How to manually rebuild the antivirus scan engine in Microsoft Antigen 9.0 for Exchange (920304)


The information in this article applies to:

  • Microsoft Antigen 9.0 for Exchange

INTRODUCTION

This article describes how to manually rebuild the antivirus scan engine in Microsoft Antigen 9.0 for Microsoft Exchange.

Important Before you rebuild a scan engine in Antigen 9.0 for Exchange, we recommend that you first contact Microsoft Product Support Services (PSS) to help determine whether the problem that you experience requires a scan engine rebuild operation.

For information about how to contact Microsoft PSS, visit the following Web site:

http://support.microsoft.com/contactussupport/?ws=support

MORE INFORMATION

On a computer that is running Antigen 9.0 for Exchange, you may experience a problem that causes the Antigen scan engine to stop working correctly. After you contact Microsoft PSS to help troubleshoot the symptoms that you experience, you may be directed by Microsoft PSS to rebuild the scan engine. Symptoms that may require that you to rebuild a scan engine include the following symptoms:
  • Scan engine files become locked. Therefore, a scan engine can no longer be automatically updated.
  • A scan engine generates an error message when it tries to load.
When any of these symptoms occur, one of the following errors may be logged in the %ProgramFiles%\Microsoft Antigen for Exchange\ProgramLog.txt file:
  • "ERROR: Could not create mapper object"
  • "INFORMATION: The engine_name engine was rolled back"
  • "ERROR: Scan engine was corrupted on download"
  • "ERROR: CheckCrc failed"
Note The procedure that is described in this article mentions the Microsoft AV scan engine. However, this procedure applies to any licensed scan engine in Antigen 9.0 for Exchange. If you use a scan engine other than the Microsoft AV scan engine, substitute one of the following scan engine names as appropriate:
  • Ahnlab
  • CAIris (also known as CAInoculateIT)
  • CAVet
  • Command
  • Kaspersky
  • Norman
  • Sophos
  • Spamcure (an antispam engine)
  • VBuster (also known as Virus Buster)
To rebuild the Antigen 9.0 for Exchange scan engine, follow these steps:
  1. Download the latest scan engine files. To do this, follow these steps:
    1. Create a new folder that is named "Temp Engine".
    2. Save the Manifest.cab file to the Temp Engine folder. To obtain the Manifest.cab file, visit the following Microsoft Web site:

      http://antigendl.microsoft.com/antigen/x86/Microsoft/Package/manifest.cab

    3. Extract the Manifest.xml file from the Manifest.cab file, and then open the Manifest.xml file by using a text editor, such as Notepad.
    4. Search for the version= string in the Manifest.xml file. After one of the instances of version=, a 10-digit number is displayed. For example, locate the entry that resembles the following text:

      version="0606080004"

      In this entry, the 10-digit number represents the update version number of the latest update. For the purposes of this article, this update version number is represented by the update_version placeholder.
    5. Save the Microsoft_fullpkg.cab file to the Temp Engine folder that you created in step 1a. To obtain the Microsoft_fullpkg.cab file, visit the Microsoft Web site whose URL resembles the following URL:

      http://antigendl.microsoft.com/antigen/x86/Microsoft/Package/<update_version>\microsoft_fullpkg.cab

      Important In this URL, replace <update_version> with the update version number that you noted in step 1d. For example, use a URL that resembles the following sample URL:

      http://antigendl.microsoft.com/antigen/x86/Microsoft/Package/0606080004\microsoft_fullpkg.cab

  2. Create a location for the updated scan engine files. To do this, follow these steps:
    1. In the Temp Engine folder that you created in step 1a, create a new folder that is named "Bin".
    2. Extract the contents of the Microsoft_fullpkg.cab file to the Temp Engine\Bin folder that you created in step 2a.
    3. Extract the contents from each .cab file that you extracted to the Temp Engine\Bin folder.
    4. Remove all the .cab files from the Bin folder.
    5. Copy the Manifest.cab file from the Temp Engine folder to the Temp Engine\Bin folder.
  3. Temporarily disengage the scan engine from the scan jobs. To do this, follow these steps:
    1. Click Start, click Run, type cmd, and then click OK.
    2. At the command prompt, move to the Microsoft Antigen 9.0 for Exchange folder. By default, Antigen 9.0 for Exchange is installed in the following folder:

      %ProgramFiles%\Microsoft Antigen for Exchange

    3. Type the following command, and then press ENTER:

      antigenstarter d

      Important Do not exit the command prompt after you run this command.
  4. Prepare the Microsoft scan engine folders for the new scan engine. To do this, follow these steps:
    1. Start Windows Explorer, and then locate the Microsoft scan engine folder. By default, this folder is in the following path:

      %ProgramFiles%\Microsoft Antigen for Exchange\Engines\x86\Microsoft

    2. In the Microsoft folder, right-click the LastKnownGood folder, and then click Delete. Then, click Yes when you are prompted to confirm the removal of the LastKnownGood folder.
    3. In the Microsoft folder, rename the Bin folder "LastKnownGood".
    4. Copy the Bin folder that you created in step 2a from the Temp Engine folder to the Microsoft folder.
  5. Engage the scan engines with the scan jobs again. To do this, follow these steps:
    1. At the command prompt that you started in step 3a, type the following command, and then press ENTER:

      antigenstarter e

  6. Make sure that the newly rebuilt scan engine is correctly integrated for scanning. To do this, follow these steps:
    1. Start the Antigen Administrator Client program, and then click Anti-Virus in the SETTINGS pane.
    2. Click StorageGroupName (Realtime Scan Job), click to select the Microsoft AV check box, click Max Certainty in the Bias list, and then click Save.
    3. Start Microsoft Outlook, and then create a new e-mail message. Enter you alias in the To box.
    4. Attach the Eicar.com test virus to this e-mail message, and then send the e-mail message. For more information about how to obtain the Eicar.com test virus, visit the following Eicar Web site:

      http://www.eicar.com/anti_virus_test_file.htm

      Microsoft provides third-party contact information to help you find technical support. This contact information may change without notice. Microsoft does not guarantee the accuracy of this third-party contact information.
    5. When you receive the e-mail message, verify whether the Eicar.com message attachment has been replaced with the Deletion Text attachment.
    6. Open the Deletion Text attachment to verify whether Microsoft AV is displayed as one of a scan engines that detected the Eicar.com test virus.
The third-party products that this article discusses are manufactured by companies that are independent of Microsoft. Microsoft makes no warranty, implied or otherwise, regarding the performance or reliability of these products.
Modification Type:MinorLast Reviewed:6/23/2006
Keywords:kbhowto kbinfo KB920304 kbAudITPRO
©2004 Microsoft Corporation. All rights reserved.