Spam definitions fail to update on Messaging Gateway
search cancel

Spam definitions fail to update on Messaging Gateway


Article ID: 171068


Updated On:


Messaging Gateway


The Control Center Status > Dashboard page shows spam definitions for Messaging Gateway (SMG) are out of date or the Control Center is sending Alerts indicating that the spam definitions are older that 24 hours on one or more SMG scanners.


The Conduit process should update the spam definition from over HTTPS on port 443.

If spam definitions do not update, follow these steps, in order, until you determine the cause:

  1. In the SMG Control Center, navigate to Status > Logs.
  2. From the Log type menu, select Conduit Logs, and then click Display.
    Check the logs for messages that relate to spam definition updates. These messages contain details to help diagnose the issue.
  3. Go to Administration > Licenses, and ensure that the Symantec Antispam license status shows "Licensed."
  4. Go to Status > Hosts > Software and Services
  5. Ensure that the Conduit service is running on all scanner hosts
  6. The spam definition update can also fail if the DNS server is not properly configured, or the name resolution service is not available. On the command line, log in to SMG with the admin account.
    1. Check the DNS connection with the following command:

    2. If the lookup fails, confirm the DNS servers configured in the SMG are working properly.
    3. Restart the DNS service with the following commands:

      dns-control restart
      dns-control flush
    4. Once the service restarts, check that the DNS server can resolve the spam update site again.

  7. To check if there is a valid connection between SMG and the server, enter the following command:

    telnet 443

    If this step fails, check the proxy server, firewall, and any other device that could be blocking the connection.
  8. To ensure that the SMG Control Center displays the latest spam definition information, restart the Control Center service:

    service controlcenter restart

    After 10 minutes, check the spam definition updates: In the SMG Control Center, navigate to Status > Hosts > Host Status > Software, and click the Services tab. Click the link for the Control Center host. Expand the Scanner > Conduit tree to view when the spam filters were last updated.
  9. There is a remote possibility that the last set of spam definitions were corrupted and the newly downloaded definitions cannot be rolled out. From the command line, enter the following command to delete the spam definitions and revert the anti-spam filters to factory status.

    delete dayzerorules fastpassrules intsigrules regexrules spamhunterrules spamsigrules bodyhashrules statsigrules permitrules

    Type "yes" to confirm, then restart the Conduit service to trigger the spam definition update. (see Step 3).
  10. If the previous steps did not find the problem, set the Conduit log level to Debug, and check the log for specific reasons.
    1. In the SMG Control Center, navigate to Administration > Logs, and click the Local tab. In the Local Logging panel, select the affected host from the drop-down menu. From the Conduit dropdown menu, select Debug (most log data). At the bottom of the page, click Save.
    2. Allow at least an hour to collect log data, and then navigate to Status > Logs. On the View Logs page, from the Host menu, select the affected host. From the Severity menu, select Debug. From the Log type menu, select Conduit Logs, and then click Display.
    3. If there is an open support case for this issue, we recommend that you run diagnostics and upload it to the case, under Administration > Utilities > Diagnostics. Select the scanner on which you want to run the diagnostics.

Note: Remember to set the Conduit log to the default log level after you finish your troubleshooting.