To send files to Microsoft for analysis, use the following e-mail address:

submit_virus@fss.microsoft.com

To prepare an archive file that contains the files that you want to submit, follow the steps in Preparing files for submission. Attach the archive file to the e-mail message. When you submit the file, make sure that you include the following data:

• Your name, e-mail address, and telephone number
  
  Microsoft sends all responses to the e-mail address that you use to submit the files. When you submit the archive file, Microsoft processes the file and then sends a determination of the files that it contains, based on the current Microsoft malware definitions. If it is necessary, adjust your incoming mail filters to ensure that you receive this message.
  
  If you want to add additional e-mail contacts to receive updates about the status of the submission, include these contacts in the original e-mail. Also, add the following note in the body of the message: "Please Reply All".
  
  
• Sample type
  
  If the submission includes files that you believe were incorrectly determined to be malware, add the words "False Positive" to the e-mail subject line; otherwise, the files are assumed to be malware.
  
  
• Support case number (optional)
  
  A support case number is not required to submit files for analysis. However, if a support case is already open for this submission, you can include the case number on the subject line of the message.
  
  
• List of scan engines
  
  The names of all scan engines that you are using.
  
  
• Forefront server products that you are using
  
  List the Forefront server products that you are using, for example, Forefront Protection 2010 for Exchange Server (FPE).
  
  
• Platform information
  
  Indicate the platform on which the suspect malware was found. For example, this might be Windows Vista, Windows Server 2003, Windows 2000, or another version of Windows.
  
  
• Description of the malicious activity
  
  Describe what the file did to make you suspect that it was malware.
  
  

About the response message

Microsoft Customer Support Services can submit files on your behalf. If you have an urgent malware situation that FPE does not address, or if it is after regular business hours, it is recommended that you contact Customer Support Services for help. To do this, use the support information that was provided to you when you purchased FPE, or visit the following Microsoft Web site:

http://go.microsoft.com/fwlink/?LinkID=159889

You can submit malware files using the Forefront Protection 2010 for Exchange Server Administrator Console. In the Server Security Views - Dashboard pane, in the Actions section, click Submit Malware Sample, and then follow the instructions on the Submit a sample page.

Use care when you handle files that may be classified as malware. Add suspected malware files to a password-protected compressed archive file. By doing this, you avoid infecting other computers when the files are in transit or when you submit the files. To add the files to an archive file that uses a password, follow these steps.

Note:
If you have WinZip or a similar compression utility installed, you can use it to create the archive. However, you must use the same file name and the same password that are included in these steps.

1. In Windows Explorer, open the folder that contains the suspected malware files.

2. Right-click a blank area in the window, point to New, and then click Compressed (zipped) Folder or WinZip File.

3. Type malware.zip as the name of the new archive file, and then press ENTER.

4. Drag and drop the suspected malware files into the archive file.

5. In the Add dialog box, select the Encrypt added files check box and then click Add.

6. In the Encrypt dialog box, in the Enter password box, type infected. The password is case-sensitive; enter it as all lowercase.

7. In the Re-enter password box, re-type infected, and then click OK.