Gateway 10.0.7 Customer-specific Spam definitions not updating
Created: 15 Oct 2012 | Updated: 16 Oct 2012 | 9 comments
This issue has been solved. See solution.
Anti-virus and anti-spam are updating just fine, several times a day. Only Customer-specific definitions are failing to update, the main status screen shows they are 17 days old. I regularly go in and submit false positive and spam deletions and we are all set up with a submitter code, so I'm not sure what's happening. No filtering or firewall issues that I'm aware of either. Any ideas on where I can start checking for a solution?
Discussion Filed Under:
Comments 9 Comments • Jump to latest comment
HI,
Antivirus definitions do not show as updated in the Symantec Brightmail Gateway Control Center
I would suggest reading this document
http://www.symantec.com/business/support/index?page=content&id=TECH139634
Check this thread
https://www-secure.symantec.com/connect/forums/messaging-gateway-1000-7-spamvirus-definitions-old
Thanks In Advance
Ashish Sharma
SEPM Knowledgebase Documents
If you re-read my question you will note that AV and standard spam definitions are updating properly, so your links are not helpful.
Hello JPM,
Are there any logs related this problem under Status(Home Page)/ Logs/
You can check under Control Center and Scanner logs.
And also do you see something special under Submission Status page in the Home Page also ?
Regards,
Oykun
Submission Status log looks clean to me, just shows my user ID submitting a bunch of messages that were false positives from over the weekend:
Following a reboot, just to see if that would break something loose and trigger an update, I see this in the logs
Referenced here:
http://www.symantec.com/business/support/index?page=content&id=TECH83047
It seems like this might be related but the proposed solutions aren't making much sense to me.
Hello,
Please try another reboot, if your problem exist with the following article, it's looking better to create a support case :
http://www.symantec.com/business/support/index?page=content&id=HOWTO65645
Regards,
Oykun
I think you're right, after pretty extensive searches it seems like this is a more complex case. Thanks for your help!
No problem, i'm sure that Technical Support find the best solution for you, by the way i'll be glad if you can share your solution after you find :)
Regards,
Oykun
OK, this one was a bit weird.
Even though we had everything set up properly, I'd selected "Conservative" (instead of "Aggressive") on the Spam -> Submissions settings screen, thinking that would be a good starting point. Who knew that would prevent any definitions from ever bring created, thus no customer-specific spam definitions were created to be downloaded to our gateway. The help text indicates that two identical messages have to be received before a rule gets created, which seems reasonable for a "conservative" setting -- much of our spam is addresses to dozens or hundreds of users.
Because of very minor differences among spam messages (for example, the X-Brightmail tracker code), even if they were mostly identical, Symantec's classfiication system would never have 2 matching messages in the first place. This makes "Conservative" a pretty useless setting in my book. (assuming I'm understanding all this correctly).
So on the advice of Steve in support, I flipped the switch to "Aggressive" late yesterday and waited for some spam to roll into the quarantine overnight. I submitted it first thing this morning, and shortly after that got my first customer-specific spam definition download.
Would you like to reply?
Login or Register to post your comment.