Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
Highlighted

Anti-Virus Blade - Strict hold is not possible failure - Write to other side occured

I am getting a strange error from one of our servers that is trying to upload information to a remote site.

 

The file is getting blocked by the Anti-Virus Blade with the following error "Strict hold is not possible failure - Write to other side occured"

 

I tried putting in an exception for the antivirus blade but its not taking effect.

 

The gateways are running R80.30 T107 and we have just started to experience this issue as it was working previously. 

4 Replies
Highlighted
Admin
Admin

Re: Anti-Virus Blade - Strict hold is not possible failure - Write to other side occured

Strict Hold is a new feature in R80.30 related to Threat Extraction.
If you're not using Threat Extraction on the gateway, you can disable this feature.

If you are using Threat Extraction, there are a few TAC cases that suggest that the upgrade process from earlier releases did not add the necessary configuration to $FWDIR/conf/malware_config
You can confirm this by:

  • Checking if Hold Mode is enabled in SmartDashboard: Manage and Settings > Threat Prevention > General. If you're not using Threat Extraction, disabling this feature in SmartDashboard and installing policy should be sufficient.
  • Seeing if there is a section for strict_hold_configuration in $FWDIR/conf/malware_config on the gateway and it has a setting for strict_hold_enable. If it does not, you need to add the necessary configuration.

In this case, add the following lines to $FWDIR/conf/malware_config on every affected gateway.
Note you can adjust the configuration of these lines as necessary (e.g. if you want Strict Hold to be enabled, set the parameter to 1)

[strict_hold_configuration]
strict_hold_enable=0
enable_on_background_mode=0
min_size_to_upload=0
max_size_to_upload=100000000# when tex_over_te enabled - perform sending TEX extracted file to client without waiting for TE full emulation verdict.
tex_over_te=0
flexible_hold_precent_to_send=50
flexible_hold_total_time_to_trickle_in_minutes=4

[strict_hold_fail_open_config]
strict_hold_fail_open_flag=1
url_entry_timeout=30
url_key_type=1
compare_second_try_md5=0

Once you've made this change, perform a policy install to the relevant gateways for these changes to take effect.

Highlighted
Employee
Employee

Re: Anti-Virus Blade - Strict hold is not possible failure - Write to other side occured

Hey Paul

 

We are aware of this issue.

It is relevant in HTTP 100 continue scenario.

 

The issue was resolved in R80.40 and planned to be integrated to R80.30 JHF.

 

Thanks

Shiran

Highlighted

Re: Anti-Virus Blade - Strict hold is not possible failure - Write to other side occured

Hi Shiran,

 

is there any workaround short of disabling the blade?

0 Kudos
Highlighted
Employee
Employee

Re: Anti-Virus Blade - Strict hold is not possible failure - Write to other side occured

Hey Paul,

If you are using Threat Extraction over HTTP - Strict hold is a must.

If not, you can disable strict hold feature (use legacy hold mechanism)

Go to $FWDIR/conf/malware_config
Search for strict_hold_enable parameter.
Change it from 1 to 0.
(strict_hold_enable=0)

Install Threat policy