legit email dected as virus "JS/Injector.A" RRS feed

  • Question

  • forefront for exchange is giving false positives that all incoming email is a virus.
    Monday, January 16, 2017 9:00 PM

All replies

  • ForeFront for Exchange has been out of support for more than a year. Time to replace it.

    Blog:    Twitter:   

    Monday, January 16, 2017 11:25 PM
  • We are getting the same thing, when trying to send PDF attachments. 

    It doesn't affect all attachments - only some. 

    Microsoft Forefront Protection for Exchange Server has detected a virus.


    Virus name:  "JS/Injector.A"

    Monday, January 16, 2017 11:42 PM
  • Hello guys!

    This is bad definition for Authentium Command Antivirus Engine

    Bad Definition version - 201701161630

    Check this link - Syren released new definition, who is fixed this bag:

    False Positive Alert for Cyren Antimalware

    An antimalware false positive was identified and since corrected. The false detection was named JS/Injector.A.

    Below please find the details on the relevant definition updates:

    2016-01-16 at 16:58 UTC - New definition update 201701161630 released, that caused a false positive
    2016-01-16 at 17:49 UTC - New definition update 201701161711 released to fix the FP.

    For recovery assistance, please contact Cyren Support


    • Proposed as answer by PadreWoW Tuesday, January 17, 2017 8:52 AM
    Tuesday, January 17, 2017 8:46 AM
  • I had the same problem and now it's enough.
    Some engines don't want to update, gives a code yellow in the monitor.
    This particular problem has been damaged a lot of mail, took a lot of work and time to restore it.

    I have decided to uninstall Forefront 2010 for Exchange, but there was a surprise.
    The IP Block list was still filed, but it seems to be not working because I received e-mail from IP numbers that where blocked.
    I had to reinstall the Microsoft Exchange Transport Service and the Anti-spam agent.
    So again a lot of work and time.

    But at the end everything is up and running :-)

    there are too many things have happened.

    Wednesday, January 18, 2017 10:04 PM