For CSC Module version 6.6.1125.0, the latest HOTFIX is patch 1157. This brings a module up-to version 6.6.1125.0.1157 from any version of 6.6.1125.x. You can obtain the patch (csc_66_en_hfb1157.pkg) here:
https://dc1.safesync.com/LMcmmxjs/CSC-SSM/?a=-rAIk-XpkvI
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Trend Micro(TM) InterScan(TM) for Cisco Content Security
and Control Security Services Module (CSC-SSM) 6.6
Hot Fix - Build 1157
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
NOTICE: This hot fix was developed as a workaround or solution to a
customer-reported problem. As such, this hot fix has received
limited testing and has not been certified as an official product
update. Consequently, THIS HOT FIX IS PROVIDED "AS IS." TREND MICRO
MAKES NO WARRANTY OR PROMISE ABOUT THE OPERATION OR PERFORMANCE OF
THIS HOT FIX NOR DOES IT WARRANT THAT THIS HOT FIX IS ERROR FREE. TO
THE FULLEST EXTENT PERMITTED BY LAW, TREND MICRO DISCLAIMS ALL
IMPLIED AND STATUTORY WARRANTIES, INCLUDING BUT NOT LIMITED TO THE
IMPLIED WARRANTIES OF MERCHANTABILITY, NONINFRINGEMENT AND FITNESS
FOR A PARTICULAR PURPOSE.
Contents
===================================================================
1. Hot Fix Release Information
1.1 Issues
1.2 Enhancements
1.3 Files Included in this Release
2. Documentation Set
3. System Requirements
4. Installation/Uninstallation
4.1 Installation
4.2 Uninstallation
5. Post-installation Configuration
6. Known Issues
7. Release History
8. Contact Information
9. About Trend Micro
10. License Agreement
===================================================================
1. Hot Fix Release Information
======================================================================
1.1 Issues
===================================================================
This hot fix resolves the following issue:
Issue: If there is heavy network traffic or if FTP connections
close unexpectedly while the FTP daemon receives data, it
does not time out and thus, does not purge old temporary
files. These files use up disk space.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hot fix adds a timeout setting to the FTP daemon so
that if it encounters heavy network traffic or if the
FTP connections close unexpectedly while it is receiving
data, the process times out and triggers the daemon to
purge old temporary files.
1.2 Enhancements
===================================================================
There are no enhancements for this hot fix.
1.3 Files Included in this Release
===================================================================
A. Files for Current Issue
-------------------------------------------------------------------
Filename Build No.
-------------------------------------------------------------------
factory_default.tgz 1125
migrate.conf 1125
File for Issue
-------------------------------------------------------------------
Filename Build No.
-------------------------------------------------------------------
isftpd 1157
B. Files for Previous Issues
-------------------------------------------------------------------
Filename Build No.
-------------------------------------------------------------------
iwss-process 1148
httpsd 1134
libtmmsg.so 1128
issyslog 1129
issyslog.exe 1129
TmSmbGui.jar 1131
libisvwlib.so 1131
libhttpproxy.so 1135
IWSSPIScanVsapi.so 1133
setup.bin 1135
AuPatch 1140
libpatch.so 1140
libtmactupdate.so 1140
libciuas32.so 1140
cert5.db 1140
x500.db 1140
stargate_patch_apply.sh 1144
S01init_ISVW 1146
scheduled 1145
libtmau.so 1145
libhttpproxy.so 1148
httpsd 1155
2. Documentation Set
======================================================================
In addition to this readme.txt, the documentation set for this
product includes the following:
o Readme.txt -- basic installation, known issues, release history,
and contact information
o Installation Guide (IG) -- Provides product overview, deployment
plan, installation steps and basic information intended to help
you deploy InterScan for Cisco CSC SSM smoothly.
o Administrator's Guide (AG) -- Provides post-installation
instructions on how to configure the settings to help you get
InterScan for Cisco CSC SSM "up and running." Also includes
instructions on performing other administrative tasks for the
day-to-day maintenance of InterScan for Cisco CSC SSM.
o Online Help -- Context-sensitive help screens that provide
guidance for performing a task.
3. System Requirements
======================================================================
Install this hot fix only on computers that meet the following
requirements:
- Platform: CSC SSM 10 or CSC SSM 20
- CSC Version: 6.6.1125.0.
4. Installation/Uninstallation
======================================================================
4.1 Installation
===================================================================
To install this hot fix:
1. Ensure that scheduled updates are disabled.
2. Log on to the CSC web console.
3. Click "Administration > Product Upgrade".
4. Select the hot fix package and upload it to the appliance.
5. After a few minutes, verify that the hot fix package has
been uploaded to CSC.
6. Enable scheduled updates if you have disabled these in step 1.
4.2 Uninstallation
===================================================================
To roll back to the previous build:
1. Log on to the CSC web console.
2. Click "Administration > Product Upgrade".
3. Under "Update number", click the name of the device you want to
view. A summary screen appears showing the updates and related
log information.
4. Click "Uninstall" to remove an update.
5. Post-installation Configuration
======================================================================
No post-installation steps are required.
Note: Trend Micro recommends that you update your scan engine and
virus pattern files immediately after installing this hot
fix.
6. Known Issues
======================================================================
There are no known issues for this hot fix release.
7. Release History
======================================================================
InterScan for Cisco CSC SSM 6.6.1125.0, July 1, 2011
7.1 Prior Hot Fixes
===================================================================
Note: Only the new hot fix was tested for this release. Prior hot
fixes were tested at the time of their release.
Hot Fix 1128
Issue: InterScan slightly modifies the "Received" email header
after the CSC POP3 scans email messages. This issue
causes the time format of the email messages to violate
RFC 5322.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hot fix resolves this issue.
Hot Fix 1129
Issue: CSC may stop transferring violation events to Cisco ASDM
preventing the "Cisco ASDM Content Security" tab from
showing violation events. This issue occurs because the
CSC syslog adaptor module runs into a dead loop when it
attempts to handle URLs that exceed 1024 bytes.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hot fix resolves this issue.
Hot Fix 1131
Issue 1: When users make changes in the DNS setting on the
CSC web console, the new setting does not take
effect.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hot fix enables the web console to restart
automatically after users make changes to the DNS
setting on the CSC web console. This ensures that the
new setting takes effect immediately.
Issue 2: For the SMTP content filter feature, the previous file
type setting in the background configuration file
could not be cleared correctly. This can cause CSC to
block a file type other than the one specified in the
configuration file on the web console.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hot fix resolves this issue.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Procedure 2: To correct the previous SMTP content filter background
configuration file:
a. Log on to the CSC web console.
b. Make and save the necessary changes to the content
filter setting in the "Mail(SMTP) >
Content-Filter > Filter attachments of following
file types" field.
This step enables the fix to take effect. After
performing this step, any changes you make on the
content filter setting will take effect
immediately.
Hot Fix 1132
Issue: When users access some HTTPS sites, the browser freezes
for one to two minutes or displays browser/SSL errors if
the HTTPS server closes the connection before the client
downloads all the data.
This issue occurs because the CSC-SSM does not
properly close the connection with the client.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hot fix resolves this issue by allowing CSC-SSM
to properly close the connection with the client when
the server closes the connection with CSC-SSM.
Hot Fix 1133
Issue 1: The iwss process may cause the CSC module to stop
unexpectedly. This issue can occur when the VSAPI
module sends out a large number of nesting call
statements which can lead to useless memory allocation
and eventually cause the system to run out the memory.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hot fix enables the VSAPI module to use simple
character strings instead of the String class to reduce
the unnecessary memory allocation. This resolves the
issue.
Issue 2: The URL filtering and URL blocking functions of the
HTTPS module may stop working 30 minutes after
starting. This issue occurs because the httpsd process
encounters a data corruption issue which can cause it
to stop unexpectedly and may trigger a core dump issue.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hot fix prevents the core dump issue in the httpsd
process to ensure that both the HTTPS URL filtering and
URL blocking functions work properly.
Issue 3: The VSAPI module requires CSC to change the
"Accept-Encoding" header of an HTTP request from
"gzip/deflate" to "Identity" which is the default
value, before sending the HTTP request to the server.
However, the actual encoding of the PDF file is "gzip".
This mismatch can prevent Microsoft(TM)
Internet Explorer(TM) 8 from downloading the file.
This issue does not affect Mozilla(R) Firefox(R).
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 3: This hot fix prevents CSC from changing the
"Accept-Encoding" header of HTTP requests in clients
that use Internet Explorer.
Hot Fix 1134
Issue: The CSC module stops unexpectedly because of a null
pointer in the commonUID module.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hot fix prevents the commonUID module from calling
the null pointer.
Hot Fix 1135
Issue 1: When accessing a web site through CSC and the size of
the header of the HTTP response exceeds 16 KB, the
client will not be able to display the web page
properly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 1: This hot fix increases the HTTP receiver buffer to
enable CSC to process HTTP responses with headers that
are larger than 16 KB.
Issue 2: A related process can use up 100% of CPU resources
while "setup.bin" runs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution 2: This hot fix optimizes the handling method for
terminated signals to ensure that it can efficiently
handle terminated signals and that the affected process
can close successfully.
Hot Fix 1140
Issue: The ActiveUpdate module for Stargate supports
"root signed" certificates only. However, "root signed"
certificates will expire by March 2015. By that time,
every SSL server certificate must be issued by an
intermediate CA. Since the ActiveUpdate module does not
support intermediate CA certificates, all ActiveUpdate
updates will eventually fail.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hot fix updates the ActiveUpdate module to enable
CSC to support intermediate CA certificates.
Hot Fix 1144
Issue: Updates may not complete because there is not enough
disk space in "/opt/trend/isvw/lib/mail" and
ActiveUpdate uses this folder for updates.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hot fix transfers the ActiveUpdate folder to another
location to ensure that it has enough disk space to
perform updates successfully.
Hot Fix 1145
Issue: Sometimes, a copy file error appears after a successful
antispam pattern update.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hot fix prevents the copy file error from appearing
after a successful antispam pattern update.
Hot Fix 1146
Issue: Sometimes, Virus Scan Engine updates fail because the
backup file is missing.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hot fix creates the missing backup file in affected
computers to ensure that the Virus Scan Engine can
be updated successfully.
Hot Fix 1147
Issue: Sometimes, CSC cannot decode URLs that contain special
characters because it cannot parse these URLs correctly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hot fix enables CSC to parse URLs with special
characters to ensure that it can successfully decode
these URLs.
Hot Fix 1148
Issue: When users access a web site through CSC, the client
may not be able to display the web page properly.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hot fix enables clients to display web pages
properly.
Hot Fix 1155
Issue: An array overflow issue triggers the iwss process to
stop unexpectedly and generate core dump files while
parsing certain URLs.
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
Solution: This hot fix resolves the issue so users can access
the affected web sites normally.
8. Contact Information
======================================================================
A license to the Trend Micro software usually includes the right to
product updates, pattern file updates, and basic technical support
for one (1) year from the date of purchase only. After the first
year, Maintenance must be renewed on an annual basis at
Trend Micro's then-current Maintenance fees.
You can contact Trend Micro via fax, phone, and email, or visit us
at:
http://www.trendmicro.com
Evaluation copies of Trend Micro products can be downloaded from
our web site.
Global Mailing Address/Telephone numbers
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
For global contact information in the Asia/Pacific region,
Australia and New Zealand, Europe, Latin America, and Canada,
refer to:
http://www.trendmicro.com/en/about/overview.htm
The Trend Micro "About Us" screen displays. Click the appropriate
link in the "Contact Us" section of the screen.
Note: This information is subject to change without notice.
9. About Trend Micro
======================================================================
Trend Micro Incorporated, a global leader in Internet content
security and threat management, aims to create a world safe for the
exchange of digital information for businesses and consumers.
A pioneer in server-based antivirus with over 20 years experience,
we deliver top-ranked security that fits our customers' needs,
stops new threats faster, and protects data in physical,
virtualized and cloud environments. Powered by the Trend Micro
Smart Protection Network(TM) infrastructure, our industry-leading
cloud-computing security technology and products stop threats where
they emerge, on the Internet, and are supported by 1,000+
threat intelligence experts around the globe. For additional
information, visit www.trendmicro.com.
Copyright 2014, Trend Micro Incorporated. All rights reserved.
Trend Micro, the t-ball logo, Smart Protection Network, and
InterScan are trademarks of Trend Micro Incorporated and are
registered in some jurisdictions. All other marks are the
trademarks or registered trademarks of their respective companies.
10. License Agreement
======================================================================
Information about your license agreement with Trend Micro can be
viewed at:
http://us.trendmicro.com/us/about/company/user_license_agreements/
Third-party licensing agreements can be viewed:
- By selecting the "About" option in the application user
interface
- By referring to the "Legal" page of the Getting Started Guide or
Administrator's Guide
... View more
