none
Cloudmark engine has not updated since January.. But other engine are fine.

    Question

  • *English is not my 1st language.

    Good day, I run Antigen Version: 9.2.1097 Service Pack: 2.

    I have the following engine:

    • Norman Virus Control  ENABLED
    • Microsoft AntiMalware Engine ENABLED
    • Authrntium Command Antivirus Engine: DISABLED
    • Antigen Wormlist: ENABLED
    • VirusBuster Antivirus Scan engine: DISABLED
    • Kaspersky AV Technology: DISABLED
    • SpamCure: DISABLED
    • Cloudmark Authority Engine: ENABLED

    For some unknown reason to me,  the Cloudmark does not update anymore. It has not been updated since January in fact.. All other ENABLED engines are fine.
    Anybody have a clue? Does the Cloudmark engine out of service or something?

    Thanks a lot.


    Thursday, June 03, 2010 2:08 PM

All replies

    • Proposed as answer by Arick Eglas Friday, June 04, 2010 4:32 PM
    Friday, June 04, 2010 4:32 PM
  • Hi,

    Do you have any update about this issue?

    Regards,


    Nick Gu - MSFT
    Monday, June 07, 2010 8:02 AM
    Moderator
  • Hi,

    I have the same problem: Antigen does not update Cloudmark signature anymore since 05/25/2010.

    The current version is: 5.25.13.36

    Regarding Antigen, the current version is: 9.2.1097 Service Pack: 2

    I tried to install Rollup 1 for Antigen 9.0 with Service Pack 2 as mentioned above, but I got an error telling that this patch is older/same than installed components.

    Do you see a solution to update Cloudmark again?

    Thank you in advance for your help.

    Alain TOISON

    Monday, June 07, 2010 9:05 AM
  • Hi,

     

    Thank you for the post.

     

    As far as I know, Cloudmark signature updates occur automatically throughout the day; they are not configurable in the Antigen Administrator. Administrators can schedule Antigen to check to see if Cloudmark has released an engine update. Because engine updates occur much less frequently than signature updates, it is recommended that engine updates be scheduled to occur once daily during off hours. Historically, an engine update occurs once every several months but these occur as needed. In the Antigen Administrator, click SETTINGS, and then click Scanner Updates. Use the Scanner Update Settings pane to schedule Cloudmark engine updates. It is also recommended that you click the Update Now button before scanning.

     

    Regards,


    Nick Gu - MSFT
    Tuesday, June 08, 2010 2:56 AM
    Moderator
  • Hi Nick,

     

    I already clicked on "Update Now" button, but no update has been retrieved since 05/25/2010.

    It coincides with a huge increase of spam in our Exchange Server.

    My question is: where can I see the last signature version for Cloudmark?

    Regards,

    Alain TOISON

    Tuesday, June 08, 2010 8:35 AM
  • I also have the same problem. Since last week- I receive A LOT of SPAM. And Cloudmark was updated last time in January.
    Tuesday, June 08, 2010 2:27 PM
  • Hi Alain & Malarie,

     

    Thank you for the update.

     

    Just like Arick said, you need SP2 RU1 to see the signature version in the client:

     

    Antigen 9.0 Service Pack 2 Rollup 1 displays the current signature version of the Cloudmark Authority Engine in the Antigen console. As the Cloudmark Authority Engine updates throughout the day, administrators can now view the specific Signature Version in the Antigen Administrator under Scanner Updates. Cloudmark downloads new micro-updates approximately every minute. This is displayed as a version number in the Signature Version box for the selected engine. The version number is constructed from the date and time (in 24-hour time) of the last micro-update download. For example, the following Signature Version indicates that Cloudmark was last updated on September 23 at 4:18 P.M.:

    9.23.16.18

     

    To view the Cloudmark signature version in the Antigen Administrator, click Settings, and then click Scanner Updates.

     

    As for engine version, however, this does not update very often anyhow. Looking at the latest manifest.cab (this path is static), the latest “version” is from 2009-12-10, so if the product first updated in January you would still get this version:

      <?xml version="1.0" encoding="utf-16" ?>

    - <ManifestFile xmlns:xsi="http://www.w3.org/2001/XMLSchema-instance" xmlns:xsd="http://www.w3.org/2001/XMLSchema" created="12/10/2009 10:29:23 AM" version="2.0">

    + <Package type="engine" name="Cloudmark" platform="x86" version="0912100001" updatemode="Full" updatemode1="Auto" postupdateaction="reset" ttl="240">

    -

     

    Regards,


    Nick Gu - MSFT
    Wednesday, June 09, 2010 4:00 PM
    Moderator
  • Hi all,

    the engine for Cloudmark isn't updated very often, because it uses online signatures. The engine only need to be updates when there are some changes or bugs in it.

    That's why your engine hasn't been updated since January.

    Greetings

    Christian


    Christian Groebner MVP Forefront
    Thursday, June 10, 2010 9:15 AM
  • Hi Nick and Christian,

    Please read carefully my message: I don't speak about ENGINE but about SIGNATURE version.

    As far as my Cloudmark is concerned, the current SIGNATURE version is 5.25.13.36 (i.e. on May 25 at 1:36 PM).

    We have a lot of SPAM in our Exchange server, and it's going worste and worste.

    Please tell me how to update the SIGNATURE version for Cloudmark.

    Regards,

    Alain TOISON

    Monday, June 14, 2010 7:44 AM
  • Hi Alain,

    the Signature isn't updated, because Cloudmark uses online Signatures. When an email comes in Antigen sends a http/https-request to the cloudmark servers. That's why the signature isn't updated.

    Check this from: http://technet.microsoft.com/en-us/library/dd979820.aspx

    Using the Cloudmark anti-spam scan engine

    Antigen version 9 with Service Pack 2 incorporates new anti-spam technology through a partnership with Cloudmark that provides an improved anti-spam experience including higher detection rates, lower false positives, an improved submission experience, and an enhanced service experience. The solution integrates with the Antigen products in the same manner as any other engine with a few exceptions that are outlined in this section.

    Configuring Cloudmark updates

    In the Antigen Administrator, click SETTINGS, and then click Scanner Updates. Use the Scanner Update Settings pane to schedule Cloudmark engine updates. It is also recommended that you click the Update Now button before scanning, and that you disable SpamCure engine updates. Additionally, after disabling SpamCure engine updates, you should delete the following entry from Scheduled Tasks (accessible from Control Panel): Antigen-SpamCure OnLoad

    Cloudmark distributes anti-spam signature updates directly to the Antigen server. This differs from the other scan engines, which receive updates directly from Microsoft. Cloudmark signature updates are not configurable in the Antigen Administrator.

    An engine update refers to updating to a new version of a scan engine (which replaces the old version), whereas a signature update refers to new signatures being added to an existing scan engine.

    The Cloudmark engine utilizes HTTPS (port 443) to verify the user license while signatures are updated by the Cloudmark engine via HTTP (port 80). This requires that the Antigen server has the ability to connect to the Internet and that both port 80 and port 443 are open on any firewall through which the Antigen server connects.  Administrators can verify the connection to the Cloudmark servers by running the following commands on the Antigen server:

    • telnet cdn-microupdates.cloudmark.com 80
    • telnet lvc.cloudmark.com 443

    If you are not connecting to the required ports, you must configure your firewall to allow these connections.

    Greetings

    Christian

     


    Christian Groebner MVP Forefront
    Monday, June 14, 2010 8:25 AM
  • Hi Christian,

    Finally, I found the problem: Antigen was frozed without any reason and any error in the log.

    I had to restart completely our Exchange server (!!) to get Antigen running fine again.

    Now, Cloudmark signatures are well updated...

    Regards,

    Alain TOISON

    Monday, June 21, 2010 8:39 AM