I am working on a project which involves using Forefront Protection 2010 for Exchange as the antispam / antivirus solution. The customer has an array of TMG 2010 SP1 servers with Forefront 2010 for Exchange and Edge 2010 installed.
One thing I noticed after configuring the platform is that both Cloudmark and Worm List engines rarely update. A quick google highlighted the fact that many are facing the same issue and hence I looked more into the issue. Even when you force an update of all engines, these two has an old date (few months behind) as the “Last Update” date.
An information entry is logged in event viewer saying that Cloudmark engine did not detect any new engine updates.
So, is my engine working fine? The answer is yes. The date that we need to look after an update cycle is in the “Definition Version” column. If that date is up-to-date and you don’t receive any error in event viewer, things are fine. The engine for Cloudmark isn't updated very often, because it uses online signatures. The engine only need to be updates when there are some changes in it, like a new version.
Few things to note if you do have error while updating the Cloudmark engine. If your server doesn’t have a proxy requirement, uncheck the “Enable Proxy Server” option in Forefront Management Console and save the setting.
If you have forefront running on TMG, make sure that the server can anonymously access the following destinations. Create a rule for the same allowing both port 80 and 443.
- cdn-microupdates.cloudmark.com
- lvc.cloudmark.com
- tracks.cloudmark.com
- pki.cloudmark.com
Check the connection by running telnet from your server. Install telnet client from ServerManager, if you don’t have it already on the system. Run the following commands.
telnet cdn-microupdates.cloudmark.com 80
telnet lvc.cloudmark.com 443
If you have Forefront Protection on TMG 2010 and the TMG HTTPS inspection feature is enabled, you must enable the download of Cloudmark antispam engine definitions updates to the Forefront TMG server. The Cloudmark download site uses a self-signed certificate and TMG HTTPS inspection does not support the inspection of self-signed certificates. Hence, you must exclude the site the from HTTPS inspection. Follow the steps here
Cloudmark engine is the best protection you can have against spam and hence it is important to make sure that you run with the latest micro updates!
No comments:
Post a Comment