Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
701
Views
0
Helpful
5
Replies

Fixed version of CSCvb65245?

Jessica.han1
Level 1
Level 1

‎02-03-2017 05:23 AM - edited ‎03-20-2019 09:14 PM

Hi  I can see that 9.8.0-092 as known fixed release of this bug since Feb 01, 2017, however, when I checked my upgrade options, the latest is 10.0.0-203 which has been available since 2016-09-27. May I have someone to confirm if 10.0.0.0 is a fixed release for this bug?

Thanks

Jessica Han

2 people had this problem
Labels:
0 Helpful
5 Replies 5

Ulrik Rosen
Level 1
Level 1

‎02-06-2017 02:56 AM

When can we expect to see a fixed version for our physical appliances?

I'm currently running version 9.7.1-066.

Can someone answers our questions?

regards

Ulrik R.

0 Helpful

Jessica.han1
Level 1
Level 1
In response to Ulrik Rosen

‎02-06-2017 04:54 AM

Y my running version is same as yours.

Jessica

0 Helpful

Palani Mohan
Cisco Employee
Cisco Employee
In response to Jessica.han1

‎02-08-2017 07:49 AM

Dear Jessica and Ulrik

CSCvb65245 is fixed in AsyncOS version 9.8.0-092. None of the 10.x releases have the fix.

I am working on finding the answer. This may take as long as a week or so. Regret the inconvenience caused by the delay.

Sincerely ... Palani

0 Helpful

guibarati
Level 4
Level 4
In response to Palani Mohan

‎04-21-2017 08:24 AM

Hi Palani,

Is there any fix yet on the 10.X release?

I believe this bug is also affecting a filter that I'm trying to create to match "Content-Disposition" header.

I tried to match header exist, tried "body and attachment" contains "Disposition", tried body contains... nothing seems to match this piece of email.

Thank you,

0 Helpful

filiadata
Level 1
Level 1

‎02-13-2017 02:45 AM

We created a TAC case for this. The answer is that this bug is currently fixed in versions that include the filter "Duplicate MIME boundaries". This includes 10.0.1.

However the possibility to circumvent attachment based filters is NOT automatically fixed by installing the new AsyncOS version, instead you have to set up this duplicate boundaries verification filter (as a content filter or message filter) and take action like dropping or quarantining such emails! As far as I understood this is because even with 10.0.1 or 9.8 the Cisco Email Security Appliance is still not able to detect the content / file type of such attachments with duplicate boundaries properly, it can only detect that there are duplicate MIME boundaries.

In our opinion this is not a sufficient solution, because there are a lot of emails with duplicate boundaries, including legit business emails, probably created by some broken email software. We created an enhancement request to add the functionality to the ESA to be able to actually read and interpret attachment with duplicate boundaries.

0 Helpful
Customers Also Viewed These Support Documents