Found a discussion where it is possibly an executable file embedded in the .RTF file that contains the malware. Our environment removes certain executable attachments including .exe from e-mails but our IronPort appliances did not remove an embedded .exe file from a test .rtf file. It will remove .exe files from archive files ie .zip Just further info.
The Sophos engine running on the ESA/WSA is configured to look inside rtf files for embedded objects. Sophos has classified the threat as Exp/20141761-A related to (CVE-2014-1761) and rules are in place since 25 Mar 2014 03:16:52 (GMT) from Sophos. The Sophos engine on ESA/WSA has received update shortly after Sophos' release.
Cisco Web Security Appliances (WSA) can filter and protect corporate networks against web-based malware and spyware programs that can compromise corporate security and expose intellectual property. They operate as a proxy and can provide user- and group-based policies that filter certain URL categories, web content, web application visibility and control (AVC), websites based on web reputation, and malware. The WSA can also detect infected clients and stop malicious activity from going outside the corporate network using the L4 Traffic Monitor (L4TM). Policies can be configured using a web GUI. A CLI can also be used. The WSA includes protection for standard communication protocols, such as HTTP, HTTPS, FTP, and SOCKS.
To operate with network devices such as routers and firewalls, the WSA uses the Web Cache Communication Protocol (WCCP). With WCCP, content requests are transparently redirected to the WSA, which acts based on its configuration. Users do not need to configure a web-proxy in their browsers. In Cisco IOS, WCCP is enabled using the ip wccp commands and in the Cisco ASA using the wccp commands.
Cisco Email Security Appliances (ESA) eliminate email spam and viruses, enforce corporate policy, and secure the network perimeter. They operate as an SMTP gateway, also known as a mail exchanger or MX. They can filter virus, spam, and phishing outbreaks. They also provide email encryption, message filtering, anti-spam services, antivirus services and more.
Cisco ESA can be used to mitigate MS14-017 and MS14-020 by filtering messages based on an attachment type of .rtf or .pub.
Filter actions allow messages to be dropped, bounced, archived, blind carbon copied, or altered.
DocumentationCode download linksGoalRequirementLimitationsSupported ISR
and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationConfigure one of the connectivity
options to access the Cisco IMC from the n...
Firepower Threat Defense (NGFWv) on UCS E-series - Transparent Mode in
HA DocumentationCode download linksGoalRequirementLimitationsSupported
ISR and UCS-E ModelSupported ISRG2 and UCS-E Blades:Supported ISR4K and
UCS-E Blades:Step by Step ConfigurationCo...
Question I am currently unable to specify "crypto keyring" command when
configuring VPN connection on my cisco 2901 router. The following
licenses have been activated on my router :