로그인
 
라이브러리학습다운로드지원커뮤니티포럼
Resources for IT Professionals >
Cloudmark - bad result...

제안된 답변 Cloudmark - bad result...

  • 2009년 12월 29일 화요일 오전 11:35
     
     
    로그인하여 투표
    0
    Hi,

    I have a problem by using Antigen for SMTP Gateways SP2. My configuration:

    All incoming messages are scanned and quarantined by Antigen. IMF at Exchange scans the messages once again and quarantine it, if SCL is 8 or higher.
    Because IMF doesn't allow to create a whitelist and to manage only one quarantine, I want to switch completely to Antigen/Cloudmark.

    I noticed that antigen does not recognize more than 20% of my spam (about 650 mails per hour! )! Other users have better experiences with Cloudmark?
    So if I want to switch and deactivate IMF, I have to improve the scan result!

    Most of the messages that Cloudmark does not recognize, have a very large IMF SCL. I do not understand, why Cloudmark has problems with such obvious spam?
    Every incoming message, which passes both filters, I forward to Microsoft and Cloudmark as described in the documentation. But I can't see any changes in the scan result. The same "kind of spam mail" is arriving over and over.
    It really helps when I do that? How long does this take? I could send the entire IMF archive to Cloudmark. Would it help to improve the result?

    Thanks,
    Mimm
     

모든 응답

  • 2010년 1월 4일 월요일 오전 10:45
    중재자
     
     제안된 답변
    로그인하여 투표
    0

    Hi,

     

    Thank you for the post.

     

    Before going any further, I’d like to confirm the following question:

    1.      Have you verified that signature updates are downloading every few minutes?

    2.      Are you running with the latest engine version?

     

    You’ll also find some points for troubleshooting in this guide: http://technet.microsoft.com/en-us/library/bb914045.aspx. And for your reference, I will share with you a blog that describes the interaction between Antigen and IMF:

     

    How do Exchange IMF and Antigen Advanced Spam Manager work together?

    http://blogs.technet.com/fssnerds/archive/2009/02/25/how-do-exchange-imf-and-antigen-advanced-spam-manager-work-together.aspx

     

    Regards,

    Nick Gu - MSFT
     
  • 2010년 1월 4일 월요일 오후 2:25
     
     
    로그인하여 투표
    0
    I can connect per telnet cdn-microupdates.cloudmark.com 80 // telnet lvc.cloudmark.com 443 and I can also see some traffic with Whireshark to this servers.
    Is there a other way to check, if signature updates are applied? Maybe by checking some timestamps in the Antigen directory?

    The enginge version isn't displayed correctly in Antigen, so I can't check this (Engine Version 0.0.0 ). But if I manually "Update now", the update will start und finish without problems. Also here: Can I check the installed version by other ways? File timestamps or someting like that?

    Thanks,
    Mimm
     
  • 2010년 1월 5일 화요일 오전 9:38
     
     
    로그인하여 투표
    0
    Output from the ISA log:
    Everything is fine, isn't it?

    ImageBanana - 20100105_103101.png

    ImageBanana - 20100105_103409.png
     
  • 2010년 1월 7일 목요일 오전 7:16
    중재자
     
     
    로그인하여 투표
    0

    Hi,

     

    According to your description, the connection was ok and you can get the updates. Cloudmark uses the FSEContentScanner.exe process to receive signature updates. This uses approximately 80 MB initially, after which it uses an average of between 80 MB to 150 MB per 24-hour period. Meanwhile, please install the following hotfix.

     

    http://support.microsoft.com/kb/975355/en-us

     

    Regards,

    Nick Gu - MSFT
     
  • 2010년 1월 7일 목요일 오전 11:33
     
     
    로그인하여 투표
    0
    I tried to install this hotfix but it ended in a disaster :-)
    See here:
    http://social.technet.microsoft.com/Forums/en-US/Antigen/thread/cbcac4e9-8b4e-4f1b-b76e-384e573b4ea3

    The only way to improve the scan result is through this hotfix? Other users have a significantly better result, or Cloudmark is simply not as good?

    Thanks,
    Mimm