Spam definitions fail to update on Messaging Gateway

book

Article ID: 171068

calendar_today

Updated On:

Products

Messaging Gateway

Issue/Introduction

Spam definitions for Symantec Messaging Gateway (SMG) are out-of-date. The definitions should have updated within several minutes of checking.

Resolution

The Conduit process should update the spam definition from https://aztec.brightmail.com over HTTPS on port 443.

If spam definitions do not update, follow these steps, in order, until you determine the cause:

  1. In the SMG Control Center, navigate to Status > Logs.
  2. From the Log type menu, select Conduit Logs, and then click Display.
    Check the logs for messages that relate to spam definition updates. These messages contain details to help diagnose the issue.
  3. Navigate to Administration > Licenses, and ensure that the Symantec Antispam license status shows "Licensed."
  4. Navigate to Administration > Configuration, select the Control Center host, and click Edit.
  5. Click the Services tab, and check that the status of the Conduit service is "Running."
    To restart the service, click Stop, and then Start.
  6. The spam definition update can also fail if the DNS server is not properly configured, or the name resolution service is not available. On the command line, log in to SMG with the admin account.
    1. Check the DNS connection with the following command:

      nslookup aztec.brightmail.com
       
    2. If the lookup fails, confirm the DNS servers configured in the SMG are working properly.
    3. Restart the DNS service with the following commands:

      dns-control restart
      dns-control flush
       
    4. Once the service restarts, check that the DNS server can resolve the spam update site again.

      nslookup aztec.brightmail.com
       
  7. To check if there is a valid connection between SMG and the server, enter the following command:

    telnet aztec.brightmail.com 443

    If this step fails, check the proxy server, firewall, and any other device that could be blocking the connection.
  8. To ensure that the SMG Control Center displays the latest spam definition information, restart the Control Center service:

    service controlcenter restart

    After 10 minutes, check the spam definition updates: In the SMG Control Center, navigate to Status > Hosts > Host Status > Software, and click the Services tab. Click the link for the Control Center host. Expand the Scanner > Conduit tree to view when the spam filters were last updated.
  9. There is a remote possibility that the last set of spam definitions were corrupted and the newly downloaded definitions cannot be rolled out. From the command line, enter the following command to delete the spam definitions and revert the anti-spam filters to factory status.

    delete dayzerorules fastpassrules intsigrules regexrules spamhunterrules spamsigrules bodyhashrules statsigrules permitrules

    Type "yes" to confirm, then restart the Conduit service to trigger the spam definition update. (see Step 3).
  10. If the previous steps did not find the problem, set the Conduit log level to Debug, and check the log for specific reasons.
    1. In the SMG Control Center, navigate to Administration > Logs, and click the Local tab. In the Local Logging panel, select the affected host from the drop-down menu. From the Conduit dropdown menu, select Debug (most log data). At the bottom of the page, click Save.
    2. Allow at least an hour to collect log data, and then navigate to Status > Logs. On the View Logs page, from the Host menu, select the affected host. From the Severity menu, select Debug. From the Log type menu, select Conduit Logs, and then click Display.
    3. If there is an open support case for this issue, we recommend that you run diagnostics and upload it to the case, under Administration > Utilities > Diagnostics. Select the scanner on which you want to run the diagnostics.

Note: Remember to set the Conduit log to the default log level after you finish your troubleshooting.

Attachments