Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium


emails with attachments are getting converted to MIME text with the attachment as scrambled text in the body

Posted on 2008-06-11
Medium Priority
Last Modified: 2013-11-22
One of my customer's email has gone belly up in that some emails with attachments are getting converted to MIME text with the attachment as scrambled text in the body.
This seems to have happened since the rollout of AVG 8 and I am stumped as to where in the chain it is being corrupted...within Exchange or when received through Outlook, but I feel that Exchange may have been corrupted as a result as the database files are growing quickly. I have contacted AVG support and they have been forwarding FAQ references which I had already seen on the website and sending this diagnostics tool which blue-screened the server.
Question by:Dale_Wattam
LVL 14

Accepted Solution

plug1 earned 2000 total points
ID: 21757970
You are going to need to remove AVG from a client to see the result, then remove it from the exchange server, its not a major job and you can see where its failing.

Author Comment

ID: 22173113
It is recommended to exclude the following folders from AVG scanning (on the sever where AVG for MS Exchange is installed) :
M:\ (for MS Exchange 2000 only)
C:\Program Files\Exchsrvr\Mailroot
C:\Program Files\Exchsrvr\CONNDATA
C:\Program Files\Exchsrvr\MDBDATA
C:\Program Files\Exchsrvr\MTADATA
C:\Program Files\Exchsrvr\SCHEMA
C:\Program Files\Microsoft\Exchange Server\Mailbox (MS Exchange 2007)
Please exclude these folders in AVG Resident Shield settings (AVG -> AVG Resident Shield component -> Manage exceptions button) and also in the configuration of the scheduled AVG test which you run on that server (AVG -> Tools menu -> Advanced settings option -> Schedules -> Scheduled scan -> What to scan tab -> choose "Scan specific files and folders" and exclude folders mentioned above).
Please bear in mind that it is needed to exclude these folders for a specific scan if you would like to launch the scan manually (AVG-> Computer scanner -> Scan specific files and folders -> Change scan settings).
 For more information please see the following Microsoft webpage: http://support.microsoft.com/kb/245822/en-us (Information has been copied below for you)
File-Based Antivirus Software
You can install file-based scanning antivirus software on an Exchange computer. However, never run scanning against the program and database files of an Exchange computer.

In addition, never run scanning against the Installable File System (IFS) drive (drive M) of an Exchange 2000 server. If you do so, you might receive false reports of a virus and you might damage Exchange 2000 databases when you attempt to disinfect the file.

In Exchange 2000, drive M is a convenient label for the Exchange IFS. The Exchange IFS enables you to view and use the Exchange information store as a file system.

NOTE: Drive M can use a letter other than M. This drive is generally referred to as drive M; however, if the letter M is already being used, this drive uses another drive letter. For additional information about issues that are caused by antivirus scanning of drive M, click the following article number to view the article in the Microsoft Knowledge Base:
299046http://support.microsoft.com/kb/299046/ Calendar items disappear from user's folders
In some situations, you may experience additional issues with the Exchange IFS. For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
305145http://support.microsoft.com/kb/305145/ How to remove the IFS mapping for drive M in Exchange 2000 Server
If you need to run a file-based virus scanner on an Exchange computer, remove the Exchange-specific files and folders from the scheduled scans and real-time scanning. File-based scanning of Exchange 2000 executable files is supported.

IMPORTANT: Never run file-based scanning software against Exchange databases, logs, temporary files, the IIS system files, or the IFS drive (drive M). Configure antivirus software to avoid scanning the folders that contain these files.

You can run file-based antivirus software against the operating system of the Exchange computer and against Exchange program files (the Exchsrvr\Bin folder), but never run file-based antivirus software against files in the following folders:
"      Exchange databases and log files.
"      Exchange .mta files (default location: \Exchsrvr\Mtadata).
"      Exchange message tracking log files (default location: \Exchsrvr\Server_Name.log).
"      Virtual server folders (default location: \Exchsrvr\Mailroot).
"      Site Replication Service (SRS) files (default location: \Exchsrvr\Srsdata).
"      Internet Information Service (IIS) system files (default location: \%SystemRoot%\System32\Inetsrv).
"      Internet Mail Connector files (default location: \Exchsrvr\IMCData).
"      The working folder that is used to store streaming temporary files that are used for message conversion. By default, this working folder is located at \Exchsrvr\MDBData.
"      A temporary folder that is used in conjunction with offline maintenance utilities such as Eseutil.exe. By default, this folder is the location that you run the .exe files from, but you can configure this when you run the utility.
You can run file-based scanning against the following folders:
"      Exchsrvr\Address
"      Exchsrvr\Bin
"      Exchsrvr\Exchweb
"      Exchsrvr\Res
"      Exchsrvr\Schema
Temporarily disable file-based scanning software during operating system and Exchange upgrades; this includes upgrading to new versions of Exchange or the operating system, and applying any Exchange or operating system fixes or service packs.

When you upgrade an Exchange or operating system product, or apply a service pack or fix, it is standard procedure to stop and disable all of the third-party services, hardware vendor and operating system monitors, and any agents or Exchange monitors before you perform the update or upgrade. Also stop and disable any performance monitors, any Microsoft or third-party backup programs, and Microsoft Simple Network Management Protocol (SNMP). Then restart the Exchange computer before you apply the upgrade or fix. This procedure prevents files that the update process needs to access from being locked.

IMPORTANT: This procedure also includes stopping and disabling any antivirus programs (including file-based scanning antivirus software) before you upgrade any version of Exchange or the operating system and before you apply any Exchange or operating system service pack or fix.
 Back to the top
Exchange Information Store Scanning Software
Microsoft provides application programming interfaces (APIs) that give other manufacturers the ability to write antivirus programs that scan the information store. If this type of software is running on your Exchange computer and you are experiencing issues, research the issues and follow normal troubleshooting procedures. If these procedures do not resolve the issue, temporarily disable or remove the antivirus software to determine whether it is contributing to the issue. If the antivirus software is not contributing to the issue, you can re-enable the antivirus software.

If the issue stops occurring after you disable or remove the antivirus software, contact the manufacturer of the antivirus software for the most recent update. If the most recent update of the software does not resolve the issue, continue working with the antivirus software manufacturer and Microsoft to pursue a resolution to the issue.

For additional information, click the following article number to view the article in the Microsoft Knowledge Base:
241855http://support.microsoft.com/kb/241855/ Information Store does not start with event ID 145
The third-party products that are discussed in this article are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.

Exclude the folder that contains the checkpoint (.chk) files from file-based scanners.

NOTE: Even if you move the Exchange databases and log files to new locations, and you exclude those folders, the .chk file may still be scanned. For more information about what may occur if the .chk file is scanned, click the following article number to view the article in the Microsoft Knowledge Base:
253111http://support.microsoft.com/kb/253111/ Event: Unable to write a shadowed header for file
176239http://support.microsoft.com/kb/176239/ Database won't start; circular logging deleted log file too soon

Featured Post

Who's Defending Your Organization from Threats?

Protecting against advanced threats requires an IT dream team – a well-oiled machine of people and solutions working together to defend your organization. Download our resource kit today to learn more about the tools you need to build you IT Dream Team!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

In this post, I will showcase the steps for how to create groups in Office 365. Office 365 groups allow for ease of flexibility and collaboration between staff members.
Among the most obnoxious of Exchange errors is error 1216 – Attached Database Mismatch error of the Jet Database Engine. When faced with this error, users may have to suffer from mailbox inaccessibility and in worst situations, permanent data loss.
This video discusses moving either the default database or any database to a new volume.
Whether it be Exchange Server Crash Issues, Dirty Shutdown Errors or Failed to mount error, Stellar Phoenix Mailbox Exchange Recovery has always got your back. With the help of its easy to understand user interface and 3 simple steps recovery proced…
Suggested Courses

581 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question