Cisco Cisco Email Security Appliance X1070 Information Guide
What's the shortest period of time you can
configure Sophos Anti−Virus IDE updates?
configure Sophos Anti−Virus IDE updates?
Document ID: 117889
Contributed by Scott Roeder and Enrico Werner, Cisco TAC Engineers.
Jul 08, 2014
Jul 08, 2014
Contents
Question
Question
What's the shortest period of time you can configure Sophos Anti−Virus IDE updates?
New viruses appear all the time. Anti−virus companies work continuously to keep up with new virus identity
signatures to catch recently released viruses. There is always a window of time after a virus has been sighted
before a new virus IDE file can be generated.
signatures to catch recently released viruses. There is always a window of time after a virus has been sighted
before a new virus IDE file can be generated.
It is prudent to be sure your ESA is downloading virus IDE files on a regular basis. The default setting for
virus updates is 5 minutes, and it is not recommended to change the minimum update interval.
virus updates is 5 minutes, and it is not recommended to change the minimum update interval.
Getting frequent anti−virus updates will probably not prevent an infection in the zero−hour virus infection
scenario. The term zero−hour infection means the virus has just appeared on the net and the anti−virus
vendors have not yet had a chance to identify it and write signatures that will catch it. The best defense
against zero−hour viruses is the Outbreak Filters feature, which incorporate a real−time monitoring system to
identify zero−hour viruses and sideline messages matching the infectious profile until the anti−virus vendors
have a chance to create virus IDEs for them.
scenario. The term zero−hour infection means the virus has just appeared on the net and the anti−virus
vendors have not yet had a chance to identify it and write signatures that will catch it. The best defense
against zero−hour viruses is the Outbreak Filters feature, which incorporate a real−time monitoring system to
identify zero−hour viruses and sideline messages matching the infectious profile until the anti−virus vendors
have a chance to create virus IDEs for them.
You can configure the automatic anti−virus update interval in the GUI from the Security
Services−>Anti−Virus page.
Services−>Anti−Virus page.
You can configure the automatic update interval using the CLI command antivirusconfig−>SETUP. To see
the time of the last anti−virus update use the antivirusstatus command. To initiate an immediate virus update,
use the command "antivirusupdate".
the time of the last anti−virus update use the antivirusstatus command. To initiate an immediate virus update,
use the command "antivirusupdate".
Updated: Jul 08, 2014
Document ID: 117889