07-18-2008 08:47 AM - edited 03-10-2019 04:12 AM
Greetings,
One of our customer has a ASA-SSM-10 IPS module on a ASA 5520. Yesterday I did an Signature Update and here is what I've found out:
Signature Definition:
Signature Update S435.0 2008-07-15
Virus Update V1.4 2007-03-02
As far as I know when you perform a signature update the virus parameters are updated as well. But the Virus Definitions date of March 2007!!! Pretty old.
I may be wrong though.
How can I update the Virus Definitions on the module? I searched the Download Software and couldn't find any update that mentioned specifically the Virus Definitions.
Thanks in advance!
Best Regards, Dan
07-18-2008 11:10 AM
Dan, V 1.4 is the latest available. The virus updates were being provided from Trend via a now defunct product, Incident Control Service (Server?). The current V1.4 virus signatures are embodied in signatures in the 50001 ~ 50013 range, if I recall correctly.
Note that signatures 50000-1 through -3 are also part of the ICS range, but used for throttling and should never be enabled outside of ICS control.
Scott
10-05-2008 12:52 PM
Hi Scott, I have a similar situation to Dan with an ASA-SSM-20. Do you know if we can expect regular Virus definitions to made available again in future IPS Signature updates?
Brgds,
Arthur.
10-06-2008 08:00 AM
This topic surfaces on a regular basis, so I'll quote two of the best answers from marcabal and mhellman.
Posted by: marcabal - Oct 18, 2007, 11:30am PST
That is the latest version.
The V signatures are created by Trend Micro Systems when a major virus/worm outbreak occurs and an emergency update is needed.
The V update could then be deployed through a Cisco ICS management server.
But, there has not been a major emergnecy outbreak in the past 2 years that has required a special V signature update.
Instead any signatures for virus/worms in the past 2 years have just been included as part of the standard signature update process and been included in our standard S signature levels without the need for special emergency updates.
Often the vulnerability was already detected by a standard S signature update before the virus/worm began spreading.
Posted by: mhellman - Jan 31, 2008, 12:44pm PST
see:
10-06-2008 11:39 AM
Hi,
Thanks for coming back so quickly. Your response has helped clear the issue for me. It would useful if Cisco provided this information in the Signature Readme files then perhaps the AV Update version would not be raised so often on the Forum
Brgds,
Arthur.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide