CASE down would be indicating the Anti-spam engine may have not reachable by the device at the time of the email scanning and it would retry to scan shortly after (12 seconds). I would suggest using this command on your device to ensure the anti-spam engine is not having further problems.
Log into the CLI > antispamupdate ironport force
Once done, it should take 5-10minutes (depending on network bandwidth) and the system will update and install a fresh CASE (antispam) engine on the device.
Your additional query, For filters to check what caused the match, you can use the filter action "Add Log Entry" then use the variable -> $MatchedContent
This will show what was matched from the email to your associated condition of the filter.
If you wish to know what spam rules caught an email, this information we're not able to share.
Hi Team, I have one exclusion provided by internal team which is Is it right way to exclude ? *\Program Files\XYZ\* , as per Cisco Docs i see its not recommended because it will create performance issue when we use * at starting , So...
Central Log Management using Cisco Security Analytics and Logging, December 2nd at 8am-9:30am PT
Cisco Security Analytics and Logging is Cisco’s Central Log Management solution for Network Operations and Security Outcomes. It is delivered both as a c...
Cyberattacks are more sophisticated than ever and your online presence has never been more critical to the success of your business. Cisco, through its OEM partnership with Radware, can help secure your digital future by continuously monitoring...