Hi again,
I solved the connection issues to the symantec gateway (at least it seems so) as the central quarantine server is downloading a definition policy. the problem I have now is that the definition that gets downloaded manually is very old (from 2/24/2010, seq number: 107837).
I found a document that explains how to manually (
http://service1.symantec.com/SUPPORT/ent-security.nsf/docid/2005010709235148?Open&docid=2004062313041348&nsf=ent-security.nsf&view=febc48e5db73822a882573410063331b )
insert a recent definition into the CQS, but I would like to avoid that path because the server has to get the most recent definition automatically, we don't have time to implement the definitions each time manually. So is there any way to specify which version the QSC downloads?
Now to the problems with the submissions:
out of 100 samples maybe 2 have the status "submitted: this sample has been submitted to symantec security response. wait for new definitions to be automatically returned."
all the others have the status "released" but nothing happens to them, eventually they report the following error:
Last Alert: Sat, 05 Jun 2010 09:50:10 GMT
Event Name: Sample: too long with Released status
released: This sample will be submitted to the analysis center.
Sample has had the "Released" status for too long.
what does this mean? how can I avoid that? The only idea I have right now is that the submission queue is very long (atm 150 samples) and therefore the submission takes a very long time as the CQS has to submit sample after sample...but in fact this doesn't happen, the samples appear, and get straight into the queue (auto submission is activated) and then nothing happens.
I already noticed that QSC is a product that doesn't get the full attention from symantec, but getting this server to work is my trainee task and I would be very glad if I get this thing to work, so a big "thanks!" to everyone who takes the time to read that and maybe even post a solution.
Markus G.