Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
464
Views
16
Helpful
5
Replies

IDS 4215 / Show version / Virus updates

zubairjalal
Level 1
Level 1

‎11-29-2007 04:12 AM - edited ‎03-10-2019 03:53 AM

Below is my show version from my 4215. It shows a virus update with v1.2. I have upgraded the signatures but could not find any virus update file on Cisco Site.

Please let me knwo what is this virus update and how they can by updated to the latest version.

Application Partition:

Cisco Intrusion Prevention System, Version 5.1(5)E1

Host:

Realm Keys key1.0

Signature Definition:

Signature Update S309 2007-11-20

Virus Update V1.2 2005-11-24

OS Version: 2.4.26-IDS-smp-bigphys

Platform: IDS-4215

Serial Number: 88811041405

Licensed, expires: 31-Dec-2008 UTC

Sensor up-time is 117 days.

Using 357306368 out of 460161024 bytes of available memory (77% usage)

system is using 17.4M out of 29.0M bytes of available disk space (60% usage)

application-data is using 37.4M out of 166.8M bytes of available disk space (24% usage)

boot is using 35.3M out of 68.6M bytes of available disk space (54% usage)

application-log is using 536.4M out of 2.8G bytes of available disk space (20% usage)

MainApp 2007_FEB_02_15_58 (Release) 2007-02-02T16:04:00-0600 Running

AnalysisEngine 2007_FEB_02_15_58 (Release) 2007-02-02T16:04:00-0600 Running

CLI 2007_FEB_02_15_58 (Release) 2007-02-02T16:04:00-0600

Upgrade History:

* IPS-K9-sp-5.1-5-E1

IPS-sig-s309-req-E1.pkg

Recovery Partition Version 1.1 - 5.1(5)E1

Labels:
0 Helpful
5 Replies 5

wsulym
Cisco Employee
Cisco Employee

‎11-29-2007 05:55 AM

That is the latest version.

The V signatures are created by Trend Micro Systems when a major virus/worm outbreak occurs and an emergency update is needed.

The V update could then have been deployed through a Cisco ICS management server.

But, there has not been a major emergnecy outbreak in the past 2 years that has required a special V signature update.

Instead, any signatures for virus/worms in the past 2 years have just been included as part of the standard signature update process and been included in our standard S signature levels without the need for special emergency updates.

Often the vulnerability was already detected by a standard S signature update before the virus/worm began spreading.

navin_rk3
Level 1
Level 1
In response to wsulym

‎11-30-2007 07:18 AM

hi friends,

i want to upgrade the below mentioned ips.i am not finding the proper procedure.pl suggest me either shall i upgrade from sig defnition or service pack & if i upgrade will it compatable with my ids event viewer 4.1.please suggest

i am attaching sh version below

Cisco Intrusion Prevention System, Version 5.1(3)S260.0

Host:

Realm Keys key1.0

Signature Definition:

Signature Update S260.0 2006-11-29

Virus Update V1.2 2005-11-24

OS Version: 2.4.26-IDS-smp-bigphys

Platform: IDS-4215

Serial Number: xxxxxxxxx

Licensed, expires: 12-dec-2008 UTC

Sensor up-time is 68 days.

Using 37348943 out of 4604587624 bytes of available memory (76% usage)

system is using 17.4M out of 29.0M bytes of available disk space (60% usage)

application-data is using 48.2M out of 166.8M bytes of available disk space (30%

usage)

boot is using 35.0M out of 68.6M bytes of available disk space (54% usage)

application-log is using 540.3M out of 2.8G bytes of available disk space (20% u

sage)

MainApp 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500 Runn

ing

AnalysisEngine 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500 Runn

ing

CLI 2006_Jun_28_03.30 (Release) 2006-06-28T04:17:58-0500

Upgrade History:

* IPS-sig-S254-minreq-5.1-2 19:57:55 UTC Sun Oct 15 2006

IPS-sig-S260-minreq-5.1-2.pkg 19:05:13 UTC Tue Dec 12 2006

Recovery Partition Version 1.1 - 5.1(1)

intsensor#

0 Helpful

rhermes
Level 7
Level 7
In response to navin_rk3

‎11-30-2007 08:57 AM

First download and apply the 5.1(7)E1 Service Pack http://www.cisco.com/cgi-bin/tablebuild.pl/ips5

then download and apply the latest Signature Update (today the latest is S309)

http://www.cisco.com/cgi-bin/tablebuild.pl/ips6-sigup

navin_rk3
Level 1
Level 1
In response to rhermes

‎11-30-2007 07:20 PM

Hi,

1)i went through readme files of service packs, it says we have to upgrade first to 5.1(3),5.1(4),5.1(5)& 5.1(5)E1 ?

2) each service pack contain set of signatures, so after upgrading with the service pack again i have to go for upgrading signatures ?

3) if i upgrade my ids, then is it need of upgrading my ids event viewer.

pl suggest.

0 Helpful

rhermes
Level 7
Level 7
In response to navin_rk3

‎12-03-2007 09:48 AM

1) Many times you can skip to the latest version of 5.x when upgrading Service Packs. In reading the 5.1(7)E1 release notes, you would have found, under the "Required Version" section:

The minimum required version for installing this Service Pack update is

5.0(1) for CLI and IDM users.

This means you can apply 5.1(7)E1 directly to your existing IPS sensor.

2) Each Service Pack DOES contain a set of signatures, current when the Service Pack was built or released. New signatures updates come out about once a week. If you want to run the most current set of signatures, you need to apply the Service Pack and then the latest Signature Update.

3) Your Event Viewer should not change within the 5.x versions of IPS software.

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card