Solved: Re: Unable to update Antivirus pattern from Cisco CSC SSM - Page 2

limlayhin · ‎02-16-2014

I have a Cisco ASA 5520, with Cisco ASA-SSM-CSC-10-K9. ASA version 8.4.3.

Since two days ago, automatic anti-virus pattern update for Cisco CSC SSM failed, error message as below:

AntiVirusPattern : Pattern Update: The download file was unsuccessful for ActiveUpdate was unable to verify security information. The local trusted info database is corrupted. Please contact Trend Micro technical support.. The error code is 62.

The license is valid and the subscription is expired on Sep 2014.

Any body encountered similar problem before?

Any body has Trend Micro Cisco CSC SSM helpdesk contact?

I can't find any Trend Micro info for Cisco CSC SSM.

markus.schwaiger · ‎02-17-2014

Nope, still waiting...

VincentBacher · ‎02-17-2014

just got this:

Action Plan:

This issue is seen because of RAM storage used to store pattern files while performing the updates, is not enough.

To resolve this, follow the below steps:

- Login to CSC via ASA CLI using command ‘session 1’. The username would be ‘cisco’ and the password would be the one which you use to login via GUI.

- Go to troubleshooting tools and then enable the root account.

- Now exit from here and login again via ‘session 1’ but this time, use the ‘root’ as the username and password as ‘cisco’.

- You would be prompted to change the password once logged in. Change it to any value of your choice.

- You would land at “-bash-3.00#” prompt. Copy and then paste the below command:

vi /etc/init.d/S01init_ISVW

- Add the RED line from the following output. It must be at this point in the file.

- Use ‘j’ to move cursor down.

case "$1" in

init) # for /loadrc to init before /sbin/init is started

dbg "init"

# ldconfig

dbg "ldconfig"

ldconfig 2>/dev/null

# sync kernel time with BIOS time (assume localtime as in ui_helper)

dbg "Set H/W clock"

/sbin/hwclock -s --localtime

# adjust linux kernel params

dbg "Adjust kernel params"

# adjust TCP windows size

echo "1" > /proc/sys/net/ipv4/tcp_adv_win_scale

echo "6144 262140 262140" > /proc/sys/net/ipv4/tcp_rmem

echo "6144 24576 196608" > /proc/sys/net/ipv4/tcp_wmem

# promote routing cache expiration

echo "30" > /proc/sys/net/ipv4/route/gc_interval

echo "60" > /proc/sys/net/ipv4/route/gc_timeout

# set core dump feature

echo 1 > /proc/sys/kernel/core_uses_pid

echo "/coredump/core-%e-%s-%p-%t.gz" > /proc/sys/kernel/core_pattern

# set system-related module difference

if [ -f $ISVW_HOME/script/ISmodulecfg ]; then

dbg "ISmodulecfg preinit"

sh $ISVW_HOME/script/ISmodulecfg preinit

else

warn "ISmodulecfg not found"

fi

# move preset directory to prototype

[ -d $ISVW_HOME/prototype ] || warn "Unable to locate $ISVW_HOME/prototype"

# mount major tmpfs from fstab

for i in $TMPFS_DIRS; do

dbg "+ mount tmpfs $ISVW_HOME/$i"

[ -d $ISVW_HOME/$i ] || mkdir -p $ISVW_HOME/$i

mount $ISVW_HOME/$i || warn "Fail to mount $ISVW_HOME/$i"

[ -d $ISVW_HOME/prototype/$i ] \

&& cp -a $ISVW_HOME/prototype/$i/* $ISVW_HOME/$i

chown -R isvw.isvw $ISVW_HOME/$i > /dev/null 2>&1

done

# set permission for TMASE cache

chown isvw.isvw $ISVW_HOME/lib/mail/cache

# mount /coredump

dbg "Mount /coredump"

mkdir /coredump

mount /coredump || warn "Fail to mount /coredump"

mount none /opt/trend/isvw/lib/mail/AU_Data/AU_Temp -t tmpfs -o rw,size=100M

# create /var/run/isvw

dbg "Mount /var"

[ -d /var ] || mkdir /var

mount -n /var

mkdir -p /var/run/isvw

chown isvw.isvw /var/run/isvw

- Save the file by hitting 'ESCAPE' and then :wq

- Mount the tmpfs for the folder now using below command:

-bash-3.00# mount none /opt/trend/isvw/lib/mail/AU_Data/AU_Temp -t tmpfs -o rw,size=100M

- Confirm that the filesystem now has this mounted with the command df -h:

-bash-3.00# df -h

Filesystem Size Used Available Use% Mounted on

/dev/hda2 218.1M 174.0M 32.8M 84% /mnt/rw

/dev/hda2 218.1M 174.0M 32.8M 84% /dev

/dev/hda2 218.1M 174.0M 32.8M 84% /etc

/dev/hda2 218.1M 174.0M 32.8M 84% /home

/dev/hda2 218.1M 174.0M 32.8M 84% /lib/modules

/dev/hda2 218.1M 174.0M 32.8M 84% /opt

none 250.0M 0 250.0M 0% /opt/trend/isvw/temp

none 49.0M 20.8M 28.2M 43% /opt/trend/isvw/log

none 4.0M 0 4.0M 0% /opt/trend/isvw/quarantine

none 5.0M 0 5.0M 0% /opt/trend/isvw/queue

none 101.0M 104.0k 100.9M 0% /opt/trend/isvw/tmpfs

none 99.0M 33.6M 65.4M 34% /opt/trend/isvw/lib/mail/cache

none 98.0M 0 98.0M 0% /coredump

none 100.0M 0 100.0M 0% /opt/trend/isvw/lib/mail/AU_Data/AU_Temp

none 8.0M 220.0k 7.8M 3% /var

/dev/boot 18.6M 8.2M 9.4M 47% /boot

none 201.0M 40.0k 201.0M 0% /tmp

Once completed, please try to update pattern file and let me know in case of any queries.

Jim Phelan · ‎02-17-2014

What does this mean:

- Add the RED line from the following output. It must be at this point in the file.

I see nothing in RED in the directions and the part where it says: "it must be at this point in the file" is too clear.

Thanks,

Jim

Magnus Mortensen · ‎02-17-2014

Note, please do not make these changes to solve error code 62. These changes should only be done under specific instruction from TAC as a corner case scenario. Error code 62 will not be fixed by the above changes.

paul.harvey · ‎03-17-2014

Hi Magnus, have read through this discussion after having the same issues. I have re-imaged our CSC to 6.6.1125.0 applied patch 1145 in the manner suggested in this forum. The Virus Pattern File seems to be updated without error, but now get a Failed error

AntiVirusEngine : Virus scan engine 9.75.1005 was successfully downloaded and installed.
Unable to backup file /opt/trend/isvw/lib/libvsapi.so. You need to manually copy file /opt/trend/isvw/temp/AU/libvsapi.so to path /opt/trend/isvw/lib.

Have not been able to resolve this problem, do you have any suggestions please

Thanks Paul

kamranga · ‎02-17-2014

Hi,

This is a know issue that seems to be affecting a lot of customers off late.

The root cause for the issue seems to be the inability of the CSC module to verify the signed pattern package that it downloads because the signer certificate has expired.

This has already been reported to Trend and there is a patch available for the same (6.6.1125.0.1140).

Please find below the release notes information for the same.

This hot fix resolves the following issue:
   
   Issue:    The ActiveUpdate module for Stargate supports 
             "root signed" certificates only. However, "root signed" 
             certificates will expire by March 2015. By that time, 
             every SSL server certificate must be issued by an 
             intermediate CA. Since the ActiveUpdate module does not 
             support intermediate CA certificates, all ActiveUpdate 
             updates will eventually fail.
             ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
   Solution: This hot fix updates the ActiveUpdate module to enable 
             CSC to support intermediate CA certificates.
 

 
 I would request you to open a TAC case so that the patch can be applied to the module.
 
 HTH
 Kamalesh

VincentBacher · ‎02-17-2014

just received a patch

testing

Stephen Bush · ‎02-17-2014

I don't see the patch on Cisco website, did you have to recieve it direct from TAC?

VincentBacher · ‎02-17-2014

Its attached to my tac case

Sent from Cisco Technical Support iPhone App

tahequivoice · ‎02-17-2014

Looks like a common thing, however, has not been confirmed as answered yet. Does the patch work?

Valentin Abramov · ‎02-17-2014

Any way to fix ASA-SSM-CSC-10 ver. 6.3.1172.0 ?

Magnus Mortensen · ‎02-17-2014

This issue is caused by a change in the certificate used to sign the updates. A fix is available for CSC Module version 6.6.1125.0. The fix is Patch 1140. Give me a few minutes and I'll have a link for you.

Magnus Mortensen · ‎02-17-2014

CSC Module patc 1144 is available on Trend Micro's safesync server:

See

https://supportforums.cisco.com/docs/DOC-40231

Anatoliy Ivanov · ‎02-17-2014

Test done.

Patch 1140 - working =)

Thank you very much.

Magnus Mortensen · ‎02-17-2014

Denis,

Thanks for the update. Our apologies for the confusion!

- Magnus