0 Replies Latest reply on Jun 16, 2011 3:03 PM by ijahnke

    Email Gateway 6.7.2 SuperQueue issues

    ijahnke
      Corporate KnowledgeBase ID:
      KB70873
      Version:
      3.0
      Status:
      Published
      Created:
      December 22, 2010
      Last Modified:
      June 15, 2011

       

       

      Environment

      McAfee Email Gateway 6.7.2 (all hotfix levels)

       

      Summary

      This article discusses the occasional SuperQueue backups seen in Email Gateway 6.7.2 and the occurrence of messages quarantined to the failures queue. For the original Knowldedge Base article please refer to http://kb.mcafee.com/agent/index?page=content&id=KB70873

       

      Problem

      SuperQueue has been backing up with varying degrees of regularity, and in some cases messages are quarantined to the failures queue.

       

      Cause

      McAfee believes this is related to the wider deployment of later versions of applications such as Microsoft Office, Adobe Acrobat, and AutoCAD by Autodesk, which contain file format changes and more complex features, and the incorporation of these applications' component files into email communications.

       

      Both symptoms (backups and failures) can most often be attributed to the engine licensed to perform extraction and filtering of textual content. In some cases, McAfee has seen that the engine has difficulty extracting text, causing a slowdown in processing messages and leading to a backup. In other cases, McAfee has seen the engine fail to extract the content completely, in which case the individual message(s) are quarantined to the failures queue.

       

      This is by design. A message containing content that fails to be completely filtered would not normally be allowed to be delivered by policy, but normally should be quarantined for administrator inspection. The problem is that the number of these failures seems to have increased, and in some cases the administrator finds the increase excessive.

       

      Solution

      McAfee is working in conjunction with the vendor and will incorporate solutions for these problems as soon as possible, after they have been provided to us. Hotfix 4 contained some remediation, Hotfix 5 contains more remediation, and still more remediation is scheduled for inclusion in Hotfix 6.

       

      There is not an absolute correlation between file type and success or failure. In other words, one .pptx file may process gracefully through the Email Gateway appliance while another .pptx may not. It seems to depend more upon the component complexity of the individual files than on file type.

       

      McAfee Support is opening defects as customers report them, and collecting examples where permissible. When McAfee incorporates vendor-supplied fixes, we test the examples provided to us, and, when it is demonstrated that the examples failed on the prior release but process gracefully on the current release, we close those defects as fixed. Unfortunately, we do not have every known problematic sample, and are therefore making a best effort to say that the issue has been appropriately addressed.

       

      In particular for the release of Hotfix 5, some of the defect reports McAfee had received were solved, while others were not. Overall failure rate is expected to drop drastically, but McAfee cannot guarantee that there will be no more failures of a given type or kind. Instead, we will continue to take problem reports and examples where permitted, submit them to the vendor, and work toward resolution of any remaining problems.

       

      Workaround

      Disabling attachment filtering will eliminate these issues, but is not recommended. McAfee recommends that you apply the hotfixes as they are released, as the more prudent course of action.

       

      Bugzilla (Internal)

      BZ: 22815, 23363, 628451, 23899, 549346, 549418, 561785, 563202, 563739, 564120, 564319, 569121, 574286, 567241, 568645, 573514, 575822, 576077, 576478, 578714, 584014, 584721, 585254, 589078, 589375, 590522, 591773, 592313, 594025, 610887,611201,  615306, 616563, 620062, 621686, 621029, 621701, 621899, 622287, 622419, 622856, 623242, 623582, 626037, 628888, 629693, 630435, 630624, 632040, 632841, 633137, 634138, 634467, 636733, 637516, 637552, 637882, 639203, 644498, 647247, 647864, 650750, 652821, 657094, 657496, 658938, 659382, 659623, 660246, 660928, 661643, 661671, 663154, 663715, 663748, 664300, 664918, 665622, 665866, 666995, 667288, 667389, 668017, 668215, 668845, 669366, 670485, 670487, 670488, 670517, 671124, 671367, 672428, 673325, 675276, 676115, 676495, 677282, 681723

       

      Message was edited by: ijahnke on 6/16/11 3:00:45 PM CDT

       

      Message was edited by: ijahnke on 6/16/11 3:01:49 PM CDT

       

      Message was edited by: ijahnke on 6/16/11 3:03:40 PM CDT