My AV has found a suspected email how ever it did not provide the subject just the object name. How do search for an object name? Possible threat detected: Trojware Trojan-Spy.HTML.Fraud.gen. Object name: NTFS_b3a0973601cbd806000004bf.EML

Is this Exchange-aware AV?

Its Kaspersky Server Enterprise Edition.

Ok, then its *not* exchange-aware then, yes? If not, then you need to exclude Exchange directories and processes from scanning: http://support.microsoft.com/kb/328841 http://technet.microsoft.com/en-us/library/bb332342.aspx If its Exchange aware, it would gernally tell you all the message details. Sounds like you are scanning the SMTP directories with a flat-file scanner.

How do I verify it is a false positive? Is there a way retrieve and view this message?

How do I verify it is a false positive? Is there a way retrieve and view this message? You would have to ask Kapersky support or check their documentation and check your settings on what action is taken when a virus is encountered. Either way, this doesnt sound like an Exchange issue.

Sounds like it may have picked up the flat email from the SMTP working directories. You can look through the working directories if it's still there or it may have already been quarantined by your AV then you need to check that bin. Program files\Exchsrvr\mailroot\vsi 1 Badmail Pickup Queue UceArchiveJames Chong MCITP | EA | EMA; MCSE | M+, S+ Security+, Project+, ITIL msexchangetips.blogspot.com

Since the potential treat was found by a third-party AV. You can contact the kaspersky support via the following link: http://support.kaspersky.com/support Thanks, Simon