Cisco Community
English
Register
Register
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
845
Views
0
Helpful
5
Replies
exMSW4319
Participant
Participant
‎11-12-2012 07:58 AM
‎11-12-2012 07:58 AM

major Sophos headache?

Our vendor's just tipped us off to this:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121108-sophos

A lot of the Cisco articles just reference the same material; I'm having to guess the full impact of the bug from Sophos's own statement at:

http://www.sophos.com/en-us/support/knowledgebase/118424.aspx

I've checked my two low C-class, they reckon they're up to date and they're both running the problematic Sophos engine version.

Do we have any other information on this?                  

Labels:
0 Helpful
1 ACCEPTED SOLUTION

Accepted Solutions
Donald Nash
Participant
Participant
In response to exMSW4319
‎11-13-2012 06:23 AM
‎11-13-2012 06:23 AM

> I've sent my begging letters off to TAC via the usual forms.

Our C660s came from the factory with 30 day eval licenses for McAfee. You might want to check to see if yours did as well. It shows up as a dormant feature key, and gets activated when you turn on McAfee.

++Don

View solution in original post

0 Helpful
5 REPLIES 5
Donald Nash
Participant
Participant
‎11-12-2012 02:26 PM
‎11-12-2012 02:26 PM

These are good:

http://www.pcworld.com/article/2013580/researcher-finds-critical-vulnerabilities-in-sophos-antivirus-product.html

http://www.informationweek.com/security/vulnerabilities/sophos-av-teardown-reveals-critical-vuln/240062599

They both have links to the research paper that announced the vulnerabilities. Basically, file parsers for four different file formats, PDF being the most prominent, are buggy and susceptible to remote exploitation via carefully crafted e-mail attachments. There are proof of concept exploits available, but I haven't seen any mention of an exploit targeted at AsyncOS.

We played it safe and followed Cisco's recommended workaround: on Friday afternoon we activated our 30 day eval license for McAfee (gotta love making significant configuration changes on Friday afternoon).

++Don

0 Helpful
Leo Laohoo
VIP Community Legend VIP Community Legend
VIP Community Legend
‎11-12-2012 02:27 PM
‎11-12-2012 02:27 PM

I've read in an RSS feed (which I accidentally deleted) about this bug and Cisco is happy to enable a 30-day license to use the McAffee system on the IronPort appliance.

0 Helpful
Enrico Werner
Cisco Employee
Cisco Employee
‎11-12-2012 11:27 PM
‎11-12-2012 11:27 PM

Hi,

it should not take too long until a new Sophos engine will be released. Once released it will be downloaded via the update servers automaticallly. Until then please feel free to contact support and provide the serial numbers of your appliances and you will get a McAfee key valid for 30 days for all your appliances.

Regards,

Enrico

0 Helpful
exMSW4319
Participant
Participant
In response to Enrico Werner
‎11-13-2012 12:00 AM
‎11-13-2012 12:00 AM

Thanks for the feedback, gentlebeings. I've sent my begging letters off to TAC via the usual forms.

Now to start worrying about all of our lapdogs running a certain EPP system!

0 Helpful
Donald Nash
Participant
Participant
In response to exMSW4319
‎11-13-2012 06:23 AM
‎11-13-2012 06:23 AM

> I've sent my begging letters off to TAC via the usual forms.

Our C660s came from the factory with 30 day eval licenses for McAfee. You might want to check to see if yours did as well. It shows up as a dormant feature key, and gets activated when you turn on McAfee.

++Don

View solution in original post

0 Helpful
Latest Contents
Email Security - QuoVadis Root Certificate Decommission Migh...
Created by dmccabej on 03-30-2021 09:32 AM
0
0
0
0
Problem Description For all versions of the Email Security Appliance (ESA) and Security Management Appliance (SMA), some Secure Sockets Link (SSL) certificates issued from the QuoVadis root certificate authority (CA) trust chain before 2021-03-31 cannot b... view more
ISE REST APIs Webinar: April 6/7, 2021
Created by thomas on 03-25-2021 07:57 PM
1
5
1
5
  Register Now Automation and programmability for networking and security are increasingly important topics. Every release since ISE 1.2 has included new REST API capabilities to better automate and integrate ISE with the rest of your network, appli... view more
FMT 2.3.4 adding ASA migrations of S2S VPN in public beta
Created by William_Hansch on 03-22-2021 08:00 AM
1
10
1
10
The latest iteration (v2.3.4) of the Cisco Secure Firewall Migration Tool adds public beta support for S2S VPN migrations from ASA: Policy-based (crypto map) Pre-Shared key authentication type VPN configuration to Firepower Management Center VP... view more
What's New for Cisco Defense Orchestrator (CDO)
Created by Andrew Mallio on 03-22-2021 04:40 AM
1
40
1
40
Cisco Defense Orchestrator (CDO) is a cloud-based, multi-device manager that manages security products like Adaptive Security Appliance (ASA), Firepower Threat Defense next-generation firewall, and Meraki devices, to name a few.  We make improvement... view more
ISE Data limiting best practices
Created by Jonathan Casillas on 03-18-2021 04:34 PM
0
5
0
5
Intro This document presents the ISE data limiting best practices that can dramatically improve the system performance on ISE. Symptoms Your deployment may be impacted if the alarms tab on ISE shows High load average, high CPU or high memoy usage alarm... view more
Content for Community-Ad