Table Of Contents
Cisco Content Security and Control (CSC) SSM Release Notes Version 6.2.1599.2
Contents
About the CSC SSM Version 6.2.1599.2 Release
Installing the CSC SSM Version 6.2.1599.2 Release
Verifying the Installed Version of the CSC SSM Software
New Features
Caveats
Open Caveats
Resolved Caveats
Related Documentation
Obtaining Documentation and Submitting a Service Request
Cisco Content Security and Control (CSC) SSM Release Notes Version 6.2.1599.2
March 2008
Contents
This document contains release information for the Cisco Content Security and Control (CSC) SSM Version 6.2.1599.2 maintenance release. It includes the following sections:
•
About the CSC SSM Version 6.2.1599.2 Release
•Installing the CSC SSM Version 6.2.1599.2 Release
•Verifying the Installed Version of the CSC SSM Software
•Caveats
•Related Documentation
•Obtaining Documentation and Submitting a Service Request
About the CSC SSM Version 6.2.1599.2 Release
The CSC SSM Version 6.2.1599.2 maintenance release applies only to CSC-SSM-10 and CSC-SSM-20 Versions 6.21599.0 and 6.2.1599.1.
See the "Resolved Caveats" section for information about the caveats that have been resolved by this release.
Installing the CSC SSM Version 6.2.1599.2 Release
You can install this release if you are running CSC SSM version 6.2.1599.0 or 6.2.1599.1. To verify the version of the CSC SSM software installed on the device, see the "Verifying the Installed Version of the CSC SSM Software" section.
To upgrade the CSC SSM, perform the following steps:
Step 1 Download the csc6.2.1599.2 .pkg upgrade file from the Software Center on Cisco.com. You need to log into Cisco.com to download the software. If you do not have a Cisco.com account, visit the following website to become a registered user:
http://tools.cisco.com/RPF/register/register.do
Step 2 Access the Trend Micro CSC SSM console by doing the following:
a. Launch ASDM.
b. Choose Configuration > Trend Micro Content Security.
c. Click any link on the Trend Micro configuration page to open the Trend Micro InterScan for Cisco CSC SSM interface
Step 3 Choose Administrator > Product Upgrade from the menu.
Step 4 Click Browse and select the .pkg file you downloaded.
Step 5 Click Upload.
Step 6 Click Summary to confirm the installed software version.
Step 7 (Optional) Use an Eicar test file to confirm that the upgrade was successful and that the scanning services have been configured correctly.
For more information, see Appendix A, "Reimaging and Configuring the CSC SSM Using the CLI," in the Cisco Content Security and Control SSM Administrator Guide.
Verifying the Installed Version of the CSC SSM Software
The software version appears in the following locations:
•The summary page of the Trend Micro InterScan for Cisco CSC SSM interface
•Click the Content Security tab on the ASDM Home page to open the CSC SSM Information screen.
•Through the ASA 5500 series adaptive security appliance CLI.
To confirm the version of software, and software components and patches that are installed on the CSC SSM using the CLI, perform the following steps:
Step 1 Open ASDM.
Step 2 Choose Tools > Command Line Interface to display the Command Line Interface dialog box.
Step 3 In the command line field, enter the show module 1 details command, and then click Send.
The CSC SSM software version information appears.
Getting details from the Service Module, please wait...
ASA 5500 Series Security Services Module-20
Firmware version: 1.0(10)0
Software version: CSC SSM 6.2.1599.2
MAC Address Range: 000b.fcf8.012c to 000b.fcf8.012c
App. Status Desc: CSC SSM scan services are available
Mgmt IP addr: 10.89.130.241
Peer IP addr: <not enabled>
New Features
This section describes the new features for the CSC SSM Version 6.2.1599.2 maintenance release.
•When a license is ready to expire, an e-mail reminder message will be sent from the device to the administrator.
•Tuning of the keep-alive timer for the NOOP command has been improved. You must configure this command in the INI file; you cannot configure this command through the GUI.
Caveats
This section describes the open and resolved caveats for the CSC SSM Version 6.2.1599.2 maintenance release. To view more information about an open or resolved caveat, use the Bug Toolkit on Cisco.com. If you are a registered Cisco.com user, access the Bug Toolkit on cisco.com at the following website:
http://tools.cisco.com/Support/BugToolKit/
To become a registered Cisco.com user, go to the following website:
http://tools.cisco.com/RPF/register/register.do
For your convenience in locating caveats in the Cisco Bug Toolkit, the caveat titles listed in this section are taken directly from the Bug Toolkit database. These caveat titles are not intended to be read as complete sentences, because the title field length is limited. In the caveat titles, some truncation of wording or punctuation may be necessary to provide the most complete and concise description. The only modifications made to these titles are as follows:
•Commands are in boldface type.
•Product names and acronyms may be standardized.
•Spelling and typographical errors may be corrected.
This section includes the following topics:
•Open Caveats
•Resolved Caveats
Open Caveats
Table 1 lists the open caveats in the CSC SSM Version 6.2.1599.2 maintenance release.
Table 1 Open Caveats
ID Number
|
Caveat Title
|
CSCsd17818
|
Yahoo! Finance MarketTracker does not work.
|
CSCsd17889
|
Nothing seems to happen when downloading infected file from/to webmail.
|
CSCsd17954
|
The HTTP proxy connection cannot tunnel through the CSC SSM.
|
CSCsd18011
|
FTP file blocking will not work when file unscanned due to configuration.
|
CSCsd18052
|
E-mail notification from the CSC SSM is not received.
|
CSCse12729
|
The spyware pattern number may appear to be rolled back.
|
CSCse12745
|
NRS feature is not working on the CSC SSM after registration.
|
CSCse12755
|
Some spyware may be detected even if Spyware category is not enabled.
|
CSCsf05298
|
Citrix not supported with CSC module.
|
CSCsf98493
|
[HTTP] VPN users using proxy have problem browsing via HTTP.
|
CSCsf98538
|
[UI] White IP List on NRS will disappear from UI.
|
CSCsh27011
|
[FTP] HP UX tcp_lift_anchor, can't wait error message when doing FTP i.
|
CSCsh27102
|
[Admin UI] SSL vulnerability.
|
CSCsh70101
|
No error message for invalid URL blocking import file.
|
CSCsi27604
|
Intermittent e-mail corruption when going through CSC.
|
CSCsi40117
|
100% CPU issue.
|
CSCsi43395
|
Do not send disconnect-syslog when HTTP receives RST.
|
CSCsi65720
|
Secondary DNS server setup is wiped out by session 1 do setup dns.
|
CSCsj10645
|
CSC still filters large size messages even if disabling POP3 scanning.
|
CSCsj91181
|
FTP service may stop under stress condition.
|
CSCsj91182
|
CSC cannot download pattern/engine from TMCM.
|
CSCsj91183
|
ConnectWise application does not load when scanned by CSC via HTTP.
|
CSCsj91185
|
Webmail scanning displays incorrect color when adding new entries.
|
CSCsk07553
|
CSC: Phishing websites only categorized without -www-.
|
CSCsk07581
|
CSC: Incorrect URL for submit potential phishing URL to TrendLabs.
|
CSCsk08014
|
CSC locks up and stays in Reload state after upgrading to 6.2.1599.0.
|
CSCsk09801
|
CSC-SSM enhancement: block SMTP e-mail with blank subject field.
|
CSCsk39837
|
CSC-SSM upgrade from 6.1.1519 to 6.2.1599 via .pkg might fail.
|
CSCsk83984
|
CSC: free memory is not correctly calculated/reported.
|
CSCsk83986
|
Add additional skip content for new MIME type for www.unitedstreaming.
|
CSCsk90093
|
Enhance online help for unscanned corrupted files.
|
CSCsk92123
|
Poor card performance - accessing www.profuturognp.com.mx takes 2-3 mins.
|
CSCsl11398
|
Add support for FTP APPEND command.
|
CSCsl33414
|
CSC: Importing e-mail addresses under white list may fail.
|
CSCsl44473
|
CSC: Logging facility settings do not change from local3.
|
CSCsl54663
|
CSC: Slow e-mail delivery from certain domains.
|
CSCsl54989
|
CSC module does not delete POP3 spam.
|
Resolved Caveats
Table 2 lists the resolved caveats in the CSC SSM Version 6.2.1599.2 maintenance release.
Table 2 Resolved Caveats
ID Number
|
Caveat Title
|
CSCsc83996
|
FTP get failure: CSC sends RETR before data channel is established.
|
CSCsc87177
|
Stargate stress will cause control channel failure and CSC failed.
|
CSCsd17646
|
The CSC SSM cannot block non-standard file extensions such as .xxx.
|
CSCsd17656
|
The CSC SSM blocks the page with GZIP displayed.
|
CSCsd17794
|
If FTP inspection is disabled in the ASA CLI, the FTP data is not scanned.
|
CSCsd18030
|
Connections may be interrupted during SSM service failure.
|
CSCsd24556
|
The connection timeout syslog is sent on every SMTP connection.
|
CSCsd24611
|
An HTTP/1.0 client may not work correctly.
|
CSCse61973
|
CSC SSM does not store NULL HTTP header correctly.
|
CSCse67660
|
CSC software blocks Windows Automatic updates.
|
CSCse68897
|
Scheduled Update every 15 minutes does not sometimes start.
|
CSCse74860
|
Unable to import a configuration backup from one SSM to the other.
|
CSCse74868
|
ESMTP AUTH response cannot pass through CSC.
|
CSCse74885
|
CSC runtime memory usage keeps increasing.
|
CSCse74907
|
High-frequency of SMTP disconnection syslogs is generated.
|
CSCse74913
|
Some values reset to default on configuration import.
|
CSCse74915
|
Schedule update may not be executed every 15 minutes on some systems.
|
CSCse74918
|
Packet capture from CSC CLI Menu does not capture complete packet.
|
CSCse78267
|
URL filtering with proxy delays HTTP connections by 60 seconds.
|
CSCse84425
|
Anti-spam User-Approved-Email-List is not exported as part of the configuration.
|
CSCse89728
|
Number of licensed seats shows a different value for Base and Plus licenses.
|
CSCse90102
|
CSC SSM incorrectly sends failure e-mail for virus engine update.
|
CSCsf24483
|
Activation Code is invalid. [CONTENT_ERR_AC_ILLEGAL] error:1231.
|
CSCsf27606
|
CSC software stops processing POP3 traffic.
|
CSCsf28591
|
CSC module generates compactflash almost-full messages.
|
CSCsf32708
|
Button Check Status Online on UI Enter a new code does not work:1231.
|
CSCsf98450
|
Unable to update Symantec product using FTP via CSC.
|
CSCsf98496
|
[HTTP URL Blocking] URLs with more than 50 chars not accepted:1265.
|
CSCsf98547
|
[Troubleshooting Tools] Gather logs does not work sometimes:1272.
|
CSCsf98551
|
[UI] URL filtering reclassification page to be changed:1275.
|
CSCsf98558
|
Check Status Online updated Last Status Check even on failure:1276.
|
CSCsg11957
|
CSC cutting link speed by 60%, and download speeds are very slow.
|
CSCsg26887
|
CSC TMCM server IP cannot be removed.
|
CSCsg28389
|
Hits 100% CPU utilization for 108 nodes.
|
CSCsg31261
|
CSC losing configuration when the ASA is reloaded.
|
CSCsg52819
|
CSC module - Import function for user-defined domain lists.
|
CSCsg71856
|
Unable to browse some websites, for example, wisbar.org:1336.
|
CSCsg72173
|
Duplicate syslog is generated when multiple spyware is found in a computer.
|
CSCsg72185
|
URL filtering cache does not expire.
|
CSCsg73233
|
CSC failover: Automatic synchronization is currently message shown.
|
CSCsg73302
|
Enter <> as URL Blocking rules on CSC GUI breaks GUI.
|
CSCsg73427
|
The View license detail online link does not work.
|
CSCsg79130
|
FTP EPSV EPRT options not working through CSC.
|
CSCsg82129
|
HTTP 1.1 pipelining compliance issues.
|
CSCsg82152
|
CSC jumps to 100% CPU, but new connections can be established and scanned.
|
CSCsg82181
|
The flash image on www.cisco.com Home page sometimes cannot be loaded.
|
CSCsh14819
|
Patch history is not displayed properly when upgrading from 6.1p1.
|
CSCsh15518
|
Upgrading CSC module may result in no ability to activate module.
|
CSCsh19934
|
CSC-SSM not passing traffic for several minutes after config update.
|
CSCsh21113
|
Scheduled update e-mail notification subject reports incorrect update status.
|
CSCsh21159
|
Unable to see streaming video/audio from some sites.
|
CSCsh23475
|
CSC module - URL blocking not functional for keywords.
|
CSCsh27010
|
POP3 never worked.
|
CSCsh27014
|
[HTTP] Asymmetric connection close issue in HTTP proxy.
|
CSCsh27090
|
[HTTP] Firefox 2.0 with fasterfox plug-in have issue opening cisco.com.
|
CSCsh27092
|
[HTTP] Codenomicon tool causes CSC CPU to hit 100%.
|
CSCsh27093
|
[HTTP] URL filtering requests sent with incorrect format.
|
CSCsh27095
|
[UI] Patch installation does not clean patch history page.
|
CSCsh27099
|
[Update] Improve the update feature around notification mail.
|
CSCsh27103
|
[HTTP] Streaming media does not work.
|
CSCsh31484
|
CSC module on ASA does not show e-mail disclaimer.
|
CSCsh31982
|
[HTTP] CSC-SSM: Disconnects HTTP sessions from proxy in DMZ.
|
CSCsh35086
|
CSC module with URL filtering delays or blocks all web traffic.
|
CSCsh39788
|
After upgrade with *.pkg, URL filtering does not function.
|
CSCsh46886
|
CSC-SSM - SWF files are being treated as executables.
|
CSCsh50078
|
CSC URL filtering, HTTP browsing fails: page cannot be displayed error.
|
CSCsh58065
|
TFTP transfers to/from CSC module's command line failing.
|
CSCsh58836
|
TMCM agent sends wrong version information.
|
CSCsh58901
|
ASDM Plus license expiration does not disable URL blocking in ASDM.
|
CSCsh58911
|
CSC-SSM module CPU pegged at 100%.
|
CSCsh58934
|
SSM card becomes unresponsive after configuring from ASDM.
|
CSCsh73881
|
CSC-SSM module CPU pegs at 100% when running 6.1(1569).2 image.
|
CSCsh80376
|
Incorrect error message when URL rating lookup times out.
|
CSCsh90870
|
Adding deferred scanning to POP3 scanning.
|
CSCsh96228
|
POP3 and SMTP corrupts e-mail if CR LF arrives in separate lines.
|
CSCsh96229
|
IWSS cannot parse CCM_POST.
|
CSCsh96231
|
URL filtering cannot handle chunked RS response.
|
CSCsh96235
|
Incorrect syslog is sent when CSC is unable to connect to URL ratings.
|
CSCsh96237
|
E-mail delays due to IMSS lacking timeout (current behavior is 120 sec).
|
CSCsh96238
|
HTTP does not send syslog on socket timeout.
|
CSCsi01092
|
Problem accessing some websites due to CSC attempting to reestablish a closed HTTP connection.
|
CSCsi06520
|
Add support for TLS over FTP.
|
CSCsi07133
|
TFTP uploads via CSC module Troubleshooting menu fail.
|
CSCsi18226
|
Failover unable to establish failover relationship.
|
CSCsi32093
|
Issue sending e-mail when recipient list is too large.
|
CSCsi40116
|
OCLC parsing error.
|
CSCsi43390
|
Improve online help description for Log Query.
|
CSCsi43391
|
Service module does not respond under high loads.
|
CSCsi43393
|
When SSM log partition is full, IWSS leaks ~isvw/tttt.txt.
|
CSCsi43397
|
Include TMagent log in CSC Log Collection.
|
CSCsi43399
|
Not able to stream AOL online radio.
|
CSCsi43791
|
-dst cache overflow, causing CSC unable to accept new connections.
|
CSCsi52793
|
Allow customer to enable/disable SMTP TLS.
|
CSCsi52795
|
Allow unregistering TMCM when TMCM server is unreachable.
|
CSCsi52796
|
SSM License GUI cannot accept new activation codes.
|
CSCsi52797
|
NRS is not grayed out after Plus license expired.
|
CSCsi52798
|
Upgrade requires base CSC version 6.1.1569.x.
|
CSCsi52799
|
Make core dump enable command easier in the header of IS functions.
|
CSCsi66735
|
CSC-SSM does not correctly handle partial e-mails.
|
CSCsi82300
|
CSC causes large e-mails attachments to time out when downloading via POP3.
|
CSCsi83497
|
Management IP address truncated.
|
CSCsj16273
|
URL categories, social networking not seen.
|
CSCsj19322
|
CSC: Active Trend GUI session requires reauth every 10 min.
|
CSCsj20246
|
CSC-SSM not detecting spyware threats.
|
CSCsj33289
|
CSC memory may be filled up under heavy FTP traffic.
|
CSCsj46486
|
Anti-spam the Japanese subject is broken after adding spam tag.
|
CSCsj64650
|
SMTP content filtering requires .WILD. for wildcards to be enabled.
|
CSCsj89273
|
URL filtering does not support SOCKS-based proxy service.
|
CSCsj89274
|
POP3 CSC-SSM is not handling AUTH commands properly.
|
CSCsj89275
|
Mail: Some e-mail clients do not work with GZIP transfer-coding.
|
CSCsj89276
|
Content Filtering Wildcard online help change.
|
CSCsj89277
|
UI Trial Plus license key is not accepted after installation.
|
CSCsj91184
|
Problem accessing www.sicklogoshoppe.com due to faulty server-side implementation.
|
CSCsj91186
|
Japanese patch record p-6.1-ja-1 is lost after upgrade.
|
CSCsk06846
|
Scan services reloading - pattern file or configuration update.
|
CSCsk21604
|
CSC memory utilization may reach 100% when running 6.2.1599.
|
CSCsk24637
|
SMTP deferred scanning for e-mails with large attachments.
|
CSCsk51561
|
Scheduled update notification may be corrupted if delivered to Microsoft ISS MTA.
|
CSCsk83981
|
Problem accessing www.pizzahut.com due to broken server-side implementation.
|
CSCsk83983
|
Protocol scanner fails to remove unused temporary files.
|
CSCsk83985
|
Scan server may have a memory leak.
|
CSCsl01090
|
NOOP command sequence does not handle MTA errors.
|
CSCsl01092
|
HTTP user can't access www.gruposantander.es when using IE6 or IE7.
|
CSCsl124804
|
HTTP may become unresponsive to 6.2.1599.1 if a proxy is configured.
|
CSCsl132824
|
The IP addresses of the HTTP client and HTTP server are reversed in the HTTP timeout syslog.
|
CSCsl153828
|
Syslog setting for SMTP/POP3 spyware/grayware and anti-spam cannot be disabled correctly using the CSC GUI.
|
CSCsl23955
|
Nov 9 2007 CSC module may report that new pattern downloads are failing.
|
CSCsl46202
|
11/24: CSC URL filtering no longer functioning.
|
CSCsl53828
|
SMTP/POP3 GUI log settings does not behave properly.
|
CSCsm59333
|
Unable to load www.psac.ca and www.abc.org due to faulty server implementation on transfer-coding negotiation.
|
CSCsm63340
|
The CSC purgefile and cleanfile scripts disappeared on fresh new instance.
|
Related Documentation
For additional information, see the ASDM online Help or the following documentation found on Cisco.com:
•Cisco Content Security and Control SSM Administrator Guide
•Cisco ASDM Release Notes
•Cisco ASA 5500 Series Hardware Maintenance Guide
•Cisco ASA 5500 Series Adaptive Security Appliance Getting Started Guide
•Cisco ASA 5500 Series Release Notes
•Cisco Security Appliance Command Line Configuration Guide
•Cisco Security Appliance Command Reference
•Cisco Security Appliance System Log Messages Guide
•Open Source Software Licenses for ASA and PIX Security Appliances
Obtaining Documentation and Submitting a Service Request
For information on obtaining documentation, submitting a service request, and gathering additional information, see the monthly What's New in Cisco Product Documentation, which also lists all new and revised Cisco technical documentation, at:
http://www.cisco.com/en/US/docs/general/whatsnew/whatsnew.html
Subscribe to the What's New in Cisco Product Documentation as a Really Simple Syndication (RSS) feed and set content to be delivered directly to your desktop using a reader application. The RSS feeds are a free service and Cisco currently supports RSS version 2.0.
Feedback
