Jump to content


Photo

ATP Scan Inconclusive on various PDF attachments

ATP PDF inconclusive attachment advanced threat protection scan

  • Please log in to reply
6 replies to this topic

#1 Chris Meyer

Chris Meyer
  • Members
  • 4 posts

Posted 31 July 2017 - 03:02 PM

I am wondering if anyone has seen this issue since Barracuda Support/Engineering seems to be stumped.  I have a multi-escalated case (02556647) on this issue...

 

We have been getting multiple reports from our users that emails are getting stuck in their Quarantine.  Upon further investigation, we found that they were scanned by the ATP scanner but resulted in "scan inconclusive" which pushed the email into their quarantine.  Unfortunately, emails with "inconclusive" scans are not able to be released.  They need to be opened and then "downloaded" instead of released.  It is definitely causing some confusion and delays for our users.  Unfortunately, these types of emails are usually bids or quotes on projects which are typically very important and time-sensitive.

 

Below is what we see as the reason:

Quarantined: ATP Scan Inconclusive 

 

Anyone else see this often with PDF's?  It is constant for us...



#2 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 353 posts

Posted 31 July 2017 - 04:05 PM

Chris,

 

Mail that is logged for scan inconclusive is mail that ATP was unable to complete a scan on in our 4 hour time limit.

 

When that happens to be on the safe side we quarantine this mail. This mail shows up in the users quarantine folder but they can not deliver it because it might be a virus.

 

The administrator can deliver the mail from the main message log.

 

  You need to find the message in the main log

  Double click on it to open the actual message

  Click on the View ATP Report

  Check the Disclaimer box

  Click on the deliver button

 

We understand that this can be bothersome especially if you get a lot of mail with large PDF attachments or multiple PDF attachments. For some reason, which we are working on, PDF files are causing the system great difficulties.

 

As noted we are being cautious in what we deliver to our customers who have the ATP service enabled. We do however have features in place to allow you to deliver this mail.

If you have any questions on this or need more information please respond to the emall that I have sent you on this.

Sincerely,


Michael Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300


#3 Wes Stewart

Wes Stewart
  • Members
  • 5 posts

Posted 23 August 2017 - 03:05 PM

Heck I had a couple of 15 line CSV files that had the same issue.  No one could ever explain why because they were stumped.  Engineering said supposedly there will be a fix in the next release



#4 Todd Harper

Todd Harper
  • Members
  • 3 posts

Posted 18 September 2017 - 04:00 PM

Any update on the large PDF's with inconclusive scan?  this is becoming a huge issue since moving to essentials as we deal with pdf's all day long.    Thanks



#5 Michelle Exner

Michelle Exner

    BSF / BESS Moderator

  • Moderators
  • 353 posts

Posted 18 September 2017 - 04:46 PM

Todd,

We are constantly updating the ATP service.

We just released a new build last week which helps with how we handle ATP scanning issues

For example in the last week

you have had 1 message quarantined for "ATP scan inconclusive"

you have had 41 messages pending scan (scan could not finish in real time)

Of the 41 messages all appear to have been retired normally by the sending server and delivered correctly

(to see the retries you need to search for the subject of the original message, that will show you all the retries of the message and what happened with them)

We are seeing very few issues with the service at this time.

It does appear however that you or your user is trying to deliver mail that has been quarantined for "ATP scan inconclusive"

Only the system administrator from the main message log can deliver a quarantined message.

To deliver the quarantined mail you have to open the message, View the ATP report, accept the disclaimer and then you can deliver the message.

Because scans that are inconclusive may contain a virus we do not allow end users to deliver this mail. Only the system admins can do this.

I hope this answers your questions.

 


Michael Exner
Product Lead Support Engineer
Barracuda Email Security
(408) 342-5300


#6 Todd Harper

Todd Harper
  • Members
  • 3 posts

Posted 18 September 2017 - 04:50 PM

Yes it does, thank you.



#7 Jack Gray

Jack Gray
  • Members
  • 5 posts

Posted 04 December 2017 - 05:28 AM

Hi,

 

We have been advised that the ATP service is unable to scan within a Word or PDF file etc for any malicious content, links and or macros etc?

 

Office 365's Exchange anti-spam service is constantly picking up malicious files that ATP lets through because of this issue.  You need to fix this, because your sales guys cannot continue to promote how great this service is when it doesn't really do a hell of a lot I'm afraid, especially when Microsoft can detect such malware related files and your solution cant?