Published zip file incurs virus warning from MS Antigen via email
Jun 03, 2011
Here is a question for y'all tech support folks-
I am the first Articulate user in my company. I have Studio 09, the most recent release, bought in late March 2011. We use MS office 2007 and MS Outlook/Exhange for email. I am not a security expert so am reaching out to those who are-
My problem is: When I published my first Presenter course today (to a network drive, which may or may not be significant) and chose the option of "Send by Email", the Zip file which was attached to the email, was flagged by MS Antigen as being infected with a virus. I got an email message which I've inserted below. The recipients (using same email program) received a similar warning, and their zip files were disabled.
I assumed I had picked up some virus while downloading clip art or freeware, but....our company anti-virus (Symantec) is current and no viruses were found on my computer in the past 24 hours. Our IT department thinks it is a fake or erroneous virus message, but they aren't sure, so they're sending someone out to my building....
I filed a help ticket with Articulate, and while the person was _very _ nice and responded _very _ quickly, he didn't really have any answers regarding how Outlook/Exchange/Antigen interpret the existence of "viruses" in zipped Articulate files (if there isn't actually any virus).
I understand that sometimes there are compatibility issues with security code when various software products come together - has anyone else out there experienced such a conflict when Articulate's swf files (I'm just guessing) are encountered by Antigen anti-virus?
Please help, fake virus messages cause the same amount of panic as real ones! 
Joanne
PS- our IT folks did not have warm fuzzy feelings about "stealthray.swf" either due to the name...
************
Microsoft Antigen for Exchange found a file infected with a virus. The file is currently Removed.
File name: "Proposal Submission and Budget Prep_ PREVIEW 2_June_2011.zip"
Virus name: "ExceedinglyInfected"
Message subject: "Rough preview version of 1st course _Proposal _ Budget Prep_"
Sent from: "Lazzaro_ Joanne"
Folder: "SG2\Lazzaro, Joanne\Outbox"
Location: "CSHS/CSMC/EXBE4-1A"
*************
7 Replies
Hi Joanne,
I'm guessing that you have nothing to worry about as the published output is generally incapable of containing a virus. According to this Microsoft Knowledgebase article there are several potential causes for this message:
http://support.microsoft.com/kb/906002
I'm guessing the likely cause is a double zipped archive. Depending on how your Outlook attachment configuration is set, a zipped file *could* be rezipped for send. If MS Antigen sees a double zipped file it gets suspicious. This is the first thing I'd check.
Thanks so much Steve, that was helpful
I read the MS support info at the link you found - At least I can assure our tech support that it was not a real virus warning.
But, I'm still unclear about how to make any adjustments (if possible) to an individual's Exchange settings to allow the zipped Articulate file(s) to pass through. I can tell people to ignore virus warning messages, but the zipped file is being automatically disabled by Antigen.
Is there a way to trick a mail program into allowing the zipped file to pass through?
You might check your Outlook settings. You can tell it not to rezip attachments. When you send a MS Office document, does Outlook zip those files? If so, the zipped output of Articulate is likely being rezipped again. You can change this setting in Outlook to prevent this attachment compression. I'm not on a Windows machine at the moment but I think it's under Tools > Account settings.
~Steve
Thank you, I'll give that a try
I have just run into a similar issue. The zip file gets thru but some of the JavaScript files are tampered with and replaced with something akin to this.
FILE DELETED
------------
Antigen for Exchange removed Storage Tanks Regs.zip->utils.js since it
was found to be infected with FILE FILTER= unnamed: *.js virus.
L'anti-virus a effacé Storage Tanks Regs.zip->utils.js puisqu'il était infecté avec le virus FILE FILTER= unnamed: *.js.
EC/NCR/NCRX7.
I could not locate an settings under Tools -> Account Settings as suggested by Steve. Any suggestions?
G
At my company we cannot override the external firewall settings (even if I could find a setting in Outlook 2010 to allow the zip files to pass unaltered), and often the recipients have the same firewall issue, so I now get around the problem by not using email to send courses.
If all the recipient needs to do is preview the course, I upload it to SCORM Cloud (our courses are not large, so I just have a free account) and send them an invitation to take it.
If the recipient needs the actual files, I drop the zip file into their online drop-box (i.e. Yousendit.com or similar service). The recipient (drop-box owner) I believe has to have a paid account, the sender does not.
JL
Try renaming the .JS files, I added a simple underscore _ to the extension and then ziped the package. In the e-mail I added some instructions to rename the .js files and remove the underscore _
This discussion is closed. You can start a new discussion or contact Articulate Support.