Video Screencast Help
Symantec to Separate Into Two Focused, Industry-Leading Technology Companies. Learn more.

Gateway 10.0.7 Customer-specific Spam definitions not updating

Created: 15 Oct 2012 • Updated: 16 Oct 2012 | 9 comments
jpm's picture
This issue has been solved. See solution.

Anti-virus and anti-spam are updating just fine, several times a day. Only Customer-specific definitions are failing to update, the main status screen shows they are 17 days old. I regularly go in and submit false positive and spam deletions and we are all set up with a submitter code, so I'm not sure what's happening. No filtering or firewall issues that I'm aware of either. Any ideas on where I can start checking for a solution?

Comments 9 CommentsJump to latest comment

Ashish-Sharma's picture

 HI,

Antivirus definitions do not show as updated in the Symantec Brightmail Gateway Control Center

I would suggest reading this document

http://www.symantec.com/business/support/index?page=content&id=TECH139634

Check this thread

https://www-secure.symantec.com/connect/forums/messaging-gateway-1000-7-spamvirus-definitions-old

Thanks In Advance

Ashish Sharma

 

 

jpm's picture

If you re-read my question you will note that AV and standard spam definitions are updating properly, so your links are not helpful.

oykunsatis's picture

Hello JPM,

Are there any logs related this problem under Status(Home Page)/ Logs/

You can check under Control Center and Scanner logs.

And also do you see something special under Submission Status page in the Home Page also ?

 

Regards,

Oykun

jpm's picture

Submission Status log looks clean to me, just shows my user ID submitting a bunch of messages that were false positives from over the weekend:

 

Monday, Oct 15, 2012 10:43:37 AM CDT jpm@XXXX.org Subscriber.15071052.Bulletins@emedia-us.com Includes: Top 10 iPhone Security Threat Warning Signs to Know jpm@XXXX.org Missed Spam Yes
Monday, Oct 15, 2012 09:53:48 AM CDT Jpm@XXXX.org dms@businesswatchnetwork.com How to Conduct Background Checks the Legal Way jpm@XXXX.org Missed Spam Yes
Monday, Oct 15, 2012 09:53:47 AM CDT jpm@XXXX.org journaleditor@aits.org Six great IT articles you may have missed jpm@XXXX.org Missed Spam Yes
Monday, Oct 15, 2012 09:53:46 AM CDT jpm@XXXX.org Subscriber.15071052.Bulletins@eb.emediaUSA.com Data Center Best Practices: Managing Data with Cloud Computing jpm@XXXX.org Missed Spam Yes
 
The other Logs, I set for All and other than 1 failed AV download that appears to have corrected itself, everything looks like a normal Liveupdate procedure. 
jpm's picture

Following a reboot, just to see if that would break something loose and trigger an update, I see this in the logs

 

Monday, Oct 15, 2012 11:01:02 AM CDT   Warning Local Host Conduit
 kicker: can not open bmserver pid file /data/scanner/jobs/bmserver/bmserver.pid: No such file or directory.
Monday, Oct 15, 2012 10:58:01 AM CDT   Warning Local Host Conduit
 kicker: can not open bmserver pid file /data/scanner/jobs/bmserver/bmserver.pid: No such file or directory.

Referenced here:

http://www.symantec.com/business/support/index?page=content&id=TECH83047

 

It seems like this might be related but the proposed solutions aren't making much sense to me.

oykunsatis's picture

Hello,

Please try another reboot, if your problem exist with the following article, it's looking better to create a support case :

http://www.symantec.com/business/support/index?page=content&id=HOWTO65645

Regards,

Oykun

jpm's picture

I think you're right, after pretty extensive searches it seems like this is a more complex case. Thanks for your help!

oykunsatis's picture

No problem, i'm sure that Technical Support find the best solution for you, by the way i'll be glad if you can share your solution after you find :)

 

Regards,

Oykun

jpm's picture

OK, this one was a  bit weird.

Even though we had everything set up properly, I'd selected "Conservative" (instead of "Aggressive") on the Spam -> Submissions settings screen, thinking that would be a good starting point. Who knew that would prevent any definitions from ever bring created, thus no customer-specific spam definitions were created to be downloaded to our gateway. The help text indicates that two identical messages have to be received before a rule gets created, which seems reasonable for a "conservative" setting -- much of our spam is addresses to dozens or hundreds of users.

Because of very minor differences among spam messages (for example, the X-Brightmail tracker code), even if they were mostly identical, Symantec's classfiication system would never have 2 matching messages in the first place. This makes "Conservative" a pretty useless setting in my book. (assuming I'm understanding all this correctly).

So on the advice of Steve in support, I flipped the switch to "Aggressive" late yesterday and waited for some spam to roll into the quarantine overnight. I submitted it first thing this morning, and shortly after that got my first customer-specific spam definition download.

 

SOLUTION