Office files detected as Corrupted Compressed by Forefront/Antigen

Often we receive cases where a customer is emailing or uploading/downloading office files and they are being detected as “Corrupted Compressed”, and commonly then deleted.

This can occur for a large variety of reasons, too many to discuss in full within the confines of a single blog article, so I would like to just cover the two most common causes.

The most common cause of this behaviour is that the file was created using third party software and the files do not follow fully the RFC/File format standard.

In this case, Office will open the file and allow you to access it fine, but as a security product, Forefront and Antigen need to be strict in this respect.

This is fairly easy to test, you simply need to open the file using Microsoft Office and then click “Save As” and save it with a new filename. This will cause the file format to be recreated. You then send or upload/download the new “resaved” copy of the Office document and confirm if the behaviour is still occurring.

The second most common cause of this behaviour is due to the file format not being correctly interpreted by Antigen/Forefront. This has usually already been addressed in a hotfix, roll up or service pack, as such you should ensure that your product is at the latest service pack, roll up level.

Details of the latest Service Packs and Roll Ups for Antigen/Forefront can be found at:-

Updates for Microsoft Forefront and Related Technologies

If you find that, after resaving the Office file it is still being blocked as Corrupted Compressed and you are running the latest service pack and roll up, then the next step is to raise a support case with Microsoft.

I hope this helps. Any comments are gratefully received.