Video Screencast Help

unscannable file rule corrupting files

Created: 27 Jun 2013 • Updated: 01 Jul 2013 | 2 comments

When my company receives .docx files are unable to openned when it arrives into a users inbox.

Below is what the event viewer is showing.  Is it supposed to use the ZIP Engine Name?  I this has been an issue for the past year when I was using version 6.5 and even upgraded to 7.0 of mail security and still having this issue.  Any help is appreciated.  I know the file below to be openned by another individual.

The attachment "Vac Truck COI Req.docx" located in message with subject "FW: Hydro Excavator for SMS", located in SMTP has violated the following policy settings:
Scan: Auto-Protect
Rule: Unscannable File Rule
The following actions were taken on it:
The attachment "Vac Truck COI Req.docx" was Logged Only for the following reason(s):
Scan Engine Error.  CSAPI DEC result: 0xA. A malformed container is detected. Engine Name: ZIP.
 
Operating Systems:

Comments 2 CommentsJump to latest comment

BenDC's picture

docx is a zip compressed file, you should be able to rename.zip and see addtional items in it. It is unlikely that the unscanable file rule is corrupting the file. It is more likely the file is corrupted when it arrives so it is marked as unscanable and unopenable by the client.

L.S.'s picture

If the unscannable file rule is set to log only, NO action is taken on the message and detections are logged only.  The decomposer that processes the files and triggers this detection does not modify the original file in any way.  Instead, Exchange hand's SMSMSE a "copy" to scan.

The testing procedure should be expanded to have the sender send the message to multiple recipients both on this Exchange server and elsewhere.  This particular mailbox is likely the issue if the original file is OK.  The file is being detected by SMSMSE but is NOT occurring until it has already entered the mailbox (which would mean it was scanned in an OK state when it originally hit SMSMSE coming inbound).

I would look at any specific rules, actions, or triggers this mailbox has configured, or possibly even if the mailbox is in some way corrupt.