cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
845
Views
0
Helpful
5
Replies
exMSW4319
Participant

major Sophos headache?

Our vendor's just tipped us off to this:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121108-sophos

A lot of the Cisco articles just reference the same material; I'm having to guess the full impact of the bug from Sophos's own statement at:

http://www.sophos.com/en-us/support/knowledgebase/118424.aspx

I've checked my two low C-class, they reckon they're up to date and they're both running the problematic Sophos engine version.

Do we have any other information on this?                  

1 ACCEPTED SOLUTION

Accepted Solutions

> I've sent my begging letters off to TAC via the usual forms.

Our C660s came from the factory with 30 day eval licenses for McAfee. You might want to check to see if yours did as well. It shows up as a dormant feature key, and gets activated when you turn on McAfee.

++Don

View solution in original post

5 REPLIES 5
Donald Nash
Participant

These are good:

http://www.pcworld.com/article/2013580/researcher-finds-critical-vulnerabilities-in-sophos-antivirus-product.html

http://www.informationweek.com/security/vulnerabilities/sophos-av-teardown-reveals-critical-vuln/240062599

They both have links to the research paper that announced the vulnerabilities. Basically, file parsers for four different file formats, PDF being the most prominent, are buggy and susceptible to remote exploitation via carefully crafted e-mail attachments. There are proof of concept exploits available, but I haven't seen any mention of an exploit targeted at AsyncOS.

We played it safe and followed Cisco's recommended workaround: on Friday afternoon we activated our 30 day eval license for McAfee (gotta love making significant configuration changes on Friday afternoon).

++Don

Leo Laohoo
VIP Community Legend

I've read in an RSS feed (which I accidentally deleted) about this bug and Cisco is happy to enable a 30-day license to use the McAffee system on the IronPort appliance.

Enrico Werner
Cisco Employee

Hi,

it should not take too long until a new Sophos engine will be released. Once released it will be downloaded via the update servers automaticallly. Until then please feel free to contact support and provide the serial numbers of your appliances and you will get a McAfee key valid for 30 days for all your appliances.

Regards,

Enrico

Thanks for the feedback, gentlebeings. I've sent my begging letters off to TAC via the usual forms.

Now to start worrying about all of our lapdogs running a certain EPP system!

> I've sent my begging letters off to TAC via the usual forms.

Our C660s came from the factory with 30 day eval licenses for McAfee. You might want to check to see if yours did as well. It shows up as a dormant feature key, and gets activated when you turn on McAfee.

++Don

View solution in original post

Content for Community-Ad