We have seen the exactly same thing you have seen. We are running 7.5.1 and the amount of SPAM getting through is unacceptable. We have opened a support call and have been forwarding lots of samples to the case. Not sure if the increase of messages about Spam updates failed/successful is related at all at this point.
We have also seen a large rise in the amout of spam getting through the filter. We are migrating to 7.5, as we were told that it does a much better job of cathing the newer types of spam. I would say that most of the issue lies with improved spamming techniques, vs any software issues (updates, etc)
The messages you are tagging as spam; what percent of that is actually legit? Do you have the user qurantine server enabled ?
Are you using a proxy to get the updates in MEG?
We too have had episodes in the past with 7.5P1 and 7.5P2 where the appliances would not get their spam updates properly, you could see lots of the following errors in the logs:
spam_updater:state=_FAILED_(_LOADING_) ver=4844 error=80052112 (ECURLE_PARTIAL_FILE)
spam_updater:state=_FAILED_(_WAITING_) ver=4845 error=8005211c (ECURLE_OPERATION_TIMEOUTED)
We had the MEGs using our McAfee WebGateway as a proxy for their updates. We solved the issue by systematically whitelisting the spam update sites for the MEGs so that nothing would get scanned by the WG in the response and this got rid of the vast majority of those errors. We still see some, but not more that 1-2 a day (whereas before we could see 30-40 a day, often 5-10 in sequence).
We just received the following notification that seems to indicate the reason for the increase in SPAM the last couple of weeks.
From: McAfee SNS [mailto:email@example.com]
Sent: Wednesday, March 26, 2014 3:36 PM
Subject: McAfee SNS Notice: Messaging Reputation Server *UPDATE*
Restoration of the Messaging Reputation server and database used for spam filtering will be completed on schedule next week.
McAfee expects a return to normal operating parameters. Tuning enhancements will continue and customers should expect to see incremental improvements over the following 7 days. Additionally, McAfee will increase spam protection and system reliability over the next three months, resulting in additional improvements.
Previously Announced via SNS (10 March 2014)
The McAfee GTI Messaging Reputation database server experienced a hardware failure and impact to the database. Because McAfee was unable to provide updated messaging reputation data to these products, existing reputation data grew stale over time, resulting in more spam getting through to mailboxes.
Products utilizing anti-spam technology were impacted:
- IronMail (McAfee E-Mail Gateway [MEG] 6.x)
- E-mail Gateway (MEG 7.x)
- Firewall Enterprise (All versions)
- E-mail and Web Security Gateway (All versions)
- SaaS E-Mail Protection
- Security for Microsoft Exchange (formerly GroupShield)
- TrustedSource.com Website
- Security Center
This problem is back. Over the last week and especially this weekend I have been getitng a lot more spam. Also getitng a lot of alters about spam defintions updating after repeated failures. It looks like it tries to update every 10 minutes but I would think that, even if the updates only happened every few hours, a lot of the obvious spam should have been blocked.