symantec) and hence cause trouble.

What's interesting is, I never know this before and didn't configure this when running SAV 8.x, however AVF worked fine at that time. Anyway, good to learn something today.

Thanks again.
LVL 27

Expert Comment

by:Asta Cu
ID: 10918141
I'm so pleased and thank you as well; since we both learned something new in this process.  Thank you also for the fine grade and best wishes!
":0) Asta

Featured Post

Free Tool: IP Lookup

Get more info about an IP address or domain name, such as organization, abuse contacts and geolocation.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

By the time you finish reading this article, you may have already lost all your money because you don't know the simple steps to securing your BitCoin wallet. BitCoin is an incredible invention. It is a decentralized currency system, which is the…
Ransomware continues to be a growing problem for both personal and business users alike and Antivirus companies are still struggling to find a reliable way to protect you from this dangerous threat.
Established in 1997, Technology Architects has become one of the most reputable technology solutions companies in the country. TA have been providing businesses with cost effective state-of-the-art solutions and unparalleled service that is designed…
Email security requires an ever evolving service that stays up to date with counter-evolving threats. The Email Laundry perform Research and Development to ensure their email security service evolves faster than cyber criminals. We apply our Threat…

600 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question