Unable to update ProxyAV virus definitions through ProxySG after upgrading to AVOS 3.3

Solution

Overview

You may not be able to update your ProxyAV virus definitions through ProxySG after upgrading to AVOS 3.3. This happens when you have protocol detection enabled on your ProxySG running SGOS 5.4.4, 5.5.3 or an earlier version.

This is due to the fix for CVE-2009-3555 - TLS/SSLv3 renegotiation. More information at https://kb.bluecoat.com/index?page=content&id=SA44

Cause
Resolution

1. Upgrade to the latest SGOS 5.4 and 5.5 GA. At the time of writing, they are SGOS 5.4.6.1 and SGOS 5.5.4.1 respectively. If you are using BCAAA, it should be upgraded along to the version that comes with the new SGOS.

2. As a workaround, disable SSL protocol detection with the Content Policy Language (CPL) below :

<Proxy>
     url.host=av-download.bluecoat.com http.method=CONNECT detect_protocol.ssl(no)

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4358
Attachment

Article Feedback

Did this Article solve your issue?
Additional Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat