Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1388
Views
0
Helpful
9
Replies

Known issue : Bad CASE definition files?

Rick Donovan
Level 1
Level 1

‎06-04-2014 05:58 AM

Hey guys,

Surprised there isn't a topic on this already.

Since early this morning I have noticed almost all of our e-mails being dropped by CASE - customer e-mails, test e-mails, basically everything externally coming in.

Called Cisco support and apparently they have had a 6-7 tickets with customers complaining about the same thing.

Until that happens, I have change positively identified spam = quarantine instead of dropping.

 

I suspect a bad CASE definitions file - typo in the regex probably ;)

Labels:
0 Helpful
9 Replies 9

Robert Sherwin
Cisco Employee
Cisco Employee

‎06-04-2014 06:16 AM

What version of AsyncOS are you running?  8.5.5/8.5.6 by chance?  We do have an open case w/ our Operations team to address issues seen so far to day w/ CASE.

-Robert

Cheers,
Robert Sherwin
0 Helpful

Rick Donovan
Level 1
Level 1
In response to Robert Sherwin

‎06-04-2014 06:24 AM

Yup - running 8.5.5-280

0 Helpful

Matthias Goetz
Level 1
Level 1

‎06-04-2014 06:27 AM

Hi there,

 

having same issues since this morning. Tac case open since an hour - no answer so far.

Many mails are dropped to quarantine as spam, even the tac received notice got quarantined.

tac to refer ---> # 630586015

I disabled case core engine now.

 

regards

Matthias

0 Helpful

Matthias Goetz
Level 1
Level 1
In response to Matthias Goetz

‎06-04-2014 06:30 AM

btw also running

Version: 8.5.5-280

0 Helpful

Robert Sherwin
Cisco Employee
Cisco Employee

‎06-04-2014 07:22 AM

Thank you all.  We do have this escalated to our team, and currently pending a rules fix/push to correct.  Please stand-by, I will update this thread as soon as we have this identified and available.

-Robert

Cheers,
Robert Sherwin
0 Helpful

Rick Donovan
Level 1
Level 1
In response to Robert Sherwin

‎06-04-2014 08:09 AM

Thank you Robert. Please let us know what versions of the IronPort this would have affected.

0 Helpful

Robert Sherwin
Cisco Employee
Cisco Employee
In response to Rick Donovan

‎06-04-2014 07:57 PM

This should have been pushed and corrected.  Please run 'antispamupdate ironport force' from the CLI on the appliance(s), and assure that you are seeing a current time stamp on the rules.

This would have affected 8.5+ revisions, from the information I was provided earlier today.

Current as of my lab:

Component              Last Update                  Version
  CASE Core Files        05 Jun 2014 04:40 (GMT +00:00)  3.3.1-009
  CASE Utilities         05 Jun 2014 04:40 (GMT +00:00)  3.3.1-009
  Structural Rules       05 Jun 2014 04:40 (GMT +00:00)  3.3.1-009-20140603_185702
  Web Reputation DB      05 Jun 2014 04:40 (GMT +00:00)  20140604_091141
  Web Reputation DB Update  05 Jun 2014 04:40 (GMT +00:00)  20140604_091141-20140605_022926
  Content Rules          05 Jun 2014 04:40 (GMT +00:00)  20140605_025357
  Content Rules Update   05 Jun 2014 04:40 (GMT +00:00)  20140605_025422

Let me know if you are still seeing persisting issues.

-Robert

Cheers,
Robert Sherwin
0 Helpful

Matthias Goetz
Level 1
Level 1
In response to Robert Sherwin

‎06-04-2014 10:49 PM

Thanks Robert, I am reenabling now the antispam engine. Btw. you are faster then TAC support. ;)

0 Helpful

Robert Sherwin
Cisco Employee
Cisco Employee
In response to Matthias Goetz

‎06-05-2014 06:19 AM

But - I am TAC, too.  :-)

-Robert

Cheers,
Robert Sherwin
0 Helpful
Customers Also Viewed These Support Documents