Cloudmark and Antigen 9.x issues on the weekend of 06/25/11

  • Article

*Updated to include default folder path for Cloudmark*

If you are having issues with timeouts after updating your Cloudmark engine between Friday and Saturday afternoon this post should help you out.

 

On Friday night we released a Cloudmark engine that had an issue being validated by scan engine test.

This results in a rollback update loop that can cause timeouts and mail flow issues on Antigen 9.x servers.

Forefront Protection for Exchange is not effected by this update.

 

We rolled the engine back this weekend so no new issues should occur,

if you happen to still have the bad engine on your server you will need to delete the Cloudmark engine folder manually and re-download the re-packaged update.

By default the engine folder is located at c:\Program files\Microsoft Antigen for Exchange\engines\x86\Cloudmark

If you are on a cluster the folder would be <clusterdrive>:\AntigenCluster\Engines\x86\Cloudmark

The new update should then download and resolve your issue.

 

Hope that helps.

Comments

  • Anonymous
    June 27, 2011
    can you be specifc on exaclty what needs to be deleted to recover? Also it appeears the "signature version, which increments by the minute, is no longer updating as well. thanks

  • Anonymous
    June 27, 2011
    Added default path to post

  • Anonymous
    June 27, 2011
    Thanks!!!  That successfully refreshed the engine.   My "signature version" though stopped getting the minute by minute updates, remains ver 6.24.19.42. (June 24 7:42pm)   Appears cloudmark is no longer sending the incremental pattern updates.  This occurred friday right after the engine update.  I assume others are seeing that too.

  • Anonymous
    June 28, 2011
    The comment has been removed

  • Anonymous
    June 28, 2011
    Update: deleting the engine folder and running a forced update seemed to have worked. Thanks. Could I suggest an update to Antigen that in the event of it detecting a number of  failed update attempts it auto-renames the folder and effectively starts again? This would likely mitigate this problem somewhat from re-occurring. I didn't try this yesterday as I completely reinstalled Antigen on Saturday morning and it didn't resolve it.

  • Anonymous
    June 28, 2011
    ds-  when looking at your signature version, is it incrementing as it should?  I am stuck at 6.24.19.42   It should have the current date, like 6.28.x.x, but it stiopped diong that after the engine issue

  • Anonymous
    June 28, 2011
    Engine version:      11.234.0.20 Signature version:  6.28.15.33 Update version:      1106260005 But from what I understand the micro_updates from Cloudmark (which are the actual definitions that find the spam) don't show up on the engines versions list anyway

  • Anonymous
    June 28, 2011
    My signature is now showing 6.28.15.43 so maybe the micro_updates do show. You could try uninstall, reboot, reinstall?

  • Anonymous
    June 29, 2011
    Thanks.  Microupdates resumed after both deleting the engine folder and then a reboot.

  • Anonymous
    June 29, 2011
    Thanks for this info Van; I was working over the weekend to resolve this problem and eventually resorted to disabling the Cloudmark engine altogether and just relied on IMF. Was praying that someone would notice and resolve the issue this week :-)

  • Anonymous
    June 30, 2011
    I spoke with Cloudmark and the Tech that responded to me was laying all the blame with Microsoft. Could I request that updates are not sent out on a Friday please? This way if there is a problem it can be fixed before the people that would fix it go home for the weekend. Thanks

  • Anonymous
    June 30, 2011
    The comment has been removed

  • Anonymous
    June 30, 2011
    Just had to reinstall the engine again, but it seems to be working OK, for now... did this just affect Antigen users or Forefront as well?