Buy or Renew
Buy or Renew
Duo Security forums now LIVE! Get answers to all your Duo Security questions. Learn more
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
1673
Views
0
Helpful
5
Replies

major Sophos headache?

Go to solution
exMSW4319
Level 3
Level 3

‎11-12-2012 07:58 AM

Our vendor's just tipped us off to this:

http://tools.cisco.com/security/center/content/CiscoSecurityAdvisory/cisco-sa-20121108-sophos

A lot of the Cisco articles just reference the same material; I'm having to guess the full impact of the bug from Sophos's own statement at:

http://www.sophos.com/en-us/support/knowledgebase/118424.aspx

I've checked my two low C-class, they reckon they're up to date and they're both running the problematic Sophos engine version.

Do we have any other information on this?                  

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Donald Nash
Level 3
Level 3
In response to exMSW4319

‎11-13-2012 06:23 AM

> I've sent my begging letters off to TAC via the usual forms.

Our C660s came from the factory with 30 day eval licenses for McAfee. You might want to check to see if yours did as well. It shows up as a dormant feature key, and gets activated when you turn on McAfee.

++Don

View solution in original post

0 Helpful
5 Replies 5

Go to solution
Donald Nash
Level 3
Level 3

‎11-12-2012 02:26 PM

These are good:

http://www.pcworld.com/article/2013580/researcher-finds-critical-vulnerabilities-in-sophos-antivirus-product.html

http://www.informationweek.com/security/vulnerabilities/sophos-av-teardown-reveals-critical-vuln/240062599

They both have links to the research paper that announced the vulnerabilities. Basically, file parsers for four different file formats, PDF being the most prominent, are buggy and susceptible to remote exploitation via carefully crafted e-mail attachments. There are proof of concept exploits available, but I haven't seen any mention of an exploit targeted at AsyncOS.

We played it safe and followed Cisco's recommended workaround: on Friday afternoon we activated our 30 day eval license for McAfee (gotta love making significant configuration changes on Friday afternoon).

++Don

0 Helpful

Go to solution
Leo Laohoo
Hall of Fame
Hall of Fame

‎11-12-2012 02:27 PM

I've read in an RSS feed (which I accidentally deleted) about this bug and Cisco is happy to enable a 30-day license to use the McAffee system on the IronPort appliance.

0 Helpful

Go to solution
Enrico Werner
Cisco Employee
Cisco Employee

‎11-12-2012 11:27 PM

Hi,

it should not take too long until a new Sophos engine will be released. Once released it will be downloaded via the update servers automaticallly. Until then please feel free to contact support and provide the serial numbers of your appliances and you will get a McAfee key valid for 30 days for all your appliances.

Regards,

Enrico

0 Helpful

Go to solution
exMSW4319
Level 3
Level 3
In response to Enrico Werner

‎11-13-2012 12:00 AM

Thanks for the feedback, gentlebeings. I've sent my begging letters off to TAC via the usual forms.

Now to start worrying about all of our lapdogs running a certain EPP system!

0 Helpful

Go to solution
Donald Nash
Level 3
Level 3
In response to exMSW4319

‎11-13-2012 06:23 AM

> I've sent my begging letters off to TAC via the usual forms.

Our C660s came from the factory with 30 day eval licenses for McAfee. You might want to check to see if yours did as well. It shows up as a dormant feature key, and gets activated when you turn on McAfee.

++Don

0 Helpful
Customers Also Viewed These Support Documents