10-11-2001 10:59 AM - edited 03-12-2019 12:52 PM
Does anybody have any experience of using a virus checker on an ICM server? I have heard various rumours around Cisco going to recommend a product, anybody like to comment?
10-11-2001 01:48 PM
Cisco announced today the recommended virus checking strategy for the systems running IIS server. The statement is pasted below.
Regards,
-Tom
To: Ciscos CCBU Customers
CC: Cisco Software Sales
From: Cisco Customer Advocacy
Cisco Product Management
Cisco Engineering
Date: October 11, 2001
Re: Preliminary Anti-Virus Software Recommendations
Many of our enterprise and service provider customers have expressed an interest in understanding Ciscos recommendations for the use of anti-virus software. The recommendations below are preliminary and based on Ciscos actual usage of anti-virus software in development lab environments. Cisco will seek to establish broader recommendations that include all of the product lines within Ciscos Voice Technology Group, of which CCBU is a member. Cisco does not provide official certifications for anti-virus software products, however the following recommendations are based on Ciscos experience working with customers who have successfully implemented anti-virus software with our software solutions.
The recommendations in this memo are provided for the following CCBU software products:
· Cisco Network Applications Manager (NAM)
· Cisco Intelligent Contact Management (ICM)
· Cisco Admin Workstations
· Cisco ACD PGs, IVR PGs, NICs
· Cisco Agent Desktop (formerly: Turnkey CTI)
· Cisco Collaboration Server (CCS)
· Cisco Media Blender (CMB)
· Cisco Web Gateway
· Cisco TrailHead Server
· Cisco eMail Manager (CeM)
· Cisco WebView / WebView II
· Cisco Internet Service Node (ISN) Application Server and Voice Browser
Of these products, particular care should be taken for systems that can use Microsoft Internet Information Server (IIS): Cisco Collaboration Server (CCS), Cisco Media Blender (CMB), Cisco TrailHead Server, Cisco eMail Manager (CeM), Cisco WebView / WebView II, and Cisco Internet Service Node (ISN) Application Server and Voice Browser. Additionally, any server positioned outside the corporate firewall, or having frequent connections to the Public Internet should be addressed as part of the anti-virus strategy.
While Cisco does not formally certify specific anti-virus software products, it is important to note that many default anti-virus options settings may adversely affect the performance of the products listed above. The performance degradation is due to increased CPU load and memory utilization contributed by the anti-virus software.
For customers who choose to implement anti-virus software on their systems, the following general guidance is recommended:
· The software not be set to run in an automatic or background mode where all incoming data or modified files are scanned in real time.
· Full scans of systems should be set to run only during scheduled maintenance windows.
· Virus scanning engines and definition files should be updated on a regular basis as per the organizations current security/anti-virus policy.
Cisco is also concerned about virus protection and uses specific products in the development and testing labs at the CCBU. The testing labs are working on testing the following products in our labs:
On Microsoft Windows NT Workstation 4.0, Service Pack 6a and Windows 2000 Professional Service Pack 2 we currently run:
· Network Associates (McAfee) Netshield 4.5.0.534 (Full Mode)
· McAfee ScanEngine 4.150 (updated weekly)
· McAfee Virus Definitions 4.0.4164 (updated nightly)
On Microsoft Windows NT Server 4.0, Service Pack 6a and Windows 2000 Server, Service Pack 2 we currently run:
· Network Associates (McAfee) NetShield 4.5.0 service pack 1 (Full Mode)
· McAfee ScanEngine 4.150 (upgraded weekly)
· McAfee Virus Definitions 4.0.4164 (updated nightly)
Additionally, these anti-virus products are configured to run in Active/Full mode, rather than in Constant/Passive mode. They are updated both weekly and nightly as per Ciscos corporate anti-virus security policy and additionally the Virus Definition DAT files are set to use the Randomization option, scheduled during low system use and maintenance window periods. This use is consistent with the general guidance provided above. The specific configuration used for these products is as follows:
The following items for the Netshield On-Access Monitor are as selected and the process is enabled:
Under Detection: Scan
*Inbound Files
*Boot Sectors
*Floppy During Shutdown
Under Detection: Files to Scan
*All Files
Under Advanced
*All Items Selected
*Maximum archive scan time set to 29 seconds
Under Actions
*When a virus is found: Clean infected files automatically
*Response to user: Send message to user is selected
Under Reports
*Accept Defaults
Under Exclusions
*Leave Empty
Automatic Upgrade/Update Properties are as follows:
Under Update
*Get from FTP Source
*Enter an FTP Computer name and directory: wwwin-gog/dats
Under Schedule: Run
*Select Daily, set time to 1AM
Under Upgrade
*Get from FTP Source
*Enter an FTP Computer name and directory: wwwin-gog/dats/upgrades
Under Schedule: Run
*Select Weekly, set time to 1AM
Scan Local Drives
*Accept Defaults
Under Schedule Run
*Select Daily, set time to 1AM
Cisco recommends regular updates of the virus scanning engines and virus definition files which customers can obtain from their anti-virus software vendors directly. Some viruses have also prompted updates to operating system or web server components from Microsoft; however, customers should note that these new patches may not yet be fully tested for compatibility with Cisco software products. Before applying any such patches, customers should refer to the published compatibility matrix on Cisco Connection Online (CCO) at:
http://www.cisco.com/warp/public/78/sw_compatability_matrix.html
New viruses can be unpredictable, so Cisco cannot assume responsibility for consequences of virus attacks on mission critical applications.
Again, this is a preliminary statement on Ciscos anti-virus software recommendations. Cisco will have forthcoming announcements related to anti-virus recommendations. Please contact your Cisco sales representative or reseller for Ciscos latest recommendations.
11-16-2001 11:54 AM
I have used CA's Advanced Anti Virus for NT/2000 in Development and Production. It has been working without incident.
11-16-2001 02:42 PM
We have used Norton Anti Virus in both development and production environments with ICM R4.1 and ICM R4.5 as well as CCS, CMB and CEM without incident
06-25-2003 11:03 AM
Does anyone have a recent experience/recommendation re: virus settings for ICM? We're using 4.1.5.
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: