Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
New Member

Virus Update @ Cisco IPS, Version 6.1(1)E2

Greetings,

One of our customer has a ASA-SSM-10 IPS module on a ASA 5520. Yesterday I did an Signature Update and here is what I've found out:

Signature Definition:

Signature Update S435.0 2008-07-15

Virus Update V1.4 2007-03-02

As far as I know when you perform a signature update the virus parameters are updated as well. But the Virus Definitions date of March 2007!!! Pretty old.

I may be wrong though.

How can I update the Virus Definitions on the module? I searched the Download Software and couldn't find any update that mentioned specifically the Virus Definitions.

Thanks in advance!

Best Regards, Dan

4 REPLIES
Cisco Employee

Re: Virus Update @ Cisco IPS, Version 6.1(1)E2

Dan, V 1.4 is the latest available. The virus updates were being provided from Trend via a now defunct product, Incident Control Service (Server?). The current V1.4 virus signatures are embodied in signatures in the 50001 ~ 50013 range, if I recall correctly.

Note that signatures 50000-1 through -3 are also part of the ICS range, but used for throttling and should never be enabled outside of ICS control.

Scott

New Member

Re: Virus Update @ Cisco IPS, Version 6.1(1)E2

Hi Scott, I have a similar situation to Dan with an ASA-SSM-20. Do you know if we can expect regular Virus definitions to made available again in future IPS Signature updates?

Brgds,

Arthur.

Gold

Re: Virus Update @ Cisco IPS, Version 6.1(1)E2

This topic surfaces on a regular basis, so I'll quote two of the best answers from marcabal and mhellman.

Posted by: marcabal - Oct 18, 2007, 11:30am PST

That is the latest version.

The V signatures are created by Trend Micro Systems when a major virus/worm outbreak occurs and an emergency update is needed.

The V update could then be deployed through a Cisco ICS management server.

But, there has not been a major emergnecy outbreak in the past 2 years that has required a special V signature update.

Instead any signatures for virus/worms in the past 2 years have just been included as part of the standard signature update process and been included in our standard S signature levels without the need for special emergency updates.

Often the vulnerability was already detected by a standard S signature update before the virus/worm began spreading.

Posted by: mhellman - Jan 31, 2008, 12:44pm PST

see:

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbeb4ff

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.2cbe28c5

http://forum.cisco.com/eforum/servlet/NetProf?page=netprof&forum=Security&topic=Intrusion%20Prevention%20Systems/IDS&CommCmd=MB%3Fcmd%3Dpass_through%26location%3Doutline%40%5E1%40%40.1dde1bcf/0#selected_message

New Member

Re: Virus Update @ Cisco IPS, Version 6.1(1)E2

Hi,

Thanks for coming back so quickly. Your response has helped clear the issue for me. It would useful if Cisco provided this information in the Signature Readme files then perhaps the AV Update version would not be raised so often on the Forum

Brgds,

Arthur.

260
Views
10
Helpful
4
Replies
CreatePlease to create content