Surprised there isn't a topic on this already.
Since early this morning I have noticed almost all of our e-mails being dropped by CASE - customer e-mails, test e-mails, basically everything externally coming in.
Called Cisco support and apparently they have had a 6-7 tickets with customers complaining about the same thing.
Until that happens, I have change positively identified spam = quarantine instead of dropping.
I suspect a bad CASE definitions file - typo in the regex probably ;)
What version of AsyncOS are you running? 8.5.5/8.5.6 by chance? We do have an open case w/ our Operations team to address issues seen so far to day w/ CASE.
having same issues since this morning. Tac case open since an hour - no answer so far.
Many mails are dropped to quarantine as spam, even the tac received notice got quarantined.
tac to refer ---> # 630586015
I disabled case core engine now.
Thank you all. We do have this escalated to our team, and currently pending a rules fix/push to correct. Please stand-by, I will update this thread as soon as we have this identified and available.
This should have been pushed and corrected. Please run 'antispamupdate ironport force' from the CLI on the appliance(s), and assure that you are seeing a current time stamp on the rules.
This would have affected 8.5+ revisions, from the information I was provided earlier today.
Current as of my lab:
Component Last Update Version
CASE Core Files 05 Jun 2014 04:40 (GMT +00:00) 3.3.1-009
CASE Utilities 05 Jun 2014 04:40 (GMT +00:00) 3.3.1-009
Structural Rules 05 Jun 2014 04:40 (GMT +00:00) 3.3.1-009-20140603_185702
Web Reputation DB 05 Jun 2014 04:40 (GMT +00:00) 20140604_091141
Web Reputation DB Update 05 Jun 2014 04:40 (GMT +00:00) 20140604_091141-20140605_022926
Content Rules 05 Jun 2014 04:40 (GMT +00:00) 20140605_025357
Content Rules Update 05 Jun 2014 04:40 (GMT +00:00) 20140605_025422
Let me know if you are still seeing persisting issues.