Table Of Contents
Cisco Content Security and Control (CSC) SSM Release Notes Version 6.2.1599.0
Contents
About the CSC SSM Version 6.2.1599.0 Release
Installing the CSC SSM Version 6.2.1599.0 Release
Verifying the Installed Version of the CSC SSM Software
Important Notes
Caveats
Open Caveats
Resolved Caveats
Related Documentation
Obtaining Documentation, Obtaining Support, and Security Guidelines
Cisco Content Security and Control (CSC) SSM Release Notes Version 6.2.1599.0
August 2007
Contents
This document contains release information for the Cisco Content Security and Control (CSC) SSM Version 6.2.1599.0 maintenance release. It includes the following sections:
•
About the CSC SSM Version 6.2.1599.0 Release
•Installing the CSC SSM Version 6.2.1599.0 Release
•Verifying the Installed Version of the CSC SSM Software
•Important Notes
•Caveats
•Related Documentation
•Obtaining Documentation, Obtaining Support, and Security Guidelines
About the CSC SSM Version 6.2.1599.0 Release
The CSC SSM Version 6.2.1599.0 maintenance release includes the following new features:
•Administrators can configure (that is, add, modify, and delete) an exceptions list to URL filtering. This exceptions list includes the following information: IP addresses, IP address ranges, and subnet masks. Users can import a file of e-mail addresses into this list. In addition, administrators can create separate exceptions lists on client PCs for virus, scanning, anti-spam, or other security-related functions.
•Additional protection against malware has been provided through the use of IntelliTrap pattern files and the IntelliTrap exceptions list. ASDM can also display the status of the IntelliTrap pattern files.
•The serial number of the CSC SSM is provided automatically as part of the registration process.
•ASDM allows administrators to configure the bypass of CSC management traffic through the CSC Setup Wizard, which may increase the number of concurrent HTTP connections available.
•ASDM allows administrators to configure which traffic the CSC should scan through the Traffic Flow Selection step of the CSC Setup Wizard.
•Administrators can customize the web page that appears to users for blocked, filtered, infected, or prohibited URLs. Customization includes the company logo and the security policy statement.
•The CSC SSM supports the Damage Cleanup Service (DCS) for cleaning an infected PC. The DCS removes spyware, worms, viruses, Trojan horses, and memory registries on clients and servers. In addition, it repairs system registries and memory. The DCS requires a separate installation of the DCS server.
Note The user cannot access the Internet until the PC has been cleaned. If the DCS is unsuccessful in cleaning an infected PC automatically, administrators can start the DCS manually.
•Users can monitor the number of connections to the CSC SSM.
•Users receive a warning when they access a prohibited URL.
•URL filtering supports SOCKS-based proxy servers.
•URL filtering allows bypassing based on client IP addresses.
•URL filtering has added the following new categories:
Tasteless, Recreation/Hobbies, Entertainment, Arts, Internet Radio and TV, Internet Telephony, Marijuana, Activist Groups, Political/Activist Parties, Infrastructure, Blogs & Web Communications, Photo Searches, Translators (circumvent filtering), Social Networking, Personal Websites, Personal Network Storage/File Download Servers, Peer-to-Peer, Gay/Lesbian/Bisexual, Sport Hunting and Gun Clubs, Sports, Ringtones/Mobile Phone Downloads, (Software) Downloads, Potentially Malicious Software, Spyware, Phishing, Spam, Adware, Virus Accomplice, Disease Vector, Cookies, Dialers, Hacking, Joke Programs, Password Cracking Applications, Remote Access Program, and Made for AdSense sites (MFA).
•URL filtering has removed the following categories: Unrated and Miscellaneous.
•The Network Reputation Service (NRS) has been renamed to the Email Reputation Service (ERS). The ERS portal is accessible through the CSC GUI, which provides detailed reporting and allows customization of the ERS feature.
•Configuration recovery through the CLI after re-imaging has been removed. Make sure you use the .pkg file to upgrade image files through the CSC SSM GUI.
•Detect spam in image files and PDF files. Because the anti-spam engine in this version is a higher version than the one on the Trend Micro Update Server, the updates for the spam engine may display as unsuccessful and in red on the summary page. This is temprorary behavior, and will be resolved after the most current TMASE engine has been made available.
•Performance improvements have been made.
For information about CSC SSM sizing deployment requirements, go to the following URL and log in with your Cisco.com username and password:
http://www.cisco.com/en/US/customer/products/ps6120/products_white_paper0900aecd805c3cd6.shtml
See the "Resolved Caveats" section for information about the caveats that have been resolved by this release.
Installing the CSC SSM Version 6.2.1599.0 Release
You can install this release if you are running CSC SSM version 6.1.x. To verify the version of the CSC SSM software installed on the device, see the "Verifying the Installed Version of the CSC SSM Software" section.
To upgrade the CSC SSM, perform the following steps:
Step 1 Download the csc6.2.1599.0.pkg upgrade file from the Software Center on Cisco.com. You need to log into Cisco.com to download the software. If you do not have a Cisco.com account, visit the following website to become a registered user:
http://tools.cisco.com/RPF/register/register.do
Step 2 Access the Trend Micro CSC SSM console by doing the following:
a. Launch ASDM.
b. Choose Configuration > Trend Micro Content Security.
Step 3 Choose Administrator > Product Upgrade from the menu.
Step 4 Click Browse and select the .pkg file you downloaded.
Step 5 Click Install.
Step 6 Click Summary to confirm the installed software version.
Step 7 (Optional) Use an Eicar test file to confirm that the upgrade was successful and that the scanning services have been configured correctly.
For more information, see Appendix A, "Reimaging and Configuring the CSC SSM Using the CLI," in the Cisco Content Security and Control SSM Administrator Guide.
Verifying the Installed Version of the CSC SSM Software
You can confirm the version of the CSC SSM software, and software components and patches from the ASA 5500 series adaptive security appliance CLI.
Note The software version also appears on the summary page of the Trend Micro InterScan for Cisco CSC SSM interface.
To view the version of software installed on the CSC SSM using the CLI, perform the following steps:
Step 1 To access the CSC SSM, open ASDM and click the Content Security tab.
Step 2 Choose Tools > Command Line Interface to display the Command Line Interface dialog box.
Step 3 In the command line field, enter the show module 1 details command, and then click Send.
The CSC SSM software version information appears.
hostname(config)# show module 1 details
Getting details from the Service Module, please wait...
ASA 5500 Series Security Services Module-20
Firmware version: 1.0(10)0
Software version: CSC SSM 6.2.1599.0
MAC Address Range: 000b.fcf8.012c to 000b.fcf8.012c
App. Status Desc: CSC SSM scan services are available
Mgmt IP addr: 10.89.130.241
Peer IP addr: <not enabled>
Important Notes
•The ASDM GUI still displays NRS instead of ERS.
•After an upgrade from 6.1 to 6.2, if the GUI does not time out correctly or a Javascript error occurs, clear your browser cache to resolve this issue.
•ASDM Versions 5.2(2) and 6.0(2) do not support DCS. Future updates of ASDM will support this feature. For more information about DCS support, see the Cisco ASDM Release Notes for future ASDM versions.
Caveats
This section describes the open and resolved caveats for the CSC SSM Version 6.2.1599.0 maintenance release. To view more information about an open or resolved caveat, use the Bug Toolkit on Cisco.com. If you are a registered Cisco.com user, access the Bug Toolkit on cisco.com at the following website:
http://tools.cisco.com/Support/BugToolKit/
To become a registered Cisco.com user, go to the following website:
http://tools.cisco.com/RPF/register/register.do
For your convenience in locating caveats in the Cisco Bug Toolkit, the caveat titles listed in this section are taken directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences, because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
•Commands are in boldface type.
•Product names and acronyms may be standardized.
•Spelling and typographical errors may be corrected.
This section includes the following topics:
•Open Caveats
•Resolved Caveats
Open Caveats
Table 1 lists the open caveats in the CSC SSM Version 6.2.1599.0 maintenance release.
Table 1 Open Caveats
ID Number
|
Caveat Title
|
CSCsd17818
|
Yahoo! Finance MarketTracker does not work.
|
CSCsd17889
|
Nothing seems to happen when downloading infected file from/to web mail.
|
CSCsd17954
|
The HTTP proxy connection cannot tunnel through the CSC SSM.
|
CSCsd18011
|
FTP file blocking will not work when file not scanned due to cfg.
|
CSCsd18052
|
Email notification from the CSC SSM is not received.
|
CSCse12729
|
The spyware pattern number may appear to be rolled back.
|
CSCse12745
|
NRS feature is not working on the CSC SSM after registration.
|
CSCse12755
|
Some spyware may be detected even if spyware category is not enabled.
|
CSCsf05298
|
Citrix not supported with CSC module.
|
CSCsf26197
|
CSC software blocks Ameritrade streamer.
|
CSCsf98493
|
[HTTP] VPN users using proxy have problem browsing via HTTP.
|
CSCsf98538
|
[UI] WhiteIPList on NRS will disappear from UI.
|
CSCsg52819
|
CSC module - Import function for user-defined domain lists.
|
CSCsh18404
|
CSC module to support https requests in URL filtering.
|
CSCsh27011
|
[FTP] HP UX tcp_lift_anchor, can't wait error message when doing FTP i.
|
CSCsh27102
|
[Admin UI] SSL vulnerability.
|
CSCsh39788
|
After upgrade with *.pkg, URL filtering does not function.
|
CSCsh53472
|
CSC module delays HTTP and FTP traffic.
|
CSCsh58934
|
SSM Card becomes unresponsive after configuring from ASDM.
|
CSCsh70101
|
No error message for invalid URL Blocking import file.
|
CSCsh80376
|
Incorrect error message when URL rating lookup times out.
|
CSCsh97282
|
Ability to change the CSC SSM default WEB GUI port 8443.
|
CSCsi27604
|
Intermittent email corruption when going through CSC.
|
CSCsi40117
|
100% CPU issue.
|
CSCsi43395
|
Do not send disconnect-syslog when HTTP receives RST.
|
CSCsi65720
|
Secondary dns server setup is wiped out by session 1 do setup dns command.
|
CSCsi66735
|
CSC SSM does not properly handle partial emails.
|
CSCsi82300
|
CSC causes large emails attachments to timeout when downloading via POP3.
|
CSCsj10645
|
CSC still filters large size messages even if disabling POP3 scanning.
|
CSCsj20246
|
CSC SSM not detecting spyware threats.
|
CSCsj33289
|
CSC memory may be filled up under heavy FTP traffic.
|
CSCsj46486
|
For Anti-Spam, the Japanese subject is broken after adding Spam tag.
|
Cisco/Trend Micro
ID Number
|
Caveat Title
|
CSCsj61804
|
Compact Flash full issues.
|
CSCsj71797
|
Feature request bypass large emails for POP3/SMTP.
|
CSCsj89274
|
POP3 CSC SSM is not handling AUTH commands properly.
|
CSCsj89275
|
MAIL Entourage email issue with gzip transfer-coding.
|
CSCsj89276
|
Content Filtering Wildcard online help change.
|
CSCsj89277
|
UI Trial Plus license key is not accepted after installation.
|
CSCsj91181
|
FTP service may stop under stress conditions.
|
CSCsj91182
|
CSC cannot download pattern/engine from TMCM. This can be resolved by applying CSC-SSM-Hotfix-TMCM-Au-2.pkg.
|
CSCsj91183
|
ConnectWise application may not load when scanned by CSC via HTTP.
|
CSCsj91184
|
www.sicklogoshoppe.com may not load when scanned by CSC via HTTP.
|
CSCsj91185
|
GUI Webmail scanning page displays incorrect row color when adding new entries.
|
Resolved Caveats
Table 2 lists the resolved caveats in the CSC SSM Version 6.2.1599.0 maintenance release.
Table 2 Closed Caveats
ID Number
|
Caveat Title
|
CSCsc83996
|
FTP get failure: CSC sends RETR before data channel is established.
|
CSCsc87177
|
Stargate stress will cause control channel failure and CSC failed.
|
CSCsd17646
|
The CSC SSM cannot block non-standard file extensions such as .xxx.
|
CSCsd17656
|
The CSC SSM blocks the page with gzip displayed.
|
CSCsd17794
|
If FTP-Inspection is disabled in the ASA CLI, the FTP-data is not scanned.
|
CSCsd18030
|
Connections may be interrupted during SSM service failure.
|
CSCsd24556
|
The connection timeout syslog is sent on every SMTP connection.
|
CSCsd24611
|
A HTTP/1.0 client may not work properly.
|
CSCsd59143
|
Modify e-mails sent by Trend CSC SSM to include device name, IP address.
|
CSCse61973
|
CSC SSM does not store NULL HTTP header correctly.
|
CSCse67660
|
CSC software blocks Windows Automatic updates.
|
CSCse68897
|
Scheduled Update every 15 minutes doesn't start sometimes.
|
CSCse74860
|
Unable to import a configuration backup from one SSM to the other.
|
CSCse74868
|
ESMTP AUTH response cannot pass through CSC.
|
CSCse74885
|
CSC runtime memory usage keeps increasing.
|
Cisco/Trend Micro
ID Number
|
Caveat Title
|
CSCse74907
|
High-frequency of SMTP disconnection syslogs is generated.
|
CSCse74913
|
Some values reset to default on config import.
|
CSCse74915
|
Schedule update may not be executed every 15 minutes on some systems.
|
CSCse74918
|
Packet capture from CSC CLI Menu does not capture complete packet.
|
CSCse78267
|
URL filtering with proxy delays HTTP connections by 60 seconds.
|
CSCse84425
|
Anti-spam User-Approved-Email-List is not exported as part of the cfg.
|
CSCse89728
|
Number of licensed seats shows a different value for Base and Plus license
|
CSCse90102
|
CSC SSM incorrectly sends failure email for virus engine update.
|
CSCsf24483
|
Activation Code is invalid. [CONTENT_ERR_AC_ILLEGAL] error:1231.
|
CSCsf27606
|
CSC software stops processing POP3 traffic.
|
CSCsf28591
|
CSC module generates compact Flash almost-full messages.
|
CSCsf32708
|
Check Status Online on UI Enter a new code button doesn't work:1231.
|
CSCsf98450
|
Unable to update Symantec product using FTP via CSC.
|
CSCsf98459
|
[CLI] Allow user to set the short/long password.
|
CSCsf98496
|
[HTTP URL Blocking] URLs with more than 50 chars not accepted: 1265.
|
CSCsf98519
|
The networking setting is not updated on Config Import: 1270.
|
CSCsf98547
|
[Troubleshooting Tools] Gather logs entry does not work sometimes: 1272.
|
CSCsf98551
|
[UI] URL Filtering reclassification page to be changed: 1275.
|
CSCsf98558
|
Check Status Online updated Last Status Check even on failure: 1276.
|
CSCsg11957
|
CSC cutting link speed by 60%, and download speeds are very slow.
|
CSCsg26887
|
CSC TMCM server IP can't be removed.
|
CSCsg28389
|
Hits 100% CPU utilization for 108 nodes.
|
CSCsg31261
|
CSC losing configuration when the ASA is reloaded.
|
CSCsg32958
|
TLS SMTP does not work through CSC module.
|
CSCsg71856
|
Unable to browse some websites, e.g., wisbar.org:1336.
|
CSCsg72173
|
Duplicate syslog is generated when multiple spyware apps are found in a computer.
|
CSCsg72185
|
URL Filtering Cache does not expire.
|
CSCsg73233
|
CSC failover: Automatic synchronization is currently message shown
|
CSCsg73302
|
Enter "<>" as URL Blocking rules on CSC GUI breaks GUI.
|
CSCsg73427
|
The View license detail online link does not work.
|
CSCsg79130
|
FTP EPSV EPRT options not working through CSC 6.1.1564.0.
|
CSCsg82129
|
HTTP 1.1 pipelining compliance issues.
|
CSCsg82152
|
CSC jumps to 100% CPU but new connections can be established & scanned.
|
CSCsg82181
|
The flash image on www.cisco.com Home page sometimes cannot be loaded.
|
CSCsh14819
|
Patch history is not displayed properly when upgrading from 6.1p1.
|
Cisco/Trend Micro
ID Number
|
Caveat Title
|
CSCsh15518
|
Upgrading CSC module may result in no ability to activate module.
|
CSCsh19934
|
CSC SSM not passing traffic for several minutes after config update.
|
CSCsh21113
|
Scheduled update email notification subject reports incorrect update status.
|
CSCsh21159
|
Unable to see streaming video/audio from some sites.
|
CSCsh23475
|
CSC module - URL blocking not functional for keywords.
|
CSCsh27010
|
POP3 never worked.
|
CSCsh27014
|
[HTTP] Asymmetric connection close issue in http proxy.
|
CSCsh27090
|
[http] Firefox 2.0 with Fasterfox plug-in has issue opening cisco.com.
|
CSCsh27092
|
[HTTP] Codenomicon tool causes CSC CPU to hit 100%.
|
CSCsh27093
|
[HTTP] URL Filtering requests sent with incorrect format.
|
CSCsh27095
|
[UI] Patch installation does not clean patch history page.
|
CSCsh27099
|
[Update] Improve the update feature around notification mail.
|
CSCsh27103
|
[HTTP] Streaming media does not work.
|
CSCsh31484
|
CSC module on ASA does not show email disclaimer.
|
CSCsh31982
|
[HTTP] CSC SSM: Disconnects HTTP sessions from proxy in DMZ.
|
CSCsh35086
|
CSC module with URL filtering delays or blocks all web traffic.
|
CSCsh46886
|
CSC SSM - SWF files are being treated as executables.
|
CSCsh50078
|
CSC URL filtering, HTTP browsing fails: page cannot be displayed error.
|
CSCsh58065
|
TFTP transfers to/from CSC module's command line failing.
|
CSCsh58836
|
TMCM Agent TMCM Agent sends wrong version information.
|
CSCsh58901
|
ASDM Plus license expiration does not disable URL blocking in ASDM.
|
CSCsh58911
|
HTTP CSC SSM module CPU pegged at 100%.
|
CSCsh73881
|
CSC SSM CPU pegs at 100% when running 6.1(1569).2 image.
|
CSCsh74915
|
Trend GUI does not return to login screen after timeout.
|
CSCsh83148
|
TCP timestamp unexpectedly set to 0 for flows reordered by the firewall.
|
CSCsh90870
|
POP3 Adding deferred scanning to POP3 scanning.
|
CSCsh96228
|
POP3 and SMTP corrupt email if CR LF arrives in separate lines.
|
CSCsh96229
|
IWSS cannot parse CCM_POST.
|
CSCsh96231
|
URL Filtering cannot handle chunked RS response.
|
CSCsh96235
|
Incorrect syslog is sent when CSC is unable to connect to URL ratings.
|
CSCsh96237
|
Email delays dues to IMSS lacking timeout (current behavior is 120 sec).
|
CSCsh96238
|
HTTP does not send syslog on socket timeout.
|
CSCsi06520
|
Add support for TLS over FTP.
|
CSCsi07133
|
TFTP uploads via CSC module Troubleshooting menu fail.
|
CSCsi18226
|
Failover Unable to establish failover relationship.
|
Cisco/Trend Micro
ID Number
|
Caveat Title
|
CSCsi32093
|
Issue sending email when recipient list is too large.
|
CSCsi40116
|
OCLC Parsing error.
|
CSCsi43390
|
Improve Online Help description for Log Query.
|
CSCsi43391
|
Service module does not respond under high loads.
|
CSCsi43393
|
When SSM log partition is full, IWSS leaks ~isvw/tttt.txt.
|
CSCsi43397
|
Include TM agent log into CSC Log Collection.
|
CSCsi43399
|
Not able to stream AOL online radio.
|
CSCsi43791
|
Command option -dst cache overflow causing CSC to be unable to accept new connections.
|
CSCsi52793
|
Allow customer to enable/disable SMTP TLS.
|
CSCsi52795
|
Allow un-registering TMCM when TMCM server is unreachable.
|
CSCsi52796
|
SSM License GUI cannot accept new Activation Codes.
|
CSCsi52797
|
NRS is not disabled after Plus license expired.
|
CSCsi52798
|
Upgrade requires base CSC version 6.1.1569.x.
|
CSCsi52799
|
Make core dump enable easier in the header of IS functions.
|
CSCsi66735
|
CSC does not handle partial mail properly.
|
CSCsi83497
|
Management IP address truncated.
|
CSCsi83497
|
IP address for management port may be truncated on ASA CLI for show module 1 details command.
|
CSCsi89565
|
ASDM requires at least three characters in email username field.
|
CSCsj16273
|
URL categories, Social networking not seen.
|
CSCsj16273
|
Social Networking URL category is missing on CSC GUI.
|
CSCsj19322
|
CSC: Active Trend GUI session requires reauth every 10 min.
|
CSCsj19322
|
CSC GUI times out in 10 minutes, regardless of user activity.
|
CSCsj33289
|
CSC memory may be filled up under heavy FTP traffic.
|
CSCsj46486
|
Spam subject tagging does not handle QP-encoded subjects properly.
|
CSCsj64650
|
SMTP content filtering requires .WILD. entry for wildcards to be enabled.
|
CSCsj89273
|
SOCKS-based proxy service is now supported.
|
CSCsj89274
|
POP3 scanner does not handle AUTH command properly.
|
CSCsj89275
|
Problem accessing email with Entourage.
|
CSCsj89276
|
Explain wildcard usage for Content-Filtering in online help.
|
CSCsj89277
|
Evaluation Plus license cannot be activated on CSC GUI.
|
CSCsj91186
|
Japanese patch record p-6.1-ja-1 is lost after upgrade.
|
Related Documentation
For additional information, see the ASDM online Help or the following documentation found on Cisco.com:
•Cisco Content Security and Control SSM Administrator Guide
•Cisco ASDM Release Notes
•Cisco ASA 5500 Series Hardware Maintenance Guide
•Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide
•Cisco ASA 5500 Series Release Notes
•Cisco Security Appliance Command Line Configuration Guide
•Cisco Security Appliance Command Reference
•Cisco Security Appliance System Log Messages Guide
Obtaining Documentation, Obtaining Support, and Security Guidelines
For information on obtaining documentation, obtaining support, providing documentation feedback, security guidelines, and also recommended aliases and general Cisco documents, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Feedback
