Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
2656
Views
20
Helpful
10
Replies

Sophos AntiVirus Engine on Cisco IronPort C370 does not detect Microsoft vulnerability CVE-2012-0158 !

Go to solution
mikelpham88
Level 1
Level 1

‎10-21-2015 08:13 PM

Hi guys,

Today my Cisco IronPort has updated the lastest Sophos AntiVirus Engine and IDE Rules as below:

 

But some Office file that has Virus to Exploit Microsoft vulnerability CVE-2012-0158 are still able to pass through the AV Scanning Process (mark as Negative).

I have check with VirusTotal and have found that Sophos does not recognize this vulnerability right now but another Email Security Device (like FortiMail) does:

 

So how can i send a notification to IronPort Developper team to make them aware of this threat ??

Thank you so much :)

 

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to mikelpham88

‎10-27-2015 10:21 PM

Sophos updated:

bangphanconggiamsat2015.doc >> New detection: Exp/20120158-BM
danhsachthongtinvacauthu20~.doc  >> New detection: Exp/20120158-BM
Tai lieu Dien dan (2).doc  >> New detection: Exp/20120158-BM

View solution in original post

0 Helpful
10 Replies 10

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee

‎10-21-2015 10:12 PM

Hey Mikel,

 

If you're able to open a TAC case, you can engage TAC with the viral attachment for review and the TAC team can reach out to Sophos to check for definition match/updates.

 

Regards,

Matthew

Go to solution
mikelpham88
Level 1
Level 1
In response to Mathew Huynh

‎10-22-2015 06:57 AM

Thanks Mathew for your reply,

Unfortunately, my license of support has expired (Although the device's license is still valid) so that i could not open a TAC Support Request.

Is there anyway else that i could notify Cisco for our problem ??

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to mikelpham88

‎10-22-2015 03:36 PM

Could you zip up the file attachment with a password and provide it to me? 

Go to solution
mikelpham88
Level 1
Level 1
In response to Mathew Huynh

‎10-22-2015 07:14 PM

Oow, thank Mathew so much,

i send you the viral attachment

please have a look at this with me :D

 

Password is: iron@Sophos123

malware_20_10_2015.zip
0 Helpful

Go to solution
mikelpham88
Level 1
Level 1
In response to mikelpham88

‎10-26-2015 12:33 AM

Hi Mathew,

do you have any clue to solve this problem :)

The IronPort updated the lastest Engine but it still does not detect this virus.

 

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to mikelpham88

‎10-26-2015 07:59 PM

Hey Mikel,

 

Sorry about that, i missed the last update. I'll send these to Sophos and see what they say.


Regards,

Matthew

Go to solution
mikelpham88
Level 1
Level 1
In response to Mathew Huynh

‎10-26-2015 08:38 PM

Thanks Mathew,

i'm looking forward to your reply.

Very thank for your attention about my own problem :)

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to mikelpham88

‎10-27-2015 10:21 PM

Sophos updated:

bangphanconggiamsat2015.doc >> New detection: Exp/20120158-BM
danhsachthongtinvacauthu20~.doc  >> New detection: Exp/20120158-BM
Tai lieu Dien dan (2).doc  >> New detection: Exp/20120158-BM

0 Helpful

Go to solution
mikelpham88
Level 1
Level 1
In response to Mathew Huynh

‎10-27-2015 10:45 PM

Very thanks to Mathew,

I checked on Virus Total and Sophos Engine has detected this viral

And i have sent a test message with viral attachment from Live Mail to my Email System and IronPort has detected vulnerability

Finally, thank Mathew again for your very kind help :)

0 Helpful

Go to solution
Mathew Huynh
Cisco Employee
Cisco Employee
In response to mikelpham88

‎10-27-2015 10:46 PM

Happy to help.

Customers Also Viewed These Support Documents