First of all my apologies for the delay in getting a response.
As a best practice we suggest you allow the appliance unrestricted access to the Internet on ports 21 and 80/443 (this can also be through a proxy server if necessary) so it can access updates. Unfortunately it is not possible to update the Commtouch AV engine and DAT files from ePO so you need to allow the appliance to retrieve the files from the update servers. If you need a list of the relevant update servers I suggest you open a service request with technical support so they can provide you with the information required.
Hope this helps.
FAQs for Network DLP - http://kc.mcafee.com/corporate/index?page=content&id=KB77088
FAQs for Email Gateway 7.x - http://kc.mcafee.com/corporate/index?page=content&id=KB76144