can you be specifc on exaclty what needs to be deleted to recover? Also it appeears the "signature version, which increments by the minute, is no longer updating as well.

thanks

Added default path to post

Thanks!!!  That successfully refreshed the engine.   My "signature version" though stopped getting the minute by minute updates, remains ver 6.24.19.42. (June 24 7:42pm)   Appears cloudmark is no longer sending the incremental pattern updates.  This occurred friday right after the engine update.  I assume others are seeing that too.

The default action on engine timeout is set to delete so this 'error' caused all emails being received on Friday 24th June @18:20 UK time onwards to be deleted as the scan engine would crash every time.

Luckily we were alerted to it quite quickly and I disabled the engine and used RBL lists but could find nothing about it on "teh internets" until I mailed Cloudmark directly and they linked me to here.

In short is this likely to be a one-off incident as it caused me to be up until 3:30am Saturday morning reinstalling and diagnosing the fault...

Update: deleting the engine folder and running a forced update seemed to have worked. Thanks.

Could I suggest an update to Antigen that in the event of it detecting a number of  failed update attempts it auto-renames the folder and effectively starts again? This would likely mitigate this problem somewhat from re-occurring.

I didn't try this yesterday as I completely reinstalled Antigen on Saturday morning and it didn't resolve it.

ds-  when looking at your signature version, is it incrementing as it should?  I am stuck at 6.24.19.42   It should have the current date, like 6.28.x.x, but it stiopped diong that after the engine issue

Engine version:      11.234.0.20

Signature version:  6.28.15.33

Update version:      1106260005

But from what I understand the micro_updates from Cloudmark (which are the actual definitions that find the spam) don't show up on the engines versions list anyway

My signature is now showing 6.28.15.43 so maybe the micro_updates do show.

You could try uninstall, reboot, reinstall?

Thanks.  Microupdates resumed after both deleting the engine folder and then a reboot.

Thanks for this info Van; I was working over the weekend to resolve this problem and eventually resorted to disabling the Cloudmark engine altogether and just relied on IMF. Was praying that someone would notice and resolve the issue this week :-)

I spoke with Cloudmark and the Tech that responded to me was laying all the blame with Microsoft.

Could I request that updates are not sent out on a Friday please? This way if there is a problem it can be fixed before the people that would fix it go home for the weekend.

Thanks

Is there another problem as since 10:20pm UK time on the 28th June I am getting this in the event log of our inbound SMTP gateway:

UpdateException: GetFileCommand failed on Local Filename: data\cloudmarkdata.txt.cab Remote Filename: data/CloudmarkData.txt.cab.  (0x00000003) The system cannot find the path specified.  Failed to create file: C:\Program Files\Microsoft Antigen for SMTP\Engines\x86\Cloudmark\Package\Staging\data\cloudmarkdata.txt.cab.

Just had to reinstall the engine again, but it seems to be working OK, for now... did this just affect Antigen users or Forefront as well?