Jump to content


Photo

"ATD Service Unavailable" and false positive "Virus found" - unsatisfying state

unsatisfying false positiv clean email blocked ATD service unavailable

  • Please log in to reply
6 replies to this topic

#1 Maik Schmidt

Maik Schmidt
  • Members
  • 3 posts

Posted 06 March 2017 - 07:31 AM

Hey guys, since a couple of days e-mails won't be delivered cause of "ATD Service Unavailable". Unfortunately also users can't deliver that e-mails. Much as I sympathize, this can't happen for "normal e-mails", e.g. scanned letter as pdf attachment. As agreed with the support, this case occurs, if the ATD scanner is busy or returned no result. The first case seems to be a performance problem und should be solvable. The second case should be reviewed closer.

 

At the moment, user can't release their clean e-mails and get the message "Virus found" - this is an unsatisfying state.



#2 Scott Gagnon

Scott Gagnon
  • Barracuda Team Members
  • 59 posts
  • LocationAnn Arbor, Michigan

Posted 06 March 2017 - 08:49 AM

The NEW & Improved system works like this

When ESS/CPL gets back an "unknown error" from ATD the mail will be scanned normally by ESS and if not blocked for some other reason it will be quarantined.

 

   A Block/Quarantine SMTP response will be returned to the sender.

   The mail will show in the users quarantine log (if they have an account)

   The message will show in the message log with the reason "ATD Service Unavailable"

NOTE: Mail quarantined for "ATD Service Unavailable" cannot be manually delivered by the user. Only the admin can deliver this mail by OPENING it from the main message log and clicking the deliver button. When delivery is attempted a warning popup will display warning the admin that this message may contain a virus and asking them to accept the potential risk of delivering the mail.


Email Delivery Warning:

One or more attachments could potentially have advanced threats that may harm your

system. Only deliver the message if you are expecting it and are sure there are no threats

or viruses. Contact your administrator for more information.

 

[ ] I accept that Barracuda assumes no risk associated with threats my organization

may sustain during or in conjunction with the delivery of this message and its

associated attachments.

 

[Cancel] [Deliver]

 

If ATD can open the file but does not return the result in the normal timeout (5 seconds) then ESS/CPL will defer the connection and the sender will retry. ATD will continue to process the message in the background and if completed by the time the retry comes in the mail will be delivered or blocked depending on the result returned by ATD. This could take several retries of the message by the sender.

NOTES:

 

If the mail is processed by ATD for TOO LONG (ATD continues to return an 800 error) then after a set timeout ESS/CPL will quarantine the message following the same process as above. This timeout is currently 4 hours.
 

If you try to deliver mail quarantined for "ATD Service Unavailable" from the users quarantine log or from the main message log you will get this error so remember that to deliver the mail you must open the message and then click the deliver button and then accept the disclaimer.

 

Delivery error: This message may contain a Virus.
 


Scott Gagnon

Lead Support Engineer

Ann Arbor, Michigan


#3 Maik Schmidt

Maik Schmidt
  • Members
  • 3 posts

Posted 07 March 2017 - 03:18 AM

Thank you Scott for your explanation and the information about how the system works. But for all that's not a satisfying solution for end customer. Deliver e-mails that has been stucked at "ATD Service Unavailable" is a full-time position for an admin, which results in losing all economic benefits of software-as-a-service.

 

Please make your system user-friendly and usable again.



#4 Kristopher Wilson

Kristopher Wilson
  • Members
  • 2 posts

Posted 07 March 2017 - 02:53 PM

I agree, this is not end user friendly and requires potentially too much intervention on the Admin's part.

 

While what you describe as far as marking the message deferred or delayed and allowing the sending server to retry in the background for 4 hours while ATD gets unstuck is an improvement over the old system, It does not go far enough! Better to just have your system accept the message and tell the sending server "got it, thanks," close the SMTP connection and let the sending server stop having to re-send - which just uses up resources for the sender AND Barracuda on the retries. Then, with the message in the Barracuda ATD queue, just processes them and if there is a further delay in scanning for 4 hours, THEN add it to the recipient's quarantine report. You could even be a little more proactive and if the delay is more than 15 minutes to scan, send out a mini-report to the recipient notifying them of the incoming message and delay.



#5 Kristopher Wilson

Kristopher Wilson
  • Members
  • 2 posts

Posted 08 March 2017 - 01:44 PM

This system is NOT WORKING! STILL getting ATD Service Unavailable issues and now end users who try to deliver messages just get a status of FAIL! 

 

And now message log is down AGAIN!

 

WHAT IS GOING ON THERE?



#6 Maik Schmidt

Maik Schmidt
  • Members
  • 3 posts

Posted 09 March 2017 - 08:13 AM

This is a disaster - I can't release all mails individually (and check the box "its a risk .."). If the guys of barracuda won't be able to handle it, I'll change my mx records and stop using it. Really!



#7 Kevin

Kevin
  • Members
  • 2 posts

Posted 17 May 2017 - 12:47 PM

Interesting. We are looking at adding this service to our spam firewall, but after ready this I'm not so sure that we will. The last thing I need is another maintenance nightmare when dealing with email. Protection is great, but if everyone's mail is slow/not sending I won't hear the end of it.