I am running McAfee Email Gateway 7.0.4 as a virtual machine. E-mail that is scored with a spam score 10 or higher is quarantined. E-mail that is scored as 5 or higher (but less than 10) has [SPAM] prepended to subject line and released. For the last 2 years this has caught most of the spam. Most spam (at least to me) was quarantined. Some spam would be tagged with [SPAM] but released. On occasion, some spam would get through with out even being tagged.
About 1 week ago I started getting a lot more spam in my inbox. About 1/2 is tagged as [SPAM] but the other 1/2 is not even tagged. I still get some spam being quarantined, although it seems less that in the past. It seems the overall amount of spam I get has not actually increased but that the gateway is catching less , or scoring it lower.
As the admin, I also get e-mail notifications if the spam update failed for a while (it would eventually succeed.)
"Anti-spam update failing repeatedly. DATs/rules update failed. "
Anti-spam rules update succeeded after a series of failures. Successfully updated DATs/rules.
This would happen once in a while in the past, but now happens several times a day.
I believe the current behavior of our gateway is to allow e-mail through if spam processing is not working. But I would expect that spam functionality still to work even if the spam filter has not updated.
I suspect the spam is getting through while the gateway is having update issues. Not sure if this indicates a problem with our internet connection, or a problem with the McAfee download site, or improved spamming technques.
Anyone else notice a sudden increase in spam getting through?
We have seen the exactly same thing you have seen. We are running 7.5.1 and the amount of SPAM getting through is unacceptable. We have opened a support call and have been forwarding lots of samples to the case. Not sure if the increase of messages about Spam updates failed/successful is related at all at this point.
We have also seen a large rise in the amout of spam getting through the filter. We are migrating to 7.5, as we were told that it does a much better job of cathing the newer types of spam. I would say that most of the issue lies with improved spamming techniques, vs any software issues (updates, etc)
The messages you are tagging as spam; what percent of that is actually legit? Do you have the user qurantine server enabled ?
Are you using a proxy to get the updates in MEG?
We too have had episodes in the past with 7.5P1 and 7.5P2 where the appliances would not get their spam updates properly, you could see lots of the following errors in the logs:
spam_updater:state=_FAILED_(_LOADING_) ver=4844 error=80052112 (ECURLE_PARTIAL_FILE)
spam_updater:state=_FAILED_(_WAITING_) ver=4845 error=8005211c (ECURLE_OPERATION_TIMEOUTED)
We had the MEGs using our McAfee WebGateway as a proxy for their updates. We solved the issue by systematically whitelisting the spam update sites for the MEGs so that nothing would get scanned by the WG in the response and this got rid of the vast majority of those errors. We still see some, but not more that 1-2 a day (whereas before we could see 30-40 a day, often 5-10 in sequence).
We just received the following notification that seems to indicate the reason for the increase in SPAM the last couple of weeks.
From: McAfee SNS [mailto:email@example.com]
Sent: Wednesday, March 26, 2014 3:36 PM
Subject: McAfee SNS Notice: Messaging Reputation Server *UPDATE*
This problem is back. Over the last week and especially this weekend I have been getitng a lot more spam. Also getitng a lot of alters about spam defintions updating after repeated failures. It looks like it tries to update every 10 minutes but I would think that, even if the updates only happened every few hours, a lot of the obvious spam should have been blocked.