Antigen Cloudmark Signature updates
- Hi,
Does anyone know how often the signatures are updated for Cloudmark integrated with Antigen 9 SP2, i installed it about 10 days ago, it picked up the first set of sig files and engine but hasn't had anything else since then. Without regular updates i wouldn't think it would be too effective.
It has been checking for updates as per its schedule but not finding any.
Thanks
Jeff
All Replies
Jeff,
I just installed Antigen 9.0 SP2 and you will have click Anti-Spam and then highight SMTP Scan Job.
Then look at the bottom and choose Spam Scanner and check CloudMark Authority Engine. Then click save.
Then after that goto Scanner Updates and Highlight Cloud Authority Engine. Make sure its enable. If not enable it.
Then look at the bottom where you can see the Date and Time Schedule.
Where its says repeat check it and change the time to every 00.15 then click Save.
This will update the CloudMark Authority Engine every 15 min.
This will ensure you have the lastest spam engine and help reduce your spam.
If you want to see if it working click Incidents then choose the field Incident and you will see something like this Spam (Cloudmark).
Also if you want to make sure you are getting the latest Updates you can check the event viewer and it will tell you if it downloaded any of the engines as well
Hope this helps.
Also take alook below:
The Cloudmark anti-spam engine receives its signature updates directly from the vendor’s site and not through Microsoft. This means that the signature updates are not distributed through the FSSMC.
Since the updates is not getting it from Microsoft, Cloudmark is responsible for updating the engine when they think the engine need to be updated or is there is some new spam out there that not being caught. So far since I installed the Antigen SP2 and using the Cloardmark engine its been working fine. Since I set it to check every 15 min I will get an update if there is one it will download and install it..
RaymondHi!
i've got the same problem. My Antigen haven't any updates for 1.5 month. All updates for Cloudmark engine ending with this message:
Soure: GetEngineFiles
Category: General
Event ID: 2012
Date: 12.08.2009
Time: 11:13:20
Computer: INETSERV
Description:
There are currently no new scan engine files available for the Cloudmark scan engine at http://antigendl.microsoft.com/antigen/x86/Cloudmark.I haven't any warning at the journal. All as usual, but there is no updates.
Thanks for any help.- Daniil,
Read the above post if not read below:
The Cloudmark anti-spam engine receives its signature updates directly from the vendor’s site and not through Microsoft. This means that the signature updates are not distributed through the FSSMC.
Antigen version 9 with Service Pack 2 incorporates new anti-spam technology through a partnership with Cloudmark that provides an overall better anti-spam experience including higher detection rates, lower false positives, an improved submission experience, and enhanced service experience. The solution integrates with the Antigen product in much the same manner as any other engine, with a few exceptions.- The Cloudmark anti-spam engine receives its signature updates directly from the vendor’s site and not through Microsoft.
- The signature updates are not configurable in the Antigen administrator, as the other scan engine updates are.
- Cloudmark uses the FSEContentScanner.exe process to pull the signature updates. This will use approximately 80 MB initially, then it will use an average of between 80 MB to 150 MB spread out over a 24-hour period, so that you will see only a small amount of bandwidth used every minute.
- The engine updates for the Cloudmark anti-spam engine are configurable in the Antigen administrator, exactly like the other scan engine updates.
Here is the KB article as well:
http://support.microsoft.com/default.aspx/kb/971063- Proposed As Answer byRKYMO88 Tuesday, August 25, 2009 1:33 PM
- Hi,
I appreciate the above comments and had done the configuration mentioned anyway, however, the signature version is currently 11.234.0.20 and the update version is, 090714001. The update job appears to be working but neither of the version numbers appears to have increased, and it says last updated on the install date.
There was a KB about checking that ports 80/443 are open to two specific servers at cloudmark, i've ran these tests and both were successful.
However, i've also read about micro updates, theres not much documentation but if i look around in the folder structure under the engines i get the impression that additional files might have been downloaded.
Does anyone know anything more about the update process and do you have the same signature versions?
Thanks
Jeff
The Cloudmark anti-spam engine receives its signature updates directly from the vendor’s site and not through Microsoft. This means that the signature updates are not distributed through the FSSMC or Antigen Administrator. So it might not update the Signature Version or Update Version.
My Antigen have the same thing i wouldnt worry too much about it as long a spam is being blocked and it does the micro update you should be fine. Once Microsoft Updates there documentation you can get a better understanding of the update process for cloudmark.- Thank you for your answer.
I test all servers, read this KB and i've got the same problem as Jeff.
So, I'd like to know any official information about Cloudmark plans for signature update. At the official site I didn't find any information.
Thank you. Danil,
As I stated before read below:
The Cloudmark anti-spam engine receives its signature updates directly from the vendor’s site and not through Microsoft. This means that the signature updates are not distributed through the FSSMC or Antigen Administrator.
But here's more:
This information is from CloudMark not Microsoft as stated above.
Real-Time Threat Response
Cloudmark is able to detect emerging threats faster than any other solution. Real-time feedback from the Cloudmark Global Threat Network is analyzed, corroborated and automatically distributed to Cloudmark Authority every minute via micro-updates. In addition, Advanced Message Fingerprinting enables immediate detection of mutated threats or techniques associated with known spam, phishing or virus threats.
C:\Program Files\Sybari Software\Antigen for Exchange\Engines\x86\Cloudmark\Bin\data\micro_updates
You should see the time stamps of the file and you will notice that it does update the files.
Microsoft just updated technet and here is the following info as well
Web link: http://technet.microsoft.com/en-us/library/dd979820.aspx
You can set the time, in seconds, that the Cloudmark engine attempts to download updates before timing out by setting the CloudmarkDownloadTimeout registry key (located under HKEY_LOCAL_MACHINE\SOFTWARE\Sybari Software\Antigen for Exchange). By default, this is set to 900 seconds (15 minutes).Cloudmark uses the FSEContentScanner.exe process to receive signature updates. This uses approximately 80 MB initially, after which it uses an average of between 80 MB to 150 MB per 24-hour period, so that only a small amount of bandwidth is used every minute.
Hope this helps
Raymond Mo | MCSA 2003: Messaging | MCITP: EA and SA | ITIL v3 Foundation Certified.- Proposed As Answer byDaniil Khabarov Monday, August 31, 2009 12:30 PM
- You are right!
I watched for updates adn see about 100 Mb of traffic.
Thank you. - I have the same "issues" (if we can say that)
Microsoft Antimalware and Kapersky are up to date and updating (its the two other engine who's running)
Cloudmark is at version 0910120001 with engine version 11.234.0.20
lastest update was on 09/14/09
update schedule is set daily and repeat at each 15 minutes
If i look in :
C:\Program Files\Sybari Software\Antigen for Exchange\Engines\x86\Cloudmark\Bin\data\micro_updates
theirs alot of file
If i update manualy, the version doesnt change.
What should i look now ?
- Hi all,
as mentioned earlier in this thread, the cloudmark engine uses online signatures to qualify emails as spam, so there aren't any sigatures downloaded.
The only thing that is downloaded are updates for the engine itself and this one wouldn't change very often.
Greetings
Christian
Christian Groebner MVP Forefront
