Assure that all of your processes and rulesets are updated:
> antispamupdate ironport force
> outbreakupdate force
> repengupdate force
After ~5 minutes - you should be able to check status and see current/up-to-date time stamps on the engine and rules:
> antispamstatus ironport
> repengstatus
> outbreakstatus
Depending on what you have licensed, and active - your results may vary.
If you have a strong, repetative sender or subject - you can check the Threat Outbreaks, and see if there is a current hot topic that is trending you may be facing:
http://tools.cisco.com/security/center/threatOutbreak.x?i=77
If so - the more submittals, the quicker we are able to help update and push rules to help everyone:
Submit Spam Instructions
Save the email as a .eml file
Attach the file to an email and send to the following:
Cisco IronPort Anti-Spam
Report undetected spam to: spam@access.ironport.com
Report false-positives to: ham@access.ironport.com
Phishing Spam
Report phising attempts to: phish@access.ironport.com
Marketing Spam
Report marketing spam false positives to: not_ads@access.ironport.com
Report marketing spam false negatives to: ads@access.ironport.com
Please be aware that neither the automatic nor the manual submissions will result in an automatic response from our AntiSpam team, so in case you would like feedback, please let us know how the submissions were done, when it was done, and the email address used for the submission.
For more information on submitting spam, then please review:
http://tinyurl.com/lpz9z
Hope this helps!
-Robert
(*If you have received the answer to your original question, and found this helpful/correct - please mark the question as answered, and be sure to leave a rating to reflect!)
