we are using the current version of the web gateway 7.
We have problems with the 'Block corrupted Media Types' and 'Block encrypted Media Types' filter. There are a lot of pdf files we are not able to download because the web gateway blocks it.
Due to the 'Block encrypted Media Types' filter this pdf file is blocked. It does not look like that the pdf is encrypted. There are a lot of other pdf files that are blocked.
Is there a workarround for this problem?
MWG7 in the current version does not support all recent features of PDF unfortunately. There are some specific compression methods for the complete PDF or for parts only, which MWG is currently not able to handle. When a PDF file cannot be handled ("opened") correctly, it will be dropped as encrypted or corrupted, depending on where in the opener it failed.
A rework of the PDF opener is scheduled already, and will be available in the near future (no explicit plans yet). As of today I would recommend to sent the PDFs to support to have them reviewed by engineering. To get those PDF files working, the only way is to whitelist them, or do not block corrupted/encrypted files.
As an idea you could combine Web Reputation with the Media Type filter, and say you allow encrypted and corrupted PDFs, when they come from sources with a good reputation, otherwise block them.
sorry for the late response.
7.2 had a lot of changes, however it is possible that still not all PDFs are well recognized. I had a quick look at the example PDF you posted above, and I was able to load it though MWG 220.127.116.11 with having rules enabled that would block if Body.IsCorruptedObject or Body.IsEncryptedObject becomes true.
Do you still have a problem with the same file? If so I think it would be helpful to gather a feedback from the affected machine so that we (which means either technical support if you file an SR or myself (if you give me some time to check)) can test the PDF with your rules.
Hi Andre, can you check the following PDFs as they are still being blocked under 18.104.22.168
FWIW - we have 22.214.171.124 as well and are seeing the same problems. We do not have the "Block Encrypted Media Types" enabled.
Is it possible / can someone @ mcafee create a ruleset so that when a corrupt PDF is downloaded a web page is displayed giving the user the option of continuing and the incident it is logged and possible an email alert is sent?Message was edited by: jspanitz on 8/16/12 8:12:17 AM CDT
the two examples are blocked as corrupted because the current implementation of the composite opener is unable to parse them correctly. There are plans to improve the opener to have additional support for more flavours of PDF. I have added the example URLs to our bug track system, so that they can be tested later. If you would like to officially follow up on this I recommend to file an SR with support.
There will always be PDF files that MWG is unable to parse correctly, since PDF is a pretty complicated file format that gets changed from time to time. If some new feature gets introduced or a PDF creator formats a PDF in a format we have not seen before and did not predict we will fail to parse it in some cases. Of course we work on the opener, but from time to time you may find a PDF (incorrectly) marked as corrupted, which (in this case) means we cannot correctly read it.
If you have more examples please always submit them to allow our developers to better understand the various PDF flavours and allow them to improve the opener. You can share them here or submit them via a support ticket.
You are looking for the "Coaching" feature. There is already an example for coaching for blocked URLs. It should be possible to adopt it to do the same thing for PDF downloads.
AndreNachricht geändert durch asabban on 20.08.12 09:18:23 CDT