Check your SBRS Scores after upgrading to 8.5.6-092!
I upgraded my ESA from 8.5.6-073 to 8.5.6-092 on the 26th September.
Today I noticed a lot of malicious e-mails coming through our IronPort and when I checked the message tracking logs I saw the message:
SBRS Score: unable to retrieve
Phoned support and they told me to run a 'repengstatus' command to see when the last update for the repuation engine was. My last update was on the 26th September... coincidence?
I ran a 'repengupdate force' command which forced the update (wait around 10 minutes) and now the engine has been updated; e-mails now have SBRS scores.
There are two reasons why I made this discussion post:
1. If you ran an upgrade to 8.5.6-092, please check that your SBRS scores and rep engine is being updated because your IronPort could be letting a lot of spam/malicious e-mails through.
2. To support - why did this happen? I'm thinking the upgrade caused the issue because I updated on 26th and last update of rep engine was on the 26th but this could just be a coincidence (I've never experienced SBRS score failures).
I just want to update this thread with the following info I got from the engineer - basically it's a bug in the update process and running repengupdate force fixes it - I wouldn't worry about running these commands as all it does it force update the engines.
It was only that with the upgrade of the AsyncOS, the reputation engine stopped working correct.
the newest updates have been downloaded, but was not applied correctly, because of the inconsistent reputation engine. with the forced update, the Appliance has downloaded the complete newest engine and also the newest rules and with the final restart of the feature after the forced update, it started working again.
So the "repengupdate force" has solved the issue that was caused because of the previous reason.
I wouldn't say that running repengupdate force is not suppose to be done, aside from a formal request... is odd to see or hear that would have been mentioned. With the force updates for any of the processes on the ESA, this is usually always a good troubleshooting step for any customer --- as the process will instantly call out to the updater servers, compare manifests, and then pull regardless of what is running the latest engine and rules sets for the process... and then silently implement in the background. While for the customers who might have bandwidth limiting options running on their network, the only major side effect is the package size that is coming across... since the engine is tagged into the rules...
But, normally with antivirus and antispam - this is the most helpful to run antivirusupdate force or antispamupdate ironport force. Especially in times where the update process itself may have been interrupted with a network related hiccup or staled out download.
I am facing the same issue as Rick. This has become a risk now as I have to update the reputation engine regularly, otherwise spam emails will barge in. Moreover, we have settings to throttle emails from SBRS "None" sources which apparently will be the case for all messages whenever there is this problem. The last Cisco engineer had asked us to upgrade to 8.5.6 which we did, but the problem still persists.
Our appliances are currently in 8.5.6-092 version. As per your note the release 8.5.6-093 would solve this issue, but I don't see this release available for upgrade. Coudl Cisco tech push the update to the boxes?
Login to the FXOS chassis manager.
Direct your browser to https://hostname/, and log-in using the user-name and password.
Go to Help > About and check the current version:
Check the current version availa...
We have configured the outside and inside Interface with official ipv6 adresses, set a default route on outside Interface to our router, we also have definied a rule , which also gets hits, to permit tcp from inside Interface to any6.
In Syslog I also se...