When you receive e-mail messages from a computer that is running Forefront Security for Exchange Server 2007, the content of the e-mail messages may be replaced

When you receive e-mail messages from a Microsoft Exchange server that is running Microsoft Forefront Security for Exchange Server 2007, the content of the e-mail messages may be replaced. No files are attached to the e-mail messages. Instead, the e-mail messages contain the following deletion text: Additionally, text that resembles the following is logged in the Programlog.txt file on the Forefront Security for Exchange Server 2007 computer:

This issue may occur if one of the following conditions is true:

• Forefront Security detects virus-infected data in the Winmail.dat file.
• Forefront Security matches a condition that is set in a filter setting.

At first, Forefront Security converts a part of the original message into a Winmail.dat file. Then, as part of the transport scanning, Forefront Security scans the Winmail.dat file as a container file. If the original message in the Winmail.dat file contains a virus match or a filter match, Forefront Security replaces the infected component by using the deletion text. However, if the Max Container File Infections option in the General Options pane is set to zero (0) on the Forefront Server Security Administrator client, the whole container file (Winmail.dat) is deleted.

To resolve this issue, you can configure Forefront Security to replace infected content in the Winmail.dat files without removing the whole Winmail.dat file. To do this, follow these steps:

1. Click Start, point to Programs, point to Microsoft Forefront Server Security, point to Exchange Server, and then click Forefront Server Security Administrator.
2. In the What server you want to connect to box, click the appropriate Exchange server. Or, click Browse, and then locate the server that you want.
3. Click OK.
4. In Shuttle Navigator, click Settings, and then click General Options.
5. In the Scanning area, type a suitable value in the Max Container File Infections box. For example, to allow up to five detections within a container file, set the value to 5.
6. Click Save.
7. Close Forefront Server Security Administrator.
8. Click Start, click Run, type Services.msc, and then click OK.
9. In the Services snap-in, restart the FSCController service.

For more information about Forefront Security, visit the following Microsoft Web site: For more information about the Winmail.dat file, click the following article number to view the article in the Microsoft Knowledge Base: