2009년 12월 29일 화요일 오전 11:35Hi,
I have a problem by using Antigen for SMTP Gateways SP2. My configuration:
All incoming messages are scanned and quarantined by Antigen. IMF at Exchange scans the messages once again and quarantine it, if SCL is 8 or higher.
Because IMF doesn't allow to create a whitelist and to manage only one quarantine, I want to switch completely to Antigen/Cloudmark.
I noticed that antigen does not recognize more than 20% of my spam (about 650 mails per hour! )! Other users have better experiences with Cloudmark?
So if I want to switch and deactivate IMF, I have to improve the scan result!
Most of the messages that Cloudmark does not recognize, have a very large IMF SCL. I do not understand, why Cloudmark has problems with such obvious spam?
Every incoming message, which passes both filters, I forward to Microsoft and Cloudmark as described in the documentation. But I can't see any changes in the scan result. The same "kind of spam mail" is arriving over and over.
It really helps when I do that? How long does this take? I could send the entire IMF archive to Cloudmark. Would it help to improve the result?
2010년 1월 4일 월요일 오전 10:45중재자
Thank you for the post.
Before going any further, I’d like to confirm the following question:
1. Have you verified that signature updates are downloading every few minutes?
2. Are you running with the latest engine version?
You’ll also find some points for troubleshooting in this guide: http://technet.microsoft.com/en-us/library/bb914045.aspx. And for your reference, I will share with you a blog that describes the interaction between Antigen and IMF:
How do Exchange IMF and Antigen Advanced Spam Manager work together?
Nick Gu - MSFT
- 답변으로 제안됨 Nick Gu - MSFTMicrosoft Contingent Staff, Moderator 2010년 1월 4일 월요일 오전 10:45
2010년 1월 4일 월요일 오후 2:25I can connect per telnet cdn-microupdates.cloudmark.com 80 // telnet lvc.cloudmark.com 443 and I can also see some traffic with Whireshark to this servers.
Is there a other way to check, if signature updates are applied? Maybe by checking some timestamps in the Antigen directory?
The enginge version isn't displayed correctly in Antigen, so I can't check this (Engine Version 0.0.0 ). But if I manually "Update now", the update will start und finish without problems. Also here: Can I check the installed version by other ways? File timestamps or someting like that?
2010년 1월 5일 화요일 오전 9:38
2010년 1월 7일 목요일 오전 7:16중재자
According to your description, the connection was ok and you can get the updates. Cloudmark uses the FSEContentScanner.exe process to receive signature updates. This uses approximately 80 MB initially, after which it uses an average of between 80 MB to 150 MB per 24-hour period. Meanwhile, please install the following hotfix.
Nick Gu - MSFT
2010년 1월 7일 목요일 오전 11:33I tried to install this hotfix but it ended in a disaster :-)
The only way to improve the scan result is through this hotfix? Other users have a significantly better result, or Cloudmark is simply not as good?