Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
576
Views
10
Helpful
4
Replies

Virus Update @ Cisco IPS, Version 6.1(1)E2

daniel-costa
Level 1
Level 1

‎07-18-2008 08:47 AM - edited ‎03-10-2019 04:12 AM

Greetings,

One of our customer has a ASA-SSM-10 IPS module on a ASA 5520. Yesterday I did an Signature Update and here is what I've found out:

Signature Definition:

Signature Update S435.0 2008-07-15

Virus Update V1.4 2007-03-02

As far as I know when you perform a signature update the virus parameters are updated as well. But the Virus Definitions date of March 2007!!! Pretty old.

I may be wrong though.

How can I update the Virus Definitions on the module? I searched the Download Software and couldn't find any update that mentioned specifically the Virus Definitions.

Thanks in advance!

Best Regards, Dan

Labels:
0 Helpful
4 Replies 4

scothrel
Level 3
Level 3

‎07-18-2008 11:10 AM

Dan, V 1.4 is the latest available. The virus updates were being provided from Trend via a now defunct product, Incident Control Service (Server?). The current V1.4 virus signatures are embodied in signatures in the 50001 ~ 50013 range, if I recall correctly.

Note that signatures 50000-1 through -3 are also part of the ICS range, but used for throttling and should never be enabled outside of ICS control.

Scott

0 Helpful

aspring
Level 1
Level 1
In response to scothrel

‎10-05-2008 12:52 PM

Hi Scott, I have a similar situation to Dan with an ASA-SSM-20. Do you know if we can expect regular Virus definitions to made available again in future IPS Signature updates?

Brgds,

Arthur.

0 Helpful

rhermes
Level 7
Level 7
In response to aspring

‎10-06-2008 08:00 AM

This topic surfaces on a regular basis, so I'll quote two of the best answers from marcabal and mhellman.

Posted by: marcabal - Oct 18, 2007, 11:30am PST

That is the latest version.

The V signatures are created by Trend Micro Systems when a major virus/worm outbreak occurs and an emergency update is needed.

The V update could then be deployed through a Cisco ICS management server.

But, there has not been a major emergnecy outbreak in the past 2 years that has required a special V signature update.

Instead any signatures for virus/worms in the past 2 years have just been included as part of the standard signature update process and been included in our standard S signature levels without the need for special emergency updates.

Often the vulnerability was already detected by a standard S signature update before the virus/worm began spreading.

Posted by: mhellman - Jan 31, 2008, 12:44pm PST

see:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbeb4ff

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbe28c5

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dde1bcf/0#selected_message

aspring
Level 1
Level 1
In response to rhermes

‎10-06-2008 11:39 AM

Hi,

Thanks for coming back so quickly. Your response has helped clear the issue for me. It would useful if Cisco provided this information in the Signature Readme files then perhaps the AV Update version would not be raised so often on the Forum

Brgds,

Arthur.

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card