Solved

Attachment removed and body replaced with: "FILE QUARANTINED"

Posted on 2006-10-27
8
8,028 Views
Last Modified: 2012-06-22
Hello everyone!
We have a customer trying to send us a critical datafile through email.  The problem is the email attachment is getting stripped from the email.  Email Client is Outlook XP.  We've also just upgraded to Exchange 2005 (which is why I am uncertain about this message below).

We are fairly certain the issue lies on the customer-side, because we receive these exact datafiles from customers nationwide all day - with no issue.

If possible, I would like to verify which firewall/email system/etc. adds this specific message below:
_________________________________________________________
FILE QUARANTINED
----------------

The original contents of Body of Message have been replaced
with this message because of its FragmentedMessage characteristics.
_________________________________________________________
I know "Body of Message" and "FrangmentedMessage" are variables.

Points to the first expert who can fill-me-in on which application adds this exact message.  

As always,
Thanks for your time and help!!
- Mike (OB)
0
Comment
Question by:ottobock
  • 3
  • 2
8 Comments
 
LVL 7

Author Comment

by:ottobock
Comment Utility
Thanks Sembee!  However, do you think this issue is truely just an Exchange issue??  
I placed this issue in the EMAIL-GENERAL category because at the present time I dont know what adds this "File Quarantined" message. (For all I know, this could be a Lotus system running a Sonicwall on the customers-side. --just an example, I hope an expert can give me the true system that gives this message)
Thanks!
- Mike (OB)
0
 
LVL 7

Author Comment

by:ottobock
Comment Utility
:-)  -- Yes Exchange 2003, not 2005.
Thank you!!
- Mike  
0
 
LVL 16

Accepted Solution

by:
btassure earned 500 total points
Comment Utility
Someone is using Antigen (probably the other party or you would know about it)

www.kbalertz.com/kb_924952.aspx
0
How your wiki can always stay up-to-date

Quip doubles as a “living” wiki and a project management tool that evolves with your organization. As you finish projects in Quip, the work remains, easily accessible to all team members, new and old.
- Increase transparency
- Onboard new hires faster
- Access from mobile/offline

 
LVL 30

Expert Comment

by:pgm554
Comment Utility
Tell them to send it in a zipped format and password protect.

It appears as if the file they are sending is being blocked by antivirus software.

It aapears as if the virus software or whatever sees it as a possible worm threat.

What is the extension of the attached file?
0
 
LVL 30

Expert Comment

by:pgm554
Comment Utility
These are all blocked extensions:

File extension File type
.ade Microsoft Access project extension
.adp Microsoft Access project
 app Microsoft Visual FoxPro application (blocked only in Outlook 2002 SP-2 and Outlook 2000 SP-3)
.asp  Active server page. (Blocked in Outlook 2002 SP3 and higher)
.asx Windows Media Audio or Video shortcut (blocked only in Outlook 2002 builds earlier than 10.0.3005.x)
.bas Visual Basic class module
.bat Batch file
.cer (blocked only in Outlook 2003 and later)
.chm Compiled HTML Help file
.cmd Windows NT Command script
.com MS-DOS program
.cpl Control Panel extension  
.crt Security certificate
.csh KornShell script file (blocked only in Outlook 2002 SP-2  and Outlook 2000 SP-3 and later)
.exe Program
 fxp Microsoft Visual FoxPro compiled program (blocked only in Outlook 2002 SP-2  and Outlook 2000 SP-3 and later)
.hlp Help file
.hta HTML program
.inf Setup  Information
.ins Internet Naming Service
.isp Internet Communication settings
.js JScript Script file
.jse Jscript Encoded Script file
.ksh KornShell script file (blocked only in Outlook 2002 SP-2  and Outlook 2000 SP-3 and later)
.lnk Shortcut
.mda Microsoft Access add-in program (blocked only in Outlook 2002 and a patched version of Outlook 2000)
.mdb Microsoft Access program  
.mdt Microsoft Access workgroup information (blocked only in Outlook 2002 SP-1  and Outlook 2000 SP-3 and later)
.mdw Microsoft Access workgroup information (blocked only in Outlook 2002 SP-1  and Outlook 2000 SP-3 and later)
.mde Microsoft Access MDE database
.mdz Microsoft Access wizard program (blocked only in Outlook 2002 and a patched version of Outlook 2000)
.msc Microsoft Common Console document
.msi Windows Installer package
.msp Windows Installer patch
.mst Visual Test source files
.ops Office XP settings (blocked only in Outlook 2002 SP-1 and  and Outlook 2000 SP-3 later)
.pcd Photo CD image
.pif Shortcut to MS-DOS program
.prf Microsoft Outlook profile settings (blocked only in Outlook 2002)
.prg Microsoft Visual FoxPro program (blocked only in Outlook 2002 SP-2  and Outlook 2000 SP-3)
.pst Microsoft Outlook Personal Folders file (blocked only in Outlook 2000 SP-3)
.reg Registration entries
.scf Windows Explorer command (blocked only in Outlook 2002)
.scr Screen saver
.sct Windows Script Component
.shb Shell Scrap Object
.shs Shell Scrap Object
.tmp Temporary file. (Blocked in Outlook 2002 SP3 and higher)
.url Internet shortcut
.vb VBScript file
.vbe VBScript encoded script file
.vbs Visual Basic Script file
.vsmacros Visual Studio .NET macro project file. (Blocked in Outlook 2002 SP3 and higher)
.vss Visio shapes and Visio stencils (Blocked in Outlook 2002 SP3 and higher)
.vst  Visio template (Blocked in Outlook 2002 SP3 and higher)
.vsw  Visio workspace (Blocked in Outlook 2002 SP3 and higher)
.ws  Windows script file (Blocked in Outlook 2002 SP3 and higher)
.wsc Windows Script Component
.wsf Windows Script file
.wsh Windows Script Host Settings file
0
 
LVL 7

Author Comment

by:ottobock
Comment Utility
Hello,
Thanks for the replies!  The attachment is actually a datafile for a manufacturing computer, and the extension is atypical -- which is why all (but 1) of the customers are not having troubles sending it.    

After checking around, btassure is correct -- and that this is Microsoft/Sybari Antigen for Exchange.
Thanks!
- Mike (OB)  
0

Featured Post

Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

Join & Write a Comment

Find out how to use Active Directory data for email signature management in Microsoft Exchange and Office 365.
Local Continuous Replication is a cost effective and quick way of backing up Exchange server data. The following article describes the steps required to configure Local Continuous Replication. Also, the article tells you how to restore from a backup…
In this video we show how to create a Resource Mailbox in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.: Navigate to the Recipients >> Resources tab.: "Recipients" is our default selection …
To show how to generate a certificate request in Exchange 2013. We show this process by using the Exchange Admin Center. Log into Exchange Admin Center.:  First we need to log into the Exchange Admin Center. Navigate to the Servers >> Certificates…

772 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

16 Experts available now in Live!

Get 1:1 Help Now