Unable to update ProxyAV virus definitions through ProxySG after upgrading to AVOS 3.3


<< Back to Knowledge Search

Solution

Overview

You may not be able to update your ProxyAV virus definitions through ProxySG after upgrading to AVOS 3.3. This happens when you have protocol detection enabled on your ProxySG running SGOS 5.4.4, 5.5.3 or an earlier version.

This is due to the fix for CVE-2009-3555 - TLS/SSLv3 renegotiation. More information at https://kb.bluecoat.com/index?page=content&id=SA44

Cause
Resolution

1. Upgrade to the latest SGOS 5.4 and 5.5 GA. At the time of writing, they are SGOS 5.4.6.1 and SGOS 5.5.4.1 respectively. If you are using BCAAA, it should be upgraded along to the version that comes with the new SGOS.

2. As a workaround, disable SSL protocol detection with the Content Policy Language (CPL) below :

<Proxy>
     url.host=av-download.bluecoat.com http.method=CONNECT detect_protocol.ssl(no)

Workaround
Additional Information
Bug Number
InQuira Doc IdKB4358
Attachment

Article Feedback

Hide Properties
First Published      10/01/2014
Last Modified      10/01/2014
Last Published      10/01/2014
Article Audience
Product      ProxySG
Software      ProxyAV 3, SGOS 5.4, SGOS 5.5
Topic      Errors / Event Logs / Alerts, Usability
Article Number      000014217
Summary     
Was this helpful?
Comments:
 
Previous MonthNext Month
SunMonTueWedThuFriSat