FAQ: Rapid Release virus definitions and Symantec Mail Security Products
Last Updated January 28, 2014
Rapid Release virus definitions can be used with Symantec Mail Security for Microsoft Exchange (SMSMSE) but are not enabled by default. This page answers Frequently Asked Questions (FAQ) about Rapid Release virus definitions.
The following sections are in a Question (Q:) and Answer (A:) style.
Q: Who should use Rapid Release virus definitions? A: Administrator who understand the risk of using Rapid Release virus definition and who desire a quicker response to newly-emerging threats.
Q: When are Rapid Release virus definitions created? A: Symantec Security Response creates Rapid Release virus definitions for virus samples submitted for new potential virus threat. The primary purpose of the Rapid Release virus definitions is to detect newly-emerging threats and help the administrator to take proactive steps to contain the threat.
Q: Are Rapid Release virus definitions tested by Symantec? A: Rapid Release virus definitions have undergone basic quality assurance testing by Symantec Security Response. The Rapid Release definitions do pose a risk of possible higher instance of false positives.
Q: How reliable are the Rapid Release virus definitions? A: In the past year, 99.9% of Rapid Release virus definitions posted by Symantec passed the full QA process. Thus, these definitions provide an extremely reliable protection capability when time is of essence. They are often available between two and five hours faster than fully QA'd definitions during an outbreak, and the timesaving can be even greater during an outbreak.
Q: Where should Rapid Release definitions be deployed? A: Rapid Release definitions are most useful for perimeter defenses as a means of mitigating fast spreading virus outbreaks. Exchange servers protected by Symantec Mail Security for Exchange that act as SMTP bridgehead or gateway servers benefit most from Rapid Release virus definitions.
Q: How often are Rapid Release definitions released? A: Approximately once per hour, all known detections are compiled into a new Rapid Release virus definition set and then posted to the Symantec public FTP site. Once a day (or as needed to respond to high level virus outbreaks), all known detections are cpmpiled and subjected to a complete QA process. This process includes testing for false positives and testing for all active Symantec products on all platforms. After the definitions are QA’d they replace the files used in certified Intelligent Updater files and the certified definitions available via LiveUpdate.
Q: Must a server download and apply every Rapid Release file that is posted? A: No. Administrators can configure (schedule) how often the server should download a new Rapid Release. It does not need to run every hour.
Q: Are there any extra system requirements when Rapid Release definitions are used with SMSMSE? A: To use Rapid Release definitions, the server must have Internet access over port 21. Rapid Release definitions are not available via an internal LiveUpdate Administrator 2.x (LUA 2.x) server.
Q: Will the use of Rapid Release files increase the server's bandwidth consumption? A: Yes. Each time Rapid Release runs, it must download the full definition file. This file is several hundred MB in size. Daily LiveUpdate downloads are much smaller and are carried out only once per day.
Q: Will the use of Rapid Release definitions impact the performance of SMSMSE? A. If you select Rapid Release updates, the following features may have a significant impact on mail throughput on servers that have message stores.