Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Welcome to Cisco Support Community. We would love to have your feedback.

For an introduction to the new site, click here. And see here for current known issues.

New Member

Signature Definition - Virus Update

All,

I am a little concerned with the virus update version that I see when I run a 'show version' on our IPS (AIP-SSM-10)

I receive the following output...

Signature Definition:

Signature Update S369.0 2008-12-06

Virus Update V1.4 2007-03-02

I thought that the virus update was included in the signature definitions, and therefore I would have expected the date to be the same on both (i.e. 2008-12-06).

Can anyone explain if this is OK? of where I can get the latest virus update...

Thanks in advance for your assistance

Steve

1 ACCEPTED SOLUTION

Accepted Solutions
Gold

Re: Signature Definition - Virus Update

Steve -

This is not somthing you have to worry about. This topic surfaces on a regular basis, so I'll quote two of the best answers from marcabal and mhellman.

Posted by: marcabal - Oct 18, 2007, 11:30am PST

That is the latest version.

The V signatures are created by Trend Micro Systems when a major virus/worm outbreak occurs and an emergency update is needed.

The V update could then be deployed through a Cisco ICS management server.

But, there has not been a major emergnecy outbreak in the past 2 years that has required a special V signature update.

Instead any signatures for virus/worms in the past 2 years have just been included as part of the standard signature update process and been included in our standard S signature levels without the need for special emergency updates.

Often the vulnerability was already detected by a standard S signature update before the virus/worm began spreading.

Posted by: mhellman - Jan 31, 2008, 12:44pm PST

see:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbeb4ff

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbe28c5

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dde1bcf/0#selected_message

3 REPLIES
Gold

Re: Signature Definition - Virus Update

Steve -

This is not somthing you have to worry about. This topic surfaces on a regular basis, so I'll quote two of the best answers from marcabal and mhellman.

Posted by: marcabal - Oct 18, 2007, 11:30am PST

That is the latest version.

The V signatures are created by Trend Micro Systems when a major virus/worm outbreak occurs and an emergency update is needed.

The V update could then be deployed through a Cisco ICS management server.

But, there has not been a major emergnecy outbreak in the past 2 years that has required a special V signature update.

Instead any signatures for virus/worms in the past 2 years have just been included as part of the standard signature update process and been included in our standard S signature levels without the need for special emergency updates.

Often the vulnerability was already detected by a standard S signature update before the virus/worm began spreading.

Posted by: mhellman - Jan 31, 2008, 12:44pm PST

see:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbeb4ff

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbe28c5

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dde1bcf/0#selected_message

New Member

Re: Signature Definition - Virus Update

Hi all..

because the Virus Update is part of Cisco Incident Control System (ICS), which is end of sale and end of life,

will it no longer be available?

Cisco Employee

Re: Signature Definition - Virus Update

The "End of SW Maintenance Releases Date: App. SW" for Cisco ICS was December 31, 2008

http://www.cisco.com/en/US/prod/collateral/vpndevc/ps5729/ps6542/prod_end-of-life_notice0900aecd806d9cdb.html

I think that "V" updates were considered part of SW Maintenance and so no new "V" updates will be created.

However, the "Last Date of Support: App. SW" is listed as December 31, 2009. I am not positive whether V updates would be controled by the first date or second later date.

For those customers who purchased ICS and maintained their support contract, there might still remain the possibility of a "V" Virus Update.

For non-ICS users it is unlikely that a new "V" Virus Update will be made available.

Instead what is more likely is that the Cisco signature team would just create their own signature and release it in a standard Cisco Signature Update as part of an "S" version rather than a "V" version.

So all customers would get protection it just will likely be in a "S" update rather than a "V" update.

The End of Sale and End of Life of Cisco ICS and the "V" Updates does NOT mean that Cisco customers will no longer receive protection.

It just means that Cisco's own Signature Team will be writing the necessary signatures and including them in the standard "S" Signature Update rather than Trend Micro writing them in a "V" Update.

NOTE: This has already been happening for the last couple of years and is one reason that "V" updates have not been needed and the "v" version date is so old.

151
Views
0
Helpful
3
Replies