|Corporate KnowledgeBase ID:||KB70873|
|Created:||December 22, 2010|
|Last Modified:||June 15, 2011|
McAfee believes this is related to the wider deployment of later versions of applications such as Microsoft Office, Adobe Acrobat, and AutoCAD by Autodesk, which contain file format changes and more complex features, and the incorporation of these applications' component files into email communications.
Both symptoms (backups and failures) can most often be attributed to the engine licensed to perform extraction and filtering of textual content. In some cases, McAfee has seen that the engine has difficulty extracting text, causing a slowdown in processing messages and leading to a backup. In other cases, McAfee has seen the engine fail to extract the content completely, in which case the individual message(s) are quarantined to the failures queue.
This is by design. A message containing content that fails to be completely filtered would not normally be allowed to be delivered by policy, but normally should be quarantined for administrator inspection. The problem is that the number of these failures seems to have increased, and in some cases the administrator finds the increase excessive.
SolutionMcAfee is working in conjunction with the vendor and will incorporate solutions for these problems as soon as possible, after they have been provided to us. Hotfix 4 contained some remediation, Hotfix 5 contains more remediation, and still more remediation is scheduled for inclusion in Hotfix 6.
There is not an absolute correlation between file type and success or failure. In other words, one .pptx file may process gracefully through the Email Gateway appliance while another .pptx may not. It seems to depend more upon the component complexity of the individual files than on file type.
McAfee Support is opening defects as customers report them, and collecting examples where permissible. When McAfee incorporates vendor-supplied fixes, we test the examples provided to us, and, when it is demonstrated that the examples failed on the prior release but process gracefully on the current release, we close those defects as fixed. Unfortunately, we do not have every known problematic sample, and are therefore making a best effort to say that the issue has been appropriately addressed.
In particular for the release of Hotfix 5, some of the defect reports McAfee had received were solved, while others were not. Overall failure rate is expected to drop drastically, but McAfee cannot guarantee that there will be no more failures of a given type or kind. Instead, we will continue to take problem reports and examples where permitted, submit them to the vendor, and work toward resolution of any remaining problems.
Message was edited by: ijahnke on 6/16/11 3:00:45 PM CDT
Message was edited by: ijahnke on 6/16/11 3:01:49 PM CDT
Message was edited by: ijahnke on 6/16/11 3:03:40 PM CDT