Cloudmark Antispam Engine Not Updating In Forefront Protection 2010 For Exchange Server…

Share & Comment

I am working on a project which involves using Forefront Protection 2010 for Exchange as the antispam / antivirus solution. The customer has an array of TMG 2010 SP1 servers with Forefront 2010 for Exchange and Edge 2010 installed.

One thing I noticed after configuring the platform is that both Cloudmark and Worm List engines rarely update. A quick google highlighted the fact that many are facing the same issue and hence I looked more into the issue. Even when you force an update of all engines, these two has an old date (few months behind) as the “Last Update” date.

Engine

An information entry is logged in event viewer saying that Cloudmark engine did not detect any new engine updates.

Cloudmark Info

So, is my engine working fine? The answer is yes. The date that we need to look after an update cycle is in the “Definition Version” column. If that date is up-to-date and you don’t receive any error in event viewer, things are fine. The engine for Cloudmark isn’t updated very often, because it uses online signatures. The engine only need to be updates when there are some changes in it, like a new version.

Definition Version

Few things to note if you do have error while updating the Cloudmark engine. If your server doesn’t have a proxy requirement, uncheck the “Enable Proxy Server” option in Forefront Management Console and save the setting.

Enable Proxy

If you have forefront running on TMG, make sure that the server can anonymously access the following destinations. Create a rule for the same allowing both port 80 and 443.

  • cdn-microupdates.cloudmark.com
  • lvc.cloudmark.com
  • tracks.cloudmark.com
  • pki.cloudmark.com

Check the connection by running telnet from your server. Install telnet client from ServerManager, if you don’t have it already on the system. Run the following commands.

telnet cdn-microupdates.cloudmark.com 80
telnet lvc.cloudmark.com 443

If you have Forefront Protection on TMG 2010 and the TMG HTTPS inspection feature is enabled, you must enable the download of Cloudmark antispam engine definitions updates to the Forefront TMG server. The Cloudmark download site uses a self-signed certificate and TMG HTTPS inspection does not support the inspection of self-signed certificates. Hence, you must exclude the site the from HTTPS inspection. Follow the steps here

Cloudmark engine is the best protection you can have against spam and hence it is important to make sure that you run with the latest micro updates!

Share & Comment
Subscribe for Updates
Never miss a blog post again

6 comments… add one

  1. Bora Engin

    I noticed an increased spam rate and update error on cloudmark database. Upgrading to TMG was caused to this via https inspection. Thanks for this post i managed to solve the issue.

    1. Rajith Enchiparambil

      Happy to be of help Bora

  2. Ahmed

    we are using FSP for exchange on client-hub server none of the engine are updating, the engine are not updated even for once after there FSP has been deployed but when i see the FSP console on edge server it working fine and engine are updating,
    on CAS-HUB server the event log are field with 6012.6020,7004,7007 & 7048 error code, when i using internet explorer to connect to

    http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Microsoft
    http://forefrontdl.microsoft.com/server/scanengineupdate/amd64/Cloudmark
    http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Norman
    http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Command
    http://forefrontdl.microsoft.com/server/scanengineupdate/x86/Kaspersky

    403 – Forbidden: Access is denied.

    You do not have permission to view this directory or page using the credentials that you supplied.

    we are having TMG @ DMZ along with edge server,know should have create any access rule at tmg server or there something that needed to change at the Cas-Hub server

    1. Rajith Enchiparambil

      Do you have internet access on the CAS boxes Ahmed?

    2. Ahmed

      i got the engine updating after excluding the IP of Cas-Hub server from proxy server

      1. Rajith Enchiparambil

        Thanks Ahmed for the tip.

Leave a Comment