Signature Definition - Virus Update

Answered Question
Dec 9th, 2008

All,

I am a little concerned with the virus update version that I see when I run a 'show version' on our IPS (AIP-SSM-10)

I receive the following output...

Signature Definition:

Signature Update S369.0 2008-12-06

Virus Update V1.4 2007-03-02

I thought that the virus update was included in the signature definitions, and therefore I would have expected the date to be the same on both (i.e. 2008-12-06).

Can anyone explain if this is OK? of where I can get the latest virus update...

Thanks in advance for your assistance

Steve

I have this problem too.
0 votes
Correct Answer by rhermes about 8 years 1 day ago

Steve -

This is not somthing you have to worry about. This topic surfaces on a regular basis, so I'll quote two of the best answers from marcabal and mhellman.

Posted by: marcabal - Oct 18, 2007, 11:30am PST

That is the latest version.

The V signatures are created by Trend Micro Systems when a major virus/worm outbreak occurs and an emergency update is needed.

The V update could then be deployed through a Cisco ICS management server.

But, there has not been a major emergnecy outbreak in the past 2 years that has required a special V signature update.

Instead any signatures for virus/worms in the past 2 years have just been included as part of the standard signature update process and been included in our standard S signature levels without the need for special emergency updates.

Often the vulnerability was already detected by a standard S signature update before the virus/worm began spreading.

Posted by: mhellman - Jan 31, 2008, 12:44pm PST

see:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbeb4ff

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbe28c5

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dde1bcf/0#selected_message

  • 1
  • 2
  • 3
  • 4
  • 5
Overall Rating: 5 (1 ratings)
Loading.
Correct Answer
rhermes Tue, 12/09/2008 - 15:41

Steve -

This is not somthing you have to worry about. This topic surfaces on a regular basis, so I'll quote two of the best answers from marcabal and mhellman.

Posted by: marcabal - Oct 18, 2007, 11:30am PST

That is the latest version.

The V signatures are created by Trend Micro Systems when a major virus/worm outbreak occurs and an emergency update is needed.

The V update could then be deployed through a Cisco ICS management server.

But, there has not been a major emergnecy outbreak in the past 2 years that has required a special V signature update.

Instead any signatures for virus/worms in the past 2 years have just been included as part of the standard signature update process and been included in our standard S signature levels without the need for special emergency updates.

Often the vulnerability was already detected by a standard S signature update before the virus/worm began spreading.

Posted by: mhellman - Jan 31, 2008, 12:44pm PST

see:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbeb4ff

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbe28c5

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dde1bcf/0#selected_message

k.yohendi Mon, 01/05/2009 - 18:26

Hi all..

because the Virus Update is part of Cisco Incident Control System (ICS), which is end of sale and end of life,

will it no longer be available?

marcabal Tue, 01/06/2009 - 07:18

The "End of SW Maintenance Releases Date: App. SW" for Cisco ICS was December 31, 2008

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps6542/prod_end-of-life_notice0900aecd806d9cdb.html

I think that "V" updates were considered part of SW Maintenance and so no new "V" updates will be created.

However, the "Last Date of Support: App. SW" is listed as December 31, 2009. I am not positive whether V updates would be controled by the first date or second later date.

For those customers who purchased ICS and maintained their support contract, there might still remain the possibility of a "V" Virus Update.

For non-ICS users it is unlikely that a new "V" Virus Update will be made available.

Instead what is more likely is that the Cisco signature team would just create their own signature and release it in a standard Cisco Signature Update as part of an "S" version rather than a "V" version.

So all customers would get protection it just will likely be in a "S" update rather than a "V" update.

The End of Sale and End of Life of Cisco ICS and the "V" Updates does NOT mean that Cisco customers will no longer receive protection.

It just means that Cisco's own Signature Team will be writing the necessary signatures and including them in the standard "S" Signature Update rather than Trend Micro writing them in a "V" Update.

NOTE: This has already been happening for the last couple of years and is one reason that "V" updates have not been needed and the "v" version date is so old.

Actions

This Discussion