Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. If you'd prefer to explore, try our test area to get started. And see here for current known issues.

New Member

Known issue : Bad CASE definition files?

Hey guys,

Surprised there isn't a topic on this already.

Since early this morning I have noticed almost all of our e-mails being dropped by CASE - customer e-mails, test e-mails, basically everything externally coming in.

Called Cisco support and apparently they have had a 6-7 tickets with customers complaining about the same thing.

Until that happens, I have change positively identified spam = quarantine instead of dropping.

 

I suspect a bad CASE definitions file - typo in the regex probably ;)

  • Email Security
Everyone's tags (2)
9 REPLIES
Cisco Employee

What version of AsyncOS are

What version of AsyncOS are you running?  8.5.5/8.5.6 by chance?  We do have an open case w/ our Operations team to address issues seen so far to day w/ CASE.

-Robert

New Member

Yup - running 8.5.5-280

Yup - running 8.5.5-280

New Member

Hi there, having same issues

Hi there,

 

having same issues since this morning. Tac case open since an hour - no answer so far.

Many mails are dropped to quarantine as spam, even the tac received notice got quarantined.

tac to refer ---> # 630586015

I disabled case core engine now.

 

regards

Matthias

New Member

btw also runningVersion: 8.5

btw also running

Version: 8.5.5-280

Cisco Employee

Thank you all.  We do have

Thank you all.  We do have this escalated to our team, and currently pending a rules fix/push to correct.  Please stand-by, I will update this thread as soon as we have this identified and available.

-Robert

New Member

Thank you Robert. Please let

Thank you Robert. Please let us know what versions of the IronPort this would have affected.

Cisco Employee

This should have been pushed

This should have been pushed and corrected.  Please run 'antispamupdate ironport force' from the CLI on the appliance(s), and assure that you are seeing a current time stamp on the rules.

This would have affected 8.5+ revisions, from the information I was provided earlier today.

Current as of my lab:

Component              Last Update                  Version
  CASE Core Files        05 Jun 2014 04:40 (GMT +00:00)  3.3.1-009
  CASE Utilities         05 Jun 2014 04:40 (GMT +00:00)  3.3.1-009
  Structural Rules       05 Jun 2014 04:40 (GMT +00:00)  3.3.1-009-20140603_185702
  Web Reputation DB      05 Jun 2014 04:40 (GMT +00:00)  20140604_091141
  Web Reputation DB Update  05 Jun 2014 04:40 (GMT +00:00)  20140604_091141-20140605_022926
  Content Rules          05 Jun 2014 04:40 (GMT +00:00)  20140605_025357
  Content Rules Update   05 Jun 2014 04:40 (GMT +00:00)  20140605_025422

Let me know if you are still seeing persisting issues.

-Robert

New Member

Thanks Robert, I am

Thanks Robert, I am reenabling now the antispam engine. Btw. you are faster then TAC support. ;)

Cisco Employee

But - I am TAC, too.  :-)

But - I am TAC, too.  :-)

-Robert

250
Views
0
Helpful
9
Replies