Cisco Support Community
cancel
Showing results for 
Search instead for 
Did you mean: 
Announcements

Attention: The Community will be in read-only mode on 12/14/2017 from 12:00 am pacific to 11:30 am.

During this time you will only be able to see content. Other interactions such as posting, replying to questions, or marking content as helpful will be disabled for few hours.

We apologize for the inconvenience while we perform important updates to the Community.

New Member

ISA550: AntiVirus not working with new V1.2.17 firmware

Hi,

I just upgraded our ISA550W to firmware V1.2.17 to test if the security services are now working. As I had problems with them in the past I tried to verify that the security services are working by trying to download the Eicar AntiVirus test files.

I found the following:

  • If IPS is on, the eicar.com and eicar.zip files get caught by the IPS service (not the eicar2.zip though).
  • If IPS is off (and AV is on with enable, log, notify+drop), then none on the Eicar test files are caught!

Congratulations for the increased security with firmware V1.2.17.

3 REPLIES

ISA550: AntiVirus not working with new V1.2.17 firmware

Strange, really strange ... I've updated to and indeed, I can download the files via Eicar, but when I upload the same files to my own server, they were blocked?!

Can you please check:

www.muenz-it.de/z.zip

www.muenz-it.de/eicar_com.zip

Michael

Please rate all helpful posts

Michael Please rate all helpful posts
New Member

ISA550: AntiVirus not working with new V1.2.17 firmware

If downloading your files, it behaves even more strange:

- if IPS is on, then both files are blocked by IPS

- if IPS is off (only AV is on), then AV triggers at the second download request (first download only shows site not reachable as with IPS on, second request show a html page reading "unsafe web access blocked").

If looking at the AV logs, they now report an incident and I also get an email notification. Also the security services report shows the AV downloads.

However, retrying the test page I used before (http://www.etes.de/downloads/eicar-testvirus/) the eicar.zip and eicar.tgz are still coming through and Internet Explorer shows the AV download detected banner. Downloading eicar.zip from the site above a second time now again shows the ISA "unsafe web blocked" page.

Strange...

Cisco Employee

ISA550: AntiVirus not working with new V1.2.17 firmware

Hi Erne,

eicar files detection are for testing purpose only, ISA500 only detect those test files

from www.eicar.org.

Regards,

Wei

728
Views
0
Helpful
3
Replies
CreatePlease to create content