Guest

Cisco Email Security Appliance

What's the shortest period of time you can configure Sophos Anti-Virus IDE updates?

Document ID: 117889

Updated: Jul 08, 2014

Contributed by  Scott Roeder and Enrico Werner, Cisco TAC Engineers.

   Print

Question

What's the shortest period of time you can configure Sophos Anti-Virus IDE updates?

New viruses appear all the time.  Anti-virus companies work continuously to keep up with new virus identity signatures to catch recently released viruses.  There is always a window of time after a virus has been sighted before a new virus IDE file can be generated.

It is prudent to be sure your ESA is downloading virus IDE files on a regular basis.  The default setting for virus updates is 5 minutes, and it is not recommended to change the minimum update interval.

Getting frequent anti-virus updates will probably not prevent an infection in the zero-hour virus infection scenario.  The term zero-hour infection means the virus has just appeared on the net and the anti-virus vendors have not yet had a chance to identify it and write signatures that will catch it.  The best defense against zero-hour viruses is the Outbreak Filters feature, which incorporate a real-time monitoring system to identify zero-hour viruses and sideline messages matching the infectious profile until the anti-virus vendors have a chance to create virus IDEs for them. 

You can configure the automatic anti-virus update interval in the GUI from the Security Services->Anti-Virus page.

You can configure the automatic update interval using the CLI command antivirusconfig->SETUP.  To see the time of the last anti-virus update use the antivirusstatus command.  To initiate an immediate virus update, use the command "antivirusupdate".  

Updated: Jul 08, 2014
Document ID: 117889