١١٢١٠٢/٤/1. Cyberoam UTM 1.1. Version 10 1.1.1. Migrating to V 10 Cyberoam Docs Release Information Release Type: General Availability Compatible versions: 9.6.0.78 for all CRs except CR15i; 9.5.8.68 for CR15i Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: All the Cyberoam Appliance models Upgrade procedure Refer Migrate from v9.6.x.x to v10 document. Compatibility issues Appliance model-specific firmware and hence firmware of one model will not be applicable on another model. Upgrade will not be successful and error message will be given if your Appliance model is CR100i and you are upgrading it with firmware for model CR500i. Introduction With version 10, Cyberoam has moved to firmware-based solution with the configuration and behavioral changes as given in the document. Document also lists various functionalities added in version 10. For details on new features added in Version 10, please refer to Version 10 Release Notes. Changes from V 9 1. Logical flow change The basic building blocks in Cyberoam are Zones, Interfaces and (Network/Address) objects. This structure is used in defining firewall rules to allow or deny the access. Zone is the logical grouping of Interface, which includes: predefined zones - LAN, WAN, DMZ, LOCAL, VPN custom zone Interface includes: actual physical Ethernet interfaces or ports i.e. Port A through Port J depending on the appliance model subinterfaces - VLAN PPPoE interfaces interface aliases and WWAN interface if Wireless WAN functionality is enabled Objects are the logical building blocks of the firewall rule, which includes: host - IP and MAC addresses services which represent specific protocol and port combination e.g. DNS service for TCP protocol on 53 port schedule to control when the rule will be in effect e.g. All Days, Work Hours certificates file types 2. Internet Access control configuration change Now Internet access can be controlled by filtering web and application separately. This provides granular control over Internet access. This is achieved by splitting Internet Access policy in two policies – Web filter policy and Application filter policy. The traffic coming from the web is filtered by various policies and categories through Web filter policy while application filter policy controls user’s application access. It specifies which user has access to which applications. 3. Behavior change 1. Wizard behavior change: (Wizard is now deployment wizard) If wizard is re-run, it will flush following configurations: dhcp server/relay configurations unicast/multicast routing vpn, l2tp, pptp static/proxy arp VH/ Bypass firewall / firewall rules/ gateway pppoe custom zones local acls Interface based hosts/hostgroup 2. Deleting Interface – Alias and Virtual host will also remove all its dependent configurations including: Interface-Zone binding DHCP Server or Relay Alias based Firewall rules ARP - static and proxy Virtual hosts and VH based firewall rules Interface based Hosts and reference from host groups Routes - Unicast, Multicast 3. Updating Interface details will also update all its dependent configurations including: Interface-Zone binding docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 1/409 ١١٢١٠٢/٤/ Cyberoam Docs DNS Stops the DHCP Server and updates the details. You will have to manually restart the server Gateway Interface based Hosts Disconnects all the tunnels and updates all the VPN policies. You will have to manually reconnect the tunnels. VLAN Interfaces Dynamic DNS Client 4. Except for WAN zone, Zone-Interface membership can be changed from Manage Interface page as well as Edit Zone page. In previous versions, it was possible only from Edit Zone page. While for WAN zone, it can be changed only from Manage Interface page. 5. Appliance Access can be configured from Zone as well as from Administration page. 6. Automatic addition of gateway, no need to add gateway manually. Gateway will be added and removed automatically when any Interface in WAN zone is added or removed. Deleting VLAN interface will delete its firewall rule also. Default Administrator user “cyberoam” can be deleted as now Cyberoam is shipped with a global Administrator. Cyberoam must be rebooted after modifying time zone. Internet Access policy is divided into two policies Web filter policy – Can be configured to filter HTTP traffic only Application filter policy – Can be configured to filter application traffic 11. System Health Graphs can be accessed from Web Admin Console using System Graph Page. 12. Any modifications in user login restriction will be applied on next login. 13. Service group - PPTP_Group automatically added. 7. 8. 9. 10. 14. L2TP and PPTP access for the user can be configured through User page as well as L2TP and PPTP Configuration page. 15. Live Connections Page to display live IPSec connections and live SSL VPN users 4. Redesigned UI - Menu and pages regrouping To reflect the above changes, GUI pages are reorganized and menus are renamed as: System Objects Network Identity Firewall VPN IPS Web filter Application filter QoS Anti Virus Anti Spam Logging & Reporting 5. Renamed features Old name Local ACL Host User Bandwidth policy Surfing quota policy – Allotted hours HTTP Proxy Web Client Full Access (SSL VPN Access mode) Road Warrior Net-to-Net (IPSec policy) New name Appliance Access IP host Identity QoS policy Maximum hours Web Proxy Captive Portal Tunnel Access Remote Access Site-to-Site 6. Functionality moved from CLI to Web Admin Console Packet capture Unicast and Multicast (can be configured from both the Consoles) Interface speed, MSS and MTU (can be configured and updated from both the Consoles) Live Graphs of CPU usage, Memory usage, Load average and Interface statistics for last hours. Graphs will be refreshed automatically at the interval of 30 seconds. 5. View Access Logs 6. View Audit logs 7. Rollback to Previous version – supported through multiple firmwares 1. 2. 3. 4. Discontinued features of version 9.x Following features of V 9.6.x.x will not be supported from V X onwards: 1. 2. 3. 4. 5. 6. 7. 8. 9. Add/Delete Gateway button removed from Manage Gateway page as Gateway will be added/deleted automatically. User Type – Manager. Same as the Admin user with Audit Admin Profile i.e. view reports Shared Policy is removed from Surfing Quota and Data Transfer Policy Surfing quota policy – Cycle hours can be configured in hours only, minutes option is removed Manage HTTP Proxy page is removed but functionality is included in Web proxy Regenerate button has been removed from Update Certificate page as Certificate will be regenerated automatically whenever updated. Data Transfer Limit alerts as on Customize Client Messages page SNMP service start/stop option is removed as it will always be ON once Agent is configured. RMS (Restart Management Services) as now it is now not required for any changes in Network configuration including Alias and Virtual Interface creation. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 2/409 ١١٢١٠٢/٤/ 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. Cyberoam Docs Custom Login messages as it is now included on Captive portal page Antivirus Scan policy (default and custom) for SMTP - now part of Scanning Rule Global and Default Antispam policy Antispam Custom policy - now part of Spam Rule User Migration Utility as Export/Import functionality is added on User page Manual purge of reports. Auto purge will get-in in Stability-1. Service creation – “ICPM Type – Other” will not be available. SNMP Version v3 Protocol support User maximum session timeout option is given globally, however, per group is missing. System Modules Configuration on GUI is not available. It is available on CLI only. DHCP server "Enable Auto Start" Button Features expected in version-10 Stability-1 Traffic discovery – Only live connections will be provided. AV version information is missing - To be made available for all models on update page. Current availability is on 15i and 25i only. AV & AS Quarantine Area – total utilization Web Category - Search URL Corporate Client Download – for all the Cyberoam Clients – Will be available in the form of links in Stability-1. Pre-requisite will be that the download site will need to be allowed for all. 6. Dashboard doclets 1. 2. 3. 4. 5. System Resource (CPU, Memory, Disk Usage) Post Stability-I, Usage Summary (HTTP hits, Search Engine Queries) In Stability-1 , User Surfing Pattern Post Stability-1 , HTTP Traffic Analysis (Distribution by Hits, Distribution by Data Transfer) – Post Stability-1 7. 8. 9. 10. 11. 12. 13. 14. 15. Backup over Mail IPS Signature details link Editable IP address of Clientless user : Editable IP address will be available as part of Stability-1. “Show All” link on Live Users page – In Stability-1, default 50 live users will be shown. L2TP connection report - User information and data transfer details Web Category – “IPAddress” category Tool tip Firewall rule page for:, host, host group and Identity columns – Except for IPS, tool tip for all others will be available in Stability-1. User search (rather filter for v10) is not available for IP. Reports a. Web Surfing Report i. ii. iii. iv. Category type (by hits)Wise – Will be available post Stability-1. Category type data transfer – Will be available post Stability-1. Group wise Site wise/HTTP data Transfer /HTTP hits by content / HTTP File upload – Will be available post Stability-1. User wise Site wise/HTTP data Transfer /HTTP hits by content type / HTTP File upload b. Gateway wise b/w usage and composite b/w usage graphs on GUI – Will be available post Stability-1. 15. Audit Logs a. GUI Audit logs b. SSL VPN logs – Will be available post Stability-1. c. Appliance Audit logs (RESET/Backup/Restore/Upgradeauto-manaul/reboot) .– Will be available in Stability-1 and will be part of GUI audit logs. d. Service Restart Logs – Will be available in Stability-1 and will be part of GUI audit logs e. Firmware apply/bootup logs – Will be available in Stability-1 and will be part of GUI audit logs Features expected Post version-10 Stability-1 1. Dashboard doclets – a. User Surfing Pattern, b. HTTP Traffic Analysis (Distribution by Hits, Distribution by Data Transfer) c. System Resource (CPU, Memory, Disk Usage) 2. ARP Cache 3. Auto purge 4. Application Filter Logs on the Logging Server 5. Upload Corporate image in Web Filter Category custom messages 6. Bandwidth Usage Graphs 7. Proactive Reports – Category wise Trends, Google Search Keywords – Category wise trends availability to be confirmed eventually. Google Search Keywords will 8. 9. 10. 11. 12. 13. 14. 15. 16. 17. 18. 19. 20. 21. 22. be available post Stability-1. Dashboard alerts Antivirus Engine Information update time Antispam center connectivity status Last upgrade status and timestamp for AV/IPS/Webcat Mail Notification on change of gateway status Language support - Turkish, French Multiple domain support for authentication Zone – Description field, Description field will be removed from manage page Firewall rule – Bandwidth usage (upload and download) IPS Policy - "Select All" for selecting all the Categories Persistent Logs (including VPN logs) Clientless users--> Active and Inactive list cannot be displayed separately: – Will be available post Stability-1 in the form of filter support on “Active/Inactive”. Static route in bridge and IPSEC and http proxy host entry is not there. Console Audit logs Reports a. Web Surfing Report docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 3/409 ١١٢١٠٢/٤/ i. ii. iii. Cyberoam Docs Category type (by hits)Wise Category type data transfer Group wise Site wise/HTTP data Transfer /HTTP hits by content / HTTP File upload b. Gateway wise b/w usage and composite b/w usage graphs on GUI c. Internet Usage Report i. ii. User/Group wise Internet Usage Reports User/Group wise Surfing Time Report d. Trend i. Hourly based Trend Reports e. Audit log i. Appliance Audit log Features availability to be confirmed eventually 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. Customizing Client Preferences - HTTP Client option (Page, Pop-up, None) and default URL & customize Login Message System->Configure->Customize Client Preferences, URL to open a site after client logs on to server. Custom Application Category – Destination IP is not available. Otherwise, service group can be used. Availability of destination IP to be confirmed eventually. Client Login Links from Customize Login Messages page Clientless User – IP address based Sorting and Searching User MyAccount access from Users page Restart Servers option – SMTP, POP3, IMAP, FTP, Cyberoam server from Manage Diagnostic tool Servers page Group wise HTTP keep alive enable/disable User maximum session timeout per group Logon script updation download link in case of SSO. It was available in v9 as part of users | Migrate Users menu: Simultaneous user login option available for user only not for group CLI features Menu - System Configuration: Trace Route Utility Set Module Info Bandwidth Graph Settings Disable LAN Bypass Menu - Cyberoam Management: Database Utilities DHCP Client Settings Download backup Restore backup View audit logs Check and upgrade cyberoam new version Cyberoam auto upgrade status Webcat auto upgrade status Rollback to previous version HA configuration ReBuild firewall rule Menu Route Configuration Configure Unicast Routing {Configure Static-routes/ACLs} Menu Upgrade version Menu VPN Management View VPN logs View connection wise VPN logs Advance VPN logs PPTP VPN logs Commands (All the parameters except mentioned here are available) ping: record-route | numeric | tos | ttl cyberoam: check_disk | cpu_burn_test | dgd | ips_autoupgrade | repair_disk | service | system_monitor | view | services httpclient devicemap dnslookup: server ip ips route: add | delete set: advanced-configuration: tcp-window-scaling, cr-traffic-nat docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 4/409 ١١٢١٠٢/٤/ set: cache | usermac set: bandwidth: guarantee | graph Cyberoam Docs set: http_proxy: av_sessions | client_sessions | core_dump | debug | deny_unkown_proto | multiple_webcategory | delete | relay_http_invalid_traffic | rw_buffer_size | x_forwarded_for set: usermac set: set: secure-scanning (as included in set service-parameter command) sslvpn: max-clients | max-connections | owa-basic-mode show: access-log | | antispam | antivirus | firewall-rule-log | ftp | login | mail | monitor | reboot show: system: logs | devices | dma | filesystems| iomem | ioports | partitions | pci | processes | statistics | modules | uptime show: http_proxy show: monitor, ftp, login, access-log show: system packet-capture telnet: tos | source 1.1.2. Release Notes 1.1.2.1. V 10.01.2 Build 158 Release Dates Version 10.01.2 Build 158 – 01st March, 2012 Release Information Release Type: Maintenance Release Applicable to: V 10.01.0472 or V 10.01.0474 or V 10.01.0620 or V 10.01.0665 or V 10.01.0667 or V 10.01.0 Build 674 or V 10.01.0 Build 678 or V 10.01.0 Build 739 or V 10.01.1 Build 023 or V 10.01.1 Build 027 or V 10.01.02 Build 010 or V 10.01.02 Build 059 and V 10.01.02 Build 064 or V 10.01.02 Build 065 or V 10.01.2 Build 124 or V 10.01.2 Build 133 Migrate Procedure To migrate from Version 9 to Version 10, please follow the link Migrate Cyberoam Appliance from Version 9 to Version 10. Upgrade procedure To upgrade the existing Cyberoam Appliance follow the procedure below: Logon to https://customer.cyberoam.com Click “Upgrade” link under Upgrade URL. Choose option “Select for Version 10.00.0xxx to current GA Version 10.00.0xxx Firmware”. For Cyberoam versions prior to 10.01.0472 Upgrade the Cyberoam to 10.01.0472 selecting option “Below 10.01.0472” and follow on-screen instruction. By doing this, the customer will not be able to roll back. Compatibility issues This version release is compatible with the Cyberoam Central Console Release V 02.00.4 Build 007. Please always check http://docs.cyberoam.com for availability of latest CCC firmware to deal with this compatibility issue. For Cyberoam version 10.01.0472 or higher Upgrade Cyberoam to latest version by selecting option “10.01.0472 or higher” and follow on-screen instruction. Introduction This document contains the release notes for Cyberoam Version 10.01.2 Build 158. The following sections describe the release in detail. This release comes with enhancements to improve quality, reliability, and performance. Enhancements 1. Database Optimization Cyberoam database architecture has been fine-tuned for optimal performance and further stability of On-Appliance reports. 2. Access Server logs for SSO From this version onwards, when a client tries authenticated using SSO while already being authenticated by CTAS than a message "CTA collector enabled docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 5/409 ١١٢١٠٢/٤/ Cyberoam Docs discarding SSO client request" is displayed in Access Server logs. Prior to this version, no message was displayed providing a reason about SSO request being discarded. Bugs Solved Anti Virus Bug ID – 7672 Description – Windows fails to update using Lab tech tool if AV scanning is on. Firewall Bug ID – 7595 Description – A MAC Address is not configured as trusted, if it is imported from csv file and has a special character like dash (-) as separator. Hardware Sensor Bug ID – 7764 Description – Minimum chassis fan speed displayed is higher than the set threshold value. Bug ID – 6982 Description – A warning log is displayed in log viewer even though chassis fan speed is below the desirable level. High Availability Bug ID – 8270 Description – A customized image in denied message is not displayed as it does not get synchronized with Auxiliary appliance, when a Cyberoam is configured in HA Active – Active mode. Proxy Bug ID – 8261 Description – Website http://files003.voip.ownmail.com/1555031541/ does not open when Cyberoam is configured as direct proxy. User Bug ID – 8095 Description – Inactive users are allowed to login in to Cyberoam My Account. Bug ID – 7604 Description – A message “Operation Interrupted” is displayed while navigating through User page if the user name imported from the external authentication server contains special characters like back slash (/). Bug ID – 8404 Description – Custom Administrator user cannot reboot/shutdown the Cyberoam Appliance in spite of having read-write permission. VPN Bug ID – 8319 Description – PPTP connection cannot be established, if static and dynamic WAN interfaces are configured on Cyberoam and PPTP server is configured on the dynamic interface. 1.1.2.2. V 10.01.2 Build 124, 133 Release Dates Version 10.01.2 Build 124 – 24th January, 2012 Version 10.01.2 Build 133 – 15th February, 2012 Release Information Release Type: Maintenance Release Applicable to: V 10.01.0472 or V 10.01.0474 or V 10.01.0620 or V 10.01.0665 or V 10.01.0667 or V 10.01.0 Build 674 or V 10.01.0 Build 678 or V 10.01.0 Build 739 or V 10.01.1 Build 023 or V 10.01.1 Build 027 or V 10.01.02 Build 010 or V 10.01.02 Build 059 and V 10.01.02 Build 064 or V 10.01.02 Build 065 Migrate Procedure To migrate from Version 9 to Version 10, please follow the link Migrate Cyberoam Appliance from Version 9 to Version 10. Upgrade procedure To upgrade the existing Cyberoam Appliance follow the procedure below: 1. 2. 3. Logon to https://customer.cyberoam.com Click “Upgrade” link under Upgrade URL. Choose option “Select for Version 10.00.0xxx to current GA Version 10.00.0xxx Firmware”. For Cyberoam version 10.01.0472 or higher 1. Upgrade Cyberoam to latest version by selecting For Cyberoam versions prior to 10.01.0472 1. Upgrade the Cyberoam to 10.01.0472 selecting docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 6/409 ١١٢١٠٢/٤/ Cyberoam Docs option “Below 10.01.0472” and follow on-screen instruction. By doing this, the customer will not be able to roll back. option “10.01.0472 or higher” and follow onscreen instruction. Compatibility issues This version release is not compatible with the Cyberoam Central Console Release V 02.00.2 Build 018. Please always check http://docs.cyberoam.com for availability of latest CCC firmware to deal with this compatibility issue. Introduction This document contains the release notes for Cyberoam Version 10.01.2 Build 124and Version 10.01.2 Build 133. The following sections describe the release in detail. This release comes with enhancements to improve quality, reliability, and performance. Enhancements 1. Optimization of Access Concentrator String From this version onwards, the administrator is allowed to provide a PPPoE “Access Concentrator” string of 50 characters long. Prior to this version, maximum character limit of “Access Concentrator” string was 20 characters This can be accessed from Network ® Interface by selecting PPPoE for WAN Zone. Bugs Solved For Version 10.01.2.124 Firewall Bug ID – 7649 Description – The dropdown menu is not displayed properly on clicking “Service” tab while adding or editing any firewall rule. Bug ID – 7922 Description – Spoof prevention does not function on migrating from V9 to VX if a same MAC address is available in upper case and lower case within cyberoam internal database. GUI Bug ID – 7934 Description – Spam Rule parameter "Message size is" is displayed as "less than" although it is configured as "Greater than" for Anti Spam. However Anti Spam Rule functions appropriately Bug ID – 8015 Description – Two entries for same date is displayed for gateway wise data transfer is displayed on GUI. Bug ID – 8040 Description – Dates cannot be configured for quarantine mails in Chinese Traditional GUI. High Availability Bug ID – 7401 Description – Thin Client users cannot access Internet when HA is in Active – Active Mode with load balancing on. Logs & Reports Bug ID – 8016 Description – An alert is not displayed even if disk usage breaches the threshold level. Hardware Sensor Bug ID – 7634 Description – A false alarm with respect to fan speed is generated for the Appliance that does not have the chassis fan. Network Interface Bug ID – 6336 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 7/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – 3GModem Sierra Aircard 312AU is not supported by Cyberoam Appliance. Bug ID –7218 Description – Nokia 3G modem CS 11 is not supported. Bug ID – 7566 Description – The USB modem of Vodafone ZTE K4505-Z is not supported by Cyberoam Appliance. Bug ID – 7575 Description – 3G modem Option N.V with model number Globetrotter is not supported by Cyberoam Appliance. Bug ID – 7652 Description – 3GModem Huawei K4605 is not supported by Cyberoam Appliance. Bug ID – 7833 Description – 3G Vodafone modem – K3806z is not supported by Cyberoam Appliance. Proxy Bug ID –7077 Description – User cannot upload PDF File http://www.mca.gov.in on using direct proxy. Report Bug ID – 7682 Description – Report notification mail content is blank when parameter “Send email at” time set to 00:00 hour. Bug ID – 7884 Description – “Application Allowed” reports in On-Appliance iView are available for last 24 hours. Bug ID – 7607 Description – Logs are not displayed in On-Appliance iView reports, if provided start date and end date is same. Bug ID – 8162 Description – Mismatch in upload data transfer values displayed on firewall page and Gateway page. SSLVPN Bug ID – 6638 Description – User name displayed as "UNDEF" in SSL VPN reports. For Version 10.01.2.133 Proxy Bug ID – 8258 Description – HTTPS sites do not open in Google Chrome and Firefox Version 10.0 (Beta) browsers when HTTPS scanning is on. Web Access Bug ID – 8097 Description – SSL Web Portal cannot be opened in IE (9.0.4), Firefox Beta 10 and Google Chrome. 1.1.2.3. V 10.01.2 Build 059, 065 Release Dates Version 10.01.2 Build 059 – 01st November, 2011 Version 10.01.2 Build 065 – 26th December, 2011 Release Information Release Type: Maintenance Release Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: V 10.01.0472 or V 10.01.0474 or V 10.01.0620 or V 10.01.0665 or V 10.01.0667 or 10.01.0 Build 674 or 10.01.0 Build 678 or 10.01.0 Build 739, Version 10.01.1 Build 023, Version 10.01.1 Build 027 or Version 10.01.2 Build 010 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 8/409 ١١٢١٠٢/٤/ Migrate Procedure Cyberoam Docs To migrate from Version 9 to Version 10, follow the link Migrate Cyberoam Appliance from Version 9 to Version 10. Upgrade procedure For: V 10.01.0472 or V 10.01.0474 or 10.01.0620 or 10.01.0665 or V 10.01.0667 or 10.01.0 Build 674 or 10.01.0 Build 678 or 10.01.0 Build 739, Version 10.01.1 Build 023, Version 10.01.1 Build 027 or Version 10.01.2 Build 010 1. 2. 3. Logon to https://customer.cyberoam.com Click Upgrade URL link, select the appropriate option and follow the on-screen instruction. High Availability feature included in this upgrade is a GA feature. For Cyberoam versions prior to 10.01.0472: Upgrade in two steps: Upgrade the Cyberoam to 10.01.0472 using Version 10 to Version 10 available on customer’s My Account. Upgrade Cyberoam to Version 10.01.2 Build 059. By doing this the customer will not be able to roll back to version prior to 10.01.0472. Compatibility issues Firmware is Appliance model-specific. Release Version Number Version 10.01.2 Build 059 Version 10.01.2 Build 065 Applicable To Cyberoam Appliance Model All Cyberoam Appliance models Only to CR15i and CR15wi Version 10.01.2 Build 059 release is not compatible with the Cyberoam Central Console (CCC) Release V 02.00.1 Build 016. Version 10.01.2 Build 065 release is compatible with the Cyberoam Central Console (CCC) Release V 02.00.1 Build 016. CCC does not support Cyberoam UTM deployed in HA (High Availability) mode. Please always check http://docs.cyberoam.com for availability of latest CCC firmware to deal with this compatibility issue. Introduction This document contains the release notes for Cyberoam Version Version 10.01.2 Build 059. The following sections describe the release in detail. This release comes with new features and enhancements to improve quality, reliability, and performance. Features 1. Unicast Routing Support in GRE From this version onwards, the Cyberoam GRE Tunnels will support both unicast and multicast traffic. Previously, only multicast traffic was supported. CLI Commands 1. Command: cyberoam gre route add net <IP/Mask> tunnelname <Tunnel Name> To add a GRE route, connecting a network via a GRE tunnel. E.g: cyberoam gre route add net 3.3.3.0/255.255.255.0 tunnelname Elitecore 2. Command: cyberoam gre route add host <IP> tunnelname <Tunnel Name> To add a GRE route, connecting a host via a GRE tunnel. E.g: cyberoam gre route add host 192.168.10.2 tunnelname Elitecore 3. Command: cyberoam gre route delete net <IP/Mask> tunnelname <Tunnel Name> To delete a GRE route connected to a network via a GRE tunnel. E.g: cyberoam gre route delete net 3.3.3.0/255.255.255.0 tunnelname Elitecore 4. Command: cyberoam gre route delete host <IP> tunnelname <Tunnel Name> To delete a GRE route connected to a host via a GRE tunnel. E.g: cyberoam gre route delete net 192.168.10.2 tunnelname Elitecore 5. Command: cyberoam gre route show To see all the networks and hosts with respective GRE tunnels. Enhancements 1. SSLVPN Client Access From this version onwards, user will not require administrative rights to access SSLVPN client application. However, these rights are needed to install SSL VPN client application. Prior administrative rights were needed for both. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 9/409 ١١٢١٠٢/٤/ Cyberoam Docs 2. HTML Support on Captive Portal for Unauthorized Users When an unauthorized user starts web browsing, he will be provided with HTML link (http://<Cyberaom LAN IP Address:8090>) if it is configured in custom message along with “Access Denied” message. On accessing the link, user will be prompted to provide login credentials to start web browsing. Alternately, the unauthorized user may start web browsing by manually logging in the captive portal by providing the URL (http://<Cyberaom LAN IP Address:8090>). Prior when an unauthorized user attempted to browse, “Access Denied” message was displayed as there was no configurable HTML link support and needed manual intervention by the administrator. 3. Manual Signature Update From this version onwards, the user can manually update the Cyberoam signature databases for Anti Virus, IPS, Web Category modules. This enhancement facilitates users, especially those who do not have direct Internet access, to manually update the Cyberoam signature modules. Updates on latest signature version for Anti Virus, IPS, Web Category modules will be available on http://csc.cyberoam.com. Updating IPS module shall update both, IPS signatures and Application signatures; however their firmware version number shall differ. To upload and update the signatures, System àMaintenance àUpdates à Manual Signature Updates. 4. Gateway wise Data Transfer Graphs Cyberoam now facilitates administrator to view Gateway wise Data Transfer graphs. These graphs shall provide following data transfer information: 1. 2. 3. Upload Data Transfer Download Data Transfer Total Data Transfer The user can choose the time period for which he wants to see the graphs. The available options for the time period are as following: 1. 2. 3. Last Week Last Month Custom (Minimum – 7 Days, Maximum – 30 Days) The data shall be available only for last six (6) months. By clicking “Show” Button, the user can also view the live data updated every one (1) minute. This can be accessed from Network à Gateway à Manage. 5. Hit Count in Mail Summary Reports From this version onwards, the Mail Summary Reports provides information regarding number of hits for each application. Prior, Mail Summary reports provided information of data transfer in bytes. This can be accessed from Web Admin Console à Report à Main Dashboard (Cyberoam - iView) à Mail Traffic Summary. 6. SNMP Manager Port From this version onwards, default SNMP Manger Port 161 shall be displayed on Web Admin Console. Prior, SNMP Manager Port field by default appeared blank. This can be accessed from System à SNMP à Agent Configuration. Behavior Change 1. Customized SMTP Scanning From this version onwards, SMTP scanning by default will be in disable mode for General Internet Policy from Cyberoam Wizard. The user may choose to enable scanning of the SMTP traffic using by customizing the Firewall Rule. Prior, by default SMTP scanning was in enable mode. Bugs Solved docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 10/409 ١١٢١٠٢/٤/ For Version 10.01.2.065 Backup & Restore Cyberoam Docs Bug ID – 7162 Description – Administrator is unable to download the backup file, if 15i Appliance backup is restored to 25i. VPN Bug ID – 7420 Description – Internet access via IPSec Tunnel from a remote office stops on upgrading Appliance from Version 10.01.1 Build 739 to Version 10.01.1 Build 023. Anti Spam Bug ID – 6995 Description – In Anti Spam, it is possible to import address groups however, domains cannot be imported. GUI Bug ID –7065 Description – The word “protocol” is misspelled as “ptotocol” in log viewer for deny unknown protocol. Bug ID – 7470 Description – Erroneous CPU usage graph is displayed on GUI. Firewall Bug ID – 7142 Description – Cyberoam allows selecting a virtual host service while creating a firewall rule even if the virtual host is not selected Bug ID – 7016 Description – There shall be one way voice on establishing a VoIP call from inside to outside using a Cisco ATA that is registered with public call manager. Bug ID – 7471 Description – Incorrect Upload & Download data usage displayed in firewall rule page in GUI. Proxy Bug ID – 7366 Description – Few webpage’s of websites "Ebay.co.uk" cannot be opened with direct proxy Bug ID – 7483 Description – Few tabs available on website www.mca.gov.in and http://www.tcs-itontap.com do not function when Appliance is configured as a direct proxy. VPN Bug ID – 7544 Description – An IPSec route does not get deleted from CLI and an error message is displayed, if the IPSec tunnel name is more than 32 characters. For Version 10.01.2.065 Wireless LAN Bug ID – 7080 Description – On rebooting the Cyberoam, access point key is to be re-entered within Wireless LAN configuration, if parameter "Security Mode" is configured as "None" for one of the multiple WLAN's. 1.1.2.4. V 10.01.1 Build 023, 027 Release Dates Version 10.01.1 Build 023 – 06th September, 2011 Version 10.01.1 Build 027 – 14th September, 2011 Release Information Release Type: Maintenance Release Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: V 10.01.0472 or V 10.01.0474 or V 10.01.0620 or V 10.01.0665 or V 10.01.0667 or 10.01.0 Build 674 or 10.01.0 Build 678 or 10.01.0 Build 739 Migrate Procedure To migrate from Version 9 to Version 10, please follow the link Migrate Cyberoam Appliance from Version 9 to Version 10. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 11/409 ١١٢١٠٢/٤/ Upgrade procedure Cyberoam Docs For: V 10.01.0472 or V 10.01.0474 or 10.01.0620 or 10.01.0665 or V 10.01.0667 or 10.01.0 Build 674 or 10.01.0 Build 678 or 10.01.0 Build 739 1. 2. 3. Logon to https://customer.cyberoam.com Click Upgrade URL link, select the appropriate option and follow the on-screen instruction. High Availability feature included in this upgrade is a GA feature. For Cyberoam versions prior to 10.01.0472: Upgrade in two steps: Upgrade the Cyberoam to 10.01.0472 using Version 10 to Version 10 available on customer’s My Account. Upgrade Cyberoam to 10.01.1 Build 023. By doing this the customer will not be able to roll back to version prior to 10.01.0472. Compatibility issues Firmware is Appliance model-specific. Release Version Number Version 10.01.1 Build 023 Version 10.01.1 Build 027 Applicable To Cyberoam Appliance Model All except CR15i and CR15wi Only to CR15i and CR15wi Both these version releases are not compatible with the Cyberoam Central Console Release V 02.00.0 Build 096 CCC does not support Cyberoam UTM deployed in HA (High Availability) mode. Introduction This document contains the release notes for Cyberoam Version 10.01.1 Build 023 and Cyberoam Version 10.01.1 Build 027. The following sections describe the release in detail. This release comes with new features and enhancements to improve quality, reliability, and performance. Features 1. Hardware Monitoring Cyberoam now supports hardware monitoring using threshold level for fan speed, CPU and system temperature. A sensor is deployed to continuously monitor and provide the data of respective hardware. By turning on Hardware Monitoring, at a regular time interval of one minute, temperature and fan speed can be tracked using CLI commands. A notification in form of logs shall be generated when any of the hardware devices breach the threshold level. The system report can be viewed from event viewer and local iView. For CR15i, a log notification shall be coupled with alarm (beep). The default configurations are: 1. 2. 3. 4. Hardware monitoring = “ON” Maximum System /CPU Temperature Limit = 70°C (degree Celsius) Hysteresis Limit = 65°C Minimum Fan Speed Limit = 6000 RPM CLI Commands 1. 2. Turn hardware monitoring on/off Show current sensor settings and data. console> cyberoam diagnostics hardware-monitoring on/off console> cyberoam diagnostics hardware-monitoring show-sensor-data Known Behavior When any threshold is breached an alert will be generated by turning on an alarm. This alarm will only turn off when the threshold limit falls below hysteresis limit. E.g. Considering the above mentioned default configuration, if the CPU and system temperature rises above 70°C, an alarm is generated. This alarm will continue to remain ON until the temperature falls below the hysteresis limit i.e. 65°C. 1. This feature is available only for following Appliance: 15i, 15wi, 25ia, 35ia, 25wi, 35wi 2. Hardware monitoring will not be supported in HA Deployment 2. Watermark Threshold Cyberoam now supports Disk Usage Watermark Threshold for monitoring resources. Earlier only an alert log was displayed when the disk usage went above the threshold. However the Reporting was not disabled and it resulted in 100% disk usage. With Watermark Threshold feature, when a hard disk is utilized beyond the configured threshold an alert log shall be generated in the log viewer. Prior, only a fixed docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 12/409 ١١٢١٠٢/٤/ Cyberoam Docs higher threshold level was available for disk usage. Adding Watermark Threshold feature to Disk Usage shall now allow configuring lower threshold level. There shall be a fixed higher threshold level for the resource usage. The default configurations are: 1. 2. Lower Threshold = 80% Higher Threshold = 90% Conditions for alerts: Action à Utilization â Below lower threshold Between lower threshold and upper threshold Between lower threshold and upper threshold for continuous12 hours Above upper threshold Above upper threshold for continuous12 hours Drop from upper threshold to below lower threshold Reporting ON Alert Log Reporting OFF ü ü ü ü ü ü ü* ü* ü ü ü * - Reporting will start only when data is manually purged and disk utilization level falls below lower threshold. CLI Commands for Lower Threshold 1. 2. 3. Command: Set report-disk-usage watermark <value_in_%> Command: Set report-disk-usage watermark default Command: Show report-disk-usage watermark Sets the lower watermark to the given value (must be between 60-85) Sets the lower watermark to the default value (80) Show the current value of lower watermark 3. HTML Support for Captive Portal and Web Filter Messages This version onwards, Cyberoam Appliance now supports HTML tag inputs for Customized Denied Message on Web Filter and Custom Message on the Captive Portal Settings. This HTML enhancement will provide links using ‘anchor’ tag and images using ‘.img’ tag. To use this feature, for Custom Denied Massage in Web Filter go to Web Filter ® Settings ® Denied Message. To use this feature, for Custom Message in Captive Portal Settings go to Identity ® Authentication ® Firewall ® Custom Message. 4. Applications and Blocked Attempts Report Cyberoam iView now provides two new reports, viz. Applications and Blocked Attempts reports. A snapshot of various applications accessed by users will be provided by the Application reports. It also gives information on the applications bandwidth usage. This identification will help in fine tuning Internet access policies to ensure optimum bandwidth utilization. Blocked attempts reports provide a snapshot of denied application access attempts. These report aids the administrator to observe the users’ Internet behavior and take remedial measures. These reports can be viewed from 1. 2. Logs & Reports ® View Reports ® Reports ® Applications Logs & Reports ® View Reports ® Reports ® Blocked Attempts 5. Group Level Dashboards Cyberoam iView now provides individual dashboard for all report groups in widget format. You can drill down the widget report to view next level reports. This can be accessed from Logs & Reports ® View Reports ® Dash Boards 6. Pie Charts and Graphs Cyberoam iView now provides Mail and Web Usage Pie Charts and Graphs. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 13/409 ١١٢١٠٢/٤/ Cyberoam Docs Enhancements 1. New Widgets in Cyberoam iView Main Dashboard Two new widgets are added to the Cyberoam iView main dashboard. 1. 2. Application Allowed: Displays a list of allowed applications along with number of connections and amount of data transferred by that application. Application Denied: Displays a list of denied applications along with number of connections. This can be accessed from Logs & Reports ® View Reports ® Dash Boards 2. Manual Purge The Cyberoam iView manual purge feature has been optimized to aid its performance The administrator can purge all log data or customize the date range to purge the log data manually. Select purging criteria as ‘Custom’ and then ‘From’ and ‘To’ month from the calendar control to purge the selected report logs. This can be accessed from Logs & Reports ® View Reports ® System ® Configuration ® Manual Purge 3. Data Management From this version onwards, the administrator can set retention period for ‘Applications’ and ‘Blocked Attempts’ logs. Retention period can be set from 1 month to 1 year as per the compliance requirements. This can be accessed from Logs & Reports ® View Reports ® System ® Data Management 4. Anti Spam and Anti Virus Search Reports From this version onwards, three more columns will be displayed in antivirus and anti spam search reports: 1. 2. 3. Rule: Spam or Virus rule applicable to the email Ref ID: Reference ID associated with the email Action: Action (accept /deny/ drop) against mail defined by the user. This additional information aids in troubleshooting. 5. Unauthorized User Traffic Discovery for CTAS From this version onwards, it is possible to configure the time out value for Unauthorized User Traffic Discovery in CTAS deployment. Earlier, this value was fixed to 120 seconds. Once the Unauthorized User Traffic Discovery Time is up, an authentication page will be displayed. The time out value can be configured even if CTAS is disabled. In this case, whenever the CTAS is enabled, the configured value will come in effect. The configurations values are: 1. 2. Default - 120 seconds Range – 1 – 120 seconds CLI Commands 1. console> cyberoam auth cta unauth-traffic drop-period <sec>/default Behavior Change 1. IPS In case 10.01.1.build 023 is rolled back to Version 10.01.0 Build 739 then the IPS services will start either when its signatures are auto upgrade or a manual upgrade is done. Bugs Solved Anti Spam Bug ID – 6691 Description – When there are multiple rules for RBL verification of a mail IP Address, on verification with the first rule, the next rule is skipped. For example, there are two rules of RBL verification: 1. Verify against Premium RBL group 2. Verify against Standard RBL group. In this case, Cyberoam only verifies with the Premium group. On being validated, the Standard group rule will be skipped. CLI docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 14/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 6771 Description – If the packet size of ping6 is greater then 1453, then administrator fails to receive the ping6 response. Firewall Bug ID – 6773 Description – Web filter policy is not applied for authenticated users when LAN – Local firewall rule is configured. Bug ID – 6937 Description – Firewall rule fails if the configured SNAT policies are greater than 255. GUI Bug ID –7035 Description – The word “resource” is misspelled as “reosurce” in SSLVPN logs. High Availability Bug ID – 6852 Description – VPN traffic in HA deployment gets load balanced, due to which it gets disrupted. Bug ID – 6722 Description – Administrator can enable HA, even though monitoring interface are not connected on auxiliary machine. A message “one or more monitored ports are disconnected on Aux appliance” is displayed. Log Viewer Bug ID – 5778 Description – The Signature Update page displays “Successfully On”, while the Log Viewer page displays “AV definition upgrade failed if Cyberoam has the latest antivirus definition and the user tries to update it. Network Interface Bug ID – 6941 Description – Geographical configuration for WLAN is required to be updated manually once upgrading from Version 472 to Version 739 and beyond. Bug ID –7033 Description – Modem “Huawei EC 156 HSIA” is not supported. Proxy Bug ID – 5151 Description – When IM scanning is enabled, chatting through Windows Live Messenger 2011 is not supported. Bug ID – 6926 Description – The website http://www.imi.edu/index.php/placements/studentsearch cannot be opened if Allow All Web Filter Policy is configured. Bug ID – 6883 Description – Chat messages are not displayed properly in Log Viewer for IM. Bug ID – 6810 Description – HTTPS sites cannot be accessed if Parent Proxy is configured in Cyberoam and direct proxy is configured in the client browser. Bug ID –7079 Description – Report Notification is not allowed for custom report group. Report Bug ID – 6551 Description – In case of HA, Iview data management configuration does not get synchronized between the primary and the auxiliary appliance. Bug ID – 6887 Description – Manual purge and Data management option in On-Appliance iView does not get displayed if 4-Eye Authentication is enabled from Logs and Reports. Bug ID –7074 Description – On-Appliance iView displays only the current day Top File upload report. User Bug ID – 6878 Description – Incorrect web surfing policy is applied to a CTAS authenticated user in DHCP enviroment. Bug ID – 6946 Description – Cyclic data transfer policy does not reset if it is configured as 2GB for CTAS and HTTP Client with "Keep Alive" disable. Bug ID –7066 Description – Usernames are case sensitive in case of PPTP users with MSCHAP-V2. VPN Failover Bug ID – 6640 Description – On VPN tunnel failover/failback, tunnel does get reconnected however data cannot be transferred for TCP based applications. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 15/409 ١١٢١٠٢/٤/ VPN Cyberoam Docs Bug ID – 4994 Description – Preshared key cannot be changed if there are more than one Road Warrior connections. Bug ID – 6661 Description – A single host can be added multiple times in VPN local subnet. Bug ID – 5389 Description – All characters except double quotes (“) are supported for preshared key. VX - VX Migration Bug ID – 6603 Description – On migrating from Version 472 to Version 667, if initialization of database service is delayed, then migration scripts flushes the reports. 1.1.2.5. V 10.01.0 Build 739 Release Dates Version 10.01.0 Build 739 – 29th June, 2011 Release Information Release Type: Maintenance Release Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: V 10.01.0472 or V 10.01.0474 or V 10.01.0620 or V 10.01.0665 or V 10.01.0667 or 10.01.0 Build 674 or 10.01.0 Build 678 Migrate Procedure To migrate from Version 9 to Version 10, please follow the link Migrate Cyberoam Appliance from Version 9 to Version 10. Upgrade procedure For: V 10.01.0472 or V 10.01.0474 or 10.01.0620 or 10.01.0665 or V 10.01.0667 or 10.01.0 Build 674 or 10.01.0 Build 678 1. Logon to https://customer.cyberoam.com 2. Click Upgrade URL link, select the appropriate option and follow the on-screen instruction. 3. High Availability feature included in this upgrade is a GA feature. For Cyberoam versions prior to 10.01.0472: Upgrade in two steps: Upgrade the Cyberoam to 10.01.0472 using Version 10 to Version 10 available on customer’s My Account. Upgrade Cyberoam to 10.01.0 Build 739. By doing this the customer will not be able to roll back to version prior to 10.01.0472. Compatibility issues Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and upgrade will not be successful. You will receive error if you are trying to upgrade Appliance model CR100i with firmware for model CR500i. This version release is not compatible with the Cyberoam Central Console V 02.00. 0 build 083. CCC does not support Cyberoam UTM deployed in HA (High Availability) mode. Introduction This document contains the release notes for Cyberoam version 10.01.0 Build 739. The following sections describe the release in detail. This release comes with new features, few enhancements and several bug fixes to improve quality, reliability, and performance. Features & Enhancements 1. GRE Tunnel Support From this version Cyberoam supports Generic Routing Encapsulation (GRE) VPN tunneling protocol. It is used to encapsulate multicast traffic like OSPF, BGP, and RIPV2. Multicast applications like video, VoIP, and streaming music applications use GRE Tunneling. From CLI Command the administrator can: · Add a GRE tunnel: cyberoam gre tunnel [add {[name tunnel-name] [{localgw <Local WAN Interface> remotegw <RemoteIP>}] localnet <ip/subnet> remotenet <ip/subnet>} Show the list all the GRE tunnels: cyberoam gre tunnel show docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 16/409 ١١٢١٠٢/٤/ Set the TTL for GRE tunnel: Cyberoam Docs cyberoam gre tunnel [set {[name tunnel-name] [ttl<ttlvalue>]}] Set the state of GRE tunnel: cyberoam gre tunnel [set {[name tunnel-name] [state-up/down]}] · Delete a GRE tunnel: cyberoam gre tunnel delete [ [name tunnel-name] [ {local-gw <WAN_Interface> remote-gw <Remote_WAN_IP>}]] or cyberoam gre tunnel [delete {[name tunnel-name]}] or cyberoam gre tunnel [delete {[ALL]}] · Check the status of a GRE tunnel: cyberoam gre tunnel show [ [name tunnel-name] [ {local-gw <WAN_Interface> remote-gw <Remote_WAN_IP>}]] 2. Search in Cyberoam iView This release includes following enhancements in “Search” functionality of Cyberoam iView, ensuring complete network visibility. Virus · From this version onwards, the user can search Virus logs for following Web and file transfer protocols, along with mail protocols (SMTP, POP3, and IMAP):HTTP · HTTPS · FTP Use Search --> Virus to search Virus logs in the reports. FTP From this version onwards, the user can search FTP logs to retrieve a summary of file transfer activities within the organization’s network. This helps the administrator to fine-tune Internet access policies thereby preventing leakage of critical business information. The search can be performed on the bases of file transfer type (download/upload), user or file name. Search results will be displayed in tabular format, containing the IP Address of client and server machine, the amount of data transferred and the direction of data transfer. Use Search --> FTP to search summary of file transfer within FTP logs. 3. Backup-Restore in Cyberoam iView From this version onwards, system configuration backup taken from System à Maintenance --> Backup & Restore will include backup of Bookmarks, Custom Views and Report Notifications created on Cyberoam iView. Backup of Data Management section of Cyberoam iView is not included in this backup. Improvements 1. Report Optimization With this release, some of the report widgets are removed from Cyberoam iView to optimize report framework and avoid data redundancy since the same reports were available at multiple places. Please refer to Appendix for the list of removed reports. 2. Menu Rearrangement This release of includes following Menu rearrangements in Cyberoam iView GUI to enhance the user experience. Search ‘Search’ menu is now available after ‘Dashboards’ menu in navigation pane. Calendar Control Time selection option in calendar control is removed from Report pages. Now only the date range can be set to generate reports. However, this option is available on all ‘Search’ pages. Dashboard Widgets As per the frequency of usage, sequence of report widgets is changed on main dashboard of Cyberoam iView. Now ‘Mail Traffic Summary’ widget and ‘User Surfing Pattern’ widget are available next to ‘Top Web Users’ widget. Behavior Change 1. iView Archived Logs docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 17/409 ١١٢١٠٢/٤/ Cyberoam Docs To optimize performance and reduce data redundancy, archiving in On-Appliance Cyberoam iView is discontinued. The network traffic information with timestamp can be obtained either using “Search” option provided in navigation panel or from leaf level reports. 2. Dashboard Alerts During a successful Cyberoam upgrade, if the reporting migration fails the On-Appliance reporting gets turned off with an appropriate notification on the dashboard. Bugs Solved 9X to V10 Data Migration Bug ID – 6611 Description – On migrating from Version 9 to Version 10, groups are not displayed if login restriction parameter value of Web Admin Console and internal database do not match. Backup & Restore Bug ID – 6554 Description – Upgrading Cyberoam from version 10.01.0472 to 10.01.667 fails, if user email id starts with “_” and ends with “.”. Anti Spam Bug ID – 6667 Description – Erroneous entry in RBL domain results in disruption of mail traffic. Certificate Bug ID – 6443 Description – A certificate in SSL VPN configuration cannot be selected or SSL VPN services become inoperative on migrating from Version 9 to Version 667. Firewall Bug ID – 6355 Description – Appropriate message does not get displayed when the traffic bypasses the firewall rule because the precedence of appliance access is higher than the system firewall rule. Bug ID – 6116 Description – Host/host group with a special character hyphen “-” cannot be added in firewall rule. Bug ID – 6137 Description – While uploading a large size file FTP connection terminates if no acknowledgement from the FTP server is received in 5 minutes. GUI Bug ID – 3070 Description – A message “Too Many Connections Please Try After Some Seconds.” is displayed randomly while navigating through the Web Admin Console. Bug ID – 5145 Description – On-Screen help for extensions required for certificate and certificate authority are not provided. Bug ID – 6433 Description – A user from road warrior X-Auth is not displayed in allowed user list in spite of being selected to be allowed. Bug ID – 6524 Description – Graph is not displayed on Web Admin Console, if VLAN configured on the gateway interface. Bug ID – 6446 Description – In Log viewer, the filter for “message id” is not available for “IPS” component, while it fails to respond in case of “Firewall” and “Antispam”. Bug ID – 6321 Description – Dashboard icon will not be displayed within the Icon Bar while using Internet Explorer 9. Bug ID – 6542 Description – Administrator cannot add more than 97 hosts in host group. Bug ID – 6738 Description – In case of V9 –V10 migration in 25i appliance, the dashboard alert messages displays “vrmodule expired” since User License Period does not contain date value. High Availability Bug ID – 5556 Description – Applications that work on multicast traffic are disrupted in HA deployment. Bug ID – 6697 Description – In HA deployment, Antivirus service stops if signature db and config db are reset. Import – Export Bug ID – 5683 Description – Administrator cannot import users beyond the recommended limit for the respective appliance. The recommended limit for each appliance is as follows: docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 18/409 ١١٢١٠٢/٤/ Cyberoam Docs Appliance CR15i, CR15wi, CR50ia, CR100ia ,CR35ia, CR25ia, CR35wi, CR25wi, CR100i, CR50i, CR25i CR250i, CR300i, CR200i CR1500i, CR1500ia, CR500i, CR1000i, CR500ia, CR750ia, CR1000ia Others, if exists Log Viewer Bug ID – 5362 Description – Some web surfing details does not appear in the Cyberoam-iView reports. Network Interface Bug ID – 6301 Description –“Novatel Wireless Ovation MC950D USB HSPA Modem” fails to connect to Internet. Bug ID – 6122 Description – VPN tunnel connectivity gets disrupted if MTU/MSS value is updated on the LAN interface. Proxy Bug ID – 4103 Description – When IM scanning is enabled and more than 5000 login requests are received, the users are not able to logon to Microsoft Windows Live Messenger and IM reports are not generated by Cyberoam iView. Bug ID – 5730 Description – When HTTPS scanning is enabled, http://fmcdealer.com fails to display all the widgets on the site. Bug ID – 6685 Description –When scanning is enabled and If HTTP response does not include the “Content Length” parameter then the appliance becomes unresponsive. Bug ID – 6503 Description – If HTTPS scanning is enabled, user tries to log in www.costco.com then the browser displays a blank page for Mozilla/Chrome and a message “Page cannot be displayed.” for Internet Explorer. Bug ID – 6615 Description – The Honda Web application fails to open when Web Filter policy or HTTP scanning are applied. Bug ID – 6631 Description – Oracle web based application fails to respond if Web Filter policy is configured or HTTP scanning is enabled. Bug ID – 6734 Description – Ubuntu upgrade fails, if Web Filter policy or HTTP scanning is enabled. Bug ID – 6302 Description – CCTV Application cannot be accessed if Web Filter policy is enabled. Bug ID – 6263 Description – Browsing slows down or stops, if the number of HTTP session crosses the threshold level. QoS Bug ID – 6126 Description – When a strict bandwidth policy for upload/download is configured, FTP upload stops if HTTP download is started simultaneously. Reports Bug ID – 5647 Description – Cyberoam-iView Search reports do not provide time stamp. Bug ID – 6391 Description – Configured bookmark are lost on flushing the Appliance reports. Bug ID – 6550 Description – Confirmation message is not received on updating Cyberoam-iView Data Management page. Bug ID – 3214 Description – “Service Temporary Unavailable” message is displayed randomly while accessing Web Admin Console. Bug ID – 6720 Description – Cyberoam-iView reports for any day of the previous month are generated for the entire day, irrespective of the configured time. Bug ID – 6507 Description – Previous month’s reports cannot be manually purged in Cyberoam-iView. Bug ID – 6458 Description – Manual purge option deletes entire month’s reports starting from the upper limit of the month selected in the date range. Bug ID – 6534 Description – PDF File of web surfing report for a particular user cannot be exported due to non-English characters present in URL‘s accessed by the user. Bug ID – 6295 Description – Used time in Date wise summary is displayed incorrectly in Cyberoam-iView. Recommended number of Users 500 1000 1500 500 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 19/409 ١١٢١٠٢/٤/ Schedule Backup Cyberoam Docs Bug ID – 6037 Description – The alert message for scheduled backup is not displayed on Web Admin Console. SSL VPN Bug ID – 4974 Description – SSL VPN web application access mode cannot be accessed if SSL VPN certificate at server end and client end are not identical. Bug ID – 6184 Description – SSL VPN (Full Tunnel Mode) misbehaves when the user tries to re-login.. Time Settings Bug ID – 6282 Description – The NTP Server custom configuration is lost if the Administrator tries to synchronize with pre-defined configuration. User Bug ID – 6655 Description – A user is not allowed to login If a login password contains special characters “&” and “+”. Bug ID – 6296 Description – The Corporate Client does not work, if the user password length is more than 21 characters. Bug ID - 6276 Description - Inactivity timeout does not function properly. For E.g. If the idle timeout is set to 30 minutes and the user logs in at 16th minute then, access server checks the idle timeout at 30th minute and user gets logged out in 15 minutes. VPN Bug ID – 6043 Description – Authentication details are mandatory to create a VPN policy for Manual Keying method. Bug ID – 5389 Description – If pre-shared key includes special character like single quote (‘), hash (#), double quotes (“) IPSec connection cannot be updated. VPN – L2TP Bug ID – 6472 Description – L2TP VPN tunnels does not get established if a firewall rule to accept all services for VPN to Local rule is created. Web Filter Bug ID – 6683 Description – The top and bottom images of custom denied message are interchanged. Appendix The report widgets are removed from Cyberoam iView are listed below: 1. 2. 3. 4. 5. Top URLs from Web Usage and Blocked Web Attempt reports Top Applications Detailed Attack report Archives Web Usage a. Top Web Users i. ii. Top Applications Top Contents b. Top Web User Groups i. ii. Top Applications Top Contents c. Top Categories i. Top Contents d. Top Domains i. Top Contents e. Top Contents i. ii. Top Domains Top Categories docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 20/409 ١١٢١٠٢/٤/ Cyberoam Docs f. Top Web Hosts i. ii. Top Applications Top Contents g. Top Applications 6. Blocked Web Attempts a. Top Denied Web Users i. Top Applications b. Top Denied Web Hosts i. Top Applications 7. Mail Usage Report a. Top Mail Senders i. ii. iii. iv. Top Source Hosts Top Destination Top Applications Top Users b. Top Mail Recipients i. ii. iii. iv. Top Source Hosts Top Destination Top Applications Top Users c. Top Mail Users i. ii. iii. Top Source Hosts Top Destination Top Applications d. Top Mail Hosts i. ii. iii. Top Users Top Destination Top Applications e. Top Mail Applications i. ii. iii. Top Hosts Top Destination Top Users 8. Anti Spam a. Top Spam Senders i. ii. iii. iv. Top Source Hosts Top Destination Top Applications Top Users b. Top Spam Recipients i. ii. iii. iv. Top Source Hosts Top Destination Top Applications Top Users c. Top Applications used for Spam i. ii. iii. Top Source Hosts Top Destination Top Applications docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 21/409 ١١٢١٠٢/٤/ 9. Top Attacks a. Severity wise break-down i. ii. Cyberoam Docs Top Dropped Attacks Top Detected Attacks 1.1.2.6. V 10.01.0 Build 674, 678 Release Dates Version 10.01.0 Build 678 – 6th June, 2011 Version 10.01.0 Build 674 – 21st May, 2011 Release Information Release Type: Maintenance Release Release Details: Till version 10.01.Build 0667, the format of the display version was “10.ab.Build 0xyz”. From Version 10.01.0 Build 674 onwards, the displayed version will be in the format “10.ab.c build xyz,” for example here it is 10.01.0 Build 674 where: 10: Represents architectural release 01: Represents major feature release 0: Represents minor enhancements release 674:Represents Build number For to How To - Get Cyberoam UTM Product Version Information for further information. Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: CR15i with V9.5.8.68 and all other Cyberoam models with V9.6.0.78 (Valid for Version 10.01.0 Build 674). V10.01.0472 or V10.01.0474 or V10.01.0620 or V10.01.0665 or V10.01.0667 Upgrade procedure For: 10.01.0472 or 10.01.0474 or 10.01.0620 or 10.01.0665 or 10.01.0667 or 10.01.0 build 0674: Logon to https://customer.cyberoam.com Click Upgrade URL link, select the appropriate option and follow the on-screen instruction. For Cyberoam versions prior to 10.01.0472: Upgrade in two steps: Upgrade the Cyberoam to 10.01.0472 using version 10 to version 10 available on customer My Account. Upgrade Cyberoam to .01.0 Build 674. By doing this the customer will not be able to roll back to version prior to 10.01.0472. Compatibility issues Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and upgrade will not be successful. You will receive error if you are trying to upgrade Appliance model CR100i with firmware for model CR500i. Bugs Solved Build 678 Antivirus Bug ID – 6651 During Antivirus signature updates, under specific internal conditions of SMTP configuration, significant increase in system load leads to high memory usage. Build 674 Antivirus Bug ID – 5615 Description – If Antivirus key expires, it results in high CPU utilization. VPN Certificate Bug ID – 6443 Description – SSL VPN service stops on migrating from V9 to V10 due to which certificate in SSLVPN configuration cannot be selected. If the SSL VPN services have stopped on upgrading to Version10, reset the appliance to its factory settings and restore the backup. The services will resume. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 22/409 ١١٢١٠٢/٤/ Cyberoam Docs DDNS Bug ID – 6200 Description – In case of NATed deployment, when the DDNS server does not respond, the Cyberoam DDNS does not get updated. GUI Bug ID – 6321 Description – The dashboard icon was misaligned in IE8 and IE9 in CR15wi. The issue has been solved for default theme. IPS Bug ID – 6312 Description – Large number of application configuration in a policy affects the IPS functionality. Bug ID – 6360 Description – On disconnecting the PPPoE link is required to be enabled manually via Web Admin Console. Bug ID – 6559 Description – Ultrasurf application is not blocked. LAN bypass Bug ID – 6454 Description – LAN bypass does not work with CR50ia and 100ia. Migration Bug ID – 6445 Description – Username containing “@” without a top level domain (e.g. .com, .net, .edu) results in configuration migration failure. Proxy Bug ID – 6322 Description – With Antivirus unsubscribed and is in real scanning mode then under specific server behavior, the web server sites with domain such as .pk, .ch, .be, etc do not display the contents of the sites properly. SNMP Bug ID – 6369 Description – A message “Client Port having same port number already exists, choose a different port number." is displayed on configuring 161 as Manager Port in SNMP configuration. User Bug ID – 4266 Description – When external server is not reachable and authentication server’s internal queue is full, user cannot login and a message “Server Busy” is displayed. Bug ID – 6111 Description – Upload and download columns in My Account are displayed as download and upload columns respectively in on-appliance iView report. Bug ID – 6459 Description –When cyclic data transfer policy is configured for day light saving time zone, the daily data transfer policy does not reset. VX – VX Migration Bug ID – 6309 Description – Configuration migration fails while upgrading to Version 10.01 build 667, if the difference between PPPoE’s MTU and MSS value is not 48. The system then boots up with the factory default settings. 1.1.2.7. V 10.01 build 0667 Release Dates Version 10.01 Build 0667 – 16th April, 2011 Release Information Release Type: General Availability Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: CR15i with V 9.5.8.68 and all other Cyberoam models with V 9.6.0.78. V 10.01.0472 or V 10.01.0474 or V 10.01.0620 or V 10.01.0665 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 23/409 ١١٢١٠٢/٤/ Cyberoam Docs Upgrade procedure For: V 10.01.0472 or V 10.01.0474 or 10.01.0620 or 10.01.0665: Logon to https://customer.cyberoam.com Click Upgrade URL link, select the appropriate option and follow the on-screen instruction. For Cyberoam versions prior to 10.01.0472: Upgrade in two steps: Upgrade the Cyberoam to 10.01.0472 using version X to version X available on customer My Account. Upgrade Cyberoam to 10.01.0667. By doing this the customer will not be able to roll back to version prior to 10.01.0472. Compatibility issues Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and upgrade will not be successful. You will receive error if you are trying to upgrade Appliance model CR100i with firmware for model CR500i. Introduction This document contains the release notes for Cyberoam version 10.01.0667. The following sections describe the release in detail. This release comes with new features, few enhancements and several bug fixes to improve quality, reliability, and performance. Features & Enhancements 1. Network Migration for Version 9x to Version 10x Prior to this release, on upgrading from Version 9.x to Version 10.x, the appliance used to go in factory reset mode and it lead to disruption in network connectivity. The administrator was required connect to the appliance locally to complete the migration process. From this version, the upgrade will restore the network configuration so that the migration process can be done remotely, without any local intervention. From this version Cyberoam provides full network migration (only network migration) from Version 9.x to Version 10.x except VLAN, all/any alias and zone. Follow the below given steps to upgrade the appliance from version 9.x to version 10.x: 1. 2. 3. 4. Take the Ver. 9.x backup Go to http://v9migration.cyberoam.com Use online tool and migrate the Ver. 9.x backup to Ver. 10.x backup After upgrading from Ver. 9.x to Ver. 10.x, use the converted Ver. 10 backup to restore the network configurations What will be restored? 1. 2. 3. 4. Interface IP Addresses Bridge and Route mode Interfaces HTTP, HTTPS and SSL VPN Ports PPPoE Interface configuration What will not be restored? 1. 2. 3. 4. On migrating for Version 9.x to Version 10.01.0667, the DDNS configuration will not be preserved and the dministrator will not be able to access the appliance using the FQDN. Administrator has to manually configure the DDNS. Gateway names as assigned in Ver 9.x will not be restored. Name format will be like ‘PortB_gw’ or ‘DHCP_PortB_gw’ or ‘PPPoE_PortB_gw’. In case of bridge it will be ‘Default’. Gateway Failover Timeout Configuration Gateway weights Migration Known Behaviour: · “Installing default config” message will be displayed during migration · All gateways will be converted to Active mode and default gateway failover rule will be applied. · If originally an interface is unbound and an IP address is assigned then the configuration will not be migrated. 2. Restructured Reporting Framework To optimize performance and minimize database corruption, reporting framework is restructured. 3. MAC Cloning support From this version onwards, Cyberoam provides support to override the default MAC Address for the Interface. With this feature an ISP can clone a pre-existing MAC Address on an interface leading to a seamless installation of Cyberoam. On factory reset, it will be set again to the default MAC address. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 24/409 ١١٢١٠٢/٤/ Cyberoam Docs This functionality is not available for alias, VLAN, virtual interfaces, PPPoE, serial modem interface, dedicated HA link, Wireless LAN, Wireless WAN and bridge interface. Configuration Override the default MAC address of the Interface from Network > Interface > Edit Interface 4. Bandwidth Restructuring for Realtime Traffic From this version onwards, by default, highest priority will be given to the real time traffic and priority can be set from 0 (highest) to 7 (lowest) depending on the traffic required to be shaped. 0 – Real Time e.g. VOIP 1 – Business Critical 2 - Normal 3 - Normal 4 - Normal 5 – Normal 6 – Bulky e.g. FTP 7 – Best Effort e.g. P2P However, if administrator does not want to set this preference, feature can be disabled using CLI command - set bandwidth allocation-behavior normal. If required, it can be enabled by CLI command - set bandwidth allocation-behavior realtime. If the bandwidth behavior is set to normal then priority will be applicable only for excess bandwidth i.e. bandwidth remaining after guaranteed bandwidth allocation. If the bandwidth behavior is set to realtime then Real-time traffic (QoS policy with priority 0) like VOIP will be given precedence over all other traffic. As priority is given to the real time traffic, it is possible that some non-real time traffic will not get their minimum guaranteed bandwidth. Specifically, if sum of burstable (max allowed) of all bandwidth policies (real time and non real time) is greater than total max-limit then guarantee of real time policies will be fulfilled but non-realtime might not get the minimum guaranteed bandwidth. On Factory Reset, all the traffic with QoS policy with priority 0 will be given Real Time priority. On migrating from any previous versions, by default, all the traffic will be given Normal priority. Any post-upgrade changes done from the CLI shall persist across all future reboots and firmware upgrades. 5. Automatic VLAN tagging From this version onwards, to scan the VLAN traffic, Cyberoam will automatically tag the VLAN traffic when Cyberoam is deployed as Bridge. In case of migration from previous versions where VLAN is already configured, vlan-learning will be in manual mode and VLAN IDs will be preserved. In this case, CLI VLAN Management menu will be visible, Administrator can enable auto learning mode through CLI command: console>cyberoam vlan-learning auto However, if the gateway is in VLAN then the Cyberoam originated traffic for the gateway can be tagged using CLI menu option 5 - VLAN Management menu. Administrator can check the vlan-learning mode with CLI command console>cyberoam vlan-learning show If required Administrator can toggle between auto and manual learning mode. To switch to manual learning mode use CLI command: console > cyberoam vlan-learning manual When Cyberoam is configured as a bridge without VLAN support in Version 10.01.0472 and 10.01.0474 which is subsequently upgraded to Version 10.01.0666 the tagging will be in Auto Mode. When Cyberoam is configured as a bridge with VLANs support in Version 10.01.0472 and 10.01.0474 and upgraded to Version 10.01.0666 the tagging will be in Manual Mode. 6. Central Security Control for multiple Cyberoam V 10 deployments (Cyberoam Central Console (CCC) – Alpha release) Cyberoam Central Console (CCC) is a centralized integrated management and monitoring appliance that allows Enterprises and MSSPs to manage multiple, dispersed Cyberoam UTM deployments across remote / branch offices and clients respectively. The current version of Cyberoam will be compatible with the CCC’s upcoming version 02.00.0062 (beta) which will be released shortly. Completely revamped product provides UI with Web 2.0 benefits and enhanced set of features including role based administration, multiple dashboards and centralized logging for monitoring and signature distribution server. For detailed feature set, please refer CCC datasheet. Configuration To manage Cyberoam through CCC, Administrator has to configure CCC IP address in Cyberoam from System > Administration > Central Console. 7. Enhancing Ease of Deployment On factory reset, now onwards, Cyberoam Network settings will be as follow: Port A (LAN) docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 25/409 ١١٢١٠٢/٤/ DHCP server running on Port A Lease range -172.16.16.17- 172.16.16.254 Cyberoam Docs Gateway - Use Interface IP as Gateway. Gateway name changed from Default to DHCP_PortB_GW Conflict Detection enabled Use Appliance's DNS Settings Port B (WAN) IP Assignment - DHCP Client DNS - Obtain DNS from Server On Factory Reset from this version onwards, after a Factory Reset, Cyberoam will boot up in Monitor only mode. 8. Improved Wireless Security (for Wireless Appliances only) Cyberoam Wireless appliances now have capabilities to recognize and take countermeasures against the illicit wireless activities. Rogue Access Points (AP) are one of the most serious threats to wireless security. Any access point which is not authorized for use on a network is considered as rogue. They impose threats in a number of different ways including unintentional connections to the rogue device by the employees, transmission of sensitive data over non-secure channels, and unwanted access to LAN resources. Cyberoam can alleviate this weakness by recognizing rogue access points potentially attempting to gain access to your network. Cyberoam scans for the nearby access points and displays list of all the discovered APs. Administrator can then mark the APs as rogue or authorized. Configuration Go to Network > Wireless LAN > Rogue AP Scan and scan for nearby access points. From the discovered APs, mark AP as Rogue if it is not authorized to use the LAN resources, else mark it as Authorized. 9. Increased Security against Brute-force Attack To provide the increased security against the brute force attack, Cyberoam has implemented password complexity policy. Most organizations still use traditional passwords for authentication even when advance and alternative technologies, such as biometrics, and one-time passwords, are available. Therefore it is very important that organizations define and enforce password policies for their computers that include usage of strong passwords. Brute force attack is nothing but trying every possible combination to crack password which involves running through all the possible permutations of the keys until the correct combination is found. The time required for Brute force attack depends on the password length and used character set. Strong passwords meet a number of requirements for complexity - including length and characters - that make passwords more difficult for attackers to determine. Establishing strong password policies for your organization can help prevent attackers from impersonating users and help prevent the loss of sensitive information. Configuration Go to System > Administration > Settings and enforce Minimum Password length Password complexity: Require upper and lower case alphabets, require alphabetic, numeric, and special characters 10. Administrator Account Login Security For improved security and prevent unauthorized access, Cyberoam has extended its login security and included following features: Lock Administration Session Automatic Logout Lockout Administrator Account after number of failed login attempts Login Disclaimer Configuration Go to System > Administration > Settings and enable Admin Session locking and configure inactivity time. Administrator Session will be automatically locked after configured inactivity time. Administrator has to relogin to continue with the session. Automatic Admin session logout and configure inactivity time. Administrator will be logged out automatically after configured inactivity time. Administrator has to re-login. Specify number of failed login attempts allowed and seconds from the same IP address and lockout period. Administrator has to accept the login disclaimer to logon. Disclaimer can be customized as per the organization requirement from System > Administration > Messages page. 11. Administrator Profile based Access Controls Restrictions added for appliance access based on location (IP), time and day (application of pre-defined schedule) for user with authorized administrators’ profile. Now the Super Administrator can restrict how and where and when an administrator user can log in to and access Cyberoam. Configuration docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 26/409 ١١٢١٠٢/٤/ Cyberoam Docs This setting can be done from Identity > User > User. Administrator profile has to be selected and the setting are visible at the end of the page under Administrator Advanced Settings section. 12. Web Browser Lock Support Cyberoam has added Web Browser lock support to prevent unauthorized access to the user session. Administrators can directly lock their session from the Web Admin console, while for endusers, administrator can configure auto-logout on browser closure. For ease of use, Lock icon is provided on the icon bar on Web Admin Console. When someone tries access the locked page, warning message is displayed and is re-directed to login page. Configuration To configure the auto-logout for endusers, go to Identity > authentication > Firewall > Captive Portal Settings and enable Log out user on Browser close. 13. Support of DHCP over VPN The ability to tunnel DHCP over VPNs will allow network administrators to manage their entire IP address space from a central DHCP server. In other words, this feature is required in the networks where a centralized DHCP server is required to lease IP address to all the branch office, for their internal network from this DHCP server over VPN. As DHCP is a broadcast protocol, it will not cross network boundaries without additional configuration. This configuration is usually enabling DHCP relay on the devices between the network boundaries. It requires to configure DHCP Relay on the branch offices in which turn relays the DHCP clients’ request over VPN tunnel to DHCP server located at the headoffice. DHCP over VPN allows hosts behind a Cyberoam obtain an IP address lease from a DHCP server at the other end of a VPN tunnel. Configuration Create IPSec connection between Branch office(s) and Head office Configure DHCP Relay on Branch office(s) Configure DHCP server behind Head office 14. Data transfer threshold SSL VPN Tunnel Access SSL VPN tunnel is dropped automatically once the idle timeout has passed and user has have to reconnect. Connection is dropped even if the data transfer is going on through the connection. To overcome this problem, from this version, data transfer threshold support is provided. With this feature, once the idle timeout is reached, before dropping the connection, Cyberoam will check the data transfer. If data transfer is higher than the configured threshold, connection will not be dropped till the data transfer is complete. Configuration Go to VPN > SSL > Tunnel Access and set threshold value. Default – 250 bytes Administrator can check the data transfer for the live connections from the VPN > Live Connections > SSL VPN Users page. 15. User Creation on VPN Login From this version user will be created automatically when he is externally authenticated by ADS / LDAP while using L2TP / PPTP / SSL VPN. The user should either be a part of the default group, or the ADS / LDAP /RADIUS should be tightly integrated with Cyberoam and access to L2TP / PPTP / SSL VPN should be allowed. 16. Special characters support in User name and Domain name From this version onwards, twelve (12) special character which include ~ ` ! @ # $ ^ - _ { } . will be supported in user names. 17. Multi-lingual support in Import Group Wizard Import Group wizard used to import all the Active Directory Groups into Cyberoam, now can be displayed in various languages that are supported by Cyberoam. Cyberoam supports Chinese simplified and traditional, French and hindi language. Wizard can be access from Identity > Authentication > Settings once AD is configured. Cyberoam IPSec Client will now work with Cyberoam only and not any other 3rd Party UTM appliances. 18. SSL VPN Tunnel Reports System Log will now record tunnel connection and termination (Login / Logout) events when established through SSL Tunnel Access mode. Log can be viewed from Log Viewer of Web Admin Console. - SSL VPN Report is added below the VPN Report - For Now, This Report shows Event of SSL VPN Connection for Tunnel Access Only. 19. Logs and Reports Admin log enhanced to include CLI events. Following CLI events will now be logged in Admin Log and can be viewed from Log Viewer of Web Admin Console: docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 27/409 ١١٢١٠٢/٤/ set set set set set set set set set set set set advance-firewall http_proxy network sslvpn on-appliance-reports proxy-arp ips service-param arp-flux bandwidth vpn port-affinity cyberoam cyberoam cyberoam cyberoam all-logs) cyberoam cyberoam cyberoam cyberoam cyberoam cyberoam cyberoam cyberoam cyberoam Cyberoam Docs application_classification auth dhcp diagnostics (Without purge-old-logs & purgeha ips_autoupgrade ipsec_route ipv6 (Without neighbour) link_failover route_precedence shutdown system_modules wwan Any event occurring through following CLI menus - Network Configuration - System Configuration - Cyberoam Management (without Flush Appliance Reports) - VPN Management (without Restart VPN Service) Two Top Hosts Reports added in Web Usage Report module Web Usage - Top Categories > Top Hosts Web Usage > Top Categories > Top Users > Top Hosts Signature Upgrade failure logs System Log will now record IPS, Webcat, AV upgrade failure events. Log can be viewed from Logs & Reports > Log Viewer > System Improvements 1. Deny Unknown Protocol Any unauthorized non-HTTPS protocol over port 443 can now be blocked from Web Admin Console. By default all unknown protocols over 443 are denied. 2. Allow Invalid Certificate The administrator can now allow an HTTPS connection even while using an invalid certificate. By default invalid certificate will not be allowed. Logs will also get added for appropriate indication if a site is denied due to both these settings in the log viewer. Configuration Both these options which were previously available in the CLI can now be accessed in the Web Admin Console from Antivirus > HTTP/S > Configuration. 3. Improved RBL Support Cyberoam now supports two (2) RBL (Realtime Blackhole List) domains which include zen.spamhaus.org and dnsbl2.uceprotect.net. This improvement will help enhance the spam delectation and elimination capabilities of the Anti-Spam feature of Cyberoam. Configuration This option can be configured from Anti Spam > Configuration > Address Group > Standard RBL Services. Behavior changes 1. Please refer to Features / Enhancements (3) and (5). 2. While configuring Cyberoam through setup Network Configuration Wizard, by default, HTTPS scanning is now OFF for all selected policies. Version- 9 Catchup Feature 1. Web Traffic Analysis Doclet on Dashboard - displays category-wise total hits and data transfer. Detailed report can be viewed by clicking the report link. 2. All V9 Alert messages on Dashboard for subscription expiry and other admin messages 3. Internet Usage details in MyAccount – displays allotted, used and remaining data transfer quota. Month wise usage details display time spent and data transferred from each URL. Month wise usage details can also be filtered on IP address accessed. 4. The administrator can now have a better control over the disk by manual purging of the report data. This option can be accessed in the Web Admin Console from Logs & Reports > View Reports. This will open a new window. Here System > Configuration > Manual Purge. 5. Surfing Quota policy is more granular with minutes being displayed. It can be accessed from Identity > Policy > Surfing Quota. 6. Even when a single site is included in multiple categories, it can be searched now. It can be accessed from Web Filter > Category > Search URL. Bugs Solved Certificate Bug ID – 4284 Description – SSL VPN did not work when using third party certificate. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 28/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 5018 Description – Self signed certificate cannot be applied to captive portal when accessed over HTTPS. Cyberlite Bug ID – 5614 Description – Scheduled based policies fail to apply if a schedule is configured for the dates 29th and 30th of any month. Bug ID – 6168 Description – The system auto upgrade stops and reports fail to generate, once the time is updated in accordance to Day Light Saving mode. Firewall Bug ID – 3820 Description – Firewall page does not open when number of users surpasses the recommended count which leads to high memory utilization. Bug ID – 3300 Description – If you are configuring a schedule period and a part of it has lapsed then firewall rule will be disabled. E.g. A schedule is configured for period 14.30 to 16.30 and current system timing is 15.00 than the firewall rule shall be disabled. GUI Bug ID – 5381 Description – On updating VLAN with zone as “None”, IP address is not updated and “NA” will be displayed on Manage Interface page. Bug ID – 5333 Description – Preview options is not provided in Web Filter Default denied Message Setting Bug ID – 5444 Description – Application category “Gaming” is incorrectly spelled as “Gamig”. HA Bug ID – 5588 Description – The administrator cannot flush the report database from the Auxiliary Appliance. Import - Export Bug ID – 5916 Description – When a file is rejected due to mismatch of password column header and type of password (plain / encrypted), a message “HTTP 404 Page doesn’t exist” appears. IPS Bug ID – 5248 Description – When the IPS Signature search results into more than 2 signatures, it is not possible to disable multiple signatures simultaneously. Logs & Report Bug ID – 4648 Description – History of user's login and logout details is not displayed in MyAccount. Network Interface Bug ID – 5316 Description –.Distance value is not reflecting in static route. Same destination routes with different gateways cannot be added. Bug ID – 5509 Description – Once WWAN is enabled after creation of an IP Address based Virtual Host and then the WWAN cannot be disabled. PPPoE Client Bug ID – 5607 Description – User needs to update connection by providing username and password every time to reconnect a non standard PPPoE connection. Proxy Bug ID – 5095 Description – Windows 2008 server update does not work with HTTPS scan on. Bug ID – 4017 Description – Incase high number of configuration and multiple combinations in Web Filter policy the categorization does not work. Bug ID – 5769 Description – Youtube videos are not blocked as MIME type (video/x-flv) not included after denying default Audio and Video File Category. Bug ID – 5644 Description – With Web Filter policy, users can not access site 'www.vinsolutions.com' due to RFC incompatibility. Bug ID – 5566 Description – When the antivirus is configured to scan in real mode and the module is unsubscribed and Cyberoam is configured as direct proxy, a different website then the intended one, opens. Bug ID – 5910 Description – With connection via MPLS, users will not be able to connect to‘https://adpeet2.adp.com/52iu5e/logon’ and ‘https://hip.chpw.org’. Reports Bug ID – 4052 Description – Reports will not be displayed in iView and the appliance will go to Fail Safe mode in case of low disk space. User is required to flush the reports manually. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 29/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 4940 Description – A historical report taken on different days will display dissimilar values. SNMP Bug ID – 5660 Description – In SNMP client, module sub status incorrectly displays as "3" instead of "1" for a trial subsribed module. SSL VPN Bug ID – 5268 Description – SSL VPN User will continue remain live[connected] in case of failing to log out before closing the browser or shutting down the system. Bug ID – 5543 Description – Window could not be resized in case a bookmark is opened from SSL VPN Web Portal. System Bug ID – 5325 Description – When space is included in the gateway name, Gateway wise Total Data Transfer graph is not displayed for the gateway name that comes after it. Bug ID – 5332 Description – Web filter Denied message cannot be displayed in the center of the page. User Bug ID – 4674 Description – Failed to get the Base DN from the Novell e-Directory server, even when the message appears in Cyberoam that the Base DN was imported successfully. Bug ID – 5149 Description - Account expiry attribute of LDAP server does not work. Bug ID – 5234 Description – When logout and login request is received at the same time from the same IP Address, user is not displayed on the Live User page. Bug ID – 5256 Description – Special characters like hypen (-), underscore ( _ ), comma (,), dot (.) are not supported for a username and domain name. Bug ID – 5361 Description – On changing the group membership of a user in Active Directory server whose domain name includes special character hyphen (-), and is tightly integrated, the user group membership does not change to “default” group. Bug ID – 5480 Description – SSL VPN authentication will fail for AD authentication, if the password contains special character double quotes (“) or backslash ("). Bug ID – 5577 Description – Tight integration does not work with novel e-directory. Bug ID – 6077 Description – User Policy details for the user belonging to default group will not be updated in case of tight integration with AD. VLAN Bug ID – 5381 Description – Manage Interface page shows “NA” under IP address column after successfully updating IP address of VLAN Interface, which is not bounded with any Zone. VPN Bug ID – 5932 Description – Road Warrior connection is not allowed/ working if IPSec connection is configured “Any” in local and in remote network. Web Filter Bug ID – 5332 Description – Web Filter denied message is not centrally aligned. Bug ID – 5306 Description –HTTPS based websites are inaccessible if executable files are denied for HTTP and HTTPS and Custom Web Filter Policy is created with “Allow All” profile. Bug ID – 5799 Description – A web filter policy cannot be created from template comprising “None” web category. 1.1.2.8. V 10.01 build 0472 Release Dates Version 10.01 Build 0472 – 25th January, 2011 Version 10.01 Build 0461 – 3rd January, 2011 Version 10.01 Build 0448 – 8th December, 2010 Release Information docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 30/409 ١١٢١٠٢/٤/ Cyberoam Docs Release Type: General Availability Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: All the Cyberoam Appliance models Upgrade procedure 1. Logon to https://customer.cyberoam.com 2. Click Upgrade URL link, select the appropriate option and follow the on-screen instruction. 3. High Availability feature included in this upgrade is an EA feature. As it is a controlled release feature, to enable feature, you need to register your Appliance. Please mail your Appliance Key and current firmware version at
[email protected]. This process is required for each new firmware. Note: It is mandatory to upgrade to verion 10.01 build 472 prior to any further upgrades. Compatibility issues Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and upgrade will not be successful. You will receive error if you are trying to upgrade Appliance model CR100i with firmware for model CR500i. Introduction This document contains the release notes for Cyberoam version 10.01.0472. The following sections describe the release in detail. This release comes with new features, few enhancements and several bug fixes to improve quality, reliability, and performance. Features & Enhancements Build 461 1. Removed limitation of 6 WAN Interfaces From this version onwards, limitation of 6 WAN interfaces is removed. Maximum N+VLAN where in N=Available physical interfaces on the appliance and maximum 4092 VLAN sub interfaces can be created on each physical interface. For example, incase of CR25ia (4 physical interfaces), if Port-A is configured as LAN then remaining 3 ports can be configured as a WAN and if required additional 4092 WAN Zone VLAN sub interfaces can be created on each physical interfaces. 2. DHCP Relay support in HA Cluster On failover Auxiliary appliance of HA Cluster will now work as DHCP Relay Agent if primary appliance is configured as DHCP Relay. 3. Support of Authorization Policies for Clientless Single Sign On Users (CTAS) With this support now, Administrator can restrict Internet access time i.e. total surfing time and control data transfer for the users who are authenticated by CTAS. 4. Logs and Reports Enhancements Cyberoam has extended its logging functionality by including: Application Denied log - Log that records all the attempts made to access the application denied through Application Filter policy. Log can be viewed from Logs & Reports > Log Viewer > Application Filter Logs. IPSec VPN log - Events like connection activated, connection fail, ID mismatch will be logged and can be viewed from Logs & Reports > Log Viewer > System Log. 5. File System Integrity check support Option is provided in the form of a CLI command to check file system integrity i.e. all the partitions. By default, check is OFF but whenever appliance goes in failsafe due to following reasons, this check is automatically turned ON: Unable to start Config/Report/Signature Database Unable to Apply migration Unable to find the deployment mode Once the check is turned ON, on the next boot, all the partitions will be checked. In addition, check will be turned OFF again on the next boot. If the option is ON and the appliance boots up due following reasons, then file system check will not be enforced and option will be disabled after boot: Factory reset Flush Appliance Report 6. Partition Reset support File System Integrity check verifies all the partitions for the corruption. Check is enabled automatically when the appliance goes in failsafe mode. It is required to flush the partitions if appliance comes up in failsafe mode even after the integrity check. RESET command is extended to include commands to flush the partitions. With these commands, administrator can reset the config, signature and report partition. Entire data will be lost, as the partition will be flushed. Integrity check repairs the partition while resetting partition removes entire data from the partition. Command Usage When you type RESET at the Serial Console Password prompt, menu with 3 options is provided: 1. Reset configuration 2. Reset configuration and signatures 3. Reset configuration, signatures and reports docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 31/409 ١١٢١٠٢/٤/ Cyberoam Docs 1. Default timeout for switching from storage mode to modem mode is changed from 0 to 10 sec. It can be changed from CLI with command: cyberoam wwan set modem-convert- timeout <number> 2. 3. IPS policy id and Application Filter policy id included in Firewall Rule Logs sent to syslog. Now Multicast forwarding can be configured when maximum 64 Interfaces are configured. Earlier it was limited up to 32 Interfaces only. Miscellaneous changes Version- 9 Catchup Feature 1. Dashboard Alert if password of Super Administrator – admin, is not changed. 2. RESET, Backup/Restore, Auto Upgrade, Manual Upgrade , Reboot events will be logged and can be viewed from iView (Reports > Event > Admin Events) 3. IPSec, L2TP, PPTP logs can be viewed from CLI with commands: show vpn IPSec-logs show vpn L2TP-logs show vpn PPTP-logs Build 448 1. Four-Eye Authentication support For legally compliant logging, reporting and archiving, it is important that an organization follows all obligations for keeping relevant information archived and accessible all the time. On one hand to maintain security, for organizations it is necessary to monitor logs related to employee activities while on other hand they must also not invade employee’s privacy. However, monitoring user-specific activities without the consent or the presence of the employee or their delegate is illegal. To safeguard the integrity and security of personal activities data collected, Cyberoam has added 4-Eye authentication method in addition to passwordbased authentication. It offers an added level of control and protection where a single person can access activity logs of other employees and have decision-making potential. It prevents single administrator from having complete control over the logs and violate the organization’s privacy regulations by having insight to the confidential documents and misuse tracked user activities. It enhances the already existing logging and security mechanisms by adding an additional administrator, without whose permission access cannot be granted. With 4-Eye authentication, two users – Administrator and Authorizer, are required to view the employee activity reports. Unless Authorizer approves, Administrator cannot view the reports. Configuration 1. Enable 4-Eye authentication from Log & Reports > 4-Eye Authentication > Setting. Once enabled, user identities - Username, IP address, MAC address, Email address and IM Contact ID will be encrypted i.e. anonymized, in all the reports. 2. Configure Authorizer De-anonymize to view the actual data 1. 2. 3. Click Reports Access the report in which you want to de-anonymize user details. Details can be decrypted for the existing session or permanently. Specify Authorizer Password 2. Filter HTTP traffic based on MIME header Cyberoam has significantly enhanced its Content filtering feature by providing powerful function of filtering HTTP traffic based on MIME header in addition to file types. A MIME header list can be used to block traffic with certain types of contents or certain programs in otherwise allowed file type category. Cyberoam compares the MIME header and if a match is found, the corresponding action is taken. For simplicity, MIME headers are included in the File Type Category along with File Extensions. In addition to default Categories, Cyberoam also has provision for adding custom category with the required MIME header. For default categories, refer Appendix A – Default File Type Categories. Configuration 1. 2. 3. Go to Objects > File type > File type to add custom category. Configure file extension and/or MIME header. If both file extension and MIME header are configured, file extension will be checked first. Implement and configure action from Web Filter policy 3. VPN Connection Wizard To speed up the VPN configuration, Cyberoam now provides VPN Connection Wizard for creating VPN Connection. The VPN Connection Wizard walks you step-by-step through the configuration of VPN Connection. After the configuration is completed, the wizard creates VPN Connection for the selected VPN policy. Once the connection is successfully added, it is listed on VPN > IPSec > Connection page of Web Admin Console and connection details can be updated from the same page. Wizard can be accessed from VPN > IPSec > Connection page of Web Admin Console. 4. Domain Name support for NTP server For ease of use, Cyberoam now provides an option to configure NTP server with FQDN apart from IP address. Domain name can be configured from System > Configuration > Time page of Web Admin Console. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 32/409 ١١٢١٠٢/٤/ 5. Multiple NTP server support Cyberoam Docs To ensure that Cyberoam appliance always maintains the right time, Cyberoam supports use of multiple NTP servers. Cyberoam appliances use NTP Version 3 (RFC 1305). One can configure up to 10 NTP servers. At the time of synchronization, it queries each configured NTP server sequentially. When the query to the first server is not successful, Cyberoam queries second server and so on until it gets a valid reply from one of the NTP servers configured. Configuration 1. 2. Go to System > Configuration > Time and Select “Sync with NTP Server” Select “Use Custom” and add IP address or Domain name of NTP server 6. Multiple TSE/ Citrix Server Support in Cyberoam Cyberoam provides support for transparent authentication of users running Terminal Services or Citrix and apply all the identity-based security policies to monitor and control the access. Now, one can configure up to 64 terminal servers. Up till now, it was possible to configure only one server. This feature will be useful in the organization where terminal server is deployed in each department. Configuration Configure Cyberoam to communicate with Terminal Server from CLI using the command: cyberoam auth thin-client add citrix-ip <ip address of citrix server> Remove Terminal Server from CLI using the command: cyberoam auth thin-client delete citrix-ip <ip address of citrix server> View list of configured Terminal Servers from CLI using the command: cyberoam auth thin-client show 7. Web and FTP Detail Report with Time Stamp With this version, one more drill down report in the form of Detail report is added for Web Usage and FTP Usage. Web Usage Detail report added as a leaf (last drill down) report of ‘Top URLs’ report, provides URL access date and time as well as data transfer details. FTP Usage Detail report added, as a leaf report to all the FTP Usage reports, provides upload and download date and time along with the size. 8. Time Stamp for Anti Virus, Anti Spam, IPS and Mail Usage Reports Leaf report of Anti Virus, Anti Spam, Mail Usage and Attacks report, now displays time stamp in the YYYY: MM: DD HH:MM:SS format to know the exact time and date of attack and usage. 9. Firmware Upgrade without disabling HA To improve the ease of maintenance, HA in v 10.01.04xx supports firmware upgrade without disabling HA 10. Support of DHCP Custom options Cyberoam has extended its DHCP Options feature to provide support for custom options as per RFC 2132. DHCP options allow users to specify additional DHCP parameters in the form of pre-defined, vendor-specific information that is stored in the options field of a DHCP message. When the DHCP message is sent to clients on the network, it provides vendor-specific configuration and service information. Prior to this version, only standard options could be configured. Supported Scalar data types: array-of - Array of Data Type one-byte - One Byte Numeric Value two-byte - Two Byte Numeric Value four-byte - Four Byte Numeric Value ipaddress – IP address string - String boolean - Boolean Supported Array data types: one-byte - Array of One Byte Numeric Values two-byte - Array of Two Byte Numeric Values four-byte - Array of Four Byte Numeric Values ipaddress - Array of IP address Configuration 1. 2. Define DHCP Option from CLI console Attach to DHCP server from CLI console Example: 1. Define custom dhcp option 176 of the type “string” console> cyberoam dhcp dhcp-options add optioncode 176 optionname aphone optiontype string docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 33/409 ١١٢١٠٢/٤/ Cyberoam Docs console> cyberoam dhcp dhcp-options binding add dhcpname dhcptest1 optionname aphone(176) value MCIPADD=192.168.42.1,MCPORT=1719,TFTPSRVR=192.168.42.1 2. View all DHCP options that are configured for DHCP Server console> cyberoam dhcp dhcp-options binding show dhcpname dhcptest1 3. View all DHCP options that can be attached to DHCP server console> cyberoam dhcp dhcp-options list 4. Removing definition of custom dhcp option 176 (defined in point 1) console> cyberoam dhcp dhcp-options delete optionname aphone (176) 5. Delete DHCP options from DHCP Server console> cyberoam dhcp dhcp-options binding delete dhcpname dhcptest1 optionname aphone(176) 11. Increased Bandwidth Maximum Limit of QoS Policy In QoS Policy, maximum bandwidth limit has been increased to 12500 KB from 4096 KB. 12. UTF-8 Support in iView iView reports will now be displayed in UTF-8 characters when details are configured in any language other than English. 13. External Authentication support using RADIUS for MSCHAPv2/CHAP for L2TP and PPTP Connections Now PPTP and L2TP connections established using MSCHAPv2 or CHAP protocol can be authenticated through RADIUS. Known Behavior Build 472 While performing Upload & Reboot operation, if you receive message “Too Many Connections!, Please Try After Some Seconds”, access Web Admin Console after some time, go to System > Maintenance > Firmware and click “Boot firmware image” against 10_01_0472 firmware . Bugs Solved Build 471 High Availability Bug ID - 5211 Description - HA could not be enabled for the appliance models with more than 6 ports. Interface Bug ID – 5314 Description – On removing alias, non-interface based static routes get flushed. Logs & Report Bug ID – 5214 Description – Incorrect value is displayed for Allotted, Used and Remaining Data transfer columns in Internet Usage report on View Usage page of User in Web Admin Console as well as My Account. Bug ID – 5377 Description – When application is denied, Application filter log does not display username. SSL VPN Bug ID – 5365 Description – When User Email ID is not configured and Per User Certificate authentication is configured for tunnel access, files - Installer bundled with Configuration and Configuration downloaded are of size zero. User Bug ID – 5236 Description – CTAS traffic over VPN zone is not allowed. Bug ID – 5312 Description – Hypen (-) is not supported in Username and Domain name. Web Admin Console Bug ID – 5237 Description – For email address, more than 4 characters are not allowed in domain e.g.
[email protected] Bug ID – 5287 Description – When question mark was included in spam rule, spam scanning does not work. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 34/409 ١١٢١٠٢/٤/ Cyberoam Docs Build 461 Group Bug ID – 1140 Description – Add and Remove buttons are not displayed in Import Group wizard. Bug ID – 4727 Description – Mismatch in Dashboard - Live Connected Users and Concurrent Sessions displayed on Live Users page. Bug ID – 5087 Description – At the time of importing groups from Active Directory, no appropriate message is given if groups are not existing in AD. Ideally, message "No group exists in the given base DN. Please verify Base DN or Create groups in AD" should be given. Bug ID – 5077 Description – When the user group membership is changed and the new group does not exist in Cyberoam, tightly integration between Active Directory and Cyberoam does not work. Due to this, user still belongs to the old group. Ideally, if group does not exist in Cyberoam then user should belong to the “Open Group”. Logs and Reports Bug ID – 3021 Description – Reports do not include time stamp. Bug ID – 3565 Description – It is not possible to export Custom View report as PDF file. Bug ID – 4574 Description – Web Usage Trend report is not displayed as per the selected date. Bug ID – 4670 Description – Even when there are 5 records, “View All” link is not displayed in all the Dashboard Widgets. Bug ID – 5147 Description – French Label "Atteindre" is not displayed properly in iView. Migration Bug ID – 5010 Description – After migrating to Version 10.x from Version 9.x, it is not possible to add more than 6 Interfaces. Proxy Bug ID – 5200 Description – Google’s Image Safe Search does not work with http://www.google.fr/. Bug ID – 5217 Description – After applying Web filter policy, Remote Desktop application like LogMeIn become inaccessible. System Bug ID – 2647 Description – It is not possible to add more than 6 Interfaces. Bug ID - 4588 Description - Even when appliance is deployed in "Bridge mode", Syslog displays deployment mode as "Route" mode. Bug ID – 4649 Description – If wrong password is specified at the time of logging in to My Account" from captive portal, it redirects to “Web Admin Console" login page. Bug ID – 4651 Description - After logging out from the Captive Portal login page, the logout Window page is showing the option for "Web Admin Console" also. In the log-out page, ideally only 'My Account' option should be available. Bug ID – 4668 Description – When the DHCP lease time is configured for 2 minutes or less, Cyberoam DHCP is not able to renew IP addresses. Due to this, LAN to WAN connections are dropped frequently. Bug ID – 5070 Description – Enabling packet capture without configuring any filtering condition results in high CPU utilization. Bug ID – 5161 Description – It is not possible to include word “Corporate” in Captive Portal Login Page Header or Footer. Bug ID – 5222 Description – “My Account” link from Captive Portal opens Cyberoam Web Admin Console login page instead of My Account login page. Users Bug ID – 4607 Description – Live User page randomly displays zero live users even when users are currently logged in. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 35/409 ١١٢١٠٢/٤/ Cyberoam Docs VPN Bug ID – 3556 Description – PPTP and L2TP VPN logs are not available. Bug ID – 5077 Description – Search functionality does not work on Add L2TP Member and Add PPTP Member page of Web Admin Console. Bug ID – 5259 Description – It was not possible to establish PPTP connections using MSCHAPv2 protocol when users are authenticated through RADIUS. Build 448 Categorization Bug ID - 3425 Description - It is possible to download denied file types included in custom category through Web-based Mails like Yahoo, Gmail and Hotmail. Bug ID – 4479 Description – When keywords exceed 4096 characters is defined in a custom web category, all the websites get categorized under this web category only. Clients Bug ID – 4580 Description – Auto Login of Corporate Client does not work from version 10.00.0309. Bug ID – 4672 Description – Captive portal authentication does not work after upgrading to V 10.01.0270 from V 10.00.0310. Firewall Bug ID – 5100 Description – At the time of creating firewall rule, Internal Server error occurs. This happens only when not a single user except ‘admin’ user exists in Cyberoam. High Availability Bug ID – 4604 Description – HA Communication log displayed “root” instead of “System” as username. Instant Messaging Bug ID – 4296 Description - After enabling IM scanning, it is not possible to use Windows Live Messenger (MSN) with third party applications like Trillian or Pidgin. Bug ID – 4999 Description – When IM logging is enabled, it is not possible to login to Windows Live Messenger 2011. Bug ID – 5072 Description – When IM logging is enabled, it is not possible to change display scene/picture for Windows Live Messenger 2009 and get new mail alert. Logs and Reports Bug ID - 3206 Description - Top L2TP Users and Top PPTP Users report always displays zero as connection up and down time. Bug ID – 4660 Description – Files are not archived after upgrading to version 10.01.0270. Bug ID – 4683 Description – When Super-administrator password is changed, single step login for Cyberoam and iView Web Admin Console does not work. Due to this, administrator is not logging on to iView automatically. This happens only when users are authenticated locally. Migration Bug ID – 5010 Description – After migrating from V 9.x.x to V 10.xx.xx, it is not possible to add PPPoE Interface. At the time adding, error “Only six interfaces are supported." occurs. Proxy Bug ID – 4782 Description – When Cyberoam is configured as Direct Proxy, remote access and desktop sharing application like TeamViewer, does not work. Bug ID – 4880 Description – After enabling SMTP Scanning, it will not be possible to send large size emails. Bug ID – 5012 Description – Cyberoam is not compatible with Netsweeper - Internet content filtering and web threat management solution, when Cyberoam is deployed as Direct Proxy. Due to this, users are not able to access the Internet. Registration docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 36/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 3745 Description – Warning message about subscribing or renewing Anti Spam module is not displayed on the Spam Digest Settings page. Translation Bug ID – 3000 Description - Backup & Restore page of Chinese GUI was not completely translated. Bug ID – 5037 Description – In the navigation menu – Identity, word “User” was incorrectly translated in French. System Bug ID – 4583 Description – It was possible to bind same IP Address to Gateway and to any of the appliance Interface. Bug ID – 4704 Description – On gateway failover, VOIP connections are not shifted over to the backup gateway. Bug ID – 4931 Description – Signature Database is not flushed on factory reset. Bug ID – 4947 Description – When External Authentication is configured, Simultaneous Logins configured globally from Identity > Authentication > Firewall page does not work . User Bug ID – 650 Description – Data Transfer Policy is not applied to Clientless Single Sign-On (CTAS) users. Bug ID – 653 Description – Surfing Quota Policy is not applied to Clientless Single Sign-On (CTAS) users. Bug ID – 4719 Description – Test Connection to Active Directory fails when special character double quotation mark i.e. “ is included in the password. Bug ID – 4735 Description – Access Time, Surfing quota and Data transfer policies were not applicable for CTAS users. Bug ID – 4812 Description – Test Connection to LDAP fails when special character comma is included before the domain name. For example ,dc=cyberoam,dc=com ---- incorrect dc=cyberoam,dc=com ---- correct Bug ID – 4887 Description – It is not possible to place login restriction on IP addresses as x.x.x.0 or x.x.x.255 Web Admin Console Bug ID – 4605 Description – Identity based WAN-VPN zone firewall rule was incorrectly displayed on the Firewall Rule of Web Admin Console. Bug ID – 4718 Description – Dashboard sticks due to long domain name in Recent HTTP Virus detected and Recent Web Viruses Detected Doclets. Bug ID – 4733 Description – At the time of creating bookmark, if backslash (“/”) is not included at the end of the URL then the URL is truncated up to last “/”. E.g. URL: http://www.google.com/cisco is truncated to http://www.google.com/ and bookmark is created for the URL - http://www.google.com/ and not http://www.google.com/cisco Bug ID – 4967 Description – No alert message is displayed when Port 80 or Port 443 are removed from the Trusted Port list from page System > Administration > Setting page of Web Admin Console. Wireless LAN Bug ID – 4891 Description – It is not possible to update “Geography” to “United States” from Network > Wireless LAN > Settings page of Web Admin Console. Wireless WAN Bug ID – 4904 Description – At the time of re-connection to 3G device, error “Device not detected” occurs. Appendix A – Default File Type Categories File Type Category Name File Extensions MIME Headers docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 37/409 ١١٢١٠٢/٤/ Video Files Cyberoam Docs dat, mov, avi, qt, smi, sml, smil, flc, fli, vfw, mpeg, mpg, m15, m1u, m1a, m75, mls, mp2, mpm, mp, rm, wmv, flv, swf gsm, sd2, qcp, kar, smf, midi, mid, ulw, snd, aifc, aif, aiff, m3url, m3u, wav, rm, au, ram, mp3, wmv application/octet-stream, application/x-troffmsvideo, video/avi, video/msvideo, video/xmsvideo, video/quicktime, application/smil, application/x-simile, Video/flc, video/fli, video/x-fli, video/mpeg, video/x-mpeg, video/x-mpeq2a, application/vnd.rn-realmedia, video/flv, application/x-shockwave-flash audio/x-gsm, audio/vnd.qcelp, audio/x-midi, application/x-midi, audio/midi, audio/x-mid, xmusic/x-midi, audio/basic, audio/x-adpcm, audio/aiff, audio/x-aiff, audio/x-mpequrl, audio/wav, audio/x-wav, application/vnd.rnrealmedia, audio/x-au, audio/x-pn-realaudio, audio/mpeg3, audio/x-mpeg-3, audio/x-ms-wmv application/bat, application/x-bat, application/xmsdos-program, application/textedit, application/octet-stream, text/plain text/x-script.perl, text/asp, text/x-server-parsedhtml, text/html image/bmp, image/x-windows-bmp, image/gif, image/pjpeg, image/jpeg, image/x-pcx, image/png application/msword, application/vnd.openxmlformatsofficedocument.wordprocessingml.document, application/excel, application/vnd.ms-excel, application/x-excel, application/x-msexcel, application/vnd.openxmlformatsofficedocument.spreadsheetml.sheet, application/mspowerpoint, application/powerpoint, application/vnd.mspowerpoint, application/x-mspowerpoint, application/vnd.openxmlformatsofficedocument.presentationml.presentation, application/x-mspublisher, application/onenote, application/octet-stream, application/vnd.msproject, application/x-project, application/vnd.msofficetheme, application/cdf, application/x-cdf, application/x-netcdf, text/comma-separatedvalues, text/csv, application/csv, video/x-dv, application/x-hdf, application/mcad, application/xmathcad, application/vnd.openxmlformatsofficedocument.presentationml.slideshow, application/vnd.mspowerpoint.presentation.macroEnabled.12, image/vnd.dwg, image/x-dwg, application/x-tar, text/tab-separated-values, text/x-vcard, application/xml, text/xml, application/x-ms-reader, text/plain, application/rtf, application/x-rtf, text/richtext, application/x-tex, application/wordperfect, application/x-wpwin, application/vnd.ms-works application/x-7z-compressed, application/x-alz, application/x-deb, application/x-gzip, application/x-newton-compatible-pkg, application/x-rar-compressed, application/sea, application/x-sea, application/x-sit, application/xstuffit, application/gnutar, application/xcompressed, application/x-zip-compressed, application/zip, multipart/x-zip application/atom+xml, application/octet-stream, application/pkix-cert, application/x-x509-ca-cert, application/x-x509-user-cert, application/xpointplus, text/css, text/html, application/xjavascript, application/javascript, application/ecmascript, text/javascript, text/ecmascript, application/x-pkcs7-certificates, text/x-speech, text/vnd.wap.wml application/msaccess, application/x-msaccess, application/vnd.msaccess, application/vnd.msaccess, application/mdb, application/x-mdb, chemical/x-pdb Audio Files Executable Files exe, cmd, bat, com Dynamic Files Image Files pl, jsp, asp, php, cgi, shtml bmp, gif, jpeg, jpg, pcx, png Document Files (Document file format could be described as a text, or binary data file type, used to store formatted documents (texts, pictures, cliparts, tables, charts, multiple pages, multiple documents etc.).) doc, docx, wbk, xls, xlsx, ppt, pptx, oft, pub, msg, one, xsf, xsn, grv, mpp, mpt, acl, pip, thmx, aw, bld, blg, bvp, cdd, cdf, contact, csv, dat, dif, dmsp, efx, epub, epw, exif, exp, fdb, fxp, gbr, gpi, hdf, id2, lib, mat, mcd, menc, mw, ndx, not, notebook, out, ovf, pdx, pfc, pps, ppsx, pptm, prj, qbw, sdf, svf, tar, tsv, vcf, vdb, vxml, windowslivecontact, wlmp, xfd, xml, xsl, xslt, lit, log, lst, odt, opml, pages, rtf, sig, tex, txt, wpd, wps Compressed Files (Compressed files use file compression in order to save disk space. Compressed archive formats can also be used to compress multiple files into a single archive.) Web Files (The Web Files category includes files related to websites and Web servers. These include static and dynamic webpages, Web applications, and files referenced by webpages.) Database Files (Database files store data in a structured format, organized into tables and fields. Individual entries within a database are called records. Databases are commonly used for storing data referenced by dynamic websites.) System Files (The System Files category includes files related to Mac, Windows, and Linux operating systems. Some examples include system libraries, 7z, alz, deb, gz, pkg, pup, rar, rpm, sea, sfx, sit, sitx, tar.gz, tgz, war, zip, zipx alx, asax, asmx, aspx, atom, att, axd, cer, chm, crt, csr, css, dwt, htm, html, js, jspx, pac, qbo, rss, spc, ucf, webarchive, wgt, wml, xfdl, xhtm, xhtml accdb, db, dsn, mdb, mdf, pdb, sql, sqlite bashrc, cab, cpl, cur, dll, dmp, drv, hlp, ico, key, lnk, msp, prf, profile, scf, scr, sys application/vnd.ms-cab-compressed, application/octet-stream, application/xmsdownload, application/hlp, application/xhelpfile, application/x-winhelp, image/x-icon docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 38/409 ١١٢١٠٢/٤/ icons, themes, and device drivers. Files output by the system are also included in this category.) Configuration Files (Settings files store settings for the operating system and applications. These files are not meant to be opened by the user, but are modified by the corresponding application when the program preferences are changed. Settings files may also be called preference files or configuration files.) Developer Files (The Developer Files category contains files related to software development. These include programming project files, source code files, code libraries, header files, and class files. Compiled objects and components are also included in this category.) Backup Files (The Backup Files category includes individual file backups and files related to backup software. Individual backup files are often generated automatically by software programs. Backup software files include incremental backups and full system backups.) Encoded Files (Encoded files are files that store data in an encoded format. These include encrypted files, uncompressed archives, and binary-encoded text files. Files are often encoded for security purposes and to keep them from being corrupted during data transfers.) Plugin Files (Plugin files provide extra features and functionality to existing programs. They are commonly used by image, video, and audio editing applications, as well as Web browsers. Plugins are also referred to as add-ons and extensions.) Disk Image Files (Disk image files contain an exact copy of a hard disk or other type of media. They include all the files, as well as the file system information. This allows disk images to be used for duplicating disks, CDs, and DVDs. They are often used for backup purposes as well.) Page Layout Files (Page layout files are documents that may contain both text and image data. They also Cyberoam Docs cfg, clg, dbb, ini, keychain, prf, prx, psf, rdf, reg, thmx, vmx, wfc application/pics-rules, application/octet-stream, application/vnd.ms-officetheme as, asc, c, cbl, cc, class, cp, cpp, cs, csproj, dev, dtd, f, fs, fsproj, fsx, ftl, gem, h, hpp, ise, ism, java, m, ocx, pas, pod, pro, py, r, rb, sh, src, tcl, trx, v, vbproj, vcproj, vtm, xcodeproj text/plain, text/x-c, application/java, application/java-byte-code, application/x-javaclass, text/xml, text/x-fortran, text/x-h, text/x-javasource, text/x-m, application/octet-stream, text/pascal, text/x-script.phyton, application/x-bsh, application/x-sh, application/x-shar, text/xscript.sh, application/x-wais-source, application/x-tcl, text/x-script.tcl asd, bak, bkp, bup, dba, dbk, fbw, gho, nba, old, ori, sqb, tlg, tmp application/octet-stream bin, enc, hex, hqx, mim, mime, uue application/mac-binary, application/macbinary, application/octet-stream, application/x-binary, application/x-macbinary, application/binhex, application/binhex4, application/mac-binhex, application/mac-binhex40, application/xbinhex40, application/x-mac-binhex40, message/rfc822, www/mime, text/x-uuencode 8bi, arx, crx, plugin, vst, xll application/x-visio, application/excel, application/vnd.ms-excel, application/x-excel dmg, iso, mdf, nrg, nri, pvm, toast, vcd, vmdk application/x-cdlink idml, indd, inx, isd, mdi, pct, pdf, pmd, ptx, pub, qxb, qxd, qxp, rels, xps image/x-pict, application/pdf, application/xmspublisher, application/octet-stream, application/vnd.ms-xpsdocument docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 39/409 ١١٢١٠٢/٤/ include formatting information, which defines the page size, margins, and how content is organized on the page. Page layout documents are often used for creating printable publications, such as newspapers, magazines, and brochures.) Cyberoam Docs 1.1.2.9. V 10.01 build 0286 Release Dates Version 10.01 Build 0286 – 25th October, 2010 Version 10.01 Build 0270 – 30th September, 2010 Release Information Release Type: General Availability Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: All the Cyberoam Appliance models Upgrade procedure 1. 2. 3. Logon to https://customer.cyberoam.com Click Upgrade URL link, select the appropriate option and follow the on-screen instruction. High Availability feature included in this upgrade is an EA feature. As it is a controlled release feature, to enable feature, you need to register your Appliance. Please mail you Appliance Key at
[email protected]. Compatibility issues Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and upgrade will not be successful. You will receive error if you are trying to upgrade Appliance model CR100i with firmware for model CR500i. Introduction This document contains the release notes for Cyberoam version 10.01.0286. The following sections describe the release in detail. This release comes with new features, few enhancements and several bug fixes to improve quality, reliability, and performance. Features & Enhancements Build 286 1. Automated VPN failback support To ensure continuous connectivity for IPSec VPN tunnel, Cyberoam has added VPN failback support by which if primary tunnel in the failover group fails over to an alternate tunnel, it can automatically fail back to the original tunnel once it is re-established. Prerequisite One connection can be member of single Failover Group only. Configuration 1. Add Policy from VPN > Policy > Policy 2. 3. Add Connection from VPN > IPSec > Connection Create failover group from VPN > IPSec > Connection and add connections. By default, group will be disabled. One needs to manually activate it. Behavior 1. Once the Connection is added as a member of the group, following parameters will be overridden as · · Policy parameters - DPD as “Disable” and Key Negotiation Tries as 3 Connection parameter - Action on VPN Restart as “Disable” Once the Connection is removed from the group, the original Policy and Connection configuration will be considered. 2. If the connection is already established at the time of adding in it the failover group, it will get disconnected. 3. On factory reset, failover configuration will not be retained. 2. Support of Serial port (DB9) as Backup Management port (CR15i & CR15wi models only) For the granular control, now Administrator can grant permission to selected users to manage Cyberoam remotely through Dial-in Modems (DB9). Configuration 1. 2. From Web Admin Console, go to Network > Dial In > Settings page Click “Add Members” to select users who can remotely manage Cyberoam. Build 270 1. Diagnostic Tools From this version, Cyberoam provides Diagnostic tools with which administrator can check the health of the Cyberoam appliance in a single shot. Tools provide real-time statistics to diagnose and trouble the connectivity problems, network issues and test network communication. Following tools assists in troubleshooting issues such as hangs, packet loss, connectivity, discrepancies in the network etc. Ping Trace route docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 40/409 ١١٢١٠٢/٤/ Cyberoam Docs Name lookup Route lookup CPU and Memory graphs Load Average graphs Interface graphs for all physical interfaces, all VLAN interfaces, ALL Wireless LAN and WAN interfaces Connection list Connection list provides current or live connection snapshot of your Cyberoam appliance in the list form. Apart from the connection details on System Interfaces, it also provides information like Firewall rule id, userid, connection id per connection. It is also possible to filter the connections list as per the requirement and delete the connection. Cyberoam Troubleshoot Report (CTR) To help Cyberoam Central Support to debug the system problems, troubleshooting report can be generated which consists of the system’s current status file and log files. File contains details like list of all the processes currently running on system, resource usage etc. in encrypted form. Customer has to generate and mail the saved file at
[email protected] for diagnosing and troubleshooting the issue. File will be generated with the name: CTR_<APPKEY>_<MM_DD_YY> Where APPKEY is the appliance key of the appliance for which the report is generated MM_DD_YY is the date(month date year) on which the report is generated CLI commands 1. Truncate all rotated logs - cyberoam diagnostics purge-old-logs 2. Truncate all logs - cyberoam diagnostics purge-all-logs 3. To take last n lines - cyberoam diagnostics ctr-log-lines Where n is between 250-10000 Default line 1000 4. View diagnostic statistics - cyberoam diagnostics show 5. Configure Subsytems - cyberoam diagnostics subsystems < Access-Server | Bwm | CSC | IM | IPSEngine | LoggingDaemon | Msyncd | POPIMAPFTPDeamon | Pktcapd | SMTPD | SSLVPN | SSLVPN-RPD | WebProxy | Wifiauthd > Note: SSLVPN option will be visible in all the models except CR15i, CR15wi models Wifiauthd option will be visible in CR15wi, CR25wi, CR35wi models only Msyncd option will be visible in all the models except CR15i, CR15wi, CR25i, CR25wi, CR35wi models 6. View utilities statistics - cyberoam diagnostics utilities Administrator can be granted Read-Write or None privilege. 2. Gateway failover over VPN Now VPN can be configured as a Backup link. With this, whenever primary link fails, traffic will be tunneled through VPN connection and traffic will be routed again through the primary link once it is UP again. Use below given CLI command for configuration: cyberoam link-failover [add | del | show] primarylink backuplink monitor [ping host | udp host port | tcp host port ] 3. Support of Serial port (DB9) as Backup Management port (CR15i & CR15wi models only) With DB9 support, Cyberoam now provides capability of remote administration of Cyberoam appliance through the modem connected on the serial port of the Appliance. User can dial-in to modem and connect to Cyberoam. After connecting to Cyberoam user can access internal network resources depending on firewall configuration. Prerequisite Available only on migrating from v 9.x Configuration 1. Enable modem interface from CLI with command: cyberoam serial_dialin enable 2. Re-login to Web Admin console. 3. From Web Admin Console, configure modem from Network ® Dial In ® Settings page Once serial modem is enabled from CLI, Dial In sub-menu is added in Network menu. System zone named DIALIN and interface named COM1 is automatically created. Interface COM1 is added without any IP address and which is the member of the DIALIN zone. By default, HTTPS and SSH services are enabled for DIALIN zone. A default host named ##COM1 without any IP address is created automatically. When modem is disabled from CLI, Dial In menu, default host ##COM1and DIALIN zone options will be removed from Web Admin Console. By default, HTTPS and SSH service are allowed in DAILIN zone. Cyberoam is automatically rebooted when modem is enabled/disabled. Behavior After configuring DB9 dial-in, kernel logs will not available on serial port and Cyberoam will not be accessible through serial console. Limitations 1. Configured only when Cyberoam is deployed in transparent mode. 2. Requires at least one interface in LAN or DMZ zone. 3. Only one client can connect at a time. 4. Service like DHCP Server/DHCP Relay will not run on COM1 interface. 5. Serial dial-in is disabled in Deployment Wizard. 6. Super user “admin” cannot be authenticated in case of Dial-in connection. 7. MSCHAP authentication is not available. 8. For CHAP and MSCHAPv2 only local authentication can work. 9. Encryptions (MPPE 40 bit/MPPE 128 bit) is not supported. 10. Only same model backup/restore is allowed i.e. CR15i to CR15i and CR15wi to CR15wi. Cross model backup /restore is allowed when disabled. 11. Factory reset removes DB9 configuration and enables serial port access. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 41/409 ١١٢١٠٢/٤/ Cyberoam Docs 4. WPA & WPA2 Wireless Client Authentication methods Support (Only for Wireless models) Cyberoam has extended authentication method by including support of external Radius server based authentication for Cyberoam Wifi access point clients like Laptops and support WPA and WPA2 Enterprise authentication methods. Till date, Cyberoam supported WEP (OPEN/SHARED/AUTO), WPA-PSK, WPA2-PSK methods for wireless client authentication. 5. High Availability (HA) with Load balancing and failover protection To minimize the single point of failure, Cyberoam offers an integrated high availability solution providing efficient, continuous access to critical applications, information, and services. High availability is critical to maintaining network protection from an attack, even in the event of a device failure. To achieve high availability, HA cluster is to be defined which consists of two Cyberoam appliances and both appliances in the cluster share session and configuration information. Active-Passive HA In Active-Passive HA, primary appliance processes the entire traffic and Auxiliary appliance is in standby mode. Auxiliary appliance processes the entire network traffic only incase of primary appliance failure. Active-Active HA Session persistent Load balancing Active-Active HA increases overall network performance by sharing the load of processing network traffic and providing security services. The cluster appears to your network to be a single device, adding increased performance without changing your network configuration. Primary appliance acts as the load balancer and load balances all the TCP communications including TCP communications from Proxies but will not load balance VPN traffic. Failover In Active-Active HA both Primary and Auxiliary appliances process the network traffic and Auxiliary appliance takes over the primary appliance and processes complete traffic incase of primary appliance failure or link/monitored interface failure. Session failover Session failover occurs for forwarded TCP traffic except for virus scanned sessions that are in progress, VPN sessions, UDP, ICMP, multicast, and broadcast sessions and Proxy traffic. Synchronization Cluster configuration, routing tables, and individual cluster appliance status between Cluster appliances are synchronized automatically when a configuration event occurs. Additionally, Web Console Admin provides the option for Manual synchronization also. In addition, Cyberoam now has inbuilt monitoring services that monitor critical services in the appliance and even take the corrective and preventive actions to ensure availability. Behavior DHCP, PPPoE, WWAN, WLAN – High Availability (HA) cluster cannot be configured if any of the Cyberoam Interfaces is dynamically configured using DHCP and PPPoE protocols or WWAN or WLAN is configured. Session Failover is not possible for AV Scanned sessions or any other forwarded traffic like ICMP, UDP, multicast and broadcast traffic, traffic passing through Proxy Subsystem - transparent, direct and parent proxy traffic, and VPN traffic Masqueraded Connections – In case of the following events from any of the HA cluster appliances, all the masqueraded connections will be dropped: Execution of Network Configuration, Manual Synchronization HA Load balancing – Active-Active HA cluster does not load balance VPN sessions, UDP, ICMP, multicast, and broadcast sessions and scanned FTP traffic. TCP traffic for Web Admin Console or Telnet Console and, H323 traffic sessions are also not load balanced between the cluster appliances. HA Load balancing – Active-Active HA cluster will load balance Normal Forwarded TCP Traffic, NATed (both SNAT & Virtual host) Forwarded TCP Traffic, TCP Traffic Passing through Proxy Subsystem - Transparent Proxy, Direct Proxy, Parent Proxy and VLAN traffic. Super Administrator privileges are required to access Auxiliary appliance Web Admin console i.e. it can be accessed by “ADMIN” user only and Live users/DHCP leases/IPSec live connections pages will not be displayed. Dedicated HA link port should be from any of the DMZ zone interface only. Make sure that the IP address of HA link port of Primary and Auxiliary appliances are in same subnet. HA can be disabled from either of the appliances. If disabled from Primary appliance, HA will be disabled on both the appliances. If disabled from Auxiliary appliances, HA will not be disabled on Primary appliance and will act as stand-alone appliance. After disabling HA, Primary appliance IP schema will not change. If HA is disabled from Stand-alone machine, IP schema will not change. After disabling HA, for Auxiliary appliance, all the ports except dedicated HA link port and Peer Administration port will be disabled. Dedicated HA link port will be assigned Peer HA link IP and Peer Administration port will be assigned Peer Administration IP. After disabling HA, for Auxiliary appliance, for LAN zone all the administrative service – HTTP, HTTPS, Telnet, SSH is allowed while for DMZ zone only HTTPS and SSH is allowed. If backup without HA configuration is restored then HA will be disabled and primary appliance will be accessible as per the backup configuration while appliance will be accessible with the Auxiliary Admin IP address. Both the appliances will maintain their own Quarantine mails and Spam digest will be mailed seperately by both the appliances. Hence, all the users will receive two spam digest mails. Limitations Not available in models CR15i, CR15wi, CR25i. Not supported if appliance deployed in Bridge mode HA will get disabled if you run Deployment Wizard. Appliance cannot be upgraded without disabling HA. For Auxiliary appliance, Deployment Wizard will not be accessible. CLI commands 1. Disable HA - cyberoam ha disable docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 42/409 ١١٢١٠٢/٤/ Cyberoam Docs 2. Enable/disable load balancing - cyberoam ha load-balancing 3. View HA information - cyberoam ha show [details | logs lines ] 6. DHCP Server Enhancement Cyberoam has extended its DHCP feature to provide support for DHCP options, as defined in RFC 2132. DHCP options allow users to specify additional DHCP parameters in the form of pre-defined, vendor-specific information that is stored in the options field of a DHCP message. When the DHCP message is sent to clients on the network, it provides vendor-specific configuration and service information. option number. CLI commands 1. List of available options console> cyberoam dhcp dhcp-options list 2. Add DHCP options console> cyberoam dhcp dhcp-options binding add dhcpname optionname value 3. Delete DHCP Options console> cyberoam dhcp dhcp-options binding delete dhcpname optionname 4. View configured options console> cyberoam dhcp dhcp-options binding show dhcpname 7. File Type category Exception Rule for a Web Category To provide granular control, Cyberoam has extended its Web Access functionality by providing a way to add an exception rule for file type category for a configured web category access. For Example: If you have allow access of Sport category and want to deny access of video file from Sport category then for the Sport category simply add an Video File in Exception list. For quicker and easier creation of Exception rule, Cookies, ActiveX, Applets and HTTPUpload categories are grouped in “Dynamic Category”. 8. Support to Import Email Address From this version to save administrator’s time, Import functionality is added which allows administrator to import email address rather in adding email addresses again in Cyberoam. If the file has multiple addresses then each address must be on the new line in the form of list. File with comma-separated address will give error at the time uploading. 9. MSCHAP v2 support for L2TP and PPTP tunneling protocols Cyberoam has extended the authentication protocol support to MS-CHAP v2 for L2TP and PPTP. Until previous versions, Cyberoam supported PAP authentication only. MS-CHAP-V2 is the Microsoft Challenge-Handshake Authentication Protocol v2. CHAP provides the same functionality as PAP, but does not send the password and other user information over the network. Cyberoam also support encryption for PPTP connection. Encryption is not supported in L2TP as L2TP is already secured by IPSec. Use below given CLI command for configuration: set vpn pptp authentication [ ANY | CHAP | MS-CHAPv2 | PAP] encryption [ NONE | SOME | STRONG | WEAK ] set vpn l2tp authentication [ ANY | CHAP | MS_CHAPv2 | PAP] 10. Support of URL Groups For ease of use, Cyberoam has extended its Web category feature and provided URL grouping functionality. Now when one wants to configure same access rule for multiple URLs, one simply needs to create URL group and instead of adding web filter rule for individual URL, add rule for the Group. 11. Single step login to Cyberlite and iView Web Admin Console To save Administrator’s time, login process has been optimized to a single step process. With this administrator is now not required to re-logon to access iView if she has already logged on to Cyberlite Web Admin Console. 12. Bookmark Support in iView Cyberoam iView now provides bookmark to organize the reports one wants to keep going back without remembering how one got there. This saves time, as when one wants to re-visit the report, one has to simply go to the bookmark and not drilldown through multiple reports. These bookmarked reports can also mailed to the various recipients at the configured frequency. For ease of use, one can also group these bookmarks. 13. Multi-lingual support for iView - Chinese (Simplified and Traditional), French and Hindi With this version, Cyberoam has extended the multi-lingual support to its reports functionality also. All the reports including the drill-down reports and configuration can now done in the any of the supported 4 languages in addition to English language. Even the report notifications are mailed in the selected language. As there is single-step login to Cyebroam and iView Web Admin Console, the language selected at the time of login to Cyberoam Web Admin Console is carry forwarded in the iView and hence one does not have to re-select language for iView. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 43/409 ١١٢١٠٢/٤/ Cyberoam Docs 14. IM Usage and Blocked IM Attempts report Cyberoam scans, logs and controls, all Instant Messaging communication - webcam, file transfer, voice and text chat, happening over Yahoo IM and Windows Live Messenger. Cyberoam iView provides user based IM usage reports to identify usage of Yahoo and WLM instant messengers in the organization. It helps administrator to monitor and rectify instant messenger activities in the organization. Similarly blocked IM attempts report provides complete snapshot of user based denied IM traffic. It helps administrator to identify most denied IM traffic generators and fine-tune the policies to stop resource abuse. 15. Chinese (Simplified) language support for Web Admin Console (GUI) From this version, Cyberoam has added support of Chinese Simplified language for Web Admin Console. Until this version, Cyberoam supported traditional Chinese, French and Hindi languages. 16. CLI commands added 1. Set number of packets to be sent for Application Classification - set ips maxpkts | all | default number – any number above 8 all - pass all of the session packets for application classification default - pass first 8 packets of the session of each direction for application classification (total 16) 2. Set number of threads of IPS server (only for multicore appliances) - set ips ips-instance add [IPS cpu ] | apply | clear number – dependent on number cores which is appliance-specific apply – apply instance clear – clear instance 3. Enable/disable reporting - set on-appliance-reports Default - on 4. Enable/disable SSL VPN Web Access mode - set sslvpn web-access on | off Default – on 5. Enable/disable SSL VPN - set sslvpn proxy-sslv3 on | off Default – off 6. Manage Routing Precedence - cyberoam route_precedence set static vpn | show 7. Manage IPSec Static Routes - cyberoam ipsec_route add [host | tunnelname | net] | del | show 17. UI Improvement 1. IM Log column titles now read as “Protected Contact” and “Peer Contact” (Bug ID – 3025) 2. Gateway name will now be displayed in firewall rule “Route through Gateway” option instead of “Load Balance”. (Bug ID – 4257) 3. Tool-tip “Default Firewall rule cannot be re-ordered” added on Move Firewall rule page. (Bug ID – 4259) 4. Help on CSV File Format for importing users provided on Identity > Users > User > Import. (Bug ID – 3444) 5. Tool-tips on IPSec VPN Connection page to help configuration 6. Application Filter Category will now be displayed in alphabetical order. (Bug ID – 4560) 7. View Search Engine reports directly from Dashboard. Link provided from Search Engine Queries option of Today Usage Summary doclet. (Bug ID – 4342) 8. Selection of Mode (Tunnel mode) on IPSec Connection page was not necessary as only one option was provided and hence the option is removed. Now, by default all the connections will be in tunnel mode only. 9. Tool-tip “Default CA must be configured from System -> Certificate -> Certificate Authority” added on SSL > Tunnel Access page. 10. Add Web Filter Policy Rule page re-designed. Now administrator can set HTTP and HTTPS Action for multiple categories in one go. Miscellaneous changes 1. Certificate submenu is now part of System menu and Objects menu. 2. Select UI Language at the time of login itself. 3. “View Usage” button added on Edit User page to check Internet usage and data transfer usage. 4. Add host in multiple host group at the time of creating host itself. 5. Predefined Messages for Antivirus, Antispam and Instant Messaging. These messages can be send to notify users about problems like virus or spam mail rejection, oversize mail rejection, blocking of chat blocking, file transfer and web camera usage. 6. LAN Bypass control for appliances deployed in "Bridge Mode". This option is provided for models CR500ia and CR750ia. Bypass can be configured with CLI command: set lanbypass on/off 7. Instead of multiple instances of Telnet session, only single instance will be opened from UI Dashboard. 8. Backup and Restore functionality included in Profile and hence now Administrator can be given none, read only, or read-write access for Backup and Restore functionality individually. 9. Graphs for Disk usage, Live users, Data transfer – total, upload/download through WAN Interface, gateway-wise 10. Filter IM Log based on IM Action and Rule Action. 11. Export Reports in MS Excel format apart from PDF format. 12. System Event report can be viewed from Reports > Event > System Events 13. IM and Internet Usage reports Purge option provided on System > Configuration > Data Management page of iView. 14. Search Engine reports – Bing, Wikipedia, Rediff, eBay added on Reports > Search Engine 15. Commands re-arranged Old location console> arp proxy New location console> set proxy-arp console> show proxy-arp console> set ips console> set ips ips-instance console> show ips-settings console> set port-affinity console> show port-affinity console> cyberoam diagnostics show console> cyberoam diagnostics > utilities > arp console> ips console> ips-list console> devicemap console> show system console> arp docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 44/409 ١١٢١٠٢/٤/ Cyberoam Docs console> dnslookup console> ip console > ping console > ping6 console > route console > traceroute console> console> console> console> console> console> cyberoam cyberoam cyberoam cyberoam cyberoam cyberoam diagnostics diagnostics diagnostics diagnostics diagnostics diagnostics > > > > > > utilities utilities utilities utilities utilities utilities > > > > > > dnslookup ip ping ping6 route traceroute <> Version-9 Catchup features 1. 2. 3. 4. 5. 6. 7. MyAccount link is provided on Captive Portal login page so that user can directly logon to MyAccount from Captive Portal. Antispam Server Connectivity status displayed on System > Maintenance > Services page of Web Admin Console Option to manage ARP Cache entries on Network > ARP Configure Global custom denied message for all the web categories and upload message header and footer image from Web Filter > Settings Restriction on Simultaneous Logins. Option provided on Identity > Authentication > Firewall (Bug ID – 3445) Ability to sorting Traffic discovery reports on all the report columns (Bug ID - 4142) Notification for New Firmware Availability on Dashboard (Bug ID – 3587) Version-9 Catchup Reports 1. 2. 3. 4. 5. Trend reports – Web usage, Blocked Web, Mail usage, IPS attack, FTP usage, Virus Web usage reports – User, User Groups and Category Type wise Internet Usage report (Bug ID – 3567) Search Reports User Surfing Pattern widget on iView Dashboard (Bug ID – 2954) CLI command removed 1. Menu - Option 6 Bandwidth Monitor as option to view graphs is added on Web Admin Console (System > Diagnostic > System Graphs). 2. set http_proxy http_1_0 3. set service-param HTTPS add/delete Bugs Solved Build 286 Logs & Reports Bug ID – 4660 Description – After upgrading to 10.01 build 0270, archive reports are not displayed. Proxy Bug ID – 3324, 4702 Description - Under certain circumstances, due to DoS flooding, large number of sessions are opened. Due to this, maximum open session limit is reached and browsing becomes slow. Bug ID – 3755 Description – Sites hosted on servers that do not follow HTTP1.1 RFC standards are not accessible e.g. http://www.costco.com/Pharmacy/DrugInformation.aspx, https://test.authorize.net, http://www.abcthebank.com, http://eshop.cebeo.be, http://www.ignou.ac.in Bug ID – 4680 Description – Random sites are opened while accessing any of the FTP sites. Bug ID – 4805 Description – After enabling scanning, it was not possible to update Microsoft Windows 7. System Bug ID – 4665 Description – After upgrading to version 10.01 build 0270, appliance became inaccessible. It was found to be a random behavior as sometimes appliance became accessible from either LAN or WAN side. Bug ID – 4724 Description – Appliance goes in fail safe mode, after migrating from version 10.00 build 0227. VPN Bug ID – 4675 Description – Multiple Email Notifications were mailed incase of gateway UP and Down events. Bug ID – 4684 Description – VPN failover and Gateway failover does not work on the interfaces, which are assigned IP address dynamically. Build 270 Anti Virus Bug ID – 4450 Description – Anti Virus Definitions are not automatically updated. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 45/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 4448 Description – FTP logs are not rotated regularly. Due to this, FTP service does not start and scanning fails. Anti Spam Bug ID – 3745 Description – No alert message was given at the time of configuring spam digest that digest will be mailed only if Gateway Anti Spam module is subscribed and valid. Firewall Bug ID – 4120, 4311 Description - When port forwarded virtual host is created from firewall rule, it is possible to configure service. Ideally, should not be configurable and should be automatically configured as per the virtual host configuration. Bug ID – 4252 Description – It is possible to add multiple virtual hosts with same source IP address and port but different mapped IP addresses. Instant Messaging Bug ID – 3803 Description – After enabling IM Scanning, Webmail chat of Yahoo and Gmail are not blocked. IPS Bug ID - 2802 Description - Recent IPS Alerts doclet on Dashboard displays internal alerts as IPS alerts. Bug ID – 3752 Description - IPS Alerts Doclet of Dashboard and IPS log displays some IPS Alerts with Signature definitions that do not exist in the Signature Database. Bug ID – 4075 Description – It is not possible to change the action of IPS signatures. This is observed when one tries to change the action after searching the signature and not directly from the signature category. Logs & Reports Bug ID – 2966 Description – System Graphs are not generated. Page displays “Too many Connections!, Please Try After Some Seconds”. Bug ID - 3414, 3473 Description - System log and Memory Info graphs gives false alerts of high memory usage. Bug ID – 3818 Description – Failed Spam mail release event is not logged. Bug ID – 3847 Description – When user-based authentication is not configured, Web Usage > Top Domain is displayed with username as N/A. Ideally report should display IP address. Bug ID – 3864 Description – User with the “Read-Only” profile is not able to view Dashboard and Compliance reports. Ideally, user should be able to view all the reports except configuration. Bug ID – 3997 Description – After filtering the report if the report is exported in PDF or Excel file, instead of filtered records, all the records are exported. Bug ID – 4001 Description – User wise upload and download report is not available. Bug ID – 4002 Description – Authentication Event logs are not retained as per the Log retention period. Bug ID – 4084 Description – Packet Capture does not display dropped packet details. Bug ID – 4199 Description – Authentication logs does not display IP address with which the user has connected to the SSL VPN Web client. Bug ID – 4218 Description - Flushing Appliance reports, flush Logs also. Ideally, logs should not be flushed when reports are flushed. This happens from v 10.00.0302 only. Bug ID – 4417 Description – Spelling mistake in Memory Usage graph. It reads as “Frees”. It should read as “Free”. Bug ID – 4429 Description – Memory Info graphs displays usage as negative value. Bug ID – 4430 Description – CPU Info graphs does not display 100% usage. PPPoE Bug ID – 4523 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 46/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – When PPPoE link is enabled, appliance becomes inaccessible after soft boot. One has to either hard boot or unplug PPPoE link to make appliance accessible. Profile Bug ID – 3150 Description - Administrator with "Identity Configuration" profile can view the Dashboard, Authentication settings and manage users, user groups and policies. Ideally, such Administrator should be allowed to manage users only and should not be able to view Dashboard and manage groups and policies. SSL VPN Bug ID – 2440 Description – Appropriate warning does not appear in case of invalid SSL Certificate. Bug ID - 3550 Description - Bookmarked URLs are not accessible in web-access mode but are accessible from application-access mode. Bug ID – 4254 Description – At the time of downloading SSL VPN Client bundle, entire file is downloaded but on completion, it shows as 0 KB file. Bug ID – 4400 Description – If the Server and Client CA are not same, it is not possible to establish SSL VPN connection. This situation occurs only when 3rd party Server certificate and Per user Certificate as Client certificate is configured. Translation Bug ID – 3483 Description – “Buffer Size” on Packet Capture page and “Records per Page” throughout the UI is not translated in French language. Bug ID – 3493 Description – “Change Status” button caption on Users page and Calendar tool tip of Certificate were not translated in French language. System Bug ID – 3494 Description – It is not possible to manually update time zone. Bug ID – 3828 Description – When direct proxy is configured, Interface based Virtual host does not work. Bug ID – 4004 Description – When Captive Portal is customized in Spanish language, junk characters are displayed. This happens when captive portal is opened in web browser Internet Explorer 8. Bug ID – 4091, 4235 Description – When total number of Interfaces exceeds 245, login deamon does not start and appliance goes in fail safe mode. Bug ID – 4265 Description – At the time of uploading new firmware remotely, due to GUI timeout, uploading process stops and user is prompted to login. Bug ID – 4319 Description – Mismatch in login time displayed on Manage Live User page of Web Admin Console and System time. Bug ID – 4358 Description – “Graph” is incorrectly spelled on Profile page. It reads as “Grpahs”. It should read as “Graphs”. Bug ID – 4378 Description – When Cyberoam is deployed as Bridge, same IP address can be configured Gateway and the Bridge Interface. Ideally, they cannot be same. VPN Bug ID – 3601 Description – It is not possible to delete user even after the VPN connection established for the user is disconnected. At the time of deletion, error message "User could not be deleted. Firewall Rule/VPN Connection exists for the User." is received. Bug ID – 4273 Description – VPN with NATted LAN does not work. It is possible to establish VPN tunnel for NATted LAN but traffic is routed through default gateway only. Web Admin Console Bug ID – 3988 Description – QoS policy is not display in Web Category Edit page. Web Filter Bug ID – 3663 Description – Web Categories Database (Webcat) Auto Upgrade not working. Bug ID – 4246 Description – When Cyberoam is deployed as Bridge, custom web category cannot be deleted. Wireless LAN docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 47/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 3945 Description – Even when Security mode is configured to “None”, Cyberoam prompts to enter Security Key for Authentication. Appendix A - DHCP options (RFC 2132) A DHCP server can provide optional configurations to the client. Cyberoam provides support to configure following DHCP Options as defined in RFC 2132. To set the options, refer to DHCP Server Enhancements section. Option Number 2 Name Time Offset Description Time offset in seconds from UTC Data Type Four Byte Numeric Value Array of IP-Address Array of IP-Address Array of IP-Address Array of IP-Address Array of IP-Address Array of IP-Address Array of IP-Address String Two Byte Numeric Value String IP-Address String String Boolean Boolean Two Byte Numeric Value 4 5 7 8 9 10 11 12 13 14 16 17 18 19 20 22 Time Ser vers Name Servers Log Servers Cookie Servers LPR Servers Impress Servers RLP Servers Host Name Boot File Size Merit Dump File Swap Ser ver Root Path Extension File IP Layer Forwarding Src route enabler Maximum DG Reassembly Size Default IP TTL Path MTU Aging Timeout MTU Plateau Interface MTU Size All Subnets Are Local Broadcast Address Perform Mask Discovery Provide Mask to Others Perform Router Discovery Router Solicitation Address Trailer Encapsulation ARP Cache Timeout Ethernet Encapsulation Default TCP Time to Live TCP Keepalive Interval TCP Keepalive Garbage NIS Domain Name NIS Server Addresses NTP Ser vers Addresses Vendor Specific Information NetBIOS Datagram Distribution NetBIOS Node Type NetBIOS Scope X Window Font Ser ver X Window Display Manager N/4 time server addresses N/4 IEN-116 server addresses N/4 logging server addresses N/4 quote server addresses N/4 printer server addresses N/4 impress server addresses N/4 RLP server addresses Hostname string Size of boot file in 512 byte chunks Client to dump and name of file to dump to Swap ser ver addresses Path name for root disk Patch name for more BOOTP info Enable or disable IP forwarding Enable or disable source routing Maximum datagram reassembly size Default IP time-to-live Path MTU aging timeout Path MTU plateau table Interface MTU size All subnets are local Broadcast address Perform mask discovery Provide mask to others Perform router discovery Router solicitation address Trailer encapsulation ARP cache timeout Ethernet encapsulation Default TCP time to live TCP keepalive inter val TCP keepalive garbage NIS domain name NIS server addresses NTP ser vers addresses Vendor specific information 23 24 25 26 27 28 29 30 31 32 34 35 36 37 38 39 40 41 42 43 One Byte Numeric Value Four Byte Numeric Value Array of Two Byte Numeric Values Two Byte Numeric Value Boolean IP-Address Boolean Boolean Boolean IP-Address Boolean Four Byte Numeric Value Boolean One Byte Numeric Value Four Byte Numeric Value Boolean String Array of IP-Address Array of IP-Address String 45 NetBIOS datagram distribution Array of IP-Address 46 47 48 49 NetBIOS node type NetBIOS scope X window font ser ver X window display manager One Byte Numeric Value String Array of IP-Address Array of IP-Address 50 Requested IP address Requested IP address IP-Address docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 48/409 ١١٢١٠٢/٤/ 51 52 53 55 56 57 Cyberoam Docs IP Address Lease Time Option Overload DHCP Message Type Parameter Request List Message DHCP Maximum Message Size Renew Time Value Rebinding Time Value Client Identifier Client Identifier Netware/IP Domain Name NIS+ V3 Client Domain Name 65 66 67 68 69 NIS+ V3 Server Address TFTP Ser ver Name Boot File Name Home Agent Addresses Simple Mail Server Addresses 70 Post Office Server Addresses 71 Network News Server Addresses 72 73 74 75 WWW Server Addresses Finger Server Addresses Chat Server Addresses StreetTalk Ser ver Addresses 76 StreetTalk Directory Assistance Addresses StreetTalk directory assistance addresses Array of IP-Address WWW server addresses Finger server addresses Chat server addresses StreetTalk server addresses Array of IP-Address Array of IP-Address Array of IP-Address Array of IP-Address Network news server addresses Array of IP-Address Post office server addresses Array of IP-Address NIS+ V3 server address TFTP ser ver name Boot file name Home agent addresses Simple mail ser ver addresses Array of IP-Address String String Array of IP-Address Array of IP-Address IP address lease time Overload “sname” or “file” DHCP message type Parameter request list DHCP error message DHCP maximum message size Four Byte Numeric Value One Byte Numeric Value One Byte Numeric Value Array of One Byte Numeric Values String Two Byte Numeric Value 58 59 60 61 62 64 DHCP renewal (T1) time DHCP rebinding (T2) time Client identifier Client identifier Netware/IP domain name NIS+ V3 client domain name Four Byte Numeric Value Four Byte Numeric Value String String String String 1.1.2.10. V 10.00 build 0310 Release Dates Version 10.0.0 Build 0310 – 13th September, 2010 Release Information Release Type: General Availability Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: All the Cyberoam Appliance models Upgrade procedure 1. 2. Logon to https://customer.cyberoam.com Click Upgrade URL link, select the appropriate option and follow the on-screen instruction. Compatibility issues Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and upgrade will not be successful. You will receive error if you are trying to upgrade Appliance model CR100i with firmware for model CR500i. Introduction This document contains the pre-release notes for Cyberoam version 10.00.310. The following sections describe the release in detail. This release comes with several bug fixes to improve quality, reliability, and performance. Bugs solved System Bug ID - 4431 Description – After upgrading to version 10.00.0309 from version 10.00.0302, in some specific conditions, Intrusion Prevention System (IPS) stops working. Note: docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 49/409 ١١٢١٠٢/٤/ 1. 2. Cyberoam Docs If there is an IPS issue with existing version 10.00.0309, the new version 10.00.0310 will resolve the issue. However, if one chooses to rollback to version10.00.0309 the issue will not be solved. If upgraded from any earlier versions of Cyberoam to 10.00.0310 and for whatever reason choose to rollback to older version of Cyberoam, in that case one has to manually synchronize IPS using GUI or CLI. Document version – 1.0-13/09/2010 1.1.2.11. V 10.00 build 0309 Release Dates Version 10.0.0 Build 0309 – 13th August, 2010 Release Information Release Type: General Availability Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: All the Cyberoam Appliance models Upgrade procedure 1. 2. Logon to https://customer.cyberoam.com Click Upgrade URL link, select the appropriate option and follow the on-screen instruction. Compatibility issues Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and upgrade will not be successful. You will receive error if you are trying to upgrade Appliance model CR100i with firmware for model CR500i. Introduction This document contains the pre-release notes for Cyberoam version 10.00.309. The following sections describe the release in detail. This X.2 release comes with few enhancements and several bug fixes to improve quality, reliability, and performance. Enhancements 1. Support to Add Unicast Route in Bridge Mode With this version, irrespective of the Cyberoam deployment mode, you can now add unicast route from Web Admin Console. Configuration Add route from Network > Static Route > Unicast page of Web Admin Console. 2. Configurable action for invalid HTTPS traffic Cyberoam can now be configured to accept invalid traffic through HTTPS port i.e. allow traffic not following HTTPS protocol. Configuration CLI command: set service-param HTTPS deny_unknown_proto <on | off> By default, Cyberoam is configured not to relay such traffic i.e. on. When this option is OFF, proxy will relay invalid traffic. 3. 3G Modem updates a) Configurable Serial Interface Now Cyberoam can support those modems that can establish connection on specific serial interface only. Cyberoam provides four serial interfaces as Serial 0, Serial 1, Serial 2, Serial 3. Default Serial Interface is “Serial 0”. Change the Serial Interface from Network > Wireless WAN > Settings page of Web Admin Console. Incase incorrect serial interface is configured, one needs plug-out the modem or reboot Cyberoam appliance. b) PIN code support to unlock SIM card Many operators lock their SIM card to prevent the use of other operator's SIM cards. These kinds of modems can be unlocked with the PIN code for connecting. Specify PIN code from Network > Wireless WAN > Settings page of Web Admin Console. c) Auto-disconnect Modem For few Modems, it is required that modem be disconnected automatically when Cyberoam is rebooted. For this, command is given on CLI as cyberoam wwan set disconnect-on-systemdown <on | off> If ON, modem will get disconnected automatically when Cyberoam gets rebooted and is re-connected once Cyberoam is UP again. By default, it is off. Once WWAN is disabled, value will be reset to default. d) Configurable USB Mode Switch time docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 50/409 ١١٢١٠٢/٤/ Cyberoam Docs Some of the Dual Mode USB Modems are by default shipped in Storage mode. Hence, to use them as Modem, their mode is to be changed. Administrator can configured minimum and maximum time that should be taken to change the mode. cyberoam wwan set minimum-modeswitch-timeout <time in sec> cyberoam wwan set maximum-modeswitch-timeout <time in sec> Default minimum time is 0 seconds while maximum time is 10 seconds. Once WWAN is disabled, value will be reset to default. Behavior Change HTTPS Scanning 1. Now, Certificate Notification will be served to user only if HTTPS scanning is enabled. 2. On migrating from version 9.6.x.x or upgrading from any version of version 10 to v 10.00.30x, HTTPS action will be configured same as the corresponding HTTP action for a Web Category in Web Filter policy. HTTPS action configured in version 10.00.0302 will not be preserved and one will have to manually reconfigure after upgrade. 3. Download File size restriction configured in Web Filter policy will be applicable only if HTTPS scanning is enabled in the corresponding firewall rule for which Web Filter policy is configured. 4. Web Categories – HTTPS Upload, ActiveX, Applets and Cookies, will work only if HTTPS scanning is enabled. Miscellaneous 1. HTTP Proxy Via Header command: set http_proxy add_via_header <on | off> By default, this option will be ON. Commands Removed CLI command – set service-param HTTPS <add | delete | scanning> Bugs solved Application Filter Bug ID - 3247 Description - ACCEPT Plain firewall rule at the top of the list does drops traffic in following condition: when Internet Access policy created with default "DENY ALL" template is migrated from v 9.x to v X Ideally, traffic should be allowed. Backup & Restore Bug ID – 3953 Description – While trying to restore backup received through Microsoft Outlook Mail Client, error “Invalid Backup File” error is displayed. Logs & Reports Bug ID – 3915 Description – If “HTTP Upload” category is denied then in Web Filter logs, for single IP address, multiple records with different actions are displayed. Bug ID – 3994 Description – In Web Usage > Top File Upload report, instead of filename, “NA” is displayed Migration Bug ID – 3681 Description – If Active Directory is tightly integrated with Cyberoam, after migrating to V X, all the users become member of AD default group. Bug ID - 4011 Description – If Active Directory is integrated for Authentication but server details are not configured, after migrating to V X, authentication fails. Proxy Bug ID - 3600 Description – Certain sites like http://www.dreammall.com.tw/ do not open when direct proxy is configured. Bug ID - 3791 Description – After enabling HTTP1.1, it is not possible to access sites even after adding host IP address. System Bug ID – 3631 Description – Due to mismatch in physical and logical port sequence, Interface MAC address changes on soft reboot. To get them back in sequence, one has to hard boot the appliance. This issue is observed in CR250i models only. Bug ID – 3662 Description – When Webcat Signature Version is 0.0, it is not possible to upgrade Web Categorization Database. Bug ID – 3708 Description – System Health Graph for PPPoE Interface are not displayed. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 51/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 3902 Description – Interface graphs are not generated when more than 65 Aliases are bounded to an Interface. Bug ID – 3992 Description – When Cyberoam is deployed as Bridge, even when gateway is reachable, its status is displayed as down i.e. in RED. Web Admin Console Bug ID – 3582 Description – As UDP flood is not hyperlinked on Dashboard doclet - DoS Attack Status, it is not possible to view UDP flood report. Web Filter Bug ID – 3635 Description – Safe Search does not work with the Search Engine - Google. Wireless LAN Bug ID – 4022 Description – It is possible to specify key string longer than the configured key length i.e. if key length is configured as 64 bits then it is possible to specify key of key length of more than 8 characters. Wireless WAN Bug ID – 3135 Description – Gateway failover does not work USB modem is configured as backup gateway. Bug ID - 3496, 3497 Description - USB modems - ZTE MF 636 and Sierra Wireless 598U from Sprint Wireless are not detected. Bug ID – 3958 Description – No provision for configuring Channel (serial port) for the USB Modems. This is required as connectivity with certain USB Modems can be established on specific serial port only. Bug ID – 3979 Description – No provision for configuring PIN for PIN-enabled SIM card. This is required to unlock certain USB Modems. Document version – 1.0-13/08/2010 1.1.2.12. V 10.00 build 0301 and 0302 Release Dates Version 10.0.0 Build 0302 – 5th July, 2010 Version 10.0.0 Build 0301 – 30th June, 2010 Release Information Release Type: General Availability Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: All the Cyberoam Appliance models Upgrade procedure 1. 2. Logon to https://customer.cyberoam.com Click Upgrade URL link, select the appropriate option and follow the on-screen instruction. Compatibility issues Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and upgrade will not be successful. You will receive error if you are trying to upgrade Appliance model CR100i with firmware for model CR500i. Introduction This document contains the pre-release notes for Cyberoam version 10.00.301 and 302. The following sections describe the release in detail. This X.2 release comes with few enhancements and several bug fixes to improve quality, reliability, and performance. Features 1. HTTP/1.1 Compliance To improve the performance by reducing server overhead associated with establishing multiple connections, Cyberoam will be enhanced to support HTTP/1.1 specifications. 2. HTTPS scanning Cyberoam now supports SSL content scanning and inspection to filter HTTPS traffic in the same way as HTTP traffic. It allows administrator to control user access to web sites using encrypted HTTPS protocol. It is also possible to bypass scanning of certain encrypted sites like bank and trading sites. As the access to encrypted sites is based on the certificates, certificate-blocking feature provides a way to specify which HTTPS certificates to block. Hence, apart from blocking the sites based on IP address, it would also be possible to block the sites, which do not provide certificate from the trusted Certificate docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 52/409 ١١٢١٠٢/٤/ Authority. By default, HTTPS scanning is disabled. Configuration Cyberoam Docs 1. Once you upgrade, even if you had enable HTTPS categorization in previous version, it will get disabled. To enable HTTPS categorization from CLI, execute command: set service-param HTTPS scanning on This is the known behavioral change. 2. Enable HTTPS scanning from firewall rule. If you enable HTTPS scanning, you need to import Cyberoam SSL Proxy certificate in Internet Explorer, Firefox Mozilla or any other browsers for decryption on SSL Inspection otherwise browser will always give a warning page when you try to access any secure site. Import certificate for all the Instant Messengers which require certificate. 3. By default, HTTPS traffic will be denied. Update all the Web Filter policies to allow HTTPS traffic. 4. If it is required to bypass HTTPS scanning for any web or file type category, add HTTPS Scanning Exception rule for the required category from Antivirus > HTTP/S > HTTPS Scanning Exception. 5. If you have configured HTTPS service on any other port than 443, traffic on that port will not be scanned. Download - Cyberoam CA Certificate Please refer, How To – Download and Install CA Certificate for details. Behavior SSL Certificate Name mismatch error The name mismatch error indicates that the common name (domain name) in the SSL certificate does not match the address that is in the address bar of the browser. To avoid this error, simply add this site as an exception. Once added as exception, warning will not be displayed next time you access the site. Invalid Certificate error This warning appears when the site is using an invalid SSL certificate. Cyberoam blocks all such sites. To allow access to such sites: 1. Logon to CLI with default credentials 2. Go to Option 4 Cyberoam Console and at command prompt execute the command: set service-param HTTPS invalid-certificate allow Version 9 Catchup features 1. Customizing Client Preferences - HTTP Client option (Page, Pop-up, None) & customize Login Message. Option is provided on Identity > Authentication > Firewall page. Client Login Links from Customize Login Messages page. Option is provided on Identity > Authentication > Firewall page. To accommodate above changes, 3 more pages Firewall, VPN and Admin are added under Identity > Authentication menu. – This solves Bug 2937 2. 3. 4. 5. 6. Clientless User – IP address based Sorting and Searching Auto purge – Provided through iView and can be configured from System > Configuration > Data Management Proactive Reports – Google Search Keywords Dashboard Appliance Information Doclet - Antivirus Engine Information update time Last upgrade status and timestamp for AV/IPS/Webcat Known Behavior Categorization Bug ID - 3664 Description – After upgrading to v 10.00.0301, HTTPS categorization gets disabled if enabled previously. One has to re-enable HTTPS categorization from CLI by executing command: set service-param HTTPS scanning on. Command Line Interface(CLI) over Web Admin Console Bug ID – 2785 Description – If the link speed is slow, sometimes the typed characters are displayed in incorrect sequence. DHCP Bug ID – 2744 Description – IP conflict detection will not work if ICMP is blocked by the firewall. User Bug ID – 1910 Description – In case of Active Directory authentication, when user tries to change password from her MyAccount received error message “current password is invalid”. This happened because user is authenticated by AD and not by Cyberoam and password set in AD and Cyberoam is not same. Web Admin Console Bug ID – 800 Description – On refreshing the page or after deleting a row from the page, the default number of rows to be displayed is changed to default value. For example, if number of rows to be displayed per page is set to 30 then on refreshing the page, value is automatically changed default value 20. Bug ID – 628, 983 Description – Keyboard TAB key cannot be used for moving from one field to another in a page. Bug ID – 2719 Description – Word “WAN” is not displayed properly on Add Firewall Rule page. This is observed only in Google Chrome browser. Bug ID – 1910 Description – Instead of actual reason, a generic message is given at the time of deleting schedule. For example, Message - Schedule(s) are in use could not be deleted, is given. Ideally the message should be “Schedule cannot be deleted. It is used in a Firewall rule.” or “Schedule cannot be deleted. It is used in a Web Filter policy.” docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 53/409 ١١٢١٠٢/٤/ Cyberoam Docs Bugs solved Build 302 Command Line Interface (CLI) Bug ID – 3413 Description – There is no limit on number records to be dumped in a text file created through tcpdump command. Due to this, partition became full. Migration Bug ID – 3723 Description – It was not possible to upgrade even after restoring backup of version 10.00.0 build 227 to 10.00.0.301. System Bug ID – 3482 Description – If default CA is updated after generating self-signed certificate, it is not possible to recreate certificate with the same name. Build 301 Antispam Bug ID - 3568 Description - Domains with more than 6 characters after "." (dot) cannot be added as trusted domains. For example test.cyberoam Backup & Restore Bug ID – 3218 Description – When factory default IP address is bounded to any of the Interface in V 9..x.x.x, it was not possible to restore backup of V 9.x.x.x on V 10.X. Bug ID – 3353 Description – Backup taken over FTP is uploaded with the generic filename as “backup.cyberoam” which made it difficult to identify backup date. Ideally, filename should include appliance key and date & time on which backup is taken e.g. C0000000-FHEU.05022010 Command Line Interface(CLI) over Web Admin Console Bug ID – 2776 Description - Format mismatch in advanced firewall configuration parameters when CLI console is accessed through Telnet and HTTP Interface. For example, when CLI is accessed over Telnet, parameters are displayed with special character underscore (_) e.g. source_network, while parameters are displayed without underscore e.g. source network, when CLI is accessed over HTTP Interface. Firewall Bug ID – 225 Description – Instead of actual reason, a generic message is given at the time of deleting schedule. For example, Message - Schedule(s) are in use could not be deleted, is given. Ideally the message should be “Schedule cannot be deleted. It is used in a Firewall rule.” or “Schedule cannot be deleted. It is used in a Web Filter policy.” Bug ID – 2426 Description – All the default hosts - ##ALL_RW, ##ALL_IPSEC_RW, ##ALL_SSLVPN_RW, are not displayed on Manage Host page but Firewall rule can be configured for them. Bug ID – 2897 Description – After changing the IP address of Local Interface, Captive Portal page becomes inaccessible. Group Bug ID – 3178 Description – Groups migrated from V 9.x.x.x could not be deleted. Instant Messaging Bug ID - 3498 Description - Keywords configured in Content filtering are not blocked Logs & Reports Bug ID – 2784 Description – Reports are not mailed to the configured email address. Bug ID – 3195 Description – Total Usage Summary doclet of Dashboard is displayed without any data. Bug ID - 3368 Description – Google Search report does not include keywords searched in Google over SSL. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 54/409 ١١٢١٠٢/٤/ Cyberoam Docs Migration Bug ID - 3303 Description - After migrating to v X from v 9.x.x.x, SSL VPN tunnel mode connections are not established due to authentication failure. SSL VPN Bug ID – 2497 Description – Even when SSL VPN AAM client requires JAVA, appropriate message is not flashed if JAVA is not installed on client machine. System Bug ID – 1383 Description – When Cyberoam is deployed as Bridge, after removing VLAN interface, Network layer commands do not work. Bug ID – 2000 Description – Some of the HTTP protocol Anti Virus logs are displayed without virus name and URL. Bug ID – 2144 Description – Following functionality of SNMP are not working: diskCapacity, diskPercentUsage, sysServices, haMode, linkupdown, serviceFail. Bug ID – 2908 Description – At the time of adding VLAN interface, Administrator has to select Zone. Ideally, default value should be the same as Parent Interface. Bug ID – 3016 Description – Mismatch in time displayed on Dashboard - System Status doclet on Web Admin Console and System time. Bug ID - 3327 Description - User My Account details is flushed on rebooting the appliance. Bug ID – 3273 Description – Special character “-“ is not supported in PPPoE username configured from Network > Interface page of Web Admin console. Bug ID - 3372 Description - At the time of upgrading from version 10.00.273 from 10.00.227 if appliance-specific firmware is not uploaded, wrong message "Failed to load new firmware: Errorcode: 11" is displayed. Translation Bug ID – 3493 Description – Identity > User page of French GUI was not completely translated. User Bug ID – 2735 Description – It is not possible to configure Active Directory Domain without top level domain. For example, one needs to configure as “cyberoam.com” and cannot configure just “cyberoam” as domain name. Bug ID – 2969 Description – It was possible to configure only two authentication servers. Now, limit is increased to 20 servers. Bug ID – 3272 Description – If Active Directory domain name includes capital letter, users are not authenticated and so not bale to access the Internet. Bug ID - 3396 Description – Authentication server Domain name cannot be configured with more than 5 characters after "." (dot). For example myserver.cyberoamlocal VPN Bug ID – 3067 Description – Administrator is forced to specify password even when she just wants to view and does not want to modify any parameters of PPPoE configuration. Bug ID – 3092 Description – Administrator is forced to specify preshared key even when she wants to view the policy details or when wants to modify other than preshared key details. Bug ID - 3101 Description – VPN connection cannot be established if remote peer is assigned IP address dynamically i.e. DYDNS is configured on peer VPN gateway Bug ID – 3301 Description – Connection button on L2TP Connection was clickable. Ideally, it should not be clickable. Bug ID - 3292 Description - In Version X, "RoadWarrior" is replaced by "RemoteAccess" in IPSec connection. But, default policy is not renamed from "DefaultRoadWarrior" to "DefaultRemoteAccess". Web Admin Console Bug ID – 1706 Description – Backup Gateway and Routing Policy details are displayed on the firewall rule page even when Cyberoam is deployed as Bridge. Ideally, these details should not be displayed as they are not supported when Cyberoam is deployed as Bridge. Bug ID – 2701, 2702, 2703, 2705, 2706 Description – Usage of backspace or delete button in various Calendar controls displays incorrect warning message and has different behavior in different docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 55/409 ١١٢١٠٢/٤/ browsers. Cyberoam Docs Bug ID – 2704 Description – OK and Cancel button are incorrect placed at the end of page in Edit Application Filter Policy page. Bug ID – 3064 Description – Status messages were not visible and it was not possible to differentiate between successful and error message. Now standard color scheme is used for status message. Error messages will be displayed in Red fonts while successful messages in green fonts. Bug ID – 3145 Description – License Information doclet on Dashboard displays date in incorrect format as "April 2011 30". Ideally, date should be displayed as "April 30, 2011" Bug ID – 3238 Description – On clicking “Back” button of the browser, browser displays current page menu with contents of previously loaded page. Solution – For Browsers – Internet Explorer, Opera and Firefox, on clicking “Back” button of the browser, browser will re-load current page while for Google Chrome and Safari, Cyberoam login page will be displayed. Web Filter Bug ID – 2427 Description – Special characters including ‘_’ are not allowed in custom Web category name; but appropriate message is not displayed. Bug ID – 3480 Description – Deny message is not displayed when one attempts to access secure sites. 1.1.2.13. V 10.00.0273 Release Date: 26th Maya, 2010 Release Information Release Type: General Availability Compatible versions: 10.0.0227 onwards Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: All the Cyberoam Appliance models Upgrade procedure 1. 2. Download Appliance model-specific firmware from http://customer.cyberoam.com. Upload the firmware (downloaded in step 1) from Web Admin console (menu System > Maintenance > Firmware) and boot the appliance to apply the firmware. Compatibility issues Firmware is Appliance model-specific firmware. Hence, firmware of one model will not be applicable on another model and upgrade will not be successful. You will receive error if you are trying to upgrade Appliance model CR100i with firmware for model CR500i. Introduction This document contains the pre-release notes for Cyberoam version 10.00.0273. The following sections describe the release in detail. This X.1 release comes with few enhancements and several bug fixes to improve quality, reliability, and performance. Features and Enhancements 1. Traffic Discovery for Live connections Cyberoam provides traffic discovery to view live connection traffic pattern and monitor network traffic passing through Cyberoam. It helps in determining the amount of network traffic generated by an application, IP address or user. It helps detecting and resolving any activity that does not align with your organization's policies and locate bandwidth hogs and isolate them from the network if necessary. 2. Session-based IPS control From this version, Cyberoam-IPS will detect signature matching traffic and take action on traffic session apart from traffic packet. For this, two additional actions can be configured as follows: Drop session - Cyberoam-IPS automatically drops and resets the session and prevents the traffic to reach its destination, if detects any traffic that matches the signature. Bypass mode - Cyberoam-IPS detects and logs any traffic that matches the signature, but does not take any action against the traffic and the session proceeds to its intended destination. 3. Application based Bandwidth Management docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 56/409 ١١٢١٠٢/٤/ Cyberoam Docs Cyberoam now provides a way to create application-specific policies to regulate web browsing and file transfer. It enables application layer bandwidth management and allows to create policies for any application. This helps avoid network congestion and web-based threats when employees surf non-business-related web sites. For the granular control, it is also possible to limit bandwidth per user per application. For example, you can allow the usage of all the Instant Messengers but can limit the bandwidth used of two IMs -Yahoo Messenger and jabber for a specific user. Similarly, you can restrict the bandwidth usage for the streaming media, which impacts legitimate business by using valuable bandwidth. 4. IPS Signature information IPS signature name is now hyperlinked to provide its details. Version 9 Catchup features Traffic discovery – Only live connections AV version information AV & AS Quarantine Area – total utilization Web Category - Search URL Corporate Client Downloadfrom MyAccount Dashboard doclet - Usage Summary (HTTP hits, Search Engine Queries) Backup over Mail IPS Signature details link Editable IP address of Clientless user By default 50 users list on Live Users page L2TP connection report - Data transfer details Web Category – “IPAddress” category Tool tip Firewall rule page for host, host group and Identity column User search based on IP address Web Surfing Report 1. User wise Site wise/HTTP data Transfer /HTTP hits by content type / HTTP File upload 16. Audit Logs 1. GUI Audit logs 2. Service Restart Logs 1. 2. 3. 4. 5. 6. 7. 8. 9. 10. 11. 12. 13. 14. 15. Bugs solved Anti Spam Bug ID – 2468 Description – Unlimited character are allowed in the “POP3 / IMAP Mails greater than size” field on Antivirus Mail Configuration page. Bug ID – 2469 Description – Alphabets and special characters are allowed STMP, POP3/IMAP mail size. Ideally only numeric values should be allowed. Bug ID – 2477 Description – In Anti Spam general configuration, even the blank header is allowed. Ideally, it should not be allowed. Bug ID – 2631 Description – In Spam Rule, when SMTP action is set to “Change Recipient”, even invalid email address can be configured for new recipient. Bug ID – 2669 Description – In Anti Spam general configuration, even the invalid header is allowed. Command Line Interface (CLI) Bug ID – 2675 Description – Ping is successful even after shutdown (from CLI console). Firewall Bug ID – 1365, 2866 Description – Instead of actual reason, a generic message is given at the time of deleting schedule. For example, Message - Schedule(s) are in use could not be deleted, is given. Ideally the message should be “Schedule cannot be deleted. It is used in a Firewall rule.” or “Schedule cannot be deleted. It is used in a Web Filter policy.” Bug ID -1955 Description – Dashboard doclet - DoS Attack Status, does not display source and destination information for SYN and UDP flood. Bug ID – 2851 Description – Incorrect Tip is provided on Add Trusted MAC page. Group Bug ID – 2792 Description – Instead of actual reason, a generic message is given at the time of deleting Group. Intrusion Prevention system Bug ID – 2452 Description – IPS Custom signature format (syntax) tip is not provided. Logs & Reports docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 57/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 2065 Description – Dashboard doclets - Recent HTTP Viruses detected and Recent Mail Viruses detected, display the detected virus information but are not displayed in Web Virus and Mail virus reports. Bug ID – 2615 Description – Filter icons are not aligned on the Compliance reports pages in Cyberoam-iView. Bug ID – 2807 Description – When Cyberoam is integrated with Active Directory for authentication, it is not possible to login into Cyberoam-iView if username is provided without domain name. Network Configuration Wizard Bug ID – 1544, 2846 Description – Cyberoam appliance image is not displayed in Network Wizard. This behavior is observed only in Internet Explorer version 8 browser. PPPoE Bug ID – 1740 Description – Appliance becomes inaccessible after updating PPPoE configuration. Quarantine Bug ID – 2842 Description - Mails with blank subject line are detected are quarantined but are not displayed in Quarantine Mail area. Role based ACL Bug ID – 2822 Description - Firewall page displays Tool tips improperly if the Administrator does not have sufficient rights for the page. For example, if Administrator does not have read or read-write permission for Web filter policy, then web filter policy tip is not displayed properly. Bug ID – 2823 Description – Even though Administrator has just the Read permission for “Network”, she can configure Gateway Failover timeout. Bug ID – 2876 Description – At the time of adding new profile, if the profile name already exist then duplicate name message is given but it is not allowed to change the name. Ideally, it should allow to change the profile name. SSL VPN Bug ID – 2633 Description – URL format Tip is not provided on Add Bookmark page of Web Admin Console. System Bug ID – 2204 Description – Web Admin console becomes inaccessible on non-80 port Virtual host Bug ID – 2525 Description – When a VLAN interface is unbounded, nothing is displayed in its status column. Ideally, it status should change to ‘’Down Auto-negotiated”. Bug ID – 2770 Description – Screen elements on the Edit NAT policy page are not aligned. Bug ID – 2778 Description – System Status doclet on Dashboard displays “null” for Live Connected Users. Bug ID – 2779 Description – Special characters like "* (} | ! @ ~ # %" cannot be included in Certificate and Certificate Authority password. Bug ID – 2788 Description – “Reports” link on Dashboard in not hyperlinked. Bug ID – 2836 Description – Auto updates for Anti Virus Signature is not available for Cyberoam Appliance model CR25ia. Bug ID - 2849 Description - On Factory reset, appliance does not get unregistered. Ideally, appliance should be unregistered on factory reset. User Bug ID – 1990 Description – When external authentication server ADS-Citrix is used in Cyberoam, live users page displays a user with username as administrator, which is automatically logged in. Bug ID – 2757 Description – My Account portal does not provide link to download Cyberoam Corporate client for Windows Vista and Windows 7 OS. Bug ID - 2854 Description - If Email ID is not provided in CSV file at the time of importing users, null is displayed in Email field. VPN Bug ID – 1744 Description – If the host IP address is changed after establishing Net-to-Net tunnel, connection gets deactivated. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 58/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 2668 Description – Common icon (Amber bulb) for failed tunnel connection and activated tunnel. Ideally, two different icons or symbols should be used. Bug ID – 2801 Description – VPN Logs are not available. Bug ID – 2832 Description – VPN Failover page displays “Net-to-Net” instead of “Site-to-Site”. Web Admin Console Bug ID – 1889 Description – Web Admin Console ports can be assigned any numeric value. Ideally, only 80 and 443 port numbers should be allowed for HTTP and HTTPS ports respectively. Bug ID – 2292 Description – Dynamic DNS page of Web Admin console does not displayed the updated DDNS Host IP address. Bug ID – 2421 Description – Firewall rule Enable/Disable icon color changes as per the GUI Theme, which is confusing. Ideally, standard colors should be used. Bug ID – 2483 Description – Keyboard TAB key cannot be used for moving from one field to another in a page. Bug ID – 2451 Description – Spelling mistake in the message at the time adding schedule. It reads as “ minute not grater then 59”. It should read as “Minutes cannot be greater than 59”. Bug ID – 2641 Description – Proper spacing is missing between screen elements and Tip on the Default Certificate Authority page. Bug ID – 2672 Description – Manage Group page displays horizontal scroll bar when not needed. This is observed in Internet Explorer browser only. Bug ID – 2677 Description – Add Application filter policy and QoS policy page displays vertical scroll bar when not needed. This is observed in Internet Explorer browser only. Bug ID – 2678 Description – Proper spacing is not provided between two screen elements on the Edit QoS policy page. Bug ID – 2684 Description - Screen elements are not properly aligned on Add Spam Rule page. Bug ID – 2685 Description – Warning messages across the GUI are not consistent. Bug ID – 2686 Description – On Add Alias page, on mouse over to Cancel button, button color does not change completely. Bug ID – 2699, 2702, 2705 Description – Usage of backspace or delete button in various Calendar controls displays incorrect warning message and has different behavior in different browsers. Bug ID – 2704 Description – OK and Cancel button are incorrect placed at the end of page in Edit Application Filter Policy page. Bug ID – 2714 Description – No alignment on Manage IPSec Connection page. Bug ID – 2717 Description – Users are not listed in correct order (ascending or descending) on Manage User Page. Bug ID – 2718 Description – The Information icon is not aligned on the Add User page. This is observed only in Google Chrome browser. Bug ID – 2847 Description – When consecutive multiple separators are added in File extension, incorrect message is displayed. Bug ID – 2852 Description – On live users page, even when “Records per Page” is set to 20, only 10 records are displayed per page. 1.1.2.14. V 10.00 - For CR15wi, CR15i, CR25i only Release Dates Version 10.00 Build 232 – 23rd April, 2010 (CR15i appliances) Version 10.00 Build 231 – 20th April, 2010 (CR15wi appliances) Version 10.00 Build 230 – 17th April, 2010 (CR25i appliances) Release Information docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 59/409 ١١٢١٠٢/٤/ Cyberoam Docs Release Type: General Availability Compatible versions: 9.6.0.78 – CR25i 9.5.8.68 – CR15i CR15wi models will be shipped with this version only. Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: Cyberoam Appliance models - CR15wi, CR15i and CR25i Upgrade procedure Please note that once the appliance is upgraded to Version 10, Rollback to Version 9 is not possible. 1. Go to Web Admin Console and take backup of v 9.6.x.x from System > Manage Data > Backup Data. For real-time conversion of v9 backup to v10 compatible backup, browse to data migration site (http://v9migration.cyberoam.com) and upload v9 backup file. Note: If you are upgrading fresh v9.x appliance i.e. without custom configuration and data, skip step 1. 2. 3. 4. 5. Download Appliance model-specific firmware from http://customer.cyberoam.com. Upload the firmware (downloaded in step 2) from Web Admin console (menu Help > Upload Upgrade). Once the file is uploaded successfully, log on to CLI console and go to the menu “Option 6 Upgrade Version” and follow the on-screen instructions to upgrade. Appliance will be uploaded with factory default firmware i.e. appliance will come up with the factory default setting. Note: If you are upgrading fresh v9.x appliance i.e. without custom configuration and data, skip rest of the steps. After this step, your appliance is ready for use. Restore the v10 compatible backup from Web Admin console (menu System > Maintenance > Backup & Restore) To view the version 9.x reports, browse to http://<Cyberoam IP>/reports and to view reports generated after version upgrade go to Logs & Reports > View Reports. This option will not be available for CR15i models. 8. To view the version 9.x quarantined mails go to Antivirus > Quarantine > V 9 Quarantine while to view the mails quarantined after version upgrade go to Antivirus > Quarantine > Quarantine. This option will not be available for CR15i models. 6. 7. Compatibility issues Appliance model-specific firmware and hence firmware of one model will not be applicable on another model. Upgrade will not be successful and you will receive error if you are trying to upgrade Appliance model CR100i with firmware for model CR500i. Introduction This document contains the release notes for Cyberoam version 10.00. The following sections describe the release in detail. This will be a key release with architectural changes, new features and enhancements that improves quality, reliability, and performance. Features and Enhancements 1. Wireless LAN Support (for CR15wi models only) Cyberoam has introduced a new model CR15wi as a wireless security gateway with the support of three wireless protocols called IEEE 802.11n, 802.11b and 802.11g. By functioning as an access point, secure wireless gateway and firewall, it provides real-time network protection and high-speed wireless connectivity without compromising performance and cost. Apart from the access point, by integrating with firewall, CR15wi delivers comprehensive protection to small, remote and branch office users from threats like malware, virus, spam, phishing, and pharming attacks. CR15wi models, by default include one wireless interface called WLAN1. When deployed in gateway mode it can support up to seven additional wireless interfaces while in bridge mode no additional wireless interface can be added. Wireless interface can also act as a DHCP server or relay for its clients. Configuration 1.Configure Wireless LAN General Settings from Settings page. These general configurations are common to all the access points including the default WLAN1. 2. Please note that as Wireless Interface is member of LAN zone all the firewall rules applicable to LAN zone will be applicable to the traffic for this interface also. Appliance Access set for the LAN will be applicable to this interface also. 2. Email Archiving (for CR15wi, CR15i, CR25i models only) As email being the primary communication channel, Corporate email archiving is an integral part of the business flow. Four major reasons for an organization to archive its email are compliance, litigation support, storage management and knowledge management. Itensures that the organization has a centralized and accessible copy of all its email.This provides additional protection against accidental or intentional deletion of emails by its employees and preventing the data leakage. With Cyberoam, Administrator can now archive all the email, emails of a specific recipient or a group of recipients coming into the organization. This will help in preventing data leakage. Cyberoam can archive all emails intended for a single or multiple recipients and can be forwarded to the single administrator or multiple administrators. Configuration 1. Configure Email Archiving rule for a single mail recipient or all the recipients and the email address at which all the mails are to be forwarded for archiving. 3. DHCP Server Logs (for CR15wi, CR15i, CR25i models only) For monitoring and troubleshooting the DHCP lease traffic, Logging functionality is extended to include DHCP Server events log. With the inclusion of DHCP Server log, Cyberoam can now log following different network activities and traffic including: overall network traffic i.e. firewall and traffic discovery, IPS anomaly and signature, anti virus - URL and mails blocked, spam filtering and content filtering - access allowed and blocked. The DHCP event log contains events that are associated with activities of the DHCP service and DHCP server, such as DHCP leases, renewal and expiry. As DHCP logs are included in System logs they can be viewed from System logs under Log Viewer page of Web Admin console. 4. Firmware-based Upgrades All the upgrades after this version will now be firmware based i.e. version can be upgraded directly to the latest version. Firmware will be Appliance-specific and hence firmware of one model will not be applicable on another model. For example, if the latest released version is 10.1.0.16 and current version in your Appliance is 10.0.0.2 then with this upgrade you will be able to directly upgrade to the latest version 10.1.0.16 instead of upgrading each intermediate version individually. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 60/409 ١١٢١٠٢/٤/ Cyberoam Docs There will be support of multiple firmware residing on the appliance, so the Administrator will be able to switch between the firmware if needed. Apart from that, upgrade and downgrade will now also be more stable and robust as entire Operating system is converted into bootable firmware (Starting from boot up sequence / BIOS). 5. GUI Revamp To improvise usability, a good portion of Web UI has been re-organized. This will also provide a more user-friendly approach to layout, menu and screens. New GUI will be based on Web 2.0 concept and components. 6. GUI Themes Cyberoam now provides Themes page to quickly switch between predefined themes. Each theme comes with its own custom skin, which provides the color scheme and font style for entire GUI i.e. navigation frame, tabs and buttons. You can choose from 2 themes – Cyberoam Standard and Cyberoam Classic. Configuration The default “Cyberoam Standard” theme can be changed from Options under System menu from Web Admin Console. 7. Role Based Access Control To offer greater granular access control and flexibility, from this version onwards, Cyberoam provides role-based administration capabilities. It allows an organization to separate super administrator's capabilities and assign through Profiles. Profiles are a function of an organization's security needs and can be set up for special-purpose administrators in areas such as firewall administration, network administration, logs administration. Profiles allow to assign permissions to individual administrators depending on their role or job need in organization. The profile separates Cyberoam features into access control categories for which you can enable none, read only, or read-write access. For ease of use by default, Cyberoam provides 4 profiles: · Administrator – super administrator with full privileges · Security Admin – read-write privileges for all features except Profiles and Log & Reports · Audit Admin – read-write privileges for Logs & Reports only · Crypto Admin – read-write privileges for Certificate configuration only Configuration 1. Custom profiles can be created and managed from the Profile page of Administration menu 2. Assign profile (created in step 1) to user from the User page of Identity menu 8. Multiple Authentication support This feature allows administrator to configure authentication based on the type of user – Firewall, VPN and SSL VPN and with multiple servers. User level authentication can now be performed using local user database, RADIUS, LDAP, Active Directory or any combination of these. Combination of external and local authentication is useful in the large networks where it is required to provide guest user accounts for temporary access while a different authentication mechanism like RADIUS for VPN and SSL VPN users provides better security as password is not exchanged over the wire. In case of multiple servers, administrator can designate the primary and optionally the secondary server. If primary server cannot authenticate the user then only secondary server will try to authenticate. If secondary server cannot authenticate the user then Cyberoam refuses the access. By default, primary authentication method is “Local” while secondary authentication method is “None”. Configuration 1. Configure authentication server i.e. RADIUS, LDAP or Active Directory 2. Integrate external authentication server with Cyberoam and configure primary and secondary authentication method for Firewall, VPN and SSL VPN traffic from Authentication page of Identity menu from Web Admin console. 9. Thin Client Support Cyberoam can now authenticate hosts connecting remotely through Microsoft Terminal Server (Microsoft TSE) – Windows server 2003 and Citrix Presentation Server and apply all the identity-based security policies to monitor and control the access. Solution can be implemented for all the user types – HTTP, Single Sign On (SSO) and Clientless SSO (CTAS). Configuration 1. Download Client from http://download.cyberoam.com/beta/catc and install on Microsoft Terminal Server (Microsoft TSE) or Citrix Presentation Server 2. Configure Cyberoam for communication between the two from CLI using the command: cyberoam auth thin-client add citrix-ip <ip address of citrix server> 10. IM Logging and Control for Yahoo and WLM All Instant Messaging communication happening over Yahoo IM and Windows Live Messenger traffic can now be scanned, logged and controlled too. Cyberoam also provides an option to enable inspection of IM traffic on non-standard ports. For details, refer to section Traffic Inspection on non-standard port. The feature would allow Administrators to 1. 2. 3. 4. Log all communication between specific set of users, over either Yahoo or WLM. Control who can chat with whom Have granular control over the form of communication i.e. chat, voice or video. For example, chat can be allowed between Sales and Marketing team but it can be denied between Sales and Accounts team. Configuration 1. Add IM contacts or IM Group for whom rules are to be created 2. Define Conversation rule to allow or deny 1-to-1 or group Chat conversation between IM contacts added in step 1 3. Define File transfer rule to allow or deny file transfers between IM contacts added in step 1 4. Define Webcam rule to allow or deny the usage of Web camera between IM contacts added in step 1 5. Define Login rules to allow specific Yahoo/MSN contacts to login to their servers. By default, access to Yahoo and MSN chat is denied to all the contacts. 6. Define content filtering rules The scanned IM logs can be viewed from Log Viewer page. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 61/409 ١١٢١٠٢/٤/ Cyberoam Docs Limitations 1. File transfer and web camera usage not supported for Windows Live Messenger v 2009 2. No support for File transfer logging 3. No file archive support 4. Yahoo traffic will be scanned only if HTTP scanning is enabled. 11. IPv6 Traffic Forwarding support From this version onwards, Cyberoam supports forwarding of IPv6 traffic and Appliances will be “IPv6 Ready” certified for Phase II. IPv6 is version 6 of the Internet Protocol. It is an Internet Layer protocol for packet-switched internetworks. It has a larger address space than standard IPv4 hence can provide billions more unique IP addresses than IPv4. This results from the use of a 128-bit address, whereas IPv4 uses only 32 bits. The internet is currently in transition from IPv4 to IPv6 addressing. Cyberoam allows configuring IP address using following notations: Standard notation Compressed notation Represent the address as eight groups of 4 hexadecimal digits For example: 0EDC:BA98:0332:0000:CF8A:000C:2154:7313 If a 4 digit group is 0000, it may be omitted. For example 3f2e:6c8b:78a3:0000:1725:6a2f:0370:6234 can be written as 3f2e:6c8b:78a3::1725:6a2f:0370:6234 4f7e:6c8b:79a3:0000:1725:0000:0370:6234 can be written as 4f7e:6c8b:79a3::1725::0370:6234 Mixed notation IPv4 addresses that are encapsulated in IPv6 addresses can be represented using the original IPv4 ``.'' notation as follows: For example 0:0:0:0:0:0:127.32.67.15 0:0:0:0:0:FFFF:127.32.67.15 It is also possible to use the compressed notation, so the addresses above would be represented as: ::127.32.67.15 ::FFFF:127.32.67.15 Configuration To Implement IPv6, one simply needs to assign IPv6 IP addresses to an Interfaces using CLI command as cyberoam ipv6 interface Port <port number> <ip address> E.g. cyberoam ipv6 interface PortB address add 3ffe:501:ffff:101:290:fbff:fe18:5968/64 Additional commands 1. Create Prefix list for the Interface cyberoam ipv6 interface Port <port number> prefix add <ip address> e.g. cyberoam ipv6 interface PortC prefix add 3ffe:501:ffff:101::/64 2. Configure IPv6 Routing Add Router cyberoam ipv6 route add <ip address> e.g. cyberoam ipv6 route add 3ffe:501:ffff:101::/64 gateway fe80::210:f3ff:fe08:7d6c interface PortC Configure router advertisement cyberoam ipv6 interface Port<port number> router-adv send-adv enable e.g. cyberoam ipv6 interface PortC router-adv send-adv enable 3. Test connection with pin6 ping6 3ffe:501:ffff:100:20d:48ff:fe36:59a4 4. Tunnel IPv6 traffic over an IPv4 network: cyberoam ipv6 tunnel add <tunnel-name> remote-ip <ip address v4> local-ip <ip address v6> 12. SSL VPN Updates 12.1 Application Access Mode From this version onwards, Cyberoam now allows remote access to different TCP applications over Application Access Mode. As application is launched in a web browser, it offers a clientless network access. The feature comprises of an SSL daemon running on the Cyberoam appliance and AAM Client running at the Client side to establish a secure tunnel. AAM Client is a Java Applet Thin client which requires JRE 1.4.2. Application access allows remote access to different TCP based applications like HTTP, HTTPS, RDP, TELNET e.g. telnet.exe, SSH e.g. putty, secureCRTand FTP (Passive mode) without installing client. Server side Configuration 1. Add Applications as Bookmarks 2. Select Application Access mode in VPN SSL policy docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 62/409 ١١٢١٠٢/٤/ 3. Assign policy to the User or Group Cyberoam Docs For administrators, Cyberoam Web Admin console provides SSL VPN management. Administrator can configure SSL VPN users, access method and policies, user bookmarks for network resources, and system and portal settings. Prerequisite (Remote User) For remote users, customizable End User Web Portal enables access to resources as per the configured SSL VPN policy. · Microsoft Windows supported – Windows 2000, Windows XP, Windows 7, Windows Vista and Windows Server 2003. · Admin Rights Required – Remote user must be logged on as Admin user or should have Admin privilege. · JRE Installation – Java Runtime Environment V 1.5 or below. 12.2 Save User Credential option for Remote Users To remove the hassles to type username and password every time for login, option to save username and password is provided on the SSL VPN client. 12.3 Auto-start SSL VPN connection Auto-start SSL VPN option is provided to automatically establish the SSL VPN connection whenever Client system starts. One needs to save username and password to enable auto-start functionality. 13. 3G device support on WAN With introduction of 3G (Third Generation) support, Cyberoam now delivers twin protection for high-speed secure wireless WAN (WWAN) combined with highperformance UTM. It not only secures the wireless connection but also inspects and encrypts the traffic over the wireless network. Hence, Cyberoam now supports set of security policies over both wired as well as wireless networks. It works with wireless access points from any vendor to provide security and hence achieve broadband connectivity via high-speed wireless networks where wiredbroadband connections are not available. The WWAN can be used by: 1. People constantly on the road for business or pleasure and cannot be without web connection 2. Ideal for users away from home needing to connect virtually anywhere in their coverage area 3. Temporary network where pre-configured connection is not available like trade-shows 4. Mobile and cellular networks to utilize cellular technology to securely transfer data or connect to the Internet 5. WAN failover connection Wireless WAN support requires a contract with a wireless service provider. Check Appendix A for supported wireless service providers. Configuration 1. Pre-requisite – Cyberoam deployed in gateway mode 2. Enable WWAN from CLI with command: cyberoam wwan enable 3. Re-login to Web Admin console 4. Configure WWAN Interface settings from Network > Wireless WAN > Settings page 5. Once the connection is established, system host - #WWAN1 and WWAN1 Interface will be automatically added with the IP address 0.0.0.0 and 6. As WWAN1 Interface will be the member of WAN zone, all the firewall rules configured for the WAN zone will be applicable to WWAN1 Interface. 7. Additional firewall rules can be configured for host - #WWAN1 14. Integration with Cyberoam-iView for Logging and Reporting Cyberoam is now integrated with Cyberoam-iView to offer wide spectrum of 1000+ unique user identity-based reporting across applications and protocols and provide indepth network visibility to help organizations take corrective and preventive measures. It provides network administrators with the information they need to enable the best protection and security for their networks against attacks and vulnerabilities. Cyberoam Administrator can also choose to restrict visibility of logs and reports to an administrator who manages Cyberaom-iView through Role base Access Control. For example, create a profile with read-write access for Log & Reports pages and assign to an Administrator who is required to manage reports through Cyberoam-iView. This feature can be very useful in an MSSP scenario. Cyberoam-iView can be accessed by clicking “Reports” on the topmost button bar on each page or from View Reports page under Logs & Reports menu. Administrator has to login to Cyberoam-iView with the default username & password for Cyberoam-iView – admin, admin and not with the Cyberoam username and password. 15. Customer My Account Portal for Registration & Subscription Customer My Account portal (http://customer.cyberoam.com) now supports creation of Customer Account and registration of the Appliance and allows to subscribe to various modules. In the earlier versions, one had to do register and subscribe from the Appliance itself. One can also register additional appliance through the portal itself. Two step process 1. For creation of customer account and registration of appliance, “Registration” option is provided on the home page while to subscribe for modules, one has to login from the home page with the credential - email id and password, set at the time of creating customer account. 2. Synchronize the registration and subscription details on Appliance from Web Admin console. 16. External Authentication support for Administrator Cyberoam Administrators can now be authenticated by the external authentication server -RADIUS, LDAP, Active Directory. With the support of configuring multiple authentication servers, it is also possible to configure combination of external and local authentication for the administrators. In case of multiple servers, administrator can designate primary and optionally the secondary server. If primary server cannot authenticate the user then only secondary server will try to authenticate. If secondary server also cannot authenticate the user then Cyberoam refuses the access. By default, primary authentication method is “Local” while secondary authentication method is “None”. 17. Support to mitigate HTTP-based DDos Attack DoS attacks to Web services known as HTTP flood attack pose a serious threat to Web site owners and hosting providers. In this type of attacks, malicious clients send a large number of HTTP-GET requests to the target Web server automatically making it difficult or impossible for legitimate visitors to access it, disrupt server operation docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 63/409 ١١٢١٠٢/٤/ Cyberoam Docs and apparently cause costly data transfer and bandwidth overages and can negatively impact the confidence of that site's visitors, doing incalculable damage to the site's reputation. While simplistic packet-based attacks can be more easily mitigated upstream, with an HTTP-based attack it is often difficult to distinguish attack traffic from legitimate HTTP requests as these HTTP-GET requests have legitimate formats and are sent through normal TCP connections. Hence, Intrusion Detection Systems also cannot detect them. To detect such attacks, Cyberoam identifies such attacks based on rate of HTTP requests per source IP or number of HTTP requests per TCP connection. Number of requests higher than the configured rate is considered as attack and the traffic is from the said source is dropped. One can either configure allowed number of connections or for granular controls can configure allowed number of requests per Method – GET and PUT. Configuration From CLI, set number of connections and HTTP method with the commands: set http_proxy dos add connection <number of connections> set http_proxy dos add method <GET | POST> <number of requests> 18. Traffic Inspection on non-standard ports By default, Cyberoam inspects all inbound HTTP, HTTPS, FTP, SMTP, POP and IMAP traffic on the standard ports. However, many applications scan for open ports for malicious purposes. For example, worms and trojans often use non-standard HTTP port to pass remoet commands and fetch data from remote sites. For phishing attempts, fraudulent websites hosted on non-standard HTTP ports to lure customers to submit and disclose their personal information. To protect from such attacks, Cyberoam now provides option to enable inspection of HTTP, HTTPS, FTP, SMTP, POP, IMAP, IM – MSN and Yahoo traffic on nonstandard port also. Configuration From CLI, use the command set service-param <service> <add | delete> <port number> 1. Maximum 16 ports can be configured per service 2. Same port cannot be configured for across the services e.g. if HTTP is configured for port 8080 then it cannot be configured for any other service. 3. Following default ports cannot be configured for any services: 21, 25, 80, 110, 143 19. Protection of BGP Sessions via the TCP MD5 Signature Since BGP uses TCP as its transport protocol, it is vulnerable to all security weaknesses of the TCP protocol itself. For a determined attacker, it is possible to forcibly close a BGP session or even hijack it and insert malicious routing information into the BGP data stream. TCP MD5 Signature is used to secure the BGP session and protect against the introduction of spoofed TCP segments into the connection stream and connection resets. MD5 checksum added to every packet of a TCP session makes it difficult for the attacker as to hijack the session MD5 key as well as TCP sequence number is needed. Configuration From CLI console, go to menu Option 3. Route Configuration > 1. Configuration Unicast Routing > 3. Configure BGP At the prompt, using the following command to enable MD5 support: enable configure terminal router bgp <AS number> network <network> neighbor <neighbor address> remote remote-as <AS no of neighbor BGP router> neighbor <neighbor address> password < MD5 Key > Currently only ipv4 address are supported. 20. Module level Logging capability From this version, it will be possible to view logs - Admin, Antivirus, Antispam, Authentication, Firewall, IPS, IM, System, Web Filter, from the Web Admin console. To help diagnose the problem, all the configuration changes will also be logged. 21. Miscellaneous Enhancements 21.1 100+ Applications filter support Cyberoam’s application layer filtering allows enterprises to have advanced control over applications and network protocols. Rather than controlling access through IPS signatures, Cyberoam has added 100+ categories to mitigate the risk from unauthorized applications and reduce bandwidth cost by controlling access to these applications. One can control access of hundreds of Applications that grouped as per the usage e.g. Instant Messengers like Yahoo Messenger, QQ Messenger , Gtalk, Webmail Chat Attempt etc. are grouped under IM category. 21.2 Web filter support Cyberoam provides web filtering as a means to control access over the Internet use and improvise on network security and employees productivity. Cyberoam groups hundreds of web sites into default categories and allows to add custom category as per the network requirement to prevent the access to malicious sites, protect your network from malware, worms, spyware, trojans etc. Cyberoam also allows allocating bandwidth based on the Web category apart from allocating and prioritizing bandwidth based on users. It will not only improve the network productivity by limiting the bandwidth used by the recreational applications but also guarantee the performance of the critical business application. 21.3 Configurable Automatic Updates of Web Categories & IPS Signature database Automatic updates of Web categories and IPS signature database can now be disabled. By default they are enabled and can be disabled from System > Maintenance > Updates page of Web Admin console. 21.4 Support for Firewall rule Name docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 64/409 ١١٢١٠٢/٤/ Cyberoam Docs In the networks where more number of firewall rules are required, it became difficult to identify the firewall rule with its numbered ids. Hence, to easily identify the firewall rule, they can now be named like all other security policies of Cyberoam. 21.5 Appliance Management from Dashboard For ease of use, rebooting appliance and shutting down appliance option are provided on Dashboard. In version 9.x, one had to either do it from Manage Server page of Web Admin console or CLI. 21.6 Global Administrator support Apart from the default super admin “cyberoam”, Cyberoam is now shipped with one global superadmin with the credentials – username & password as “admin”. Both the consoles – Web Admin console and CLI, can be access with the same credentials. This administrator is always authenticated locally i.e. by Cyberoam itself. We recommend changing the password for this username immediately after deployment. In case multiple external authentication servers are configured and both the servers go down, Administrator will not be able to access Web Admin console with default admin “cyberoam”. In such situation, administrator can login with credentials admin/admin. 21.7 Captive Portal page components customization support As Captive Portal is an entry point to the Corporate network, Cyberoam provides flexibility to customize the Portal page to offer consistent logon/log off page. This page can be exclusive to your business including your business name and logo. It also provides flexibility to customize page color scheme as per your company’s Website. 21.8 Packet Capture log Packet Capture log now includes details of all the packets and not just the Denied packets details. 21.9 Automatic Certificate regeneration on modification 21.10 Appliance Access bypass check (for CR15wi, CR15i, CR25i models only) To override or bypass the configured Appliance Access and allow access to all the Cyberoam services, from CLI execute command as: console> cyberoam appliance_access enable Disable to reapply Appliance Access. By default, it is disabled. Enable and disable event will be logged in Admin Logs. Feature removed CLI option “Remove Firewall Rules” (for CR15wi, CR15i, CR25i models only) 1.1.2.15. V 10.0 Release Dates Version 10.00 Build 227 – 29th March, 2010 Release Information Release Type: General Availability Compatible versions: 9.6.0 Build 78 onwards Upgrade prerequisite: 24 x 7 OR 8 x 5 valid Support license Applicable to: All the Cyberoam Appliance models except CR15i and CR25i Upgrade Information Upgrade type: Manual upgrade Upgrade procedure 1. Go to Web Admin Console and take backup of v 9.6.x.x from System > Manage Data > Backup Data. For real-time conversion of v9 backup to v10 compatible backup, browse to data migration site (http://v9migration.cyberoam.com) and upload v9 backup file. Note: If you are upgrading fresh v9.x appliance i.e. without custom configuration and data, skip step 1. 2. 3. 4. 5. Download Appliance model-specific firmware from http://customer.cyberoam.com. Upload the firmware (downloaded in step 2) from Web Admin console (menu Help > Upload Upgrade). Once the file is uploaded successfully, log on to CLI console and go to the menu “Option 6 Upgrade Version” and follow the on-screen instructions to upgrade. Appliance will be uploaded with factory default firmware i.e. appliance will come up with the factory default setting. Note: If you are upgrading fresh v9.x appliance i.e. without custom configuration and data, skip rest of the steps. After this step, your appliance is ready for use. 6. Restore the V 10 compatible backup from Web Admin console (menu System > Maintenance > Backup & Restore). 7. To view the version 9.x reports, browse to http://<Cyberoam IP>/reports and to view reports generated after version upgrade go to Logs & Reports > View Reports. This option will not be available for CR15i models. 8. To view the version 9.x quarantined mails go to Antivirus > Quarantine > V 9 Quarantine while to view the mails quarantined after version upgrade go to Antivirus > Quarantine > Quarantine. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 65/409 ١١٢١٠٢/٤/ Cyberoam Docs For further details on migration, refer Migrate from v9.6.x.x to v10 document. Note: It is mandatory to upgrade to verion 10.00 build 227 prior to any further upgrades. Compatibility issues Appliance model-specific firmware and hence firmware of one model will not be applicable on another model. Upgrade will not be successful and you will receive error if you are trying to upgrade Appliance model CR100i with firmware for model CR500i. Introduction This document contains the release notes for Cyberoam version 10.00 build 0227. The following sections describe the release in detail. This will be a key release with architectural changes, new features, and several bug fixes that improves quality, reliability, and performance. Features and Enhancements 1. Firmware-based Upgrades All the upgrades after this version will now be firmware based i.e. version can be upgraded directly to the latest version. Firmware will be Appliance-specific and hence firmware of one model will not be applicable on another model. For example, if the latest released version is 10.1.0.16 and current version in your Appliance is 10.0.0.2 then with this upgrade you will be able to directly upgrade to the latest version 10.1.0.16 instead of upgrading each intermediate version individually. There will be support of multiple firmware residing on the appliance, so the Administrator will be able to switch between the firmware if needed. Apart from that, upgrade and downgrade will now also be more stable and robust as entire Operating system is converted into bootable firmware (Starting from boot up sequence / BIOS). 2. GUI Revamp To improvise usability, a good portion of Web UI has been re-organized. This will also provide a more user-friendly approach to layout, menu and screens. New GUI will be based on Web 2.0 concept and components. 3. GUI Themes Cyberoam now provides Themes page to quickly switch between predefined themes. Each theme comes with its own custom skin, which provides the color scheme and font style for entire GUI i.e. navigation frame, tabs and buttons. You can choose from two themes – Cyberoam Standard and Cyberoam Classic. Configuration The default “Cyberoam Standard” theme can be changed from Options under System menu from Web Admin Console. 4. Role Based Access Control To offer greater granular access control and flexibility, from this version onwards, Cyberoam provides role-based administration capabilities. It allows an organization to separate super administrator's capabilities and assign through Profiles. Profiles are a function of an organization's security needs and can be set up for special-purpose administrators in areas such as firewall administration, network administration, logs administration. Profiles allow to assign permissions to individual administrators depending on their role or job need in organization. The profile separates Cyberoam features into access control categories for which you can enable none, read only, or read-write access. For ease of use by default, Cyberoam provides 4 profiles: · · · · Administrator – super administrator with full privileges Security Admin – read-write privileges for all features except Profiles and Log & Reports Audit Admin – read-write privileges for Logs & Reports only Crypto Admin – read-write privileges for Certificate configuration only Configuration 1. Custom profiles can be created and managed from the Profile page of Administration menu 2. Assign profile (created in step 1) to user from the User page of Identity menu 5. Multiple Authentication support This feature allows administrator to configure authentication based on the type of user – Firewall, VPN and SSL VPN and with multiple servers. User level authentication can now be performed using local user database, RADIUS, LDAP, Active Directory or any combination of these. Combination of external and local authentication is useful in the large networks where it is required to provide guest user accounts for temporary access while a different authentication mechanism like RADIUS for VPN and SSL VPN users provides better security as password is not exchanged over the wire. In case of multiple servers, administrator can designate the primary and optionally the secondary server. If primary server cannot authenticate the user then only secondary server will try to authenticate. If secondary server cannot authenticate the user then Cyberoam refuses the access. By default, primary authentication method is “Local” while secondary authentication method is “None”. Configuration 1. Configure authentication server i.e. RADIUS, LDAP or Active Directory 2. Integrate external authentication server with Cyberoam and configure primary and secondary authentication method for Firewall, VPN and SSL VPN traffic from Authentication page of Identity menu from Web Admin console. 6. Thin Client Support docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 66/409 ١١٢١٠٢/٤/ Cyberoam Docs Cyberoam can now authenticate hosts connecting remotely through Microsoft Terminal Server (Microsoft TSE) – Windows server 2003 and Citrix Presentation Server and apply all the identity-based security policies to monitor and control the access. Solution can be implemented for all the user types – HTTP, Single Sign On (SSO) and Clientless SSO (CTAS). Configuration 1. Download Client from http://download.cyberoam.com/beta/catc and install on Microsoft Terminal Server (Microsoft TSE) or Citrix Presentation Server 2. Configure Cyberoam for communication between the two from CLI using the command: cyberoam auth thin-client add citrix-ip <ip address of citrix server> 7. IM Logging and Control for Yahoo and WLM All Instant Messaging communication happening over Yahoo IM and Windows Live Messenger traffic can now be scanned, logged and controlled too. Cyberoam also provides an option to enable inspection of IM traffic on non-standard ports. For details, refer to section Traffic Inspection on non-standard port. The feature would allow Administrators to 1. 2. 3. 4. Log all communication between specific set of users, over either Yahoo or WLM. Control who can chat with whom Have granular control over the form of communication i.e. chat, voice or video. For example, chat can be allowed between Sales and Marketing team but it can be denied between Sales and Accounts team. Configuration 1. Add IM contacts or IM Group for whom rules are to be created 2. Define Conversation rule to allow or deny 1-to-1 or group Chat conversation between IM contacts added in step 1 3. Define File transfer rule to allow or deny file transfers between IM contacts added in step 1 4. Define Webcam rule to allow or deny the usage of Web camera between IM contacts added in step 1 5. Define Login rules to allow specific Yahoo/MSN contacts to login to their servers. By default, access to Yahoo and MSN chat is denied to all the contacts. 6. Define content filtering rules The scanned IM logs can be viewed from Log Viewer page. Limitations 1. File transfer and web camera usage not supported for Windows Live Messenger v 2009 2. No support for File transfer logging 3. No file archive support 4. Yahoo traffic will be scanned only if HTTP scanning is enabled. 8. IPv6 Traffic Forwarding support From this version onwards, Cyberoam supports forwarding of IPv6 traffic and Appliances will be “IPv6 Ready” certified for Phase II. IPv6 is version 6 of the Internet Protocol. It is an Internet Layer protocol for packet-switched internetworks. It has a larger address space than standard IPv4 hence can provide billions more unique IP addresses than IPv4. This results from the use of a 128-bit address, whereas IPv4 uses only 32 bits. The internet is currently in transition from IPv4 to IPv6 addressing. Cyberoam allows configuring IP address using following notations: Standard notation Compressed notation Represent the address as eight groups of 4 hexadecimal digits For example: 0EDC:BA98:0332:0000:CF8A:000C:2154:7313 If a 4 digit group is 0000, it may be omitted. For example: 3f2e:6c8b:78a3:0000:1725:6a2f:0370:6234 can be written as 3f2e:6c8b:78a3::1725:6a2f:0370:6234 4f7e:6c8b:79a3:0000:1725:0000:0370:6234 can be written as 4f7e:6c8b:79a3::1725::0370:6234 Mixed notation IPv4 addresses that are encapsulated in IPv6 addresses can be represented using the original IPv4 ``.'' notation as follows: For example: 0:0:0:0:0:0:127.32.67.15 0:0:0:0:0:FFFF:127.32.67.15 It is also possible to use the compressed notation, so the addresses above would be represented as: ::127.32.67.15 ::FFFF:127.32.67.15 Configuration To Implement IPv6, one simply needs to assign IPv6 IP addresses to an Interfaces using CLI command as cyberoam ipv6 interface Port <port number> <ip address> E.g. cyberoam ipv6 interface PortB address add 3ffe:501:ffff:101:290:fbff:fe18:5968/64 Additional commands 1. Create Prefix list for the Interface cyberoam ipv6 interface Port <port number> prefix add <ip address> E.g. cyberoam ipv6 interface PortC prefix add 3ffe:501:ffff:101::/64 2. Configure IPv6 Routing docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 67/409 ١١٢١٠٢/٤/ Add Router cyberoam ipv6 route add <ip address> Cyberoam Docs E.g. cyberoam ipv6 route add 3ffe:501:ffff:101::/64 gateway fe80::210:f3ff:fe08:7d6c interface PortC Configure router advertisement cyberoam ipv6 interface Port<port number> router-adv send-adv enable E.g. cyberoam ipv6 interface PortC router-adv send-adv enable 3. Test connection with ping6 ping6 3ffe:501:ffff:100:20d:48ff:fe36:59a4 4. Tunnel IPv6 traffic over an IPv4 network: cyberoam ipv6 tunnel add <tunnel-name> remote-ip <ip address v4> local-ip <ip address v6> 9. SSL VPN Updates 9.1 Application Access Mode From this version onwards, Cyberoam now allows remote access to different TCP applications over Application Access Mode. As application is launched in a web browser, it offers a clientless network access. The feature comprises of an SSL daemon running on the Cyberoam appliance and AAM Client running at the Client side to establish a secure tunnel. AAM Client is a Java Applet Thin client which requires JRE 1.4.2. Application access allows remote access to different TCP based applications like HTTP, HTTPS, RDP, TELNET e.g. telnet.exe, SSH e.g. putty, secureCRTand FTP (Passive mode) without installing client. Server side Configuration 1. 2. 3. Add Applications as Bookmarks Select Application Access mode in VPN SSL policy Assign policy to the User or Group For administrators, Cyberoam Web Admin console provides SSL VPN management. Administrator can configure SSL VPN users, access method and policies, user bookmarks for network resources, and system and portal settings. Prerequisite (Remote User) For remote users, customizable End user Web Portal enables access to resources as per the configured SSL VPN policy. · · · Microsoft Windows supported – Windows 2000, Windows XP, Windows 7, Windows Vista and Windows Server 2003. Admin Rights Required – Remote user must be logged on as Admin user or should have Admin privilege. JRE Installation – Java Runtime Environment V 1.5 or below. 9.2 Save User Credential option for Remote Users To remove the hassles to type username and password every time for login, option to save username and password is provided on the SSL VPN client. 9.3 Auto-start SSL VPN connection Auto-start SSL VPN option is provided to automatically establish the SSL VPN connection whenever Client system starts. One needs to save username and password to enable auto-start functionality. 10. 3G device support on WAN With introduction of 3G (Third Generation) support, Cyberoam now delivers twin protection for high-speed secure wireless WAN (WWAN) combined with highperformance UTM. It not only secures the wireless connection but also inspects and encrypts the traffic over the wireless network. Hence, Cyberoam now supports set of security policies over both wired as well as wireless networks. It works with wireless access points from any vendor to provide security and hence achieve broadband connectivity via high-speed wireless networks where wiredbroadband connections are not available. The WWAN can be used by: 1. People constantly on the road for business or pleasure and cannot be without web connection 2. Ideal for users away from home needing to connect virtually anywhere in their coverage area 3. Temporary network where pre-configured connection is not available like trade-shows 4. Mobile and cellular networks to utilize cellular technology to securely transfer data or connect to the Internet 5. WAN failover connection Wireless WAN support requires a contract with a wireless service provider. Check Appendix A for supported wireless service providers. Configuration 1. 2. 3. 4. 5. 6. 7. Pre-requisite – Cyberoam deployed in gateway mode Enable WWAN from CLI with command: cyberoam wwan enable Re-login to Web Admin console Configure WWAN Interface settings from Network > Wireless WAN > Settings page Once the connection is established, system host - #WWAN1 and WWAN1 Interface will be automatically added with the IP address 0.0.0.0 and As WWAN1 Interface will be the member of WAN zone, all the firewall rules configured for the WAN zone will be applicable to WWAN1 Interface. Additional firewall rules can be configured for host - #WWAN1 11. Integration with Cyberoam-iView for Logging and Reporting docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 68/409 ١١٢١٠٢/٤/ Cyberoam Docs Cyberoam is now integrated with Cyberoam-iView to offer wide spectrum of 1000+ unique user identity-based reporting across applications and protocols and provide indepth network visibility to help organizations take corrective and preventive measures. It provides network administrators with the information they need to enable the best protection and security for their networks against attacks and vulnerabilities. Cyberoam Administrator can also choose to restrict visibility of logs and reports to an administrator who manages Cyberaom-iView through Role base Access Control. For example, create a profile with read-write access for Log & Reports pages and assign to an Administrator who is required to manage reports through Cyberoam-iView. This feature can be very useful in an MSSP scenario. Cyberoam-iView can be accessed by clicking “Reports” on the topmost button bar on each page or from View Reports page under Logs & Reports menu. Administrator has to login to Cyberoam-iView with the default username & password for Cyberoam-iView – admin, admin and not with the Cyberoam username and password. 12. Customer My Account Portal for Registration & Subscription Customer My Account portal (http://customer.cyberoam.com) now supports creation of Customer Account and registration of the Appliance and allows to subscribe to various modules. In the earlier versions, one had to do register and subscribe from the Appliance itself. One can also register additional appliance through the portal itself. Two step process: 1. For creation of customer account and registration of appliance, “Registration” option is provided on the home page while to subscribe for modules, one has to login from the home page with the credential - email id and password, set at the time of creating customer account. 2. Synchronize the registration and subscription details on Appliance from Web Admin console. 13. External Authentication support for Administrator Cyberoam Administrators can now be authenticated by the external authentication server -RADIUS, LDAP, Active Directory. With the support of configuring multiple authentication servers, it is also possible to configure combination of external and local authentication for the administrators. In case of multiple servers, administrator can designate primary and optionally the secondary server. If primary server cannot authenticate the user then only secondary server will try to authenticate. If secondary server also cannot authenticate the user then Cyberoam refuses the access. By default, primary authentication method is “Local” while secondary authentication method is “None”. 14. Support to mitigate HTTP-based DDos Attack DoS attacks to Web services known as HTTP flood attack pose a serious threat to Web site owners and hosting providers. In this type of attacks, malicious clients send a large number of HTTP-GET requests to the target Web server automatically making it difficult or impossible for legitimate visitors to access it, disrupt server operation and apparently cause costly data transfer and bandwidth overages and can negatively impact the confidence of that site's visitors, doing incalculable damage to the site's reputation. While simplistic packet-based attacks can be more easily mitigated upstream, with an HTTP-based attack it is often difficult to distinguish attack traffic from legitimate HTTP requests as these HTTP-GET requests have legitimate formats and are sent through normal TCP connections. Hence, Intrusion Detection Systems also cannot detect them. To detect such attacks, Cyberoam identifies such attacks based on rate of HTTP requests per source IP or number of HTTP requests per TCP connection. Number of requests higher than the configured rate is considered as attack and the traffic is from the said source is dropped. One can either configure allowed number of connections or for granular controls can configure allowed number of requests per Method – GET and PUT. Configuration From CLI, set number of connections and HTTP method with the commands: set http_proxy dos add connection <number of connections> set http_proxy dos add method <GET | POST> <number of requests> 15. Traffic Inspection on non-standard ports By default, Cyberoam inspects all inbound HTTP, HTTPS, FTP, SMTP, POP and IMAP traffic on the standard ports. However, many applications scan for open ports for malicious purposes. For example, worms and trojans often use non-standard HTTP port to pass remoet commands and fetch data from remote sites. For phishing attempts, fraudulent websites hosted on non-standard HTTP ports to lure customers to submit and disclose their personal information. To protect from such attacks, Cyberoam now provides option to enable inspection of HTTP, HTTPS, FTP, SMTP, POP, IMAP, IM – MSN and Yahoo traffic on nonstandard port also. Configuration From CLI, use the command: set service-param <service> <add | delete> <port number> 1. 2. 3. Maximum 16 ports can be configured per service Same port cannot be configured for across the services e.g. if HTTP is configured for port 8080 then it cannot be configured for any other service. Following default ports cannot be configured for any services: 21, 25, 80, 110, 143 16. Protection of BGP Sessions via the TCP MD5 Signature Since BGP uses TCP as its transport protocol, it is vulnerable to all security weaknesses of the TCP protocol itself. For a determined attacker, it is possible to forcibly close a BGP session or even hijack it and insert malicious routing information into the BGP data stream. TCP MD5 Signature is used to secure the BGP session and protect against the introduction of spoofed TCP segments into the connection stream and connection resets. MD5 checksum added to every packet of a TCP session makes it difficult for the attacker as to hijack the session MD5 key as well as TCP sequence number is needed. Configuration From CLI console, go to menu Option 3. Route Configuration > 1. Configuration Unicast Routing > 3. Configure BGP At the prompt, using the following command to enable MD5 support: docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 69/409 ١١٢١٠٢/٤/ Cyberoam Docs enable configure terminal router bgp <AS number> network <network> neighbor <neighbor address> remote remote-as <AS no of neighbor BGP router> neighbor <neighbor address> password < MD5 Key > Currently only ipv4 address are supported. 17. Module level Logging capability From this version, it will be possible to view logs - Admin, Antivirus, Antispam, Authentication, Firewall, IPS, IM, System, Web Filter, from the Web Admin console. To help diagnose the problem, all the configuration changes will also be logged. 18. Miscellaneous Enhancements 18.1 100+ Applications filter support Cyberoam’s application layer filtering allows enterprises to have advanced control over applications and network protocols. Rather than controlling access through IPS signatures, Cyberoam has added 100+ categories to mitigate the risk from unauthorized applications and reduce bandwidth cost by controlling access to these applications. One can control access of hundreds of Applications that grouped as per the usage e.g. Instant Messengers like Yahoo Messenger, QQ Messenger , Gtalk, Webmail Chat Attempt etc. are grouped under IM category. 18.2 Web filter support Cyberoam provides web filtering as a means to control access over the Internet use and improvise on network security and employees productivity. Cyberoam groups hundreds of web sites into default categories and allows to add custom category as per the network requirement to prevent the access to malicious sites, protect your network from malware, worms, spyware, trojans etc. Cyberoam also allows allocating bandwidth based on the Web category apart from allocating and prioritizing bandwidth based on users. It will not only improve the network productivity by limiting the bandwidth used by the recreational applications but also guarantee the performance of the critical business application. 18.3 Configurable Automatic Updates of Web Categories & IPS Signature database Automatic updates of Web categories and IPS signature database can now be disabled. By default they are enabled and can be disabled from System > Maintenance > Updates page of Web Admin console. 18.4 Support for Firewall rule Name In the networks where more number of firewall rules are required, it became difficult to identify the firewall rule with its numbered ids. Hence, to easily identify the firewall rule, they can now be named like all other security policies of Cyberoam. 18.5 Appliance Management from Dashboard For ease of use, rebooting appliance and shutting down appliance option are provided on Dashboard. In version 9.x, one had to either do it from Manage Server page of Web Admin console or CLI. 18.6 Global Administrator support Apart from the default super admin “cyberoam”, Cyberoam is now shipped with one global superadmin with the credentials – username & password as “admin”. Both the consoles – Web Admin console and CLI, can be access with the same credentials. This administrator is always authenticated locally i.e. by Cyberoam itself. We recommend changing the password for this username immediately after deployment. In case multiple external authentication servers are configured and both the servers go down, Administrator will not be able to access Web Admin console with default admin “cyberoam”. In such situation, administrator can login with credentials admin/admin. 18.7 Captive Portal page components customization support As Captive Portal is an entry point to the Corporate network, Cyberoam provides flexibility to customize the Portal page to offer consistent logon/log off page. This page can be exclusive to your business including your business name and logo. It also provides flexibility to customize page color scheme as per your company’s Website. 18.8 Packet Capture log Packet Capture log now includes details of all the packets and not just the Denied packets details. 18.9 Automatic Certificate regeneration on modification 1.1.3. Guides 1.1.3.1. V 10 1.1.4. Quick Start Guides 1.1.5. Cyberoam CA Certificate When SSL content inspection for HTTPS traffic is enabled on Cyberoam, the web browsers will prompt a warning message if the Certificate Authority (CA) for the default certificate used by the Cyberoam SSL inspection is not known by the browser. For this, you need to import Cyberoam SSL Proxy certificate in Internet Explorer and Firefox Mozilla for decryption on SSL Inspection. The default certificate is Cyberaom_SSL_CA. Internet Explorer will display the below given warning page: docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 70/409 ١١٢١٠٢/٤/ Cyberoam Docs If you click on "Continue to this website (not recommended)", the certificate will be temporarily accepted for this connection, but the same message will be prompted at the next connection or when accessing any other HTTPS site. To avoid any further warning message, store the Cyberoam root CA permanently. Follow the below given steps to download and install CA Certificate: Step 1. Download 1. Browse to http://download.cyberoam.com/Cyberoam_ssl_ca.rar. Alternately, you can download the attachment at the end of this document. 2. Save the file - Cyberaom_ssl_ca.rar 3. Rar file contains just one file - Cyberoam_SSL_CA.pem. Extract and save "Cyberoam_SSL_CA.pem" from the rar file before importing into browser. Step 2. Install CA certificate in the trusted certification list Internet Explorer 1. 2. 3. 4. In the control panel, click Internet Options > Content tab > Certificate button > Trusted Root Certification Authorities tab Click the Import button. It opens Certificate Import Wizard. Click Next. Type the complete path or click Browse to select the CA file extracted step 1.3 Click Next, Next and Finish. Firefox 1. 2. 3. 4. 5. 6. Click Tools > Options > Advanced > Encryption tab. Click View Certificate > Authorities tab Click Import button Select the CA file extracted in step 1.3 and click Open. In the Downloading Certificate window, select “Trust this CA to identify web site” and click OK. Click OK twice. Step 3. Install CA certificate in local machine's Trusted Root Authority container. 1. 2. 3. 4. 5. 6. 7. Open the Microsoft Management Console by typing "MMC" in the run box (Start>Run>"MMC") Add the certificates Snap-in by selecting FILE>ADD/REMOVE SNAP-IN... Hit the Add button and select "certificates" from the list. Select the "Computer Account" radio button Click Finish and close the list of snap-ins. Click OK to add the certificates snap-in, which should now be visible in the Add/Remove Snap-ins window. Expand the list of certificate containers, right click "Trusted Root Authorities" and choose All Tasks>Import. "Certificate Import Wizard" will be opened. Browse to the Cyberoam SSL CA certificate file you downloaded instep 1 and import it in "Trusted Root Certification Authorities" Certificate store. If you have not uploaded certificate in your machine, you might not be able to update Micorsoft Windows when HTTPS scanning is enabled on Cyberoam. 1.2. Version 9.x 1.2.1. Release Notes 1.2.1.1. V 9.6 1.2.1.1.1. V 9.6.0 build 90 Release Notes contains following sections: Release information Upgrade information Upgrade procedure Compatibility issues Features & Enhancements Behavior change Miscellaneous changes Known Behavior Discontinued Feature Bugs Solved Release Dates docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 71/409 ١١٢١٠٢/٤/ Version 9.6.0 Build 90 – 12th January, 2010 Version 9.6.0 Build 88 – 20th December, 2010 Version 9.6.0 Build 78 – 24th February, 2010 Version 9.6.0 Build 76 – 19th January, 2010 Version 9.6.0 Build 62 – 24th November, 2009 Version 9.6.0 Build 60 – 2nd October, 2009 Version 9.6.0 Build 34 – 4th July, 2009 Version 9.6.0 Build 30 – 26th June, 2009 Version 9.6.0 Build 16 – 30th April, 2009 Cyberoam Docs Release Information Release type: GA Compatible versions: 9.5.3 build 14 onwards Upgrade requirements (only for the versions below 9.6): 24 X 7 or 8 X 5 valid Support License, IPS Signature Database v 2.4.27 or higher Upgrade Information Upgrade type: Manual upgrade Upgrade Procedure Download upgrade from http://downloads.cyberoam.com 1. Log on to Cyberoam Web Admin console 2. Go to menu IPS > Manage IPS and check the IPS Signature Database version. If database version is lower than v 2.4.27, upgrade the version 3. Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 4. Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-sreen instructions. 5. Compatibility Issues Upgrade not applicable on CR15i appliances Introduction This document contains the release notes for Cyberoam version 9.6. The following sections describe the release in detail. This is a major release with new features, significant enhancements and several bug fixes that improves quality, reliability, and performance. Features & Enhancements Build 76 1. DHCP Server Logs For monitoring and troubleshooting the DHCP lease traffic, Logging functionality is extended to include DHCP Server events log. With the inclusion of DHCP Server log, Cyberoam can now log following different network activities and traffic including: overall network traffic i.e. firewall and traffic discovery, IPS anomaly and signature, anti virus - URL and mails blocked, spam filtering and content filtering - access allowed and blocked. The DHCP event log contains events that are associated with activities of the DHCP service and DHCP server, such as DHCP leases, renewal and expiry. By default, DHCP server log is disabled and can be enabled from Logs Configuration page of Web Admin console. Logs can be forwarded to Syslog server but cannot be stored on the Appliance. For details on log event ID and description, refer to User Guide, Appendix B. 2. NAT support for Cyberoam initiated Outbound traffic Now it is possible to configure source NAT i.e. specific IP address for the outbound traffic initiated by Cyberoam itself e.g. upgrade traffic. This is useful is network environments where Cyberoam is hosted behind ISP and ISP is leasing private IP address to Cyberoam i.e. private IP address is configured on WAN interface. CLI command “set advanced-firewall cr-traffic-nat” is added for configuring the source NAT. 3. Configurable Mailing frequency of Proactive reports Mailing frequency of the Proactive reports can now be configured. Prior to this version, reports were mailed at the predefined time. Administrator can configure time and day for the daily and weekly reports respectively from the Reports Notification page. 4. Secure Access for Web Client Web client can be now accessed through a secure channel i.e. HTTPS access of the Web Client login page. When enabled, user can logon to the Web Client page through a secure channel using: https://<IP-Address>:8090. By default, it is disabled and can be enabled from the Customize Client Preferences page of Web Admin console. 5. Simplified User Login Restriction Configuration Build 76 now supports adding range of IP addresses for Node restriction in one go. Prior to this, one had to specify multiple IP addresses one-by-one that became a tedious administration task incase of restricting more number of nodes. With this functionality, one has to specify just the starting IP address of the required range and total number of IP addresses. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 72/409 ١١٢١٠٢/٤/ Cyberoam Docs This functionality will be useful in network environments where administrator requires restricting user login from multiple nodes. User and Group pages of Web Admin console are updated for these changes. Build 60 1. SSL VPN - Threat Free Tunneling for Full Access mode Threat Free Tunneling feature is extended to SSL VPN traffic i.e. firewall rules can now be applied to the SSL VPN traffic also. As a result, SSL VPN traffic can be subjected to viruses, spam, intrusion attempts, inappropriate web content and unwanted network applications scanning. From now on, VPN zone firewall rules will be applicable to SSL VPN (connections established through Full Access) besides IPSec, L2TP and PPTP traffic. There are no Web Admin or CLI console changes for this feature. 2. SSL VPN - User based Certificate support for Authentication The current feature of authenticating all the users through single System wide certificate is extended one step further to provide an option of authenticating through individual user certificates also. These certificates not only provide granular control in Certificate management but also create a user identity which can be used beyond SSL VPN implementation. Certificates for all the users added in Cyberoam are generated automatically. It is a Web Admin console feature available from submenu “Global Settings” of “SSL VPN” menu. One can configure either common certificate or individual certificate authentication. By default, authentication through common certificate is configured. 3. SSL VPN - HTTP/SOCKS Proxy support for Clients The SSL VPN functionality is extended to the SSL VPN Clients who are not able to access the Internet directly by providing an option to configure HTTP or SOCKS proxy server. Proxy can be configured from the SSL VPN Client’s Proxy Setting menu. By default, proxy is not enabled but one can use proxy configured in the Browser - Internet Explorer or can configure manually. 4. SSL VPN – Single-Click Client Installer Installation process has been optimized as a single step process. It is not required to import the configuration separately, as it is now a part of the installation itself. This makes installation and re-installation of SSL VPN client easier. The Client Configuration needs to be downloaded and imported only when the server settings are changed. The installer is available as Bundled SSL VPN Client from SSL VPN End User Portal under “Full Access mode”. 5. SSL VPN - Two factor Authentication solution To enhance password security and reduce the risk posed by weak user passwords for SSL VPN user, Cyberoam has extended its authentication solution by providing 2 factor authentication with One time password (OTP) through external authentication server RADIUS and LDAP. All the hardware and software token generating Agents that can communicate with RADIUS and LDAP are supported. Build 30 1. Parent Proxy Authentication The parent proxy feature is extended to include the authentication parameters. This feature will be helpful in the deployment where parent proxy is configured to ask for authentication before serving the requests. For example, Head office and Branch office deployment where parent proxy is deployed at Head office and configure for authentication and Cyberoam is deployed at branch office. 2. Beta Feature -Turkish language support for Web Admin Console To cater to the Turkish speaking customer, Cyberoam has added support of turkish language in Web Admin console. Following elements of Web Admin Console will be displayed in Turkish: Dashboard Alerts Dashboard contents Navigation menus Screen elements including field labels and tips Error messages It would also be possible to provide description for firewall rule, various policies, services and various custom categories in Turkish language. This feature should be considered as Beta from this version. It will be communicated when feature will be made generally available in the subsequent builds. Build 16 1. SSL VPN within Cyberoam Appliance The VPN feature is extended to include SSL VPN functionality within Cyberoam to provide secure access for the remote users. It delivers set of features and benefits to make them easier to use and control to allow access to the Corporate network from anywhere, anytime. Cyberoam SSL VPN is platform, device and location independent as it supports site-to-site and road warrior tunneling. It offers granular access policies, bookmarks to designated network resources and portal customization. Two operational modes are provided: Web access mode allows remote users to access Enterprise Web applications/servers just the Web browser through an End-user Web Portal and without the need of any additional Client. Cyberoam authenticates the users and redirects to the End-user Web Portal through which Enterprise Web applications/servers can be accessed. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 73/409 ١١٢١٠٢/٤/ Cyberoam Docs In Full access mode remote users requires the SSL VPN Client for access. The mode is ideal when Corporate network is to be accessed from Internet cafes, hotels etc. Full access mode can provide full as well as split tunneling. Split tunneling ensures that only the traffic for the private network is tunneled and encrypted while in full tunneling private network traffic as well as other Internet traffic is also tunneled and encrypted. Further, it is also possible to restrict the access to the certain hosts of the private network. User’s access to private network is controlled through his SSL VPN policy while Internet access is controlled through his Internet Access policy. SSL VPN policy of the user can be configured at the time of adding user or later whenever required. As End-user Web Portal is an entry point to the Corporate network, it is possible to customize the portal interface by including company logo and a customized message to be displayed to users when they log in to the portal to access network resources. Compatible Browsers: Microsoft Internet Explorer 6.0, Mozilla/Firefox 1.5 Supported Clients: Windows Default settings: Full access mode enabled and can be disabled from SSL VPN Policy SSL VPN as a Network Services enabled for all the zones except VPN zone and can be disabled from Local ACL. End-user Web Portal Access Browse to https://<WAN IP address of Cyberoam:port> Default port: 8443 SSL VPN Client & Configuration Download Path End-user Web Portal Feature available in Web Admin console as menu “SSL VPN” and few fine-tuning and troubleshooting commands are added CLI console. Refer to Console guide for details. 2. Category based Bandwidth Allocation Unmanaged bandwidth leads to poor productivity due to delay in critical applications and sometimes even lost opportunities. Hence, now Cyberoam also allows allocating bandwidth based on the Web category apart from allocating and prioritizing bandwidth based on users. It will not only improve the network productivity by limiting the bandwidth used by the recreational applications but also guarantees the performance of the critical business application. To achieve high degree of network utilization and fairness, Cyberoam: Classifies traffic based on Web Category Provides differentiated bandwidth based on the Web Category under which the URL is categorized. A Web Admin feature implemented through Bandwidth policy, Web Category and Firewall rule. When configured, bandwidth will be applicable, whenever the URL falling under the Web category is accessed. 3. MAC and IP-MAC filtering To improve the security of the network, now one can enable MAC address filtering. By enabling “MAC Filtering”, Cyberoam will drop the packets received from all the MAC addresses not configured in the “Trusted MAC address” list. Using MAC address filtering makes it more difficult for a hacker using random MAC addresses or spoofing a MAC address to gain access to your network as the traffic does not even reach firewall. Similarly, it is also possible to filter packets based on IP-MAC pair. Feature prevents hosts which try to violate trusted IP-MAC pair. For this, Administrator has to configure the list of trusted MAC address and bind with IP address. When IP spoofing is enabled, Cyberoam will reverse lookup for the route and if not available will log and drop the packets. One can even enable restriction on zones for granular restriction. A Web Admin console feature available as submenu “Spoof Prevention” of “Firewall” menu 4. ARP Poisoning Control ARP poisoning is a layer-2 attack, where the attacker sends spoofed ARP packets to the network, with a purpose of advertising its own MAC address for some IP address that does not belong to the attacker’s host. In this way, the attacker makes the devices in the LAN to send the Ethernet frames to the attacker instead of the intended destination. Generally the ARP poisoning is used to capture all traffic intended for the default gateway or other important IP address, such as a server. Cyberoam provides a protection from this poisoning by associating IP address, MAC address and Port and storing this association as a Static ARP entry. Whenever ARP packets arrive on the Interface, Cyberoam will check the ARP entries and considers it as an attack if mismatch is found. If it is an attack, Static ARP entry will not be updated and logged. A Web Admin console feature available as submenu “ARP” of “System” menu 5. Cyberoam Transparent Authentication Suite – Clientless SSO From this version onwards, Cyberoam introduces clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS). With Single Sign On authentication, user automatically logs on to the Cyberoam when he logs on to Windows through his windows username and password. Hence, eliminating the need of multiple logins and username & passwords. But, Clientless Single Sign On not only eliminates the need to remember multiple passwords – Windows and Cyberoam, it also eliminates the installation of SSO clients on each workstation. Hence, delivering high ease-of-use to end-users, higher levels of security in addition to lowering operational costs involved in client installation. CTAS Download path http://www.cyberoam.com/clientless_sso.html 6. Layer 2 Firewall support The Firewall feature is extended to include MAC address to provide secure access. It means now, access to the internal resources can be granted based on the MAC address. Till previous versions, firewall rules were created based on source and destination IP addresses, services and user identity but now they can be created based on MAC address also. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 74/409 ١١٢١٠٢/٤/ Cyberoam Docs A Web Admin console feature available in “Add” page of “Host” submenu and implemented through a MAC based Firewall rule. 7. L2TP and PPTP VPN traffic scanning support Till previous versions, it was not possible to apply firewall rules to the L2TP and PPTP VPN traffic and due to this, such traffic was not scanned. This resulted into unprotected VPN traffic. Now, threat free tunneling i.e. scanning for viruses, spam, intrusion attempts, inappropriate web content and unwanted network applications is extended to the L2TP and PPTP traffic also. Hence, firewall rules can be applied even to the L2TP and PPTP VPN traffic resulting into the clean VPN traffic. Hence from this version onwards, VPN zone firewall rules will be applicable to the IPSec, L2TP and PPTP traffic. There are no Web Admin or CLI console changes for this feature. 8. DHCP Relay support With DHCP, clients send requests to locate the DHCP server(s) using broadcast messages. However, broadcasts are normally only propagated across the local network. This means if DHCP server and client are not on the same physical network, they will not be able to communicate. To solve this problem, Cyberoam can now be configured as a DHCP Relay Agent which acts as a link between the client and the remote DHCP server. Cyberoam intercepts internal client’s DHCP requests and relays to the pre-configured DHCP server. The server then responds to the Cyberoam which in-turn forwards the response to the client. If DHCP Relay Agent is not configured, clients would only be able to obtain IP addresses from the DHCP server which is on the same subnet. A Web Admin feature available as submenu “DHCP Relay” of menu “Configure Network” At a time, Cyberoam can either act as a Relay agent or an IP leasing agent i.e. DHCP server. Hence, if server is configured, one will not be allowed to configure relay agent and vice-versa. 9. Spam Digest support The Spam Digest is an e-mail message that will be received by administrator and/or users. The digest with the listing of all the quarantined messages is mailed to the user as per the configured frequency. It will contain hyperlink to MyAccounts page where user can login and manage his quarantined mails. A Web Admin console feature available as submenu “Spam Digest Setting” of “Anti Spam” menu. Prerequisite - “Gateway Anti-Spam” module subscribed. 10. “Release” Action for False positive or Quarantined Spam mails Now, Quarantined spam mail can be released to the intended recipient. Administrator can release the mail from the Quarantine area (AntiSpam → Configuration → General Configuration) while user can release from his my account page (Quarantine Mails → Spam). Till previous version, it was not possible to release the spam mail to the intended recipient. 11. “IP Reputation” – additional layer for Spam filtering Cyberoam has now added an “IP reputation” layer for email filtering to its existing Anti spam detection technology along with the Recurrent Pattern Detection technology. It dynamically classifies and reclassifies the reputation of each source IP and maintains a database of addresses used spammers and legitimate mailers. It fights the unwanted mail at the perimeter, reducing the incoming spam messages at the entry-point, before these messages enter the network resulting into reduced system resources and bandwidth usage. A Web Admin console feature available as “Verify Sender’s IP reputation” in “General Configuration” page of “Anti Spam” menu. If enabled, Cyberoam dynamically checks the sender IP address and rejects the SMTP connection if IP address is found to be responsible for sending spam mails. As it is a global option, if spam scanning is enabled, all the mails will be first subjected to IP reputation filtering followed by filtering based on actions configured in spam policy. At the time of v 9.6 upgrade, if the Gateway Anti Spam module is already subscribed, the option will not be visible on the Web Admin console. But, if upgrade is applied on the trial version of the Gateway Anti Spam module, the option will be displayed. To use the feature, one has to purchase a new license of Gateway Anti Spam module and re-subscribe the module with the new key. Subscribing with the new key will allow to filter spam mailed based on IP reputation as well as RPD (recurrent pattern technology) technology. 12. RBL-based Spam filtering without Anti Spam License Cyberoam detects spam mails based on: RBL (Realtime Blackhole List) Mass distribution pattern using RPD (Recurrent Pattern Detection) technology Till previous versions, to use any of the above specified methods, a valid license for “Gateway Anti Spam” module was required. But now, RBL-based spam filtering can implemented without subscribing to “Gateway Anti Spam” module. By implementing, only the RBL-based filtering, chances of receiving more number of false-positives cannot be ruled out. There is no Web Admin or CLI console change for this feature. 13. Full tunnel support for IPSec VPN With full tunnel support, entire branch office Internet traffic can be routed through a single gateway. This type of configuration is needed for head office (HO) and branch office (BO) networks where the entire branch office Internet traffic is to be routed through gateway of HO i.e. the access to the Internet for BO is provided through HO. Additionally, there are minimal chances of branch office network compromise as traffic to the destination will always appear to originate from the gateway of the head office irrespective to its actual origin i.e. branch or head office. Again as entire traffic traverses through HO, administrator can define the access policy in HO to control and monitor traffic centrally from Cyberoam deployed at HO. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 75/409 ١١٢١٠٢/٤/ Cyberoam Docs It can be implemented simply by configuring 0.0.0.0 as local and remote network respectively in VPN policy for head office and branch office. There is no Web Admin or CLI console change for this feature. 14. French language support for Web Admin Console To cater to the French speaking customer, Cyberoam has added support of French language in Web Admin console. Following elements of Web Admin Console will be displayed in French: Dashboard Alerts Dashboard contents Navigation menus Screen elements including field labels and tips Error messages It would also be possible to provide description for firewall rule, various policies, services and various custom categories in French language. Behavior change Build 16 1. LAN Bypass By default, LAN Bypass will be enabled and hence whenever Cyberoam gets rebooted or halted manually, Cyberoam will automatically go in bypass mode. Once the system is rebooted successfully, traffic will flow normally. LAN Bypass can be disabled from CLI console. LAN Bypass is supported only when Cyberoam is deployed in transparent mode and for CR500i, CR1000i and CR1500i appliances. 2. Anti Spam Anti spam General Configuration for SMTP connections’ spam checking - “Enforce Anti Spam policies for SMTP Authenticated Connections” is renamed as “Bypass Spam check for SMTP authenticated connections”. As a default behavior, SMTP authenticated connections will now be bypassed from RBL and RPD based spam checking. Miscellaneous changes Build 76 1. Manage Live Users page – ‘Bandwidth’ column is renamed as ‘Data Transfer Rate’. Build 60 1. SIP (Session Initiation Protocol) - signaling protocol support which enables the controlling of media communications such as VOIP. Support is added in the form of System module which can be enabled when required from Web Admin Console, System Modules Configuration page. 2. SSL VPN connections can be disconnected from “Manage Live SSL VPN Users” page 3. CLI command “set http_proxy multiple-webcategory” is added to enable categorization of a single URL into multiple Web Categories. Command can be executed from Option 4 Cyberoam Console. By enabling this categorization, Bug ID 1168 of categorization can be solved. 4. Option to configure HTTP Download file size limit is provided on Web Admin Console from Internet Access Policy. 5. To reduce the support calls on how to retrieve Customer Account details - email address and password if forgotten, Forgot Email Address and Forgot Password links are provided on Add On Modules Subscription page of Web Admin Console. Build 30 1. Following CLI command added (Menu Option 4. Cyberoam Console) To set the link bandwidth i.e. bandwidth provided by Service Provider and can be used as “set bandwidth max-limit <number>” and to view the configured limit, use the command “show bandwidth max-limit”. Default=100mbps To enforce bandwidth restriction on the traffic on which the bandwidth policy is not applied so that guaranteed bandwidth is available to the users to whom the guaranteed bandwidth policy is applied, configure “set bandwidth guarantee enforced”. If guarantee is enforced, default bandwidth policy will be applicable to the traffic on which bandwidth policy is not applied. You can set the guaranteed and burstable bandwidth and priority on this traffic. This bandwidth is applicable on Internal (LAN and DMZ) to External zone (WAN and VPN) traffic and External to Internal zone traffic. Default Guaranteed bandwidth = 0 kbps, Burstable bandwidth = max-limit, priority = 7 (lowest). Guaranteed and burstable bandwidth can be defined as “set bandwidth default-policy guaranteed <number> burstable <number> priority <number>” If you do not want to enforce the bandwidth restriction on the traffic on which the bandwidth policy is not applied, configure “set bandwidth guarantee lenient”. To view the default policy configuration, use “show bandwidth default-policy” Build 16 1. Certificate Management is now the part of System Management. 2. DHCP server can now be configured on all the Internal Interfaces i.e. LAN and DMZ 3. For a single Interface, it is now possible to configure multiple dynamic IP address range. Known Behavior Build 30 1. Link Bandwidth configuration - It will take approximately 5 minutes for the link bandwidth value to be effective. Discontinued Feature docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 76/409 ١١٢١٠٢/٤/ Cyberoam Docs Build 16 Logon Pool from Web Admin Console - As logon pool is a collection of IP addresses of Authenticated Networks, instead of creating them separately, Authentication network nodes are now provided directly on the configuration pages whenever required. For example, in “Add User” page, under “Login Restriction”, one can type Authenticated Networks IP address directly. Deployments where logon pool is configured will not have to do any configuration changes. CLI Console command to set number of simultaneous DNS requests that can be handled by Proxy server i.e. set http_proxy dns_threads (Menu Option 4. Cyberoam Console) CLI console – Menu Option 5. Cyberoam Management, Option 15. Logging Management and its submenu Option 5.15.1 Network Logging Management CLI console - Option to restore backup of v 7.4.2.x from (Menu Option 5. Cyberoam Management, Option 16. Restore Backup of Version 7.4.2.x) Bugs solved Build 90 Policies Bug ID – 6809 Description – When the user group membership is changed, surfing quota, access time and data transfer quota is not reset to zero. Build 88 User Bug ID – 1608 Description – When user is member of Open Group and “Denied all the time” Access policy is assigned to the Open Group, it is not possible to change the user group membership. Bug ID – 1609 Description – When HA failover is configured, session does not timeout as per the configured value. Build 78 Backup & Restore Bug ID – 2067 Description – Backup and restore process takes long time, as incorrect report tables were included in backup. HA Bug ID – 1505 Description – When one of the nodes in HA cluster gets rebooted, both the nodes get deactivated. This happens only when either of the cluster node is CR50ia or CR100ia models. Bug ID – 2066 Description – HA failover takes long time as incorrect report tables were synchronized. Proxy Bug ID – 2905 Description – Due to assertion failure, proxy connection breaks. Build 76 Anti Spam Bug ID – 1973 Description – Contents of Quarantine Mails page of My Account are not displayed in web browser - IE version 6 and 8. Backup and Restore Bug ID – 895 Description – When backup of appliance configured in HA is restored on a single appliance i.e. not configured in HA, Anti spam server does not start Group Bug ID – 1885 Description – Even after changing the user group, previous user group policies are applied. This situation observed for CTAS user only. IPS Bug ID – 1915 Description – It is not possible to change the default action "detect" of certain IPS signatures of Web Access category. This is observed when one tries to change the action of all or the individual signatures in the category. Reports Bug ID – 1510 Description – In Data transfer reports, total monthly data transfer exceeds the sum of the daily data transfer. Bug ID – 1693 Description – When the report flows through multiple pages, instead of including all the records in CSV report file, only those records which are displayed on the current page are included. For example, if report has 200 records but on the current page only 50 records are displayed than the CVS file contains only 50 records. Bug ID – 1908 Description – Column headings of the Reports in CSV format displays HTML tag information. SSL VPN docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 77/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID - 1761 Description - In case of external certificate, SSL VPN connection cannot be established if the user does not have SSL Client certificate i.e. user needs certificate with "client support". System Bug ID – 269 Description – NTP Client when installed, CPU performance is affected due to high CPU utilization by NTP Client. Bug ID – 1781 Description – DHCP Lease Type cannot be changed from dynamic to static and vice versa for the same IP addresses. For example, after configuring static lease type with IP address 10.8.5.29, lease type cannot be changed to dynamic with lease range 10.8.5.1 – 10.8.5.50. User Bug ID – 1055 Description – SSO client user session is not getting disconnected after the configured session timeout. User login time automatically gets changed every 3 minutes and due to this, session start time (login time) of the live user is changed to the current time. Bug ID – 1172 Description – User authentication session does not timeout at the configured time. Bug ID – 1666 Description – If the user is configured in the External authentication server as well as Cyberoam then instead of External server, Cyberoam authenticates the user. This situation occurs only when CHAP authentication is configured for PPTP connections. Bug ID – 1953 Description – When deactivated, Single Sign On (SSO) live user gets deactivated only at next login. Ideally, user should get deactivated immediately. VPN Bug ID – 1944 Description – Net-to-Net VPN connections for the WAN port for which the gateway is not configured cannot be activated. Bug ID – 1964 Description – All the Cyberoam users even when they are not allowed to access through PPTP, can establish PPTP connection. Ideally, only those Cyberoam users who are allowed access through PPTP should be able to establish PPTP connection. Web Admin console Bug ID – 1659 Description – In the Chinese GUI, on the User > User Add user page, the User Type drop-down lists the same options. Bug ID – 1896 Description – At the time of creating custom Web category, it is possible to add foreign language keywords in category name. Bug ID - 1958 Description - When Cyberoam Central Console (CCC) pushes the already existing firewall rule again in Cyberoam, Manage firewall page of Cyberoam displays only the recently pushed rule and does not display any other firewall rules. Build 62 HA Bug ID – 1505 Description – When one of the nodes in HA cluster gets rebooted, both the nodes get deactivated. This happens only when either of the cluster node is CR50ia or CR100ia models. Routing Bug ID – 1927 Description - OSPF routes are not synchronized in Active-Active HA cluster, due to which Auxiliary appliance is not able to serve the HTTP request. SSL VPN Bug ID – 1981 Description –When more than 1000 users are registered at the time upgrade and Certificate Authority is configured, it is not possible to upgrade from v 9.6.0.34 to any higher versions. System Bug ID – 1966 Description – When Cyberoam is configured as direct proxy in version v 9.6.0.60, users face following issues: 1. 2. 3. Unable to send mails through Gmail Not able to connect to MSN messenger Some contents of website are not displayed Work around - Enable "multiple category" from CLI using following command: set http_proxy multiple-webcategory enable Build 60 Anti Spam Bug ID – 1178 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 78/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – Spam policy events – add, update, delete were not logged in Audit logs. Bug ID – 1655 Description – Even if mail is successfully released from the Quarantine area, successful release message is not displayed. This is observed only with browser Internet Explorer 6. Bug ID – 1656 Description – It is not possible to download the quarantined mail through the browser Internet Explorer 6 but it is possible through browser Firefox Mozilla. Anti-Virus Bug ID – 1605 Description – Even when virus scan policy is configured to allow mails with protected attachments, such mails are getting blocked. Bug ID – 5513 Description – When virus scanning and Internet Access policy is applied, one cannot access URLs e.g. http://webcam.www.gov.tw/index.htm which requires connecting to port 20480 through Internet Explorer browser but the same sites accessible through Mozilla Firefox. Bug ID – 5704 Description – When Cyberoam detects and strips the protected attachment from the mail, Administrator and Mail Receiver is sent a Notification mail with incorrect reason. Notification mail reads as “Infected attachment removed” but should read as “Attachment removed”. Even the name of the file which was stripped is not included in the mail. Administrator receives only the Notification mail without the original message even if “Send Original” action is configured in the Virus Scan policy. Dashboard Bug ID – 1452 Description – Some of the IPS Alerts are displayed without Signature definitions in the IPS Alerts Doclet of Dashboard. Bug ID – 1653 Description – After closing any of the doclets, Dashboard cannot be reset with the “Reset” button. Bug ID – 1712 Description – If the user has saved Web Admin Console password, on updating any parameter of VPN connection, Preshared key gets replaced with this saved password. This is observed only when Web admin console is accessed via Firefox Mozilla. Bug ID – 1827 Description – Mismatch in count of concurrent sessions displayed on Dashboard - System Usage doclet and Live User page on Web Admin Console. Bug ID – 1877 Description – Mismatch in count of concurrent sessions displayed on Dashboard - System Usage doclet and Live User page on Web Admin Console. Due to this, sometimes users are not able to logon where CR25i models are deployed as concurrent sessions count exceeds the user license. Firewall Bug ID – 1170 Description – Firewall rule does not display the file upload statistics i.e. number of bytes uploaded. Bug ID – 1179 Description – It is possible to create an “IP” Protocol based service under “Other” protocol with any protocol number. Bug ID – 1555 Description – When Cyberoam is configured as Proxy, it is sometimes possible to access certain application even after logging out. Bug ID – 1681 Description – When the VPN connection gets established through Cyberoam, data transfer via VPN Tunnel fails as VPN route does not get created. Bug ID – 1720 Description - Web Filtering proxy may cause timeout issues while downloading files from the web sites if data greater than the defined content-length size is received. Bug ID – 1762 Description – When the multiple MAC based firewall rules are created, Internet Access Policy applied to the first MAC based firewall rule is applied to all the subsequent MAC based firewall rules even if different policies are configured. Bug ID – 5812 Description – When Strict policy is applied through Network Configuration Wizard, users are able to access the Internet but ICMP protocol is blocked as a result not able to ping any WAN IP address. High Availability Bug ID – 1771 Description – If HA Administrator username includes white space (blank) CLI commands do not work. Bug ID – 1773 Description - In a HA cluster after failover, static routes configured in primary appliance are not added in secondary appliance. Internet Access Policy Bug ID – 1168 Description – It is not possible to categorize URL into multiple categories. Logs and Reports Bug ID – 402 Description – Recent Mail Viruses detected doclet of Dashboard displays recipient name with special characters. Blank report page is displayed when one clicks the link to view the details. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 79/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID - 1543 Description - When "Manager" rights is assigned to the Active Directory User in Cyberoam, user is not able logon to view reports i.e. user is of the Type "Manager" Bug ID – 1606 Description – Session time mismatch in Internet Usage report i.e. total used time does not match with session start and stop time. Bug ID – 1657 Description – Few signatures in the IPS Alert report do not provide hyperlink to view the signature details. Bug ID – 1768 Description – All the reports except for Blocked Attempts reports for the previous day are generated without data i.e. blank. This issue is observed only in the CR15i models. Bug ID – 1856 Description – If the proactive reports mail frequency is updated on Sunday or Monday then the Weekly Proactive reports for that week are not mailed. Bug ID – 5521 Description - “Category wise trends for yesterday” proactive report is mailed without any data. Online Help and Documentation Bug ID – 1437 Description – The SSL VPN End User portal help included the screen images of previous version. Bug ID – 1532 Description – The Online help text for restricting unknown IP address on trusted MAC was misleading. Bug ID – 1684 Description – The Online help text for static ARP was confusing. Bug ID - 1753 Description – The Online help text on Manage Live SSL VPN Users included incorrect information. It was mentioned that “Page also display their important parameters like Username, Source and leased IP address, Access mode, date and time when connection was established, tunnel type and data transferred.” But text should be “For the connections established through Web access mode only username, access mode and date and time when connection was established will be displayed.” Single Sign On Bug ID – 1487 Description – After SSO is configured, it is not possible to differentiate between local and domain user. As a result if user logs on as an “Administrator” user on the local system, user gets the access of all the resources allowed to the domain administrator user. SSL VPN Bug ID – 1669 Description – On resetting to the factory default configuration after upgrading to version 9.6.0 build 30, SSL VPN End-user Web portal becomes inaccessible. Bug ID – 1742 Description – In SSL VPN Full tunnel mode, Cyberoam Web Admin console becomes inaccessible. This issue is found only in versions 9.6.0.16 and 9.6.034 System Bug ID – 373 Description – Factory default retains Mail backup schedule. Bug ID – 441 Description – After upgrading to version 95824, it was possible to rollback to the multiple versions. Ideally, rollback should be allowed only for the immediate previous version. Bug ID - 523 Description - When DDNS is configured for multiple PPPoE links, and if both the links go down, DDNS server is not updated with the correct IP addresses after any of the links comes up. Bug ID – 1500 Description – Interface based IPSec routes are flushed on reboot or restarting management services. Bug ID – 1716 Description – NAT is not supported when Cyberoam is deployed in transparent mode. Bug ID – 1729 Description – SNMP server stops responding after changing the default HTTP Proxy port. This issue is observed from version 9.6.0.16. Bug ID – 1745 Description – When Internet Access policy is applied, Cyberoam does not allow to download any file using SVN command from Linux system but allows to download through any Windows based Browser. Bug ID – 1832 Description – When more than 10 DHCP servers are configured by enabling Cyberoam’s DNS settings, on updating DNS details, DHCP server stops responding. Bug ID – 1882 Description – When Cyberoam is deployed as bridge and Parent Proxy authentication is enabled, it is not possible to upload any file on secure websites. VPN Bug ID – 1005 Description – The road warrior policy with DES-SHA1 algorithms is exported as 3DES-SHA1 i.e. wrong algorithms. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 80/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 1588 Description – When more than one backup links are configured, VPN connection does not failover between the other backup links. Web Admin Console Bug ID – 1615 Description – On Create Data Transfer Policy page, Data transfer limit "MB" is not translated correctly as "Mo" in French language. Bug ID – 1649 Description – Manage Live users page sometimes shows upload and download data transfer value as zero. Bug ID – 1652 Description – In the French GUI, on the VPN > Policy > Create Policy page, after selecting the template, template values are not loaded. Bug ID – 1686 Description – Mismatch in password length on · Add and Edit User page · Appliance Registration page and Add on Subscription Module page Bug ID – 1688 Description – "Back" button in View Bandwidth Usage page of Web Admin Console is not working. Bug ID – 1708 Description – At the time of creating Custom Web Category, only 255 characters can be specified for Domains list. Bug ID – 1721 Description - IPSec VPN Policy does not show the configured DH Group in Browser - Internet Explorer but it is shown in Firefox Mozilla. Bug ID – 1725 Description – At the time of creating a new VPN Policy based on the policy with which the IPSec connection is already established, “Keying Method” option is greyed and can not be configured. Bug ID – 1770 Description - It is not possible to change the action for IPS signatures from IPS policy when Web Admin Console is accessed via a web browser IE version 8 Bug ID – 1776 Description – When VPN policy is created using "None" template, blank policy is created. Bug ID – 1787 Description - Mail reports display junk characters if Chinese character strings in Big5 encoding is included in the mail subject. Bug ID – 1823 Description – When user tries to login through HTTP Login page, even if user has not saved the password, password is automatically filled in i.e. auto-completed. This happens if user has disabled "Save Password" option after enabling it once. Bug ID – 1848 Description – After restoring backup of version 9.4.2.6, users are not able to login. Build 34 SSL VPN Bug ID – 1442 Description – Certificate issued by external Certificate Authority is not supported. Bug ID – 1468 Description – When third-part Certificate is used, no SSL VPN configurations are included in the VPN Client configuration file i.e. blank file is downloaded Bug ID – 1669 Description – On resetting to the factory default configuration after upgrading to version 9.6.0 build 30, End-user Web portal becomes inaccessible. Build 34 Anti Spam Bug ID – 1020 Description – If SMTP authentication is configured, at the time of releasing spam mail error - “Error while releasing email” is received. Clientless User Bug ID – 474 Description – It is not possible to search Clientless user with IP address. Bandwidth Bug ID – 535 Description – Committed Bandwidth policy does not work as per the configuration. Bug ID – 4884 Description – User-based Shared Bandwidth policy does not work. Firewall Bug ID - 1060 Description – When FTP scanning is enabled, Cyberoam drops all those connection requests whose FTP server response packet length exceeds 1024 characters Bug ID – 1238 Description – Virtual LAN does not work for appliances models – CR50ia, CR100ia docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 81/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 1465 Description – When Parent Proxy is configured, HTTP request does not reach Proxy server and as a result, it is not possible to upgrade IPS or AV signatures database. Bug ID – 1484 Description – When scanning is enabled, it is not possible to connect to FTP server from any of the Alias subnet. Bug ID – 1526 Description – When sending large email, SMTP scanning sometimes caused a server timeout. This situation is observed in CR250i and CR500i appliance models only. Bug ID – 1575 Description – Due to large IP-based Virtual hosts configuration, after rebooting or restarting management services, system takes time to come up. Bug ID – 5925 Description – Advanced Firewall custom setting configured from CLI console are not retained after restoring backup from version 9.5.3 build 22 and version 9.5.4 build 66 to version 9.5.4 build 86. High Availability Bug ID – 1464 Description – In some cases, HA configuration was possible only after disabling the model check. PPPoE Bug ID – 3816 Description – When PPPoE is enabled, Cyberoam terminates L2TP connection within 2 minutes. Bug ID – 1456 Description – When multiple PPPoE links configured, even if all the links are up, request goes through single gateway only. Proxy Bug ID – 1440 Description – Sometimes when the Interface is configured to obtain the IP address from DHCP through Network Configuration Wizard, users are not able to access the Internet Reports Bug ID – 1127 Description – Internet Usage reports for previous month is not displayed. Bug ID – 1064 Description – Traffic Discovery Connection History reports were not available from version 9.5.9 build 33 onwards Bug ID – 1326 Description – HTTP Upload report does not display the report date and time. Bug ID – 4208 Description – Cyberoam does not save the modified Notification Email address for Reports (through Network Configuration Wizard). Due to this, mails are send to the previously configured email address only. SSL VPN Bug ID - 1241 Description – SSL VPN does not work when RADIUS authentication is configured. Bug ID – 1478 Description – When Active Directory authentication is configured, sometimes users are not able to logon through SSL VPN End-user Web Portal as currently there is no text case validation. For example, user will not be able to login if domain name is configured in Capital letter as “CYBEROM.COM” and tries to login with
[email protected]. Bug ID – 1511 Description – In certain situations, it is observed that after changing the global settings and web access gets disabled. Bug ID – 1519 Description – URL redirection does not work with Web Access mode. System Bug ID – 656 Description – Sometimes at the time of downloading an email from POP3 server, the connection drops intermittently and due to this the entire downloading process restarts. Hence user receives each mail twice or thrice. Bug ID – 1007 Description – After changing default Secure Web Admin Console port, reports are not accessible. Bug ID – 1077 Description – When Cyberoam is configured as Direct Proxy, in-case of primary DNS failure, switching to secondary DNS takes time and hence the Internet browsing speed might become slow. Bug ID – 1353 Description – Mismatch in the Google Search hit count on Dashboard and Google Search report Bug ID – 1404 Description – It is not possible to upload third-party Certificate. Bug ID – 1455 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 82/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – Quarantined area is not flushed on resetting configurations to factory defaults Virtual Private Network (VPN) Bug ID – 616 Description – L2TP VPN does not work with Apple MacOS X 10.5 Bug ID – 1485 Description – It is not possible to delete VPN connection after updating VPN policy. Bug ID – 1570 Description – Special character Hash (#) not supported in Preshared key. Web Admin console Bug ID – 1047 Description – After changing the default Secure Web Admin port it is not possible to reposition the Dashboard Doclets by dragging and dropping and upgrade Antivirus and IPS signature. Different behavior is observed for different Web Browsers. Bug ID – 1171 Description – On clicking “Next Page” button on Manage Active Page, instead of opening the next page of list of users, it is redirecting to “Deactivated Clientless Users” page Bug ID – 1454 Description – Duplicate domain name can be configured as Local Domain in Anti Spam Configuration. As a result SMTP proxy does not start and if SMTP scanning is configured through firewall then the internal Mail Transfer Agent does not receive the mails. Bug ID – 1467 Description – Mismatch in concurrent sessions displayed on Live User page on Web Admin Console. If there are more than 100 concurrent sessions, by default, it displays only 100 live users but “Concurrent Sessions” count includes all the sessions. One needs to click “Show All” link to view the entire list. Bug ID – 1451 Description - After changing the Web Admin console language to French language, some of the dashboard components are not displayed in French and some components of Console itself and menu with the long names are not displayed properly. Bug ID – 1479 Description – After changing the Web Admin console language to French language, one is not able to use Network Configuration wizard. Bug ID - 1482 Description - When one tries to change the Gateway type i.e. Active to Backup of the PPPoE link, error “Gateway name already exist” is displayed. This situation occurs when multiple ISP links with the same gateway IP address are configured. Bug ID – 1486 Description – When Web Admin Console language is set to “French” user groups cannot be created. Build 16 Categorization Bug ID – 531 Description – All the URIs which include “.au” are incorrectly blocked under Audio File Type category. Clientless User Bug ID – 89 Description – When not a single Logon Pool based Bandwidth policy is configured, it is not possible to create Clientless user. In other words, one needs to configure atleast one log on pool based bandwidth policy to add clientless user and group. Bug ID - 683 Description – Even when IP address (login restriction) for Clientless user is mandatory, it is possible to update the details by leaving the IP address field blank. Dashboard Bug ID – 950 Description – Dashboard data is not flushed when backup is restored on another Appliance. Group Bug ID – 972 Description – Normal users can be as the member of Clientless group but as per the default behavior, clientless group cannot have normal users as a group member. Bug ID – 6226 Description - Error “IPs are already in use” is received when one tries to create multiple clientless users for the IP address range added to the existing logon pool. Hence, one has to create single clientless user for the individual IP address for the required range. For example, if additional 50 addresses are added in the IP range, one has to create clientless user for each IP address one by one. Again, if the network is not in the Auth Network, users will be activated but will not be able to logon. Due to this, users will not be displayed in the Manage Live User or Manage Clientless User page but search result will display the list of newly added clientless users. One needs to restart management services from CLI console after adding network in Auth Networks. High Availability Bug ID – 854 Description – Virtual host does not when HA cluster is configured. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 83/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 648 Description – When OSPF routing is configured, connectivity delay is observed after restarting primary appliance. Bug ID – 722 Description – In Active-Active HA cluster, gateway becomes unreachable i.e. dead if static ARP entry is added for gateway. Bug ID - 6533 Description - Data transfer of the live users (Manage Live Users page) reflects the data transfer through primary as well as auxiliary appliance when HA is configured. Description - User based Data transfer policy can now be configured when HA is configured. Intrusion Prevention system Bug ID – 826 Description – In “cyberoam signatures” category, for the signatures whose action is “OFF” are displayed with action as “ON” after editing other signature parameters. Bug ID – 919 Description – Custom IPS signature are retained on resetting to factory default settings. Bug ID – 5487 Description – Certain Internet Banking sites were not accessible due to Ultrasurf IPS signature. Logs and Reports Bug ID – 954 Description – Inconsistent Bandwidth usage graph title. Displays data transfer as Bytes/Sec instead of Bits/sec for weekly, monthly and yearly reports. Language Multiple language translation issues like incorrect translation, spelling mistakes are resolved. Multiple Gateways Bug ID – 473 Description – Gateway Status change alert messages where mailed at the HA Admin Email ID only High Availability cluster is configured. Due to this, Cyberoam Administrator does not receive such mails if HA was not configured or Appliances in which HA feature is not supported. Now, all the gateway status related mails will be mailed at the Cyberoam Administrator Email ID configured from Network Configuration Wizard and not the HA Admin Email ID. HA Admin will receive only the mails related with the HA. System Bug ID – 83 Description – When the time zone is updated from Web Admin Console, time displayed on Web Admin and CLI console does not match. One needs to restart management services from CLI console to resolve this issue. Bug ID – 316 Description – Firewall Bypass rule created from Advanced Firewall rule configuration of CLI console is not removed after resetting to factory default. Bug ID – 455 Description – Cyberoam is not able to learn route when RIP routing is configured in plain mode i.e. when authentication is not enabled Bug ID – 473 Description – Gateway Status change alert messages where mailed at the HA Admin Email ID only High Availability cluster is configured. Due to this, Cyberoam Administrator does not receive such mails if HA was not configured or Appliances in which HA feature is not supported. Now, all the gateway status related mails will be mailed at the Cyberoam Administrator Email ID configured from Network Configuration Wizard and not the HA Admin Email ID. HA Admin will receive only the mails related with the HA. Bug ID – 582 Description – When using Google Chrome browser it is not possible to configure DHCP server User Bug ID – 476 Description – Single Sign On users do not receive the disconnection message sent from the Live User Page of Web Admin Console Bug ID – 958 Description – There is mismatch in the total count and number of the live users displayed on the Manage Live User page of Web Admin Console Virtual host Bug ID – 6144 Description – When Alias Interface based Virtual host is configured, one can delete Alias interface before deleting virtual host. Virtual Private Network (VPN) Bug ID – 672 Description – When “*” is configured as remote gateway in Cyberoam and remote host is configured on dynamic IP address, multiple IPSec tunnels cannot be established between remote host and Cyberoam. This happens because Cyberoam does not support mix mode tunnels i.e. one tunnel with Authentication mode as “Main” and another as “Aggressive”. To establish multiple connections it is required that all the tunnels established on the Cyberoam should be either set as “Main” or “Aggressive” mode. Web Admin console docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 84/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 215 Description – At the time of adding PPTP users, when one clicks “Show“, the list of group users is not displayed. Bug ID – 270 Description – Format mismatch in advanced firewall configuration parameters when CLI console is accessed through Telnet and HTTP Interface. For example, when CLI is accessed over Telnet, parameters are displayed with special character underscore (_) e.g. source_network, while parameters are displayed without underscore e.g. source network, when CLI is accessed over HTTP Interface. Bug ID – 708 Description – User is not able to logon to My Account and Diagnostic tool with the password which includes space while user is able to logon to the Web Admin Console with the same password. Bug ID – 749 Description – If more than one Firewall log is not configured for syslog server from System > Logging > Logs Configuration page, Cyberoam does not send firewall rules log to the syslog server 1.2.1.1.2. V 9.6.0 build 78 Release Notes contains following sections: Release information Upgrade information Upgrade procedure Compatibility issues Features & Enhancements Behavior change Miscellaneous changes Known Behavior Discontinued Feature Bugs Solved Release Dates Version 9.6.0 Build 78 – 24th February, 2010 Version 9.6.0 Build 76 – 19th January, 2010 Version 9.6.0 Build 62 – 24th November, 2009 Version 9.6.0 Build 60 – 2nd October, 2009 Version 9.6.0 Build 34 – 4th July, 2009 Version 9.6.0 Build 30 – 26th June, 2009 Version 9.6.0 Build 16 – 30th April, 2009 Release Information Release type: GA Compatible versions: 9.5.3 build 14 onwards Upgrade requirements (only for the versions below 9.6): 24 X 7 or 8 X 5 valid Support License, IPS Signature Database v 2.4.27 or higher Upgrade Information Upgrade type: Manual upgrade Upgrade Procedure Download upgrade from http://downloads.cyberoam.com 1. Log on to Cyberoam Web Admin console 2. Go to menu IPS > Manage IPS and check the IPS Signature Database version. If database version is lower than v 2.4.27, upgrade the version 3. Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 4. Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-sreen instructions. 5. Compatibility Issues Upgrade not applicable on CR15i appliances Introduction This document contains the release notes for Cyberoam version 9.6. The following sections describe the release in detail. This is a major release with new features, significant enhancements and several bug fixes that improves quality, reliability, and performance. Features & Enhancements Build 76 1. DHCP Server Logs For monitoring and troubleshooting the DHCP lease traffic, Logging functionality is extended to include DHCP Server events log. With the inclusion of DHCP Server log, Cyberoam can now log following different network activities and traffic including: overall network traffic i.e. firewall and traffic discovery, IPS anomaly and signature, anti virus - URL and mails blocked, spam filtering and content filtering - access allowed and blocked. The DHCP event log contains events that are associated with activities of the DHCP service and DHCP server, such as DHCP leases, renewal and expiry. By default, DHCP server log is disabled and can be enabled from Logs Configuration page of Web Admin console. Logs can be forwarded to Syslog server but cannot be stored on the Appliance. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 85/409 ١١٢١٠٢/٤/ Cyberoam Docs For details on log event ID and description, refer to User Guide, Appendix B. 2. NAT support for Cyberoam initiated Outbound traffic Now it is possible to configure source NAT i.e. specific IP address for the outbound traffic initiated by Cyberoam itself e.g. upgrade traffic. This is useful is network environments where Cyberoam is hosted behind ISP and ISP is leasing private IP address to Cyberoam i.e. private IP address is configured on WAN interface. CLI command “set advanced-firewall cr-traffic-nat” is added for configuring the source NAT. 3. Configurable Mailing frequency of Proactive reports Mailing frequency of the Proactive reports can now be configured. Prior to this version, reports were mailed at the predefined time. Administrator can configure time and day for the daily and weekly reports respectively from the Reports Notification page. 4. Secure Access for Web Client Web client can be now accessed through a secure channel i.e. HTTPS access of the Web Client login page. When enabled, user can logon to the Web Client page through a secure channel using: https://<IP-Address>:8090. By default, it is disabled and can be enabled from the Customize Client Preferences page of Web Admin console. 5. Simplified User Login Restriction Configuration Build 76 now supports adding range of IP addresses for Node restriction in one go. Prior to this, one had to specify multiple IP addresses one-by-one that became a tedious administration task incase of restricting more number of nodes. With this functionality, one has to specify just the starting IP address of the required range and total number of IP addresses. This functionality will be useful in network environments where administrator requires restricting user login from multiple nodes. User and Group pages of Web Admin console are updated for these changes. Build 60 1. SSL VPN - Threat Free Tunneling for Full Access mode Threat Free Tunneling feature is extended to SSL VPN traffic i.e. firewall rules can now be applied to the SSL VPN traffic also. As a result, SSL VPN traffic can be subjected to viruses, spam, intrusion attempts, inappropriate web content and unwanted network applications scanning. From now on, VPN zone firewall rules will be applicable to SSL VPN (connections established through Full Access) besides IPSec, L2TP and PPTP traffic. There are no Web Admin or CLI console changes for this feature. 2. SSL VPN - User based Certificate support for Authentication The current feature of authenticating all the users through single System wide certificate is extended one step further to provide an option of authenticating through individual user certificates also. These certificates not only provide granular control in Certificate management but also create a user identity which can be used beyond SSL VPN implementation. Certificates for all the users added in Cyberoam are generated automatically. It is a Web Admin console feature available from submenu “Global Settings” of “SSL VPN” menu. One can configure either common certificate or individual certificate authentication. By default, authentication through common certificate is configured. 3. SSL VPN - HTTP/SOCKS Proxy support for Clients The SSL VPN functionality is extended to the SSL VPN Clients who are not able to access the Internet directly by providing an option to configure HTTP or SOCKS proxy server. Proxy can be configured from the SSL VPN Client’s Proxy Setting menu. By default, proxy is not enabled but one can use proxy configured in the Browser - Internet Explorer or can configure manually. 4. SSL VPN – Single-Click Client Installer Installation process has been optimized as a single step process. It is not required to import the configuration separately, as it is now a part of the installation itself. This makes installation and re-installation of SSL VPN client easier. The Client Configuration needs to be downloaded and imported only when the server settings are changed. The installer is available as Bundled SSL VPN Client from SSL VPN End User Portal under “Full Access mode”. 5. SSL VPN - Two factor Authentication solution To enhance password security and reduce the risk posed by weak user passwords for SSL VPN user, Cyberoam has extended its authentication solution by providing 2 factor authentication with One time password (OTP) through external authentication server RADIUS and LDAP. All the hardware and software token generating Agents that can communicate with RADIUS and LDAP are supported. Build 30 1. Parent Proxy Authentication The parent proxy feature is extended to include the authentication parameters. This feature will be helpful in the deployment where parent proxy is configured to ask for authentication before serving the requests. For example, Head office and Branch office deployment where parent proxy is deployed at Head office and configure for docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 86/409 ١١٢١٠٢/٤/ authentication and Cyberoam is deployed at branch office. 2. Cyberoam Docs Beta Feature -Turkish language support for Web Admin Console To cater to the Turkish speaking customer, Cyberoam has added support of turkish language in Web Admin console. Following elements of Web Admin Console will be displayed in Turkish: Dashboard Alerts Dashboard contents Navigation menus Screen elements including field labels and tips Error messages It would also be possible to provide description for firewall rule, various policies, services and various custom categories in Turkish language. This feature should be considered as Beta from this version. It will be communicated when feature will be made generally available in the subsequent builds. Build 16 1. SSL VPN within Cyberoam Appliance The VPN feature is extended to include SSL VPN functionality within Cyberoam to provide secure access for the remote users. It delivers set of features and benefits to make them easier to use and control to allow access to the Corporate network from anywhere, anytime. Cyberoam SSL VPN is platform, device and location independent as it supports site-to-site and road warrior tunneling. It offers granular access policies, bookmarks to designated network resources and portal customization. Two operational modes are provided: Web access mode allows remote users to access Enterprise Web applications/servers just the Web browser through an End-user Web Portal and without the need of any additional Client. Cyberoam authenticates the users and redirects to the End-user Web Portal through which Enterprise Web applications/servers can be accessed. In Full access mode remote users requires the SSL VPN Client for access. The mode is ideal when Corporate network is to be accessed from Internet cafes, hotels etc. Full access mode can provide full as well as split tunneling. Split tunneling ensures that only the traffic for the private network is tunneled and encrypted while in full tunneling private network traffic as well as other Internet traffic is also tunneled and encrypted. Further, it is also possible to restrict the access to the certain hosts of the private network. User’s access to private network is controlled through his SSL VPN policy while Internet access is controlled through his Internet Access policy. SSL VPN policy of the user can be configured at the time of adding user or later whenever required. As End-user Web Portal is an entry point to the Corporate network, it is possible to customize the portal interface by including company logo and a customized message to be displayed to users when they log in to the portal to access network resources. Compatible Browsers: Microsoft Internet Explorer 6.0, Mozilla/Firefox 1.5 Supported Clients: Windows Default settings: Full access mode enabled and can be disabled from SSL VPN Policy SSL VPN as a Network Services enabled for all the zones except VPN zone and can be disabled from Local ACL. End-user Web Portal Access Browse to https://<WAN IP address of Cyberoam:port> Default port: 8443 SSL VPN Client & Configuration Download Path End-user Web Portal Feature available in Web Admin console as menu “SSL VPN” and few fine-tuning and troubleshooting commands are added CLI console. Refer to Console guide for details. 2. Category based Bandwidth Allocation Unmanaged bandwidth leads to poor productivity due to delay in critical applications and sometimes even lost opportunities. Hence, now Cyberoam also allows allocating bandwidth based on the Web category apart from allocating and prioritizing bandwidth based on users. It will not only improve the network productivity by limiting the bandwidth used by the recreational applications but also guarantees the performance of the critical business application. To achieve high degree of network utilization and fairness, Cyberoam: Classifies traffic based on Web Category Provides differentiated bandwidth based on the Web Category under which the URL is categorized. A Web Admin feature implemented through Bandwidth policy, Web Category and Firewall rule. When configured, bandwidth will be applicable, whenever the URL falling under the Web category is accessed. 3. MAC and IP-MAC filtering To improve the security of the network, now one can enable MAC address filtering. By enabling “MAC Filtering”, Cyberoam will drop the packets received from all the MAC addresses not configured in the “Trusted MAC address” list. Using MAC address filtering makes it more difficult for a hacker using random MAC addresses or spoofing a MAC address to gain access to your network as the traffic does not even reach firewall. Similarly, it is also possible to filter packets based on IP-MAC pair. Feature prevents hosts which try to violate trusted IP-MAC pair. For this, Administrator has to configure the list of trusted MAC address and bind with IP address. When IP spoofing is enabled, Cyberoam will reverse lookup for the route and if not available will log and drop the packets. One can even enable restriction on zones for granular restriction. A Web Admin console feature available as submenu “Spoof Prevention” of “Firewall” menu docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 87/409 ١١٢١٠٢/٤/ 4. ARP Poisoning Control Cyberoam Docs ARP poisoning is a layer-2 attack, where the attacker sends spoofed ARP packets to the network, with a purpose of advertising its own MAC address for some IP address that does not belong to the attacker’s host. In this way, the attacker makes the devices in the LAN to send the Ethernet frames to the attacker instead of the intended destination. Generally the ARP poisoning is used to capture all traffic intended for the default gateway or other important IP address, such as a server. Cyberoam provides a protection from this poisoning by associating IP address, MAC address and Port and storing this association as a Static ARP entry. Whenever ARP packets arrive on the Interface, Cyberoam will check the ARP entries and considers it as an attack if mismatch is found. If it is an attack, Static ARP entry will not be updated and logged. A Web Admin console feature available as submenu “ARP” of “System” menu 5. Cyberoam Transparent Authentication Suite – Clientless SSO From this version onwards, Cyberoam introduces clientless Single Sign On as a Cyberoam Transparent Authentication Suite (CTAS). With Single Sign On authentication, user automatically logs on to the Cyberoam when he logs on to Windows through his windows username and password. Hence, eliminating the need of multiple logins and username & passwords. But, Clientless Single Sign On not only eliminates the need to remember multiple passwords – Windows and Cyberoam, it also eliminates the installation of SSO clients on each workstation. Hence, delivering high ease-of-use to end-users, higher levels of security in addition to lowering operational costs involved in client installation. CTAS Download path http://www.cyberoam.com/clientless_sso.html 6. Layer 2 Firewall support The Firewall feature is extended to include MAC address to provide secure access. It means now, access to the internal resources can be granted based on the MAC address. Till previous versions, firewall rules were created based on source and destination IP addresses, services and user identity but now they can be created based on MAC address also. A Web Admin console feature available in “Add” page of “Host” submenu and implemented through a MAC based Firewall rule. 7. L2TP and PPTP VPN traffic scanning support Till previous versions, it was not possible to apply firewall rules to the L2TP and PPTP VPN traffic and due to this, such traffic was not scanned. This resulted into unprotected VPN traffic. Now, threat free tunneling i.e. scanning for viruses, spam, intrusion attempts, inappropriate web content and unwanted network applications is extended to the L2TP and PPTP traffic also. Hence, firewall rules can be applied even to the L2TP and PPTP VPN traffic resulting into the clean VPN traffic. Hence from this version onwards, VPN zone firewall rules will be applicable to the IPSec, L2TP and PPTP traffic. There are no Web Admin or CLI console changes for this feature. 8. DHCP Relay support With DHCP, clients send requests to locate the DHCP server(s) using broadcast messages. However, broadcasts are normally only propagated across the local network. This means if DHCP server and client are not on the same physical network, they will not be able to communicate. To solve this problem, Cyberoam can now be configured as a DHCP Relay Agent which acts as a link between the client and the remote DHCP server. Cyberoam intercepts internal client’s DHCP requests and relays to the pre-configured DHCP server. The server then responds to the Cyberoam which in-turn forwards the response to the client. If DHCP Relay Agent is not configured, clients would only be able to obtain IP addresses from the DHCP server which is on the same subnet. A Web Admin feature available as submenu “DHCP Relay” of menu “Configure Network” At a time, Cyberoam can either act as a Relay agent or an IP leasing agent i.e. DHCP server. Hence, if server is configured, one will not be allowed to configure relay agent and vice-versa. 9. Spam Digest support The Spam Digest is an e-mail message that will be received by administrator and/or users. The digest with the listing of all the quarantined messages is mailed to the user as per the configured frequency. It will contain hyperlink to MyAccounts page where user can login and manage his quarantined mails. A Web Admin console feature available as submenu “Spam Digest Setting” of “Anti Spam” menu. Prerequisite - “Gateway Anti-Spam” module subscribed. 10. “Release” Action for False positive or Quarantined Spam mails Now, Quarantined spam mail can be released to the intended recipient. Administrator can release the mail from the Quarantine area (AntiSpam → Configuration → General Configuration) while user can release from his my account page (Quarantine Mails → Spam). Till previous version, it was not possible to release the spam mail to the intended recipient. 11. “IP Reputation” – additional layer for Spam filtering Cyberoam has now added an “IP reputation” layer for email filtering to its existing Anti spam detection technology along with the Recurrent Pattern Detection technology. It dynamically classifies and reclassifies the reputation of each source IP and maintains a database of addresses used spammers and legitimate mailers. It fights the unwanted mail at the perimeter, reducing the incoming spam messages at the entry-point, before these messages enter the network resulting into reduced system resources and bandwidth usage. A Web Admin console feature available as “Verify Sender’s IP reputation” in “General Configuration” page of “Anti Spam” menu. If enabled, Cyberoam dynamically checks the sender IP address and rejects the SMTP connection if IP address is found to be responsible for sending spam mails. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 88/409 ١١٢١٠٢/٤/ Cyberoam Docs As it is a global option, if spam scanning is enabled, all the mails will be first subjected to IP reputation filtering followed by filtering based on actions configured in spam policy. At the time of v 9.6 upgrade, if the Gateway Anti Spam module is already subscribed, the option will not be visible on the Web Admin console. But, if upgrade is applied on the trial version of the Gateway Anti Spam module, the option will be displayed. To use the feature, one has to purchase a new license of Gateway Anti Spam module and re-subscribe the module with the new key. Subscribing with the new key will allow to filter spam mailed based on IP reputation as well as RPD (recurrent pattern technology) technology. 12. RBL-based Spam filtering without Anti Spam License Cyberoam detects spam mails based on: RBL (Realtime Blackhole List) Mass distribution pattern using RPD (Recurrent Pattern Detection) technology Till previous versions, to use any of the above specified methods, a valid license for “Gateway Anti Spam” module was required. But now, RBL-based spam filtering can implemented without subscribing to “Gateway Anti Spam” module. By implementing, only the RBL-based filtering, chances of receiving more number of false-positives cannot be ruled out. There is no Web Admin or CLI console change for this feature. 13. Full tunnel support for IPSec VPN With full tunnel support, entire branch office Internet traffic can be routed through a single gateway. This type of configuration is needed for head office (HO) and branch office (BO) networks where the entire branch office Internet traffic is to be routed through gateway of HO i.e. the access to the Internet for BO is provided through HO. Additionally, there are minimal chances of branch office network compromise as traffic to the destination will always appear to originate from the gateway of the head office irrespective to its actual origin i.e. branch or head office. Again as entire traffic traverses through HO, administrator can define the access policy in HO to control and monitor traffic centrally from Cyberoam deployed at HO. It can be implemented simply by configuring 0.0.0.0 as local and remote network respectively in VPN policy for head office and branch office. There is no Web Admin or CLI console change for this feature. 14. French language support for Web Admin Console To cater to the French speaking customer, Cyberoam has added support of French language in Web Admin console. Following elements of Web Admin Console will be displayed in French: Dashboard Alerts Dashboard contents Navigation menus Screen elements including field labels and tips Error messages It would also be possible to provide description for firewall rule, various policies, services and various custom categories in French language. Behavior change Build 16 1. LAN Bypass By default, LAN Bypass will be enabled and hence whenever Cyberoam gets rebooted or halted manually, Cyberoam will automatically go in bypass mode. Once the system is rebooted successfully, traffic will flow normally. LAN Bypass can be disabled from CLI console. LAN Bypass is supported only when Cyberoam is deployed in transparent mode and for CR500i, CR1000i and CR1500i appliances. 2. Anti Spam Anti spam General Configuration for SMTP connections’ spam checking - “Enforce Anti Spam policies for SMTP Authenticated Connections” is renamed as “Bypass Spam check for SMTP authenticated connections”. As a default behavior, SMTP authenticated connections will now be bypassed from RBL and RPD based spam checking. Miscellaneous changes Build 76 1. Manage Live Users page – ‘Bandwidth’ column is renamed as ‘Data Transfer Rate’. Build 60 1. SIP (Session Initiation Protocol) - signaling protocol support which enables the controlling of media communications such as VOIP. Support is added in the form of System module which can be enabled when required from Web Admin Console, System Modules Configuration page. 2. SSL VPN connections can be disconnected from “Manage Live SSL VPN Users” page 3. CLI command “set http_proxy multiple-webcategory” is added to enable categorization of a single URL into multiple Web Categories. Command can be executed from Option 4 Cyberoam Console. By enabling this categorization, Bug ID 1168 of categorization can be solved. 4. Option to configure HTTP Download file size limit is provided on Web Admin Console from Internet Access Policy. 5. To reduce the support calls on how to retrieve Customer Account details - email address and password if forgotten, Forgot Email Address and Forgot Password links are provided on Add On Modules Subscription page of Web Admin Console. Build 30 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 89/409 ١١٢١٠٢/٤/ 1. Cyberoam Docs Following CLI command added (Menu Option 4. Cyberoam Console) To set the link bandwidth i.e. bandwidth provided by Service Provider and can be used as “set bandwidth max-limit <number>” and to view the configured limit, use the command “show bandwidth max-limit”. Default=100mbps To enforce bandwidth restriction on the traffic on which the bandwidth policy is not applied so that guaranteed bandwidth is available to the users to whom the guaranteed bandwidth policy is applied, configure “set bandwidth guarantee enforced”. If guarantee is enforced, default bandwidth policy will be applicable to the traffic on which bandwidth policy is not applied. You can set the guaranteed and burstable bandwidth and priority on this traffic. This bandwidth is applicable on Internal (LAN and DMZ) to External zone (WAN and VPN) traffic and External to Internal zone traffic. Default Guaranteed bandwidth = 0 kbps, Burstable bandwidth = max-limit, priority = 7 (lowest). Guaranteed and burstable bandwidth can be defined as “set bandwidth default-policy guaranteed <number> burstable <number> priority <number>” If you do not want to enforce the bandwidth restriction on the traffic on which the bandwidth policy is not applied, configure “set bandwidth guarantee lenient”. To view the default policy configuration, use “show bandwidth default-policy” Build 16 1. Certificate Management is now the part of System Management. 2. DHCP server can now be configured on all the Internal Interfaces i.e. LAN and DMZ 3. For a single Interface, it is now possible to configure multiple dynamic IP address range. Known Behavior Build 30 1. Link Bandwidth configuration - It will take approximately 5 minutes for the link bandwidth value to be effective. Discontinued Feature Build 16 Logon Pool from Web Admin Console - As logon pool is a collection of IP addresses of Authenticated Networks, instead of creating them separately, Authentication network nodes are now provided directly on the configuration pages whenever required. For example, in “Add User” page, under “Login Restriction”, one can type Authenticated Networks IP address directly. Deployments where logon pool is configured will not have to do any configuration changes. CLI Console command to set number of simultaneous DNS requests that can be handled by Proxy server i.e. set http_proxy dns_threads (Menu Option 4. Cyberoam Console) CLI console – Menu Option 5. Cyberoam Management, Option 15. Logging Management and its submenu Option 5.15.1 Network Logging Management CLI console - Option to restore backup of v 7.4.2.x from (Menu Option 5. Cyberoam Management, Option 16. Restore Backup of Version 7.4.2.x) Bugs solved Build 78 Backup & Restore Bug ID – 2067 Description – Backup and restore process takes long time, as incorrect report tables were included in backup. HA Bug ID – 1505 Description – When one of the nodes in HA cluster gets rebooted, both the nodes get deactivated. This happens only when either of the cluster node is CR50ia or CR100ia models. Bug ID – 2066 Description – HA failover takes long time as incorrect report tables were synchronized. Proxy Bug ID – 2905 Description – Due to assertion failure, proxy connection breaks. Build 76 Anti Spam Bug ID – 1973 Description – Contents of Quarantine Mails page of My Account are not displayed in web browser - IE version 6 and 8. Backup and Restore Bug ID – 895 Description – When backup of appliance configured in HA is restored on a single appliance i.e. not configured in HA, Anti spam server does not start Group Bug ID – 1885 Description – Even after changing the user group, previous user group policies are applied. This situation observed for CTAS user only. IPS Bug ID – 1915 Description – It is not possible to change the default action "detect" of certain IPS signatures of Web Access category. This is observed when one tries to change the action of all or the individual signatures in the category. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 90/409 ١١٢١٠٢/٤/ Reports Cyberoam Docs Bug ID – 1510 Description – In Data transfer reports, total monthly data transfer exceeds the sum of the daily data transfer. Bug ID – 1693 Description – When the report flows through multiple pages, instead of including all the records in CSV report file, only those records which are displayed on the current page are included. For example, if report has 200 records but on the current page only 50 records are displayed than the CVS file contains only 50 records. Bug ID – 1908 Description – Column headings of the Reports in CSV format displays HTML tag information. SSL VPN Bug ID - 1761 Description - In case of external certificate, SSL VPN connection cannot be established if the user does not have SSL Client certificate i.e. user needs certificate with "client support". System Bug ID – 269 Description – NTP Client when installed, CPU performance is affected due to high CPU utilization by NTP Client. Bug ID – 1781 Description – DHCP Lease Type cannot be changed from dynamic to static and vice versa for the same IP addresses. For example, after configuring static lease type with IP address 10.8.5.29, lease type cannot be changed to dynamic with lease range 10.8.5.1 – 10.8.5.50. User Bug ID – 1055 Description – SSO client user session is not getting disconnected after the configured session timeout. User login time automatically gets changed every 3 minutes and due to this, session start time (login time) of the live user is changed to the current time. Bug ID – 1172 Description – User authentication session does not timeout at the configured time. Bug ID – 1666 Description – If the user is configured in the External authentication server as well as Cyberoam then instead of External server, Cyberoam authenticates the user. This situation occurs only when CHAP authentication is configured for PPTP connections. Bug ID – 1953 Description – When deactivated, Single Sign On (SSO) live user gets deactivated only at next login. Ideally, user should get deactivated immediately. VPN Bug ID – 1944 Description – Net-to-Net VPN connections for the WAN port for which the gateway is not configured cannot be activated. Bug ID – 1964 Description – All the Cyberoam users even when they are not allowed to access through PPTP, can establish PPTP connection. Ideally, only those Cyberoam users who are allowed access through PPTP should be able to establish PPTP connection. Web Admin console Bug ID – 1659 Description – In the Chinese GUI, on the User > User Add user page, the User Type drop-down lists the same options. Bug ID – 1896 Description – At the time of creating custom Web category, it is possible to add foreign language keywords in category name. Bug ID - 1958 Description - When Cyberoam Central Console (CCC) pushes the already existing firewall rule again in Cyberoam, Manage firewall page of Cyberoam displays only the recently pushed rule and does not display any other firewall rules. Build 62 HA Bug ID – 1505 Description – When one of the nodes in HA cluster gets rebooted, both the nodes get deactivated. This happens only when either of the cluster node is CR50ia or CR100ia models. Routing Bug ID – 1927 Description - OSPF routes are not synchronized in Active-Active HA cluster, due to which Auxiliary appliance is not able to serve the HTTP request. SSL VPN Bug ID – 1981 Description –When more than 1000 users are registered at the time upgrade and Certificate Authority is configured, it is not possible to upgrade from v 9.6.0.34 to any higher versions. System Bug ID – 1966 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 91/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – When Cyberoam is configured as direct proxy in version v 9.6.0.60, users face following issues: 1. 2. 3. Unable to send mails through Gmail Not able to connect to MSN messenger Some contents of website are not displayed Work around - Enable "multiple category" from CLI using following command: set http_proxy multiple-webcategory enable Build 60 Anti Spam Bug ID – 1178 Description – Spam policy events – add, update, delete were not logged in Audit logs. Bug ID – 1655 Description – Even if mail is successfully released from the Quarantine area, successful release message is not displayed. This is observed only with browser Internet Explorer 6. Bug ID – 1656 Description – It is not possible to download the quarantined mail through the browser Internet Explorer 6 but it is possible through browser Firefox Mozilla. Anti-Virus Bug ID – 1605 Description – Even when virus scan policy is configured to allow mails with protected attachments, such mails are getting blocked. Bug ID – 5513 Description – When virus scanning and Internet Access policy is applied, one cannot access URLs e.g. http://webcam.www.gov.tw/index.htm which requires connecting to port 20480 through Internet Explorer browser but the same sites accessible through Mozilla Firefox. Bug ID – 5704 Description – When Cyberoam detects and strips the protected attachment from the mail, Administrator and Mail Receiver is sent a Notification mail with incorrect reason. Notification mail reads as “Infected attachment removed” but should read as “Attachment removed”. Even the name of the file which was stripped is not included in the mail. Administrator receives only the Notification mail without the original message even if “Send Original” action is configured in the Virus Scan policy. Dashboard Bug ID – 1452 Description – Some of the IPS Alerts are displayed without Signature definitions in the IPS Alerts Doclet of Dashboard. Bug ID – 1653 Description – After closing any of the doclets, Dashboard cannot be reset with the “Reset” button. Bug ID – 1712 Description – If the user has saved Web Admin Console password, on updating any parameter of VPN connection, Preshared key gets replaced with this saved password. This is observed only when Web admin console is accessed via Firefox Mozilla. Bug ID – 1827 Description – Mismatch in count of concurrent sessions displayed on Dashboard - System Usage doclet and Live User page on Web Admin Console. Bug ID – 1877 Description – Mismatch in count of concurrent sessions displayed on Dashboard - System Usage doclet and Live User page on Web Admin Console. Due to this, sometimes users are not able to logon where CR25i models are deployed as concurrent sessions count exceeds the user license. Firewall Bug ID – 1170 Description – Firewall rule does not display the file upload statistics i.e. number of bytes uploaded. Bug ID – 1179 Description – It is possible to create an “IP” Protocol based service under “Other” protocol with any protocol number. Bug ID – 1555 Description – When Cyberoam is configured as Proxy, it is sometimes possible to access certain application even after logging out. Bug ID – 1681 Description – When the VPN connection gets established through Cyberoam, data transfer via VPN Tunnel fails as VPN route does not get created. Bug ID – 1720 Description - Web Filtering proxy may cause timeout issues while downloading files from the web sites if data greater than the defined content-length size is received. Bug ID – 1762 Description – When the multiple MAC based firewall rules are created, Internet Access Policy applied to the first MAC based firewall rule is applied to all the subsequent MAC based firewall rules even if different policies are configured. Bug ID – 5812 Description – When Strict policy is applied through Network Configuration Wizard, users are able to access the Internet but ICMP protocol is blocked as a result not able to ping any WAN IP address. High Availability Bug ID – 1771 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 92/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – If HA Administrator username includes white space (blank) CLI commands do not work. Bug ID – 1773 Description - In a HA cluster after failover, static routes configured in primary appliance are not added in secondary appliance. Internet Access Policy Bug ID – 1168 Description – It is not possible to categorize URL into multiple categories. Logs and Reports Bug ID – 402 Description – Recent Mail Viruses detected doclet of Dashboard displays recipient name with special characters. Blank report page is displayed when one clicks the link to view the details. Bug ID - 1543 Description - When "Manager" rights is assigned to the Active Directory User in Cyberoam, user is not able logon to view reports i.e. user is of the Type "Manager" Bug ID – 1606 Description – Session time mismatch in Internet Usage report i.e. total used time does not match with session start and stop time. Bug ID – 1657 Description – Few signatures in the IPS Alert report do not provide hyperlink to view the signature details. Bug ID – 1768 Description – All the reports except for Blocked Attempts reports for the previous day are generated without data i.e. blank. This issue is observed only in the CR15i models. Bug ID – 1856 Description – If the proactive reports mail frequency is updated on Sunday or Monday then the Weekly Proactive reports for that week are not mailed. Bug ID – 5521 Description - “Category wise trends for yesterday” proactive report is mailed without any data. Online Help and Documentation Bug ID – 1437 Description – The SSL VPN End User portal help included the screen images of previous version. Bug ID – 1532 Description – The Online help text for restricting unknown IP address on trusted MAC was misleading. Bug ID – 1684 Description – The Online help text for static ARP was confusing. Bug ID - 1753 Description – The Online help text on Manage Live SSL VPN Users included incorrect information. It was mentioned that “Page also display their important parameters like Username, Source and leased IP address, Access mode, date and time when connection was established, tunnel type and data transferred.” But text should be “For the connections established through Web access mode only username, access mode and date and time when connection was established will be displayed.” Single Sign On Bug ID – 1487 Description – After SSO is configured, it is not possible to differentiate between local and domain user. As a result if user logs on as an “Administrator” user on the local system, user gets the access of all the resources allowed to the domain administrator user. SSL VPN Bug ID – 1669 Description – On resetting to the factory default configuration after upgrading to version 9.6.0 build 30, SSL VPN End-user Web portal becomes inaccessible. Bug ID – 1742 Description – In SSL VPN Full tunnel mode, Cyberoam Web Admin console becomes inaccessible. This issue is found only in versions 9.6.0.16 and 9.6.034 System Bug ID – 373 Description – Factory default retains Mail backup schedule. Bug ID – 441 Description – After upgrading to version 95824, it was possible to rollback to the multiple versions. Ideally, rollback should be allowed only for the immediate previous version. Bug ID - 523 Description - When DDNS is configured for multiple PPPoE links, and if both the links go down, DDNS server is not updated with the correct IP addresses after any of the links comes up. Bug ID – 1500 Description – Interface based IPSec routes are flushed on reboot or restarting management services. Bug ID – 1716 Description – NAT is not supported when Cyberoam is deployed in transparent mode. Bug ID – 1729 Description – SNMP server stops responding after changing the default HTTP Proxy port. This issue is observed from version 9.6.0.16. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 93/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 1745 Description – When Internet Access policy is applied, Cyberoam does not allow to download any file using SVN command from Linux system but allows to download through any Windows based Browser. Bug ID – 1832 Description – When more than 10 DHCP servers are configured by enabling Cyberoam’s DNS settings, on updating DNS details, DHCP server stops responding. Bug ID – 1882 Description – When Cyberoam is deployed as bridge and Parent Proxy authentication is enabled, it is not possible to upload any file on secure websites. VPN Bug ID – 1005 Description – The road warrior policy with DES-SHA1 algorithms is exported as 3DES-SHA1 i.e. wrong algorithms. Bug ID – 1588 Description – When more than one backup links are configured, VPN connection does not failover between the other backup links. Web Admin Console Bug ID – 1615 Description – On Create Data Transfer Policy page, Data transfer limit "MB" is not translated correctly as "Mo" in French language. Bug ID – 1649 Description – Manage Live users page sometimes shows upload and download data transfer value as zero. Bug ID – 1652 Description – In the French GUI, on the VPN > Policy > Create Policy page, after selecting the template, template values are not loaded. Bug ID – 1686 Description – Mismatch in password length on · Add and Edit User page · Appliance Registration page and Add on Subscription Module page Bug ID – 1688 Description – "Back" button in View Bandwidth Usage page of Web Admin Console is not working. Bug ID – 1708 Description – At the time of creating Custom Web Category, only 255 characters can be specified for Domains list. Bug ID – 1721 Description - IPSec VPN Policy does not show the configured DH Group in Browser - Internet Explorer but it is shown in Firefox Mozilla. Bug ID – 1725 Description – At the time of creating a new VPN Policy based on the policy with which the IPSec connection is already established, “Keying Method” option is greyed and can not be configured. Bug ID – 1770 Description - It is not possible to change the action for IPS signatures from IPS policy when Web Admin Console is accessed via a web browser IE version 8 Bug ID – 1776 Description – When VPN policy is created using "None" template, blank policy is created. Bug ID – 1787 Description - Mail reports display junk characters if Chinese character strings in Big5 encoding is included in the mail subject. Bug ID – 1823 Description – When user tries to login through HTTP Login page, even if user has not saved the password, password is automatically filled in i.e. auto-completed. This happens if user has disabled "Save Password" option after enabling it once. Bug ID – 1848 Description – After restoring backup of version 9.4.2.6, users are not able to login. Build 34 SSL VPN Bug ID – 1442 Description – Certificate issued by external Certificate Authority is not supported. Bug ID – 1468 Description – When third-part Certificate is used, no SSL VPN configurations are included in the VPN Client configuration file i.e. blank file is downloaded Bug ID – 1669 Description – On resetting to the factory default configuration after upgrading to version 9.6.0 build 30, End-user Web portal becomes inaccessible. Build 34 Anti Spam Bug ID – 1020 Description – If SMTP authentication is configured, at the time of releasing spam mail error - “Error while releasing email” is received. Clientless User Bug ID – 474 Description – It is not possible to search Clientless user with IP address. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 94/409 ١١٢١٠٢/٤/ Bandwidth Cyberoam Docs Bug ID – 535 Description – Committed Bandwidth policy does not work as per the configuration. Bug ID – 4884 Description – User-based Shared Bandwidth policy does not work. Firewall Bug ID - 1060 Description – When FTP scanning is enabled, Cyberoam drops all those connection requests whose FTP server response packet length exceeds 1024 characters Bug ID – 1238 Description – Virtual LAN does not work for appliances models – CR50ia, CR100ia Bug ID – 1465 Description – When Parent Proxy is configured, HTTP request does not reach Proxy server and as a result, it is not possible to upgrade IPS or AV signatures database. Bug ID – 1484 Description – When scanning is enabled, it is not possible to connect to FTP server from any of the Alias subnet. Bug ID – 1526 Description – When sending large email, SMTP scanning sometimes caused a server timeout. This situation is observed in CR250i and CR500i appliance models only. Bug ID – 1575 Description – Due to large IP-based Virtual hosts configuration, after rebooting or restarting management services, system takes time to come up. Bug ID – 5925 Description – Advanced Firewall custom setting configured from CLI console are not retained after restoring backup from version 9.5.3 build 22 and version 9.5.4 build 66 to version 9.5.4 build 86. High Availability Bug ID – 1464 Description – In some cases, HA configuration was possible only after disabling the model check. PPPoE Bug ID – 3816 Description – When PPPoE is enabled, Cyberoam terminates L2TP connection within 2 minutes. Bug ID – 1456 Description – When multiple PPPoE links configured, even if all the links are up, request goes through single gateway only. Proxy Bug ID – 1440 Description – Sometimes when the Interface is configured to obtain the IP address from DHCP through Network Configuration Wizard, users are not able to access the Internet Reports Bug ID – 1127 Description – Internet Usage reports for previous month is not displayed. Bug ID – 1064 Description – Traffic Discovery Connection History reports were not available from version 9.5.9 build 33 onwards Bug ID – 1326 Description – HTTP Upload report does not display the report date and time. Bug ID – 4208 Description – Cyberoam does not save the modified Notification Email address for Reports (through Network Configuration Wizard). Due to this, mails are send to the previously configured email address only. SSL VPN Bug ID - 1241 Description – SSL VPN does not work when RADIUS authentication is configured. Bug ID – 1478 Description – When Active Directory authentication is configured, sometimes users are not able to logon through SSL VPN End-user Web Portal as currently there is no text case validation. For example, user will not be able to login if domain name is configured in Capital letter as “CYBEROM.COM” and tries to login with
[email protected]. Bug ID – 1511 Description – In certain situations, it is observed that after changing the global settings and web access gets disabled. Bug ID – 1519 Description – URL redirection does not work with Web Access mode. System Bug ID – 656 Description – Sometimes at the time of downloading an email from POP3 server, the connection drops intermittently and due to this the entire downloading process restarts. Hence user receives each mail twice or thrice. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 95/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 1007 Description – After changing default Secure Web Admin Console port, reports are not accessible. Bug ID – 1077 Description – When Cyberoam is configured as Direct Proxy, in-case of primary DNS failure, switching to secondary DNS takes time and hence the Internet browsing speed might become slow. Bug ID – 1353 Description – Mismatch in the Google Search hit count on Dashboard and Google Search report Bug ID – 1404 Description – It is not possible to upload third-party Certificate. Bug ID – 1455 Description – Quarantined area is not flushed on resetting configurations to factory defaults Virtual Private Network (VPN) Bug ID – 616 Description – L2TP VPN does not work with Apple MacOS X 10.5 Bug ID – 1485 Description – It is not possible to delete VPN connection after updating VPN policy. Bug ID – 1570 Description – Special character Hash (#) not supported in Preshared key. Web Admin console Bug ID – 1047 Description – After changing the default Secure Web Admin port it is not possible to reposition the Dashboard Doclets by dragging and dropping and upgrade Antivirus and IPS signature. Different behavior is observed for different Web Browsers. Bug ID – 1171 Description – On clicking “Next Page” button on Manage Active Page, instead of opening the next page of list of users, it is redirecting to “Deactivated Clientless Users” page Bug ID – 1454 Description – Duplicate domain name can be configured as Local Domain in Anti Spam Configuration. As a result SMTP proxy does not start and if SMTP scanning is configured through firewall then the internal Mail Transfer Agent does not receive the mails. Bug ID – 1467 Description – Mismatch in concurrent sessions displayed on Live User page on Web Admin Console. If there are more than 100 concurrent sessions, by default, it displays only 100 live users but “Concurrent Sessions” count includes all the sessions. One needs to click “Show All” link to view the entire list. Bug ID – 1451 Description - After changing the Web Admin console language to French language, some of the dashboard components are not displayed in French and some components of Console itself and menu with the long names are not displayed properly. Bug ID – 1479 Description – After changing the Web Admin console language to French language, one is not able to use Network Configuration wizard. Bug ID - 1482 Description - When one tries to change the Gateway type i.e. Active to Backup of the PPPoE link, error “Gateway name already exist” is displayed. This situation occurs when multiple ISP links with the same gateway IP address are configured. Bug ID – 1486 Description – When Web Admin Console language is set to “French” user groups cannot be created. Build 16 Categorization Bug ID – 531 Description – All the URIs which include “.au” are incorrectly blocked under Audio File Type category. Clientless User Bug ID – 89 Description – When not a single Logon Pool based Bandwidth policy is configured, it is not possible to create Clientless user. In other words, one needs to configure atleast one log on pool based bandwidth policy to add clientless user and group. Bug ID - 683 Description – Even when IP address (login restriction) for Clientless user is mandatory, it is possible to update the details by leaving the IP address field blank. Dashboard Bug ID – 950 Description – Dashboard data is not flushed when backup is restored on another Appliance. Group Bug ID – 972 Description – Normal users can be as the member of Clientless group but as per the default behavior, clientless group cannot have normal users as a group member. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 96/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 6226 Description - Error “IPs are already in use” is received when one tries to create multiple clientless users for the IP address range added to the existing logon pool. Hence, one has to create single clientless user for the individual IP address for the required range. For example, if additional 50 addresses are added in the IP range, one has to create clientless user for each IP address one by one. Again, if the network is not in the Auth Network, users will be activated but will not be able to logon. Due to this, users will not be displayed in the Manage Live User or Manage Clientless User page but search result will display the list of newly added clientless users. One needs to restart management services from CLI console after adding network in Auth Networks. High Availability Bug ID – 854 Description – Virtual host does not when HA cluster is configured. Bug ID – 648 Description – When OSPF routing is configured, connectivity delay is observed after restarting primary appliance. Bug ID – 722 Description – In Active-Active HA cluster, gateway becomes unreachable i.e. dead if static ARP entry is added for gateway. Bug ID - 6533 Description - Data transfer of the live users (Manage Live Users page) reflects the data transfer through primary as well as auxiliary appliance when HA is configured. Description - User based Data transfer policy can now be configured when HA is configured. Intrusion Prevention system Bug ID – 826 Description – In “cyberoam signatures” category, for the signatures whose action is “OFF” are displayed with action as “ON” after editing other signature parameters. Bug ID – 919 Description – Custom IPS signature are retained on resetting to factory default settings. Bug ID – 5487 Description – Certain Internet Banking sites were not accessible due to Ultrasurf IPS signature. Logs and Reports Bug ID – 954 Description – Inconsistent Bandwidth usage graph title. Displays data transfer as Bytes/Sec instead of Bits/sec for weekly, monthly and yearly reports. Language Multiple language translation issues like incorrect translation, spelling mistakes are resolved. Multiple Gateways Bug ID – 473 Description – Gateway Status change alert messages where mailed at the HA Admin Email ID only High Availability cluster is configured. Due to this, Cyberoam Administrator does not receive such mails if HA was not configured or Appliances in which HA feature is not supported. Now, all the gateway status related mails will be mailed at the Cyberoam Administrator Email ID configured from Network Configuration Wizard and not the HA Admin Email ID. HA Admin will receive only the mails related with the HA. System Bug ID – 83 Description – When the time zone is updated from Web Admin Console, time displayed on Web Admin and CLI console does not match. One needs to restart management services from CLI console to resolve this issue. Bug ID – 316 Description – Firewall Bypass rule created from Advanced Firewall rule configuration of CLI console is not removed after resetting to factory default. Bug ID – 455 Description – Cyberoam is not able to learn route when RIP routing is configured in plain mode i.e. when authentication is not enabled Bug ID – 473 Description – Gateway Status change alert messages where mailed at the HA Admin Email ID only High Availability cluster is configured. Due to this, Cyberoam Administrator does not receive such mails if HA was not configured or Appliances in which HA feature is not supported. Now, all the gateway status related mails will be mailed at the Cyberoam Administrator Email ID configured from Network Configuration Wizard and not the HA Admin Email ID. HA Admin will receive only the mails related with the HA. Bug ID – 582 Description – When using Google Chrome browser it is not possible to configure DHCP server User Bug ID – 476 Description – Single Sign On users do not receive the disconnection message sent from the Live User Page of Web Admin Console Bug ID – 958 Description – There is mismatch in the total count and number of the live users displayed on the Manage Live User page of Web Admin Console Virtual host docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 97/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 6144 Description – When Alias Interface based Virtual host is configured, one can delete Alias interface before deleting virtual host. Virtual Private Network (VPN) Bug ID – 672 Description – When “*” is configured as remote gateway in Cyberoam and remote host is configured on dynamic IP address, multiple IPSec tunnels cannot be established between remote host and Cyberoam. This happens because Cyberoam does not support mix mode tunnels i.e. one tunnel with Authentication mode as “Main” and another as “Aggressive”. To establish multiple connections it is required that all the tunnels established on the Cyberoam should be either set as “Main” or “Aggressive” mode. Web Admin console Bug ID – 215 Description – At the time of adding PPTP users, when one clicks “Show“, the list of group users is not displayed. Bug ID – 270 Description – Format mismatch in advanced firewall configuration parameters when CLI console is accessed through Telnet and HTTP Interface. For example, when CLI is accessed over Telnet, parameters are displayed with special character underscore (_) e.g. source_network, while parameters are displayed without underscore e.g. source network, when CLI is accessed over HTTP Interface. Bug ID – 708 Description – User is not able to logon to My Account and Diagnostic tool with the password which includes space while user is able to logon to the Web Admin Console with the same password. Bug ID – 749 Description – If more than one Firewall log is not configured for syslog server from System > Logging > Logs Configuration page, Cyberoam does not send firewall rules log to the syslog server 1.2.1.1.3. Known Issues (v 9.6) Last Updated - 27/01/2010 The purpose of this list is to give an overview of known issues. The ID denotes the internal Cyberoam bug tracking ID and will be shown in the Bug Fixes if the issue is fixed. Anti Spam Bug ID - 4511 Description – Change in Administrator Email id for Anti virus and Antispam notifications from Web Admin console is not reflected on CLI Console. Bug ID - 4627 Description –When Outlook 2007 is configured as a Mail Client to retrieve mails through IMAP protocol, IMAP prefix subject does not work. Bug ID - 5194 Description – Anti Spam “From Email Address” Advanced rule does not work as expected. Anti Virus Bug ID – 963 Description – Cyberoam does not quarantine suspicious mails and mails with protected attachment. Bug ID - 4157 Description - Even when Anti virus scanning is disabled in the Firewall rule, HTTP Live session statistics display AV scan time as 1 second. Bug ID – 5616 Description – When a firewall rule for virtual host is created for HTTP access and virus scanning is enabled, Cyberoam allows to upload the virus infected file i.e. does not detect and block the virus infected file Backup and Restore Bug ID – 1650 Description – After restoring backup of CR100i on CR200i, bandwidth graphs are not displayed. Bug ID – 6222 Description – After restoring backup, virtual host does not work. This situation occurs only when cross model backup is restored e.g. CR500i back is restored on CR100i Bug ID – 6291 Description – When cross model backup is restored, Source zone and host are not restored and remain blank Bug ID – 6339 Description – CLI password is not restored but changed to the default password after restoring backup of V 9.5.4 build 86 on V 9.5.8. Bug ID - 6461 Description - After restoring backup, bypass stateful firewall configuration (from CLI) is not restored if configured Bandwidth policy Bug ID – 1494 Description – At the tome of simultaneous upload and download there are chances that guaranteed upload and/or download bandwidth may not get fulfilled and get less than the configured bandwidth. Workaround: 1. Create different Bandwidth Policies for upload and download, if possible. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 98/409 ١١٢١٠٢/٤/ Cyberoam Docs 2. Create single “Total” Bandwidth Policy (guaranteed bandwidth = upload guaranteed + download guaranteed) to get better guaranteed bandwidth. Bug ID – 4746 Description – Cyberoam does not allocate bandwidth as per the configured User based Bandwidth policy. Categorization Bug ID – 2382 Description – Access denied message displays incorrect category name when access to File Type category is not allowed. Bug ID – 3357 Description – After removing URL from the custom category, Cyberoam does not include the removed URL in any of its default categories. For example, by default, “google.com” is categorized in “SearchEngine” default category but a custom category “webmail’ is created for “google.com”. After removing “google.com” from “webmail” category, it is not included in default category. Bug ID – 4389 Description – “Allow” Type Internet Access policy does not block Yahoo file transfers. Clientless Single Sign on (Cyberoam Transparent Authentication Suite) Bug ID – 1165 Description – When the user logon information polling method is configured as “WMI“, user logoff event for MAC OS is not detected. Bug ID – 1538 Description – When the user logon information polling method is configured to WMI, user gets randomly logged out. This is because some machines do not support WMI query as a result does not respond to the query and hence Cyberoam logs out such users. Clientless User Bug ID – 422 Description – It is possible to include special characters like single quote, double and square brackets in clientless user name whereas only alpha numeric character, ‘_’ and ‘.’ are allowed. Bug ID – 432 Description – Whenever “Add User” button is clicked followed by clicking “Create User(s)” button, incorrect message is displayed. Message read as “Only alpha numeric character, ‘_’ and ‘.’ are allowed in username”. Message should read as “You must enter user name” Bug ID – 433 Description – Confirmation message is not displayed when clientless user is created or active Clientless user is deleted or deactivated. Command Line Interface (CLI) Bug ID - 203 Description - Command "show running-config" executed from Option 3 Route Configuration, Option 1 Configure Unicast Routing, Option 1 Configure Static-routes/ACLs does not display the default System routes. Bug ID – 792 Description – CLI Console “Admin” user password can be reset to any length from Web Admin Console but at the time of login, CLI console supports only 9 characters. Due to this, it is possible to login with the password with wrong characters after first 9 characters in a password string. Bug ID – 1661 Description – Spelling mistake in the help for “show bandwidth max-limit” command. It read as “100mbps (1kbps = 1000 bytes/sec, 1mbps = 1000kbps)”. It should read as “100mbps (1kbps = 1000 bites/sec, 1mbps = 1000kbps)”. Bug ID - 5103 Description – Executing check_disk and repair_disk CLI commands gives error in the CR500i, CR 1000i and CR1500i appliances. Bug ID - 5786 Description – Cyberoam hangs after executing “cyberoam restart all” command. Improper Confirmation message is displayed at the time of executing the command. Message reads as “Restart Cyberoam (y/n): No (Enter) > enter 'y' or press only enter key” but it should read as “Restart Cyberoam (y/n): No (Enter) > Type ‘y’ for Yes or press <Enter> key for No” Bug ID – 6008 Description – When one tries to upgrade WebCat Database from CLI console, incorrect message is appears. Message reads as "-54% Download Completed” but it should read as "54% Download Completed” Command Line Interface (CLI) over Web Admin Console Bug ID – 1067 Description – If the link speed is slow, sometimes the typed characters are displayed in incorrect sequence. Bug ID – 5924 Description – Incorrect behavior of System Date menu. Instead of asking to configure date after configuring time zone, it is asking after the Set System Date menu is closed. Correct behavior or flow for the System Date menu should be: Set TimeZone, Set Date, Exit from menu Bug ID - 6005 Description – When one tries to change the date by accessing CLI through Web Admin Console, Cyberoam accepts the invalid value for month and day and does not give any error message. Data transfer policy Bug ID – 1739 Description – User can transfer data beyond the limit configured in Data transfer policy. This happens only for those users who are authenticated through CTAS Clientless Single Sign On. Bug ID – 5636 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 99/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – When cyclic data transfer limit is configured, once the limit is attained the limit counter is reset to zero if user does not log out i.e. user can transfer data beyond the limit if does not logout. Firewall Bug ID – 777 Description – SYN flood report is not flushed even after flooding has stopped. Ideally, report should be flushed if floodind has stopped for 30 seconds. Bug ID – 1623 Description – When Cyberoam is deployed as “Bridge” and if LAN-to-LAN accept rule is created, then LAN-to-LAN rule is applied to the WAN traffic instead of LAN-toWAN rule. Bug ID – 1639 Description – When using virtual host with scanning enabled, FTP clients cannot establish the connection to the server using Active FTP. Bug ID – 2417 Description – Create and Edit Firewall Rule page does not displays correct IP address of PPPoE interface. Bug ID – 4281 Description – There is mismatch in the bandwidth usage displayed on Manage Firewall page and Live user page of Web Admin Console. Bug ID – 4346 Description – When “Drop” firewall rule is configured for DMZ or WAN zone, instead of HTTP login page, blank page is displayed. Bug ID – 5438 Description – After adding a new rule for DMZ to WAN zone, the Internet connectivity for DMZ zone is lost. To re-establish connectivity, one has to rebuild firewall state from CLI. Bug ID – 5554 Description – When multiple gateways (for load balancing) are defined on Cyberoam i.e. SNAT policy and Internet access policy is applied, users are not able to access the Internet consistently. This is because instead of using the same gateway for routing inbound and outbound traffic, Cyberoam routes outbound and inbound traffic through different gateways. Bug ID – 5645 Description – WAN to LOCAL firewall rules are not applied and because of this entire traffic follows WAN to LAN rule. Bug ID – 5868 Description – When the ports of multiple WAN links are swapped from Network Configuration Wizard, the WAN IP addresses in source based routing rules does not change automatically. One has to manually change the IPs in all the source based routing rules. Bug ID – 5928 Description – After restoring backup from version 9.5.3 build 22 to version 9.5.4 build 84, LAN to WAN firewall rules are not applied. Group Bug ID - 397 Description - Group name cannot include special characters like ‘-‘ or ‘& but when one tries to include them incorrect error message appears. The message reads “Enter valid Group Name. Only alphanumeric characters, space and ‘_’ allowed“ but should read as “Enter valid Group Name. Only alphanumeric characters and dot allowed. Bug ID – 1042 Description – After changing the user group membership, users still inherit the old group’s data transfer policy. This situation occurs only when “Unlimited” data transfer policy is attached to the new group. Bug ID – 1726 Description – For Clientless Groups on Manage Group page of Web Admin Console, instead of Hyphen (-), Enable or Disable is displayed for "Keep Alive Session". High Availability Bug ID – 103 Description – Cluster appliances transits to an incorrect state if either of the appliances gets rebooted at the time of state transition Bug ID – 1100 Description – When Active-Active cluster is configured, there is a possibility that non-http and non-https traffic might get dropped in-spite of allowing the entire traffic. Bug ID – 1592 Description – When load balancing is enabled in HA cluster, Virtual host does not work. This is observed when virtual host is created for WAN to VLAN zone traffic. Bug ID – 5330 Description – HA synchronization process does not synchronize date and time setting if updated from Network Configuration Wizard. Bug ID – 5361 Description – In Active-Passive HA cluster, removing interface alias from primary appliance does not remove from auxiliary appliance. Bug ID – 5696 Description – HA configuration is retained after resetting to factory default. Internet Access Policy (IAP) Bug ID – 1076 Description – When Internet access policy that denies “ALLWebTraffic” category is applied through user group, Access deny message displays incorrect category name but when the same policy is applied through Firewall rule, Access deny message displays the incorrect category name. Bug ID – 6233 Description – If the Internet Access policy created based on the policy template is not saved, it is possible to apply policy to the user but the access rules are not docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 100/409 ١١٢١٠٢/٤/ applied as per the policy. Intrusion Prevention System (IPS) Cyberoam Docs Bug ID – 1559 Description – IPS Alerts are displayed on "Recent IPS Alerts" doclet of Dashboard but are not displayed in IPS Reports. Bug ID – 4692 Description – Skype cannot be blocked using Skype signatures. Bug ID – 5434 Description – After upgrading to version 9.5.4 build 66 from version 9.5.3 build 22, IPS logs are not generated. This happens because, in version 9.5.4 build 66, by default, IPS logging is disabled. One has to enable IPS logging from System>Manage Data> Configure Autopurge Utility page of Web Admin Console. Bug ID – 5690 Description – “Recent IPS Alerts” doclet on Dashboard displays alerts with severity as zero instead of Critical, Moderate or Warning for the signature OpenSSL SSL_get_shared_ciphers Function Off-by-one Buffer Overflow Logs and Reports Bug ID – 259 Description – “Top 10 Categories – Data transfer wise” report displays same amount of bytes transferred for most of the categories. Bug ID – 487 Description – Gateway wise Bandwidth usage graphs are not displayed in Web Admin Console. Work around - Flush the graphs from CLI console (Option 2. System Configuration > Option 7. Bandwidth Graph Setting > Option 3. Flush All Bandwidth Graph) if : graphs are not displayed after upgrading from v 9.5.8 build 38 to 9.5.8 build 52 graphs were not displayed even in the v 9.5.8 build 38 or earlier versions, upgrade to version 9.5.8 build 52 and than flush the graphs. Bug ID – 1522 Description – Virus infected mail received through POP3 protocols are included in the “Top Virus Destination using SMTP protocol”. Such mails are scanned but not quarantined as Cyberoam quarantines mails received through SMTP protocol only. Bug ID – 1542 Description – Report – Sender email id is not displayed in the report - Top Spam senders using SMTP protocol. Bug ID – 1583 Description - Searching Internet Usage reports by IP address produces incorrect result. For example, when one searches for events by 192.168.0.1, Cyberoam displays events by all the IP addressees which contains the IP address specified as the search criteria i.e. 192.168.168.0.10, 192.168.0.11, 192.168.0.13 Bug ID – 1582 Description – Traffic Discovery reports can display details of maximum 1000 connections only Bug ID – 1772 Description – Proactive report cannot be generated for more than 60 million records. Bug ID - 4649 Description – Data field sequence mismatch in tabular and CSV format of Spam report. Bug ID - 4855 Description – Blocked File Types (attachment) reports are included in Anti Spam reports instead of Anti Virus reports. Bug ID – 5247 Description – Even when user is not able to upload or download the entire file due data transfer restriction, entire file size is considered in web surfing report. For example, if user is restricted to upload 8 MB and tries to upload 10 MB file then web surfing report displays 10 MB of data transfer instead of 8 MB. Bug ID – 5427 Description – Traffic Discovery report by Source port incorrectly displays destination port similarly Traffic Discovery report by Destination port incorrectly displays source port. Bug ID – 5476 Description – When by mistake, system date is configured to future date, Bandwidth graph (Web Admin Console) and System health graphs (Diagnostic tool) are not generated up to the configured date and time. Graphs are not generated even after configuring correct date. E.g. If current date is 10/07/2008 and system date is set to 23/12/2009 then graphs will not be generated till 23/12/2009 Bug ID – 5521 Description – “Category wise trends for yesterday” proactive report is mailed without any data. Bug ID – 5556 Description – When Anti Virus and Anti Spam subscription modules are not subscribed, blank page is displayed for Periodic Data report (Report>Anti Virus>Mail Summary). Bug ID – 5562 Description – Upload and Download Data mismatch on Traffic discovery Live Connection and Connection History page. Bug ID – 6156 Description – Hourly Trend reports should display trends for 10 hours but when the report start hour is specified as 12 or higher, report does not display trends for 10 hours. Bug ID – 6221 Description – Drill down reports of Group wise Web Surfing report displays incomplete username if it exceeds 30 characters. Multiple Gateway Bug ID – 1191 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 101/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – When the static IP address is assigned to the Gateway, Cyberoam ARP table is not updated automatically with Gateway MAC address after the gateway comes up. This situation occurs when the MAC address of the Gateway remains same. To update the table, one has to do ARPING. Bug ID – 1578 Description – When multiple DHCP servers are configured on multiple WAN interfaces then DHCP requests are also load balanced. Due to this, DHCP request is forwarded on the link on which it should not be forwarded. Bug ID – 5982 Description – Even when load balancing is implemented between multiple gateways, Internet traffic is passing through only one gateway. Bug ID – 6010 Description – When multiple gateways are configured, Gateway status is displayed as “Dead” even when gateway is “Live”. This happens because incorrect Interface information is passed to the Dead Gateway Detection module. Bug ID - 6224 Description - When three gateways are configured - two as "Active" and one as "Backup", traffic is not consistently routed through the backup gateway if both the active gateways go down simultaneously. Parent Proxy Bug ID – 361 Description – When parent proxy is configured and scanning is enabled, it is not possible to access internally hosted servers from the Internet. This is because all the requests are forwarded to parent proxy instead of the internally hosted servers. PPPoE Bug ID – 4320 Description – When PPPoE is configured, VPN daemon starts twice. Once when PPPoE is enabled and second time when IP address is leased. Bug ID - 4863 Description - Multiple PPPoE connections cannot be established from single IP address subnet. Proxy Bug ID – 459 Description – It is not possible to use Outlook Web Access (OWA) when anti-virus scanning is enabled. Bug ID – 4251 Description – When Browser proxy is configured, it is not possible to upload data on FTP server. However it is possible to upload from Command Line Interface. Bug ID - 5245 Description – HTTP Secure (HTTPS) traffic is redirected to HTTP proxy even when Internet Access policy is configured. Bug ID – 5280 Description – FTP client timeouts while uploading large files. Rollback Bug ID - 218 Description – After Cyberoam is rollbacked from version 9.5.8.x to version 9.5.4.x, Online help is not rolled backed . Routing Bug ID - 1926 Description - After adding table from privileged mode through CLI console, static routes are not displayed. One has to remove the table from the file to resolve this issue. Bug ID - 1927 Description - OSPF routes are not synchronized in ctive-Active HA cluster, due to which Auxiliary appliance is not able to server the HTTP request. SSL VPN Bug ID – 1203 Description – It is mandatory to include domain name in the username to logon to the SSL VPN End-user Portal . Bug ID – 1442 Description – Certificate issued by external Certificate Authority is not supported. Bug ID – 1508 Description – SSL VPN End-user Web Portal randomly stops responding to the login or log off request as a result a blank logon page is displayed. Bug ID – 1635 Description – ActiveX based sites are not supported in web access mode. Bug ID - 1690 Bug Description - Application using dotnet 3.5 with microsoft silverlight component will not be accessible in web access mode. Bug ID – 1697 Description – It is not possible to configure access to any Web based RDP (Remote Desktop) application through SSL VPN End-user Web Portal. System Bug ID – 324 Description – CLI console command “show network interfaces” does not display MSS value Bug ID – 484 Description – When Gateway is assigned static IP address, Cyberoam ARP table does not updated when MAC address of gateway changes. Bug ID – 774 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 102/409 ١١٢١٠٢/٤/ Cyberoam Docs Description - HTTP Proxy sends multiple IP Address information when IP lookup sites/tools e.g.www.whatismyipaddress.com, returns multiple IP Addresses. Bug ID – 957 Description – Cyberoam Interfaces that uses the Intel e1000 driver has auto-negotiation issues with few Cisco Catalyst switches. Workaround – Configure the link speed using command - set network interface-speed Port <Interface> <speed> from CLI console Bug ID – 1054 Description – HTTP downloads fail with AV scanning and transfer-encoding is set to chunk. Due to this, websites like http://weather.service.msn.com, http://esupport.3com.com, http://www.marketconnect.it, http://www.forbesnewsletters.com, http://www.mpurban.gov.in/mpusp/frm_view_tender_mpusp.aspx failed to open. Bug ID – 1362 Description – It is possible to configure same IP address for WAN Port Alias and the WAN port itself. Bug ID – 1489 Description - To manage Cyberoam through Cyberoam Central Console (CCC), one needs to change the default Web Admin console port of Cyberoam. But, this is not possible in certain deployments. As a result, Cyberoam deployed in such networks cannot be managed centrally through CCC. Bug ID – 1580 Description – Sometimes at the time of accessing URL – www.gmail.com, “Request-URI Too Large error is received. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the deployment details. Bug ID – 1611 Description – “show running- config” does not display all the configured static routes. Bug ID - 1612 Description - If IPS signature database upgrade terminates abruptly, Cyberoam version is set to 11.1.1.0 Bug ID – 1617 Description – Because System Tables are not automatically purged, Diagnostic Tool sometimes displays Database status as “Critical”. Bug ID - 1685 Description - If Email signature is configured, signatures are even added to mails of all the local domains. Ideally signatures should not be added in the mails of the local domains. Bug ID - 1687 Bug Description - Cyberoam models that uses the Intel e100 driver has Internet connectivity issues when Cyberoam is deployed as Bridge between trunk ports. Bug ID – 1714 Description – After changing the password of default CA (Certificate Authority) from Update Certificate Authority page of Web Admin Console, instead of displaying the message "Password is changed successfully", blank page is displayed. Bug ID – 1817 Description – When Cyberoam is deployed in transparent (bridge) mode, cross model backup and restore is not supported. Bug ID - 1818 Description - Diagnostic tool always shows the Gateway status as "Down" i.e. in red. Bug ID – 4283 Description - Single Sign on users are able to access the Internet even without authentication. Bug ID - 4521 Description – Non-standard ports traffic is also displayed in Port wise traffic discovery report. Bug ID - 4574 Description – Incorrect proxy status is displayed on Web Admin console. Bug ID - 4326 Description - After changing the Cyberoam deployment mode from Bridge to Gateway (Route), NATting is not enabled automatically in the default firewall rules. One has to manually apply MASQ policy in all the default firewall rules. Bug ID - 4994 Description – Backup frequency configured in the Backup schedule for the modes - FTP and Mail is not included in the system backup. Bug ID - 5071 Description – When H323 module is enabled, VoIP connection cannot be established. Bug ID - 5177 Description – When Cyberoam is configured in transparent mode, disable LAN bypass option does not work. Bug ID – 5395 Description – Cyberoam becomes inaccessible after changing the deployment mode from transparent to gateway (route), if Virtual LAN is configured. Bug ID – 5416 Description – When Cyberoam is deployed as single NIC proxy, Skype does not work. Bug ID – 5426 Description – After creating a new service, if one rolls back a browser window, browser clears away certain screen components e.g. protocol details, port number fields and also allows to create another service without protocol details or port number which is mandatory information. Bug ID – 5433 Description – Multiple alerts are displayed on the Dashboard for the single event. Bug ID – 5452 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 103/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – when parent proxy is configured in Cyberoam and IPS signature “CYBEROAM External_HTTP_Proxy“ is enabled, users are not able to access the Internet as traffic to parent proxy is dropped. Bug ID – 5453 Description – When Cyberoam is integrated with Active Directory for authentication, users are not able to logon to MyAccount if username is provided with without domain name. Bug ID – 5476 Description – When by mistake system date is configured to future date, Bandwidth graph (Web Admin Console) and System health graphs (Diagnostic tool) are not generated up to the configured date and time. Graphs are not generated even after the date is correct date is configured. E.g. If current date is 10/07/2008 and system date is set to 23/12/2009 then graphs will not be generated till 23/12/2009. Bug ID – 5479 Description – Recent IPS Alerts doclet of Dashboard displays irrelevant numbers instead of signature name. This happens only for IPS Signature Database version 2.4.14 due to multiple message files for certain signatures. Bug ID – 5528 Description – Cyberoam incorrectly allows to create NAT policy when configured in transparent mode. Bug ID – 5529 Description – When firewall rule for virtual host whose external and mapped port are not same then Cyberoam does not detect virus. For example, external port: 8080 and mapped port: 80 Bug ID – 5535 Description – Even when Cyberoam’s HTTP and HTTPS access is denied through Local ACL, Cyberoam becomes accessible if it is configured as browser proxy. Bug ID – 5549 Description – Static routes configured through CLI console are not preserved after restoring backup of version 9.5.0 build 29 or 9.5.3 build 22 on version 9.5.4 build 72. Bug ID – 5550 Description - Advanced firewall setting configured from CLI console are not preserved after restoring backup of version 9.5.0 build 29 or 9.5.3 build 22 on version 9.5.4 build 72. Bug ID – 5551 Description – After restoring backup of version 9.5.0 build 29 on version 9.5.4 build 72, Data Transfer and Cycle Data Transfer values (Customize Client Messages page) are not retained. Bug ID – 5553 Description – After restoring backup of version 9.5.0 build 29 on version 9.5.4 build 72, mail ID in Backup schedule is not preserved. Bug ID – 5560 Description – Group login restriction does not automatically override user login restriction. To implement group login restriction, one has to manually change the restriction for the individual group users. Bug ID – 5663 Description – Cyberoam is not able to block access of Anonymous Web proxy. Bug ID – 5677 Description – Restoring backup of version 9.5.4 build 66 to version 9.5.4 build 74 does not retain MSS and MTU values. This behavior is observed only when restoring backup on cross model appliance. Bug ID – 5681 Description – Dashboard Alerts messages are not displayed after resetting to factory defaults. Bug ID – 5682 Description – Bandwidth usage graph and System health graph are retained after resetting to factory defaults. Bug ID – 5684 Description – When Cyberoam is configured as DNS server server, Cyberoam is not able to perform DNS lookups to gather IP address information of the FQDNs Bug ID – 6067 Description – In cross model backup restore, Virtual host configuration is not restored. One will have to manual delete and re-create all the virtual hosts after restoring the backup. Bug ID – 5874 Description – Web Admin Console does not change the status of Gateway immediately after the gateway goes down but changes the status only after approx. 2.5 minutes i.e. status is displayed in red color only after approx. 2.5 minutes. Traffic Discovery Bug ID – 5498 Description – When traffic discovery module is enabled, system I/O processes triggers high CPU resource. User Bug ID – 533 Description – Even when multiple login is restricted, users are able to logon multiple times. Bug ID - 1144 Description – Cyberoam does not authentication Active Directory users when username includes upper case characters e.g. James.Mathews. Bug ID – 1651 Description – When RADIUS One-time Password (OTP) authentication is configured and if more than one HTTP Client user tries to logon, user receives error message “System could not log on. Make sure password is correct”. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 104/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 1675 Description - If user is the member of multiple AD groups and only primary group is imported in Cyberoam then Cyberoam does not register the user in the primary group but registers in the Open group. As a result user will assigned open group policies and not primary group policies. Virtual Private Network (VPN) Bug ID – 456 Description – There is no facility in Cyberoam to stop PPTP server after configuration. Currently to stop PPTP server, one needs to disable the VPN module from Web Admin Console (System Modules Configuration). Bug ID – 492 Description – To establish L2TP connection with “Aggressive” authentication, L2TP client should support “Aggressive authentication mode. Cyberoam does not provide an appropriate message at the time of selecting authentication type as a result when one tries to establish connection, connection is not established. Bug ID – 603 Description - Even when the PPPoE link is down, VPN connection on the link is displayed as “Active” Bug ID – 673 Description – It is not possible to establish road warrior connection if the road warrior client IP address is on the subnet of any other remote network. Bug ID – 1036 Description – For NAT over VPN tunnel, when the LAN IP address is the first IP address in the IP address range configured as Local or Remote network in the VPN policy, Cyberoam drops such VPN traffic. Bug ID – 1097 Description – When the VPN client password length is of 16 or more characters, it is not possible to establish PPTP or L2TP tunnel. Bug ID – 1567 Description – It is possible to establish L2TP tunnel with iPhone only on the 2nd trial. Bug ID – 1571 Description – When one tries to delete L2TP connections which are the member of any VPN Failover Connection Group the appropriate error message is also not displayed. Bug ID – 1727 Description – Even after Interface IP address is changed, PPTP Connection logs display the original Interface IP address only. Bug ID – 1765 Description – When one tries to establish IPSec connection with the IP address with which connection is already established, Cyberoam disconnections the existing connection. Bug ID - 1876 Description - Cyberoam does not support DH Group 19 and 20. Due to this it is not possible to establish VPN connection through Microsoft Vista L2TP client. Bug ID - 4466 Description - It was possible to create multiple VPN connections with the same subnet configured for Remote LAN network. Bug ID - 4599 Description –When Cyberoam is deployed behind a NAT device, L2TP connection cannot be established. Bug ID – 5398 Description – After L2TP connection status is displayed as “Connected” even when disconnected. One has to disconnect manually. This behavior is observed when L2TP connection request is routed through NAT router. Bug ID – 5543 Description – One needs to restart management services to add or remove VPN routes after enabling or disabling VPN module (System Module Configuration). Bug ID – 5565 Description – It is possible to establish only one Road Warrior connection when two or more IPSec Road Warrior connections are created with the same preshared key Bug ID – 6204 Description - L2TP connection cannot be re-established after it is frequently disconnected from Windows L2TP client Bug ID - 6269 Description - One needs to manually update L2TP configuration after changing the LAN IP address. L2TP configuration page on Web Admin Console does not even provide the warning message for updating the configuration. Similar situation is faced with PPTP configuration. Web Admin Console Bug ID – 307 Description – Cyberoam does not support UTF-8 Encoding as a result parsing problem occurs. Bug ID – 681 Description – HTTP Client login template is not accessible from Browser Google Chrome. Bug ID – 693 Description – Gateway wise Bandwidth usage graphs is displayed with breaks. Bug ID – 1267 Description – When multiple ISP links with the same gateway IP address are configured, PPPoE link status is not displayed correctly on Dashboard and Manage Interface page of Web Admin Console. Bug ID – 1047 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 105/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – After changing the default Secure Web Admin port it is not possible to reposition the Dashboard Doclets by dragging and dropping and upgrade Antivirus and IPS signature. Different behavior is observed for different Web Browsers. Bug ID - 1451 Description - After changing the Web Admin console language to French language, some of the dashboard components and menu with the long names are not displayed properly. Bug ID – 1471 Description - It is not possible to disable Cyberoam Central Console (CCC) management from Cyberoam. Bug ID – 1469 Description – Manage Live users page sometimes shows upload and download data transfer value as zero. Bug ID – 1525 Description – It is not possible to upload company logo on HTTP Client page. This is observed from version 9.6.0 build 16 onwards. Bug ID – 1593 Description – Bandwidth usage graphs are not displayed properly when data transfer crosses 20 MB. Bud ID - 1672 Description - Memory usage mismatch in Dashboard – System Resource doclet and Diagnostic tool. Bug ID – 1733 Description – Data transfer in Individual and Total Bandwidth Usage graph do not match. Bug ID - 1741 Description - Even after groups are added successfully, they are not displayed on the Manage Group page. But it is possible to select group at the time of adding or updating user. Bug ID – 1835 Description – If the subnet is added after removing supernet in Local ACL from Web Admin console, one needs to restart management services from CLI console. The change will not be effective till the management services are restarted. But the message "Please restart management services" is not displayed on the Web Admin console. Bug ID - 1901 Description - Only 1500 email address can be added in Email Address group. Bug ID – 5647 Description – After upgrading from version 9.5.4 build 66 to version 9.5.4 build 74, Web Admin Console becomes inaccessible. Web Admin Console becomes accessible only after restarting management services. Bug ID – 5625 Description – When Cyberoam is deployed in transparent mode, DHCP server cannot be configured. But, after upgrading from version 9.5.3 build 22 to version 9.5.4 build 74, Cyberoam incorrectly displays DHCP server configuration in Web Admin Console. Bug ID – 5688 Description – Even though Pharming protection is enabled DNS lookup is not performed. One has to disable and enable pharming protection again to perform DNS lookup. Bug ID – 5712 Description – Message "Zone Creation is not available in bridge mode" is not displayed in a default font style. 1.2.1.2. V 9.5.8 build 68 - For CR15i only 1.2.1.2.1. Release Notes Release Information Compatible versions: Supported Appliances: Upgrade Information Upgrade type: Upgrade procedure 1. Download upgrade from http://downloads.cyberoam.com 2. Log on to Cyberoam Web Admin console and go to menu Help> Upload Upgrade and upload the file downloaded in step 1 3. Once the file is uploaded successfully, log on to CLI console and go to option 6 Upgrade Version and follow the on-screen instructions. 9.5.8 build 60 CR15i only Manual upgrade Compatibility Issues: Introduction None This document contains the release notes for Cyberoam version 9.5.8 build 68. The following sections describe the release in detail. This is a minor release with significant enhancements and several bug fixes that improves quality, reliability, and performance for CR15i appliances. Enhancements 1. NAT support for Cyberoam initiated Outbound traffic docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 106/409 ١١٢١٠٢/٤/ Cyberoam Docs Now it is possible to configure source NAT i.e. specific IP address for the outbound traffic initiated by Cyberoam itself e.g. upgrade traffic. This is useful is network environments where Cyberoam is hosted behind ISP and ISP is leasing private IP address to Cyberoam i.e. private IP address is configured on WAN interface. CLI command “set advanced-firewall cr-traffic-nat” is added for configuring the source NAT. Bugs Solved The purpose of this list is to give an overview of the bugs fixed in the current release. The ID denotes the internal Cyberoam bug tracking ID and the description explains problem. Logs and Reports Bug ID – 1879 Description – Description – For CR15i models only single i.e. previous day data is preserved. However, it was possible to configure weekly mailing frequency of the Proactive reports. Due to this, blank reports were mailed every week. Even when traffic discovery module is not supported in CR15i models, it was possible to configure mailing frequency for Traffic discovery reports. 1.2.1.3. V 9.5.8 build 60 - For CR15i only 1.2.1.3.1. Release Notes Release Information Compatible versions: Supported Appliances: Upgrade Information Upgrade type: Upgrade procedure 1. Download upgrade from http://downloads.cyberoam.com 2. Log on to Cyberoam Web Admin console and go to menu Help> Upload Upgrade and upload the file downloaded in step 1 3. Once the file is uploaded successfully, log on to CLI console and go to option 6 Upgrade Version and follow the on-screen instructions. 9.5.8 build 42 or 9.5.8 build 52 CR15i only Manual upgrade Compatibility Issues: Introduction None This document contains the release notes for Cyberoam version 9.5.8 build 60. The following sections describe the release in detail. This is a minor release with significant enhancements and several bug fixes that improves quality, reliability, and performance for CR15i appliances. Enhancements 1. IP-MAC Binding With this version, it is now possible to reserve/assign an IP address for a specific client identified by the client device MAC address. This is only possible when the IP addresses are leased statically. The DHCP server always assigns the reserved address to that client. This feature prevents hosts which try to violate trusted IP-MAC pair and makes it more difficult for a hacker using random MAC address to gain access to your network, as traffic does not even reach firewall. For this, Administrator has to configure the list of trusted MAC addresses and bind them with the respective IP addresses. This feature is available from Web Admin Console at the time of configuring DHCP server from submenu “DHCP Server” of menu “Configure Network”. 2. DHCP Relay support To deploy DHCP in multi-segment network, one needs to configure a relay agent which can broadcast messages across the various segments. This is because, by default, DHCP messages can be broadcasted only within the segment and not across the multiple segments of the network. To solve this problem, Cyberoam can now be configured as a DHCP Relay Agent which acts as a link between the client and the remote DHCP server. Cyberoam intercepts internal client’s DHCP requests and relays to the pre-configured DHCP server. The server then responds to the Cyberoam which in-turn forwards the response to the client. If DHCP Relay Agent is not configured, clients would only be able to obtain IP addresses from the DHCP server which is on the same subnet. This feature is available from Web Admin Console from submenu “DHCP Relay” of menu “Configure Network” At any point in time, Cyberoam can either act as a Relay agent or an IP leasing agent i.e. DHCP server. Hence, if server is configured, one will not be allowed to configure relay agent and vice-versa. 3. Multiple DNS and WINS lease support for DHCP server To improve the performance by holding down the broadcast traffic and reducing the congestion on networks, WINS and DNS can be leased to DHCP clients. Up-to 2 WINS and DNS servers can be configured that the DHCP server can assign to the DHCP clients. This feature is available from Web Admin Console at the time of configuring DHCP server from submenu “DHCP Server” of menu “Configure Network”. 4. Parent Proxy Authentication The parent proxy feature is extended to include the authentication parameters. This feature is helpful in the deployment where parent proxy is configured to ask for docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 107/409 ١١٢١٠٢/٤/ Cyberoam Docs authentication before serving the requests. For example, Head office and Branch office deployment where parent proxy is deployed at Head office and configure for authentication and Cyberoam is deployed at branch office. This feature is available from Web Admin Console from submenu “Configure HTTP Proxy” of menu “HTTP Proxy”. 5. Safe Search capability to filter Adult Content for Bing The safe search facility is now extended to Bing. Safe search is a feature that allows you to control what turns up in your Bing search results. If enabled, web sites containing pornography and explicit sexual content are blocked from the Bing search results. This will be applicable only when access to Porn, AdultContent and Nudity categories is denied in Internet Access policy. 6. RBL-based Spam filtering without Anti Spam License Cyberoam detects spam mails based on: RBL (Realtime Blackhole List) Mass distribution pattern using RPD (Recurrent Pattern Detection) technology Till previous versions, to use any of the above specified methods, a valid license for “Gateway Anti Spam” module was required. But now, RBL-based spam filtering can implemented without subscribing to “Gateway Anti Spam” module. By implementing, only the RBL-based filtering, chances of receiving more number of false-positives cannot be ruled out. There is no Web Admin or CLI console change for this feature. Bugs Solved The purpose of this list is to give an overview of the bugs fixed in the current release. The ID denotes the internal Cyberoam bug tracking ID and the description explains problem. Logs and Reports Bug ID – 1768 Description – Blank Web surfing reports are produced. 1.2.1.4. V 9.5.8 1.2.1.4.1. Release Notes Release Information Compatible versions: 9.5.3 build 14 onwards Release Date Version 9.5.8 Build 52 - 9th February, 2009 Version 9.5.8 Build 38 - 23rd December, 2008 Version 9.5.8 Build 24 – 14th November, 2008 Upgrade Information Upgrade type: Manual upgrade Upgrade procedure 1. 2. 3. Download upgrade from http://downloads.cyberoam.com Log on to Cyberoam Web Admin console and go to Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to option 6 Upgrade Version and follow the on-screen instructions. Compatibility Issues: None Introduction This document contains the release notes for Cyberoam version 9.5.8. The following sections describe the release in detail. This is a major release with new features, significant enhancements and several bug fixes that improves quality, reliability, and performance. Features 1. Threat Free Tunneling (TFT) Till current versions, it was not possible to apply firewall rules to the VPN traffic and due to this, VPN traffic was not scanned. This resulted into unprotected VPN traffic. Now, with the threat free tunneling, firewall rules can be applied even to the VPN traffic resulting into the clean VPN traffic. In other words, VPN traffic coming in or out of the tunnels will be Threat Free since it would have been scanned for viruses, spam, intrusion attempts, inappropriate web content and unwanted network applications. The feature is extended to: Site-to-Site VPN traffic Road warrior traffic docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 108/409 ١١٢١٠٢/٤/ Cyberoam Docs As firewall controls the VPN traffic, VPN access can be configured and restricted to: Networks, IP address Services Users By default, Cyberoam will create VPN zone. To control VPN traffic upgrade process will automatically create firewall rules for all the zones with respect to VPN zone. To implementing threat free tunneling, one has to apply following policies to the VPN zone from firewall rule to: Virus and spam scanning i.e. apply virus and spam policy to block viruses from entering your network Intrusion check i.e. apply IPS policy This VPN Firewall integration removes the burden of adding the IPSec enabled interfaces to a zone as they will be automatically added to the zone when VPN connection is established. Similarly for road warrior connections, dynamic hosts are added and removed automatically once the connection is established and deleted or disconnected respectively. 2. High Availability (HA) with Load balancing and failover protection To minimize the single point of failure, Cyberoam offers an integrated high availability solution providing efficient, continuous access to critical applications, information, and services. High availability is critical to maintaining network protection from an attack, even in the event of a device failure. To achieve high availability, HA cluster is to be defined which consists of two Cyberoam appliances and both appliances in the cluster share session and configuration information. Active-Active HA Session persistent Load balancing Active-Active HA increases overall network performance by sharing the load of processing network traffic and providing security services. The cluster appears to your network to be a single device, adding increased performance without changing your network configuration. Primary appliance acts as the load balancer and load balances all the TCP communications including TCP communications from Proxies but will not load balance VPN traffic. Failover In Active-Active HA both Primary and Auxiliary appliances process the network traffic and Auxiliary appliance takes over the primary appliance and processes complete traffic incase of primary appliance failure or link/monitored interface failure. Session failover Session failover occurs for forwarded TCP traffic except for virus scanned sessions that are in progress, VPN sessions, UDP, ICMP, multicast, and broadcast sessions and Proxy traffic. Synchronization Cluster configuration, routing tables, and individual cluster appliance status between Cluster appliances are synchronized automatically when a configuration event occurs. In addition, Cyberoam now has inbuilt monitoring services that monitor critical services in the appliance and even take the corrective and preventive actions to ensure availability. As soon as Active-Active is configured, traffic load balancing is enabled. If required, it can be disabled from CLI console using “set load-balancing” command. Prerequisite: Both the Appliances must have same number of Interfaces, same software version and deployed in Route mode. Known Behavior 1. 2. 3. 4. DHCP & PPPoE – High Availability (HA) cluster cannot be configured if any of the Cyberoam Interfaces is dynamically configured using DHCP and PPPoE protocols. Cyberoam upgrade - AutoUpgrade mode will automatically be disabled on both the cluster appliances once High Availability (HA) cluster is configured. To upgrade HA cluster appliances, HA mode is to be disabled and each appliance has to be upgraded individually. HA Session failover – AV Scanned sessions, VPN sessions, UDP, ICMP, multicast, and broadcast sessions and Proxy traffic sessions are not maintained when HA cluster is configured. Masqueraded Connections – In case of the following events from any of the HA cluster appliances, all the masqueraded connections will be dropped: Restart Management Service (RMS) Execution of Network Configuration Manual Synchronization HA Load balancing – Active-Active HA cluster does not load balance VPN sessions, scanned FTP traffic, UDP, ICMP, multicast, and broadcast sessions. TCP traffic for Web Admin Console or Telnet Console and VLAN traffic sessions are also not load balanced between the cluster appliances. HA is not supported in Bridge mode. Web Admin console of Auxiliary appliance cannot be accessed. One can access only the Diagnostic Page (DG) of Auxiliary appliance using its IP address. Reports are not synchronized and hence reports displayed on primary appliance are of primary appliance traffic only. 5. 6. 7. 8. 3. Active-Passive Gateway Failover To provide the link failure protection, Cyberoam has extended the support of automatic failover to a passive (backup) gateway when multiple gateways are configured. Gateways with zero weight will be considered as passive gateway and Administrator will have to define the failover condition for the passive gateway. Cyberoam periodically checks the health of the active gateway and if the gateway does not respond, based on the failover condition, traffic will be routed automatically through the passive gateway. Total numbers of gateways (active and passive) are appliance specific. 4. NTP Time Server support for time synchronization Cyberoam can be configured to synchronize its clock with an NTP server. By tuning Cyberoam’s clock using global Time servers, logs and other Cyberoam activities can happen and be shown at a precise time. 5. User/MAC address binding Cyberoam now provides a way to bind one user to one computer so that only one user is allowed to login to the network from a specific computer. In other words, User can login to Cyberoam and use the internet only from his/her own computer. User will not be able to login from any other computer and no one else will be able to login from his/her computer. This is a major security feature which will prevent anyone from ‘impersonating’ someone else even if they have changed their IP address. By default, it is disabled and can be enabled from CLI console using “set usermac” command. One is required to restart management services from CLI after making any changes. It is possible to configure MAC addresses for individual users or group from Web Admin console only after binding is enabled from CLI. User/MAC binding is supported only with Windows Cyberoam Corporate Client and Windows Single Sign On Client. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 109/409 ١١٢١٠٢/٤/ 6. Cyberoam Docs Multi-Lingual support for Web Admin Console (GUI) – Chinese & Hindi To project a strong international presence and improve ease of use for international customers using Chinese language as well as Hindi speaking customers, Cyberoam has added support of the Chinese and Hindi language in the Web Admin Console. Following elements of Web Admin Console are displayed using Hindi and Chinese characters: Dashboard Alerts Dashboard contents Navigation menus Screen elements including field labels and tips Error messages Users can also specify description for firewall rule, various policies, services and various custom categories in Hindi and Chinese language. 7. Version Rollback Cyberoam now provides a way for immediate rollback to the previous version if upgrade is not successful or if problem occurs after upgrade. Rollback option is provided on CLI console in Cyberoam Management (option 5) Menu. Please note that 1. Rollback process will reboot Cyberoam. 2. All the configuration changes done after upgrading Cyberoam will be lost i.e. if you have upgraded from version 9.5.3 build 22 to version 9.5.8 build 15 and made some configuration changes in version 9.5.8 build 15, configuration done on version 9.5.8 build 15 will be lost on rollback. Cyberoam will rollback to the last configuration of version 9.5.3 build 22. 3. Reports will be deleted on rollback i.e. if you have upgraded from version 9.5.3 build 22 to version 9.5.8 build 15 then on rollback version 9.5.8 build 15 will be deleted Enhancements Build 52 1. Bundled Subscription service support With this release, Cyberoam is launching a bundled subscription service called “Subscription pack”. Subscribers can choose to purchase individual subscription module or a bundle. One can subscribe for a bundle from Licensing page of Web Admin console. Subscription pack will reduce Administrator’s task of subscribing each module individually as all the modules in the pack can be subscribed in a single step using just one key. The feature is beneficial to the suppliers as well as customers as one can achieve the desired cost reduction for the bundled pack. For the pricing information, please contact your Reseller. For renewal, Customer can choose to renew the pack or individual module. 2. Customize Secure port for Web Administration By default, Cyberoam supports port 443 for HTTPS administration access. Now, one can customize this port from Web Admin Console (System > Configure > Customize Client Preference). Build 38 1. Simplified Clientless Users creation In order to ease the administrator’s task of creating multiple clientless users one-by-one, Cyberoam has now provided a way to create multiple clientless users in one go from Web Admin console (User > Clientless Users > Add Users). For easing the creation process, Auto-completion feature is also implemented. Hence, while creating clientless user, Cyberoam will suggest IP address in the drop down from the already created logon pool, the moment you type the initial digits of IP address. For example, when you type 192.168, Cyberoam will display list of IP addresses starting with 192.168 that can be allowed to the user for logging. 2. Auto-upgrade compatibility with Cyberoam Central Console (CCC) CCC can now be configured to push the upgrades to Cyberoam appliances automatically without human intervention as and when they are made publicly available. One can upgrade Cyberoam appliance and other subscription modules like WebCat (Content filtering Categories), IDP (IDP signatures) and Anti Virus (Signatures) database automatically through CCC. 3. Live User Search criteria extended to include IP address Searching live user capability has been extended to include IP address based searching. Till previous versions, searching criteria was limited to username and user ID only. For fast searching, search criteria also includes Auto-completion feature. While searching user based on username, Cyberoam will suggest username in the drop down, the moment you type the initial characters for the username. For example, when you type “ma”, Cyberoam will display list of usernames starting with “ma”. Build 24 1. Safe Search capability to filter Adult Content Safe search is a feature that allows you to control what turns up in your Google and Yahoo search results. If enabled, web sites containing pornography and explicit sexual content are blocked from the Google and Yahoo search results. This will be applicable only when access to Porn, AdultContent and Nudity categories is denied in Internet Access policy. 2. Assign arbitrary IP range to a single Host A single host can now be assigned arbitrary range of IP addresses. Comma or Enter key can be used to specify arbitrary multiple IP addresses. Prior to this release, it was possible to assign only the standard subnet ranges of IP address. With this, Administrators can now create just a single firewall rule for multiple IP addresses which are not in a range instead of creating multiple firewall rules for IP address which are not in a range. For example: docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 110/409 ١١٢١٠٢/٤/ Cyberoam Docs From this version, in a single host one can add following IP address - 192.168.1.126,192.168.1.123/255.255.255.255, 192.168.1.5/255.255.255.255 Till previous versions, one had to add 3 hosts for above mentioned IP addresses. Please note only Class B IP addresses can be added in IP list. 3. 1DES – Encryption Algorithm support for IPSec Phase 1 negotiation Cyberoam now supports Digital Encryption Standard (DES) a 64-bit block symmetric encryption algorithm that uses 56-bit keys. It is used to generate keys for protecting VPN negotiations.Though less secure than 3DES, support is provided for inter-operatibility with the legacy VPN gateway which support 1DES only . 4. Aggressive mode support for IPSec Phase 1 negotiation Cyberoam has added support of aggressive mode for exchanging authentication information. As number of messages exchanged during authentication are less and no cryptographic algorithm is used to encrypt the authentication information tunnel can be established faster. With this extended support, Cyberoam is now inter-operable with most of the third party VPN gateways which support aggressive mode only for dynamic environment i.e. peers with dynamic IP addresses. 5. CHAP authentication protocol support for L2TP and PPTP Cyberoam has extended the authentication protocol support to CHAP for L2TP and PPTP. Until previous versions, Cyberoam supported PAP authentication only. 6. Customize Manage Firewall page to view rules of preferred Zones only For ease of use, components of the Manage Firewall can be customized to view the firewall rules of th preferred zones only. Manage Firewall Page displays total number of configured firewall rules and number of configured firewall rules in the selected zone if you have selected any zone using Select Zones button. Miscellaneous Changes 1. Manage Live User page “Public IP” column is removed from the Manage Live User page of Web Admin console. “MAC Address” column is added on Manage Live User page. It will display MAC address, if User/MAC binding is enabled. Renamed Feature Build 24 Cyberoam’s Intrusion Detection & Prevention (IDP) feature has been renamed as Cyberoam Intrusion Prevention System (IPS) to better reflect the comprehensive capabilities of addressing intrusions. IPS is an accepted terminology in the IT security industry, which is more familiar with its users and other industry players. The change in name is a step forward to communicate our robust intrusion prevention capabilities in an industry-standard language. Menu Renamed Build 38 1. Submenus for Clientless User menu are renamed as: Add Multiple menu is renamed to Add User Add Single menu is renamed to Add Range Default Categories: Manage Default menu is renamed to View Default as default categories cannot be updated but can be viewed only. “Update” button removed from Default Category page 2. Behavior Change Build 24 When the direct proxy is configured, from this release onwards, Internet Access policy configured in the firewall rule will be applied. In previous versions, if direct proxy was configured, default IAP was applied if user was not logged on to Cyberoam while firewall IAP was applied only when user had logged on to Cyberoam. Discontinued Features Build 52 “Send” button removed from Manage Live user page of Web Admin Console. Build 24 1. Default Internet Access policy when Cyberoam is deployed as Proxy. Option was available in System>HTTP Proxy menu of Web Admin console 2. HTTP traffic scanning when HTTP proxy is configured through browser implemented from Antivirus>HTTP Configuration page of Web Admin console 3. “set date” command is removed from CLI console Bugs Solved The purpose of this list is to give an overview of the bugs fixed in the current release. The ID denotes the internal Cyberoam bug tracking ID and the description explains problem. Build 52 Anti Virus Bug ID – 5853 Description – When virus scanning is enabled, online radio sites like http://radio.rtl.fr/player.html are not accessible. Command Line Interface docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 111/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 5539 Description – TCP MSS (Maximum Segment Size) value dos not get updated automatically. One needs to restart management services to update the value. Data transfer policy Bug ID – 5439 Description – Monthly Data transfer policy does not work as per the configuration. For example, 5 GB per month data transfer quota is configured for the user but user is able transfer only up to 1 GB. Firewall Bug ID – 5524 Description – High CPU usage is triggered when past date is configured as System date. Bug ID – 6150 Description – When FTP scanning is enabled, Cyberoam drops all those connection requests whose FTP server response packet length exceeds 255 characters. High Availability Bug ID – 450 Description – When HA is configured, Dynamic routing does not work. Description - 513 Bug ID – When Gateway status mail alerts are configured in HA cluster, Cyberoam does not send alerts if the gateway status changes. Intrusion Prevention System (IPS) Bug ID – 309 Description – Title bar displayed “IDP” instead of “IPS” PPPoE Bug ID – 541 Description - When multiple gateways are configured as “Active” and “Backup” and interface addressing mode on one of the interface is set to PPPoE and PPPoE fails, traffic is not routed through the backup gateway. Rollback Bug ID – 218 Description – After Cyberoam is rollbacked from version 9.5.8.x to version 9.5.4.x, Online help is not rolled backed. System Bug ID – 375 Description – Improper message is displayed, when one tries to change the zone for which the firewall rule already exists from Network Configuration Wizard. Message reads as “Firewall rule exist for current zone! Change for zone is not allow.” But message should read as “Firewall rule exists for the current zone! Zone change is not allowed.” Bug ID – 388 Description – Google safe search works only for the google sites ending with .co e.g. www.google.co.uk but does not work for sites ending with .com.mv or .com.au or .com.ok Bug ID – 447 Description – It is possible to delete VLAN interface even when DHCP service is configured on the VLAN interface. As a result, it is not possible to remove DHCP configuration and DHCP does not start. Bug ID – 463 Description – Improper message is displayed when one tries to register any of the subscription modules for “Demo” appliance. Message reads as “An internal server error occurred while registering the subscription. Please try again.” Message should read as “It is not possible to register any subscription modules on "Demo" appliance.” Bug ID – 520 Description – When scanning is enabled, sites not following standard HTTP protocol cannot be accessed. Bug ID – 569 Description – For Head office-Branch office VPN connection, if Dynamic DNS is configured for the Cyberoam deployed in Head office and change in IP address is not immediately reflected in DDNS, minimal down time is experienced by the remote peer. This is because the remote peer tries to establish connection with a previously configured IP address only. Bug ID - 488 Description - Diagnostic tool displayed the Database status as “Critical”. Bug ID – 5545 Description – Cyberoam allows to create a custom zone without binding it to any interface/port. Due to this, System firewall rules for the custom zone are not created. Bug ID – 6208 Description – One needs to restart management services after defining network in Auth Network. Bug ID – 5662 Description – Cyberoam is not able to block google and yahoo cache pages. User Bug ID – 437 Description – User/MAC binding does not work with Microsoft Windows Vista operating system. Bug ID – 451 Description – When one tries to install Corporate Client for Windows Vista OS, “Unsupported OS” error is displayed if downloaded from Web Admin Console but able to install after downloading Client from http://kb.cyberoam.com. Bug ID – 5465 Description – Inactive user with Administrator privilege can logon to Web Admin Console. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 112/409 ١١٢١٠٢/٤/ Virtial Private Network Cyberoam Docs Bug ID – 215 Description – It is not possible to add PPTP user through Group selection criteria. Bug ID – 371 Description – For road warrior connection, when both Local ID and Remote ID are configured, it is not possible to establish the connection. Bug ID – 568 Description – When policy detail is viewed from VPN connection, even if Authentication mode is set as “Aggressive” in policy, it is displayed as “Main”. Bug ID – 5770 Description – Cyberoam incorrectly allows to configure same subnet for Local and Remote network in IPSec Connection due to which an endless loop is created and VPN tunnel cannot be established. Web Admin Console Bug ID – 426 Description – Misleading message on VPN Connection Failover pages. Message read as “Cyberoam gateway, in case of "Host-to-Host" & "L2TP VPN" type of connection”. Message should read as “Cyberoam gateway, in case of "Host-to-Host" & "L2TP VPN" (Require L2TP Failover support in L2TP client) connection” Build 38 Anti Spam Bug ID – 5927 Description – It is not possible to create spam policy for the entire domain. When one specifies entire domain e.g. @cyberoam.com, “Enter a valid Email Address” message is displayed. Anti Virus Bug ID – 271 Description – Even after blocking all the attachments through the AV policy, one is able to send attachments with file names in non-English language. Bug ID – 396 Description - Certain Email fetching clients like POPgrabber application expects SMTP greeting in a single packet i.e. single read call, but as Cyberoam sends greeting in a fragmented form, user receives error as “bad username or password”. This situation occurs when virus scanning is enabled. Firewall Bug ID – 6144 Description – When Alias Interface based Virtual host is configured, one can delete Alias interface before deleting virtual host. Group Bug ID - 6312 Description – Cyberoam allows to import groups which includes special character underscore in group name. But as Cyberoam does not support special character underscore in group name it is not possible to update such groups High Availability Bug ID - 253 Description – In Active-Active cluster, after flushing firewall rules and restarting services from CLI, Cluster is unable to load balance the traffic. Bug ID - 6533 Description – Data transfer of the live users (Manage Live Users page) reflects the data transfer through primary appliance only instead of both primary and auxiliary appliance. Description - User based Data transfer policy can not be configured when HA is configured. Bug ID - 440 Description – When HA cluster is configured with parent proxy, cluster is unable to load balance the HTTP traffic. Bug ID – 444 Description – When Cyberoam is configured as Direct Proxy, attempt to access update.microsoft.com results in an access error. Language Multiple language translation issues like incorrect translation, spelling mistakes are resolved. Logs and Reports Bug ID – 259 Description – “Top 10 Categories – Data transfer wise” report displays same amount of bytes transferred in most of the categories. Bug ID – 277 Description – Incomplete Google Search Report is mailed at the configured Email id. Bug ID – 5898 Description – Addition, deletion and update events of Syslog server is not logged in Audit log Bug ID – 5902 Description – Searching Audit log by IP address produces incorrect result. For example, when one searches for events by 192.168.1.10, Cyberoam does not filter and displays events by all the IP address docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 113/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 6115 Description - Spelling mistake in Validation Error message popup for all the reports when specified report start date is later than the end date. Message reads as “Start date must be earlier then enddate” but should read as “Start date must be earlier than end date” Virtual Private Network Bug ID – 261 Description – Cyberoam incorrectly allows establishing L2TP/PPTP VPN tunnel with the inactive users. Bug ID – 3617 Description – For PPTP connection, when users are added through Group, group users are not authenticated but the same users get authenticated when added individually. System Bug ID – 273 Description – After upgrading from version 9.5.4 build 92 to version 9.5.8 build 28, SNMP does not work. Bug ID – 311 Description – Factory defaults retain NTP configuration if configured. Bug ID – 360 Description - When Cyberoam is deployed in transparent mode and parent proxy is configured, user from any other domain than that of the bridge domain cannot access the Internet. Bug ID – 392 Description – HTTP application protocol traffic is not categorized by traffic discovery. One has to restart management services from CLI console for the categorization of such traffic. Bug ID – 409 Description – It is not possible to loosely integrate Cyberoam with RADIUS server and as a result all the users are authenticated against the Cyberoam’s default group irrespective of their actual group. Bug ID – 417 Description – When multiple WAN links are terminated on Cyberoam, MSS value for proxy traffic is not set correctly. Bug ID – 443 Description – When two WAN interfaces are configured and the IP address on one interface is allocated dynamically via PPPoE while static IP address is configured on another interface, Dashboard displays incorrect gateway status. User Bug ID – 264 Description – When users try to logon, error “Multiple login not allowed” occurs. This error occurs even user is not logged into Cyberoam. Web Admin Console Bug ID – 374 Description – In Local ACL under Authentication network, Cyberoam incorrectly allows configuring hosts also along with network and is displayed as “0.0.0.0/255.255.255.255” Bug ID – 6155 Description – Anti Virus HTTP URL regex rule is displayed without slash (") even if it is included in the rule after restarting management services e.g. *".swf is displayed as *.swf Build 24 Bandwidth policy Bug ID – 5993 Description – Users experience frequent Internet disconnection while accessing sites as bandwidth is not applied as per the configured bandwidth policy. Firewall Bug ID – 6142 Description – Cyberoam allows to create service with the port number which is not within the acceptable (1 to 65535) range. Due to this, firewall rule for this service does not work as per the configuration. System Bug ID – 5509 Description – Factory reset retains following DHCP configuration: Gateway, Interface, IP address and Port. Due to this, Dashboard, Network Configuration, Manage Interface and Manage Gateway page displays the previous DHCP configuration after resetting to factory defaults. Even the backup data is retains and hence Backup Data page in Web Admin Console displays the previous backup which can be downloaded. Web Admin Console Bug ID – 6006 Description – When one tries to delete the user attached with the firewall rule, Cyberoam does not delete the user but does not even display the error message. Cyberoam should display the message as “User cannot be deleted as Firewall rule exist for the selected user”. Similarly, when one tries to delete the user which is not attached to any firewall rule, Cyberoam deletes the user but does not display the successful deletion message. Cyberoam should display the message as “User is deleted successfully”. 1.2.1.4.2. known Issues docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 114/409 ١١٢١٠٢/٤/ Cyberoam Docs The purpose of this list is to give an overview of known issues. The ID denotes the internal Cyberoam bug tracking ID and will be shown in the Bug Fixes if the issue is fixed. Anti Spam Bug ID – 3618 Description – Spam filtering based on RBL (Realtime Blackhole List) does not work. Bug ID – 3620 Description – More than 10 email addresses cannot be grouped in an Email Address group. If required, addresses are to be specified one by one. Also, email address group field size is restricted to 255 characters. Bug ID - 4511 Description – Change in Administrator Email id for Anti virus and Antispam notifications from Web Admin console is not reflected on CLI Console. Bug ID - 4627 Description –When Outlook 2007 is configured as a Mail Client to retrieve mails through IMAP protocol, IMAP prefix subject does not work. Bug ID - 5194 Description – Anti Spam “From Email Address” Advanced rule does not work as expected. Bug ID – 5475 Description – On General Configuration page of Antivirus and Antispam: Incorrect file size is mentioned in the SMTP File scanning Tip. Tip reads as “(Enter 0 for default size restriction of 50MB)” but should read as “(Enter 0 for default size restriction of 48.8MB)”. Incorrect file size range is mentioned in the Error message when one tries to configure value which is not within the acceptable range. Message reads as "Enter size between 0 to 50000(KB)” but should read as "Enter size between 0 to 51200(KB)” Anti Virus Bug ID – 2223 Description – Virus infected files downloaded using any of the web mail clients are not detected and blocked. Most of the web mail clients like yahoo, hotmail have their own scanning process. Cyberoam may not detect virus if scanning is disabled or bypassed by mail client. Bug ID - 4157 Description - Even when Anti virus scanning is disabled in the Firewall rule, HTTP Live session statistics display AV scan time as 1 second. Bug ID – 5513 Description – When virus scanning and Internet Access policy is applied, one cannot access URLs e.g. http://webcam.www.gov.tw/index.htm which requires connecting to port 20480 through Internet Explorer browser but the same sites accessible through Mozilla Firefox. Bug ID - 5816 Description - when link speed is low and virus scanning is enabled, it is not possible to send mails with large attachments. Bug ID – 5704 Description – When Cyberoam detects and strips the protected attachment from the mail, Administrator and Mail Receiver is sent a Notification mail with incorrect reason. Notification mail reads as “Infected attachment removed” but should read as “Attachment removed”. Even the name of the file which was stripped is not included in the mail. Administrator receives only the Notification mail without the original message even if “Send Original” action is configured in the Virus Scan policy. Bug ID – 5616 Description – When a firewall rule for virtual host is created for HTTP access and virus scanning is enabled, Cyberoam allows to upload the virus infected file i.e. does not detect and block the virus infected file Backup and Restore Bug ID – 6222 Description – After restoring backup, virtual host does not work. This situation occurs only when cross model backup is restored e.g. CR500i back is restored on CR100i or CR100i Bug ID – 6291 Description – When cross model backup is restored, Source zone and host are not restored and remain blank Bug ID – 6339 Description – CLI password is not restored but changed to the default password after restoring backup of V 9.5.4 build 86 on V 9.5.8. Bug ID – 6446 Description – With cross-model backup restore, HTTP Proxy configuration is not restored after restoring backup of V 9.5.4 build 86 on V 9.5.8. Bug ID – 6447 Description – With cross-model backup restore, after restoring backup of V 9.5.4 build 86 on V 9.5.8, one has to manually save the Logs configuration to re-start logging events on Syslog server. Bug ID - 6461 Description - After restoring backup, bypass stateful firewall configuration (from CLI) is not restored if configured Bandwidth policy Bug ID – 4746 Description – Cyberoam does not allocate bandwidth as per the configured User based Bandwidth policy. Categorization Bug ID – 531 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 115/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – All the URIs which include “.au” are incorrectly blocked under Audio File Type category. Bug ID – 2336 Description – Allowing Application categories or file type categories in “Deny All” Internet Access policy does not work. Bug ID – 2372 Description – Cyberoam does not support MSN voice chat. Bug ID – 2382 Description – Access denied message displays incorrect category name when access to File Type category is not allowed. Bug ID – 3947 Description – Blocking “Remote Desktop Protocol” Application protocol category blocks Google Talk also. Bug ID – 3357 Description – After removing URL from the custom category, Cyberoam does not include the removed URL in any of its default categories. For example, by default, “google.com” is categorized in “SearchEngine” default category but a custom category “webmail’ is created for “google.com”. After removing “google.com” from “webmail” category, it is not included in default category. Bug ID – 4389 Description – “Allow” Type Internet Access policy does not block Yahoo file transfers. Bug ID - 6172 Description – It is not possible to include white space in the custom web category name. Message reads as “Only numeric character are allowed for Web Category name” but should read as “Only alphanumeric characters are allowed in Web Category name”. Clientless User Bug ID – 89 Description – When not a single Logon Pool based Bandwidth policy is configured, it is not possible to create Clientless user. In other words, one needs to configure atleast one log on pool based bandwidth policy to add clientless user and group. Bug ID – 422 Description – It is possible to include special characters like single quote, double and square brackets in clientless user name whereas only alpha numeric character, ‘_’ and ‘.’ are allowed. Bug ID – 432 Description – Whenever “Add User” button is clicked followed by clicking “Create User(s)” button, incorrect message is displayed. Message read as “Only alpha numeric character, ‘_’ and ‘.’ are allowed in username”. Message should read as “You must enter user name” Bug ID – 433 Description – Confirmation message is not displayed when clientless user is created or active Clientless user is deleted or deactivated. Bug ID – 474 Description – It is not possible to search Clientless user with IP address Command Line Interface (CLI) Bug ID - 203 Description - Command "show running-config" executed from Option 3 Route Configuration, Option 1 Configure Unicast Routing, Option 1 Configure Static-routes/ACLs does not display the default System routes. Bug ID – 792 Description – CLI Console “Admin” user password can be reset to any length from Web Admin Console but at the time of login, CLI console supports only 9 characters. Due to this, it is possible to login with the password with wrong characters after first 9 characters in a password string Bug ID - 5103 Description – Executing check_disk and repair_disk CLI commands gives error in the CR500i, CR 1000i and CR1500i appliances. Bug ID - 5786 Description – Cyberoam hangs after executing “cyberoam restart all” command. Improper Confirmation message is displayed at the time of executing the command. Message reads as “Restart Cyberoam (y/n): No (Enter) > enter 'y' or press only enter key” but it should read as “Restart Cyberoam (y/n): No (Enter) > Type ‘y’ for Yes or press <Enter> key for No” Bug ID – 6008 Description – When one tries to upgrade WebCat Database from CLI console, incorrect message is appears. Message reads as "-54% Download Completed” but it should read as "54% Download Completed” Command Line Interface (CLI) over Web Admin Console Bug ID – 1067 Description – If the link speed is slow, sometimes the typed characters are displayed in incorrect sequence. Bug ID – 5924 Description – Incorrect behavior of System Date menu. Instead of asking to configure date after configuring time zone, it is asking after the Set System Date menu is closed. Correct behavior or flow for the System Date menu should be: Set TimeZone, Set Date, Exit from menu Bug ID - 6002 Description – Incorrect behavior of System Date menu. If “y” is typed before configuring time zone, one can configure date before configuring time zone. Instead of displaying “Cyberoam corporate version 9.5.4 build 86" in new line, it is displayed Bug ID - 6005 Description – When one tries to change the date by accessing CLI through Web Admin Console, Cyberoam accepts the invalid value for month and day and does not docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 116/409 ١١٢١٠٢/٤/ give any error message. Dashboard Cyberoam Docs Bug ID – 950 Description – Dashboard data is not flushed when backup is restored on another Appliance. Data transfer policy Bug ID – 5636 Description – When cyclic data transfer limit is configured, once the limit is attained the limit counter is reset to zero if user does not log out i.e. user can transfer data beyond the limit if does not logout. Firewall Bug ID – 1170 Description – Firewall rule does not display the file upload statistics i.e. number of bytes uploaded. Bug ID – 1179 Description – It is possible to create an “IP” Protocol based service under “Other” protocol with any protocol number. Bug ID – 2417 Description – Create and Edit Firewall Rule page does not displays correct IP address of PPPoE interface. Bug ID – 4281 Description – There is mismatch in the bandwidth usage displayed on Manage Firewall page and Live user page of Web Admin Console. Bug ID – 4346 Description – When “Drop” firewall rule is configured for DMZ or WAN zone, instead of HTTP login page, blank page is displayed. Bug ID – 5403 Description – Host name cannot include special characters space or underscore but when one tries to include them incorrect error message appears. The message reads “Enter valid Host name. Only alphanumeric characters, space, dot and ‘_’ allowed“ but should read as “Enter valid Host name. Only alphanumeric characters and dot allowed.” Bug ID – 5438 Description – After adding a new rule for DMZ to WAN zone, the Internet connectivity for DMZ zone is lost. To re-establish connectivity, one has to rebuild firewall state from CLI. Bug ID – 5554 Description – When multiple gateways (for load balancing) are defined on Cyberoam i.e. SNAT policy and Internet access policy is applied, users are not able to access the Internet consistently. This is because instead of using the same gateway for routing inbound and outbound traffic, Cyberoam routes outbound and inbound traffic through different gateways. Bug ID – 5645 Description – WAN to LOCAL firewall rules are not applied and because of this entire traffic follows WAN to LAN rule. Bug ID – 5812 Description – When Strict policy is applied through Wizard, users are able to access the Internet but ICMP protocol is blocked as a result not able to ping any WAN IP addressed Bug ID – 5868 Description – When the ports of multiple WAN links are swapped from Network Configuration Wizard, the WAN IP addresses in source based routing rules does not change automatically. One has to manually change the IPs in all the source based routing rules. Bug ID – 5925 Description – Advanced Firewall custom setting configured from CLI console are not retained after restoring backup from version 9.5.3 build 22 and version 9.5.4 build 66 to version 9.5.4 build 86 Bug ID – 5928 Description – After restoring backup from version 9.5.3 build 22 to version 9.5.4 build 84, LAN to WAN firewall rules are not applied. Bug ID – 6150 Description – When FTP scanning is enabled, Cyberoam drops all those connection requests whose FTP server response packet length exceeds 255 characters. Group Bug ID - 397 Description - Group name cannot include special characters like ‘-‘ or ‘& but when one tries to include them incorrect error message appears. The message reads “Enter valid Group Name. Only alphanumeric characters, space and ‘_’ allowed“ but should read as “Enter valid Group Name. Only alphanumeric characters and dot allowed. Bug ID – 972 Description – Normal users can be as the member of Clientless group but as per the default behavior, clientless group cannot have normal users as a group member. Bug ID – 1042 Description – After changing the user group membership, users still inherit the old group’s data transfer policy. This situation occurs only when “Unlimited” data transfer policy is attached to the new group. Bug ID – 6226 Description - Error “IPs are already in use” is received when one tries to create multiple clientless users for the IP address range added to the existing logon pool. Hence, one has to create single clientless user for the individual IP address for the required range. For example, if additional 50 addresses are added in the IP range, one has to create clientless user for each IP address one by one. Again, if the network is not in the Auth Network, users will be activated but will not be able to logon. Due to this, users will not be displayed in the Manage Live User or Manage Clientless User page but search result will display the list of newly added clientless users. One needs to restart management services from CLI console after adding network in Auth Networks. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 117/409 ١١٢١٠٢/٤/ High Availability Cyberoam Docs Bug ID – 103 Description – Cluster appliances transits to an incorrect state if either of the appliances gets rebooted at the time of state transition Bug ID – 648 Description – When OSPF routing is configured, connectivity delay is observed after restarting primary appliance. Bug ID – 859 Description – Virtual host does not work when HA cluster is configured. Bug ID – 1100 Description – When Active-Active cluster is configured, there is a possibility that non-http and non-https traffic might get dropped in-spite of allowing the entire traffic Bug ID – 5330 Description – HA synchronization process does not synchronize date and time setting if updated from Network Configuration Wizard. Bug ID – 5361 Description – In Active-Passive HA cluster, removing interface alias from primary appliance does not remove from auxiliary appliance. Bug ID – 4452 Description – In Active-Passive HA cluster, FTP session established from Primary appliance closes after primary appliance is rebooted. Bug ID - 5221 Description – HA synchronization process does not synchronize IDP configuration. Bug ID – 5401 Description – It is possible to reset primary appliance to factory default configuration from CLI console when Active-Passive cluster is configured. Bug ID – 5444 Description – After disabling HA from either of the Appliances, HA doclet from Dashboard is not removed from the primary appliance. Bug ID – 5696 Description – HA configuration is retained after resetting to factory default. Internet Access Policy (IAP) Bug ID – 6233 Description – If the Internet Access policy created based on the policy template is not saved, it is possible to apply policy to the user but the access rules are not applied as per the policy. Intrusion Detection and Prevention (IDP) Bug ID – 826 Description – One has to configure action as “OFF” twice to disable the individual IPS signature scanning from the IPS policy Bug ID – 919 Description – Custom IPS signature are retained on resetting to factory default settings. Bug ID – 2958 Description – IDP policy is not applied immediately after creation. One needs to restart management services (RMS) from Telnet Console. Bug ID – 3335 Description – Update successful confirmation message is displayed even when custom IDP signature name is not updated successfully. Bug ID - 4903 Description – Disabling IDP Signature Category does not disable all the signatures included in the category automatically. One has to manually disable all the signatures. Bug ID – 4692 Description – Skype cannot be blocked using Skype signatures. Bug ID – 5434 Description – After upgrading to version 9.5.4 build 66 from version 9.5.3 build 22, IDP logs are not generated. This happens because, in version 9.5.4 build 66, by default, IDP logging is disabled. One has to enable IDP logging from System>Manage Data> Configure Autopurge Utility page of Web Admin Console. Bug ID – 5487 Description – Certain Internet Banking sites were not accessible due to Ultrasurf IDP signature. Bug ID – 5690 Description – “Recent IPS Alerts” doclet on Dashboard displays alerts with severity as zero instead of Critical, Moderate or Warning for the signature OpenSSL SSL_get_shared_ciphers Function Off-by-one Buffer Overflow Logs and Reports Bug ID – 259 Description – “Top 10 Categories – Data transfer wise” report displays same amount of bytes transferred for most of the categories. Bug ID – 402 Description – Recent Mail Viruses detected doclet of Dashboard displays recipient name with special characters. Blank report page is displayed when one clicks the link to view the details. Bug ID – 487 Description – Gateway wise Bandwidth usage graphs are not displayed in Web Admin Console. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 118/409 ١١٢١٠٢/٤/ Cyberoam Docs Work around - Flush the graphs from CLI console (Option 2. System Configuration > Option 7. Bandwidth Graph Setting > Option 3. Flush All Bandwidth Graph) if : graphs are not displayed after upgrading from v 9.5.8 build 38 to 9.5.8 build 52 graphs were not displayed even in the v 9.5.8 build 38 or earlier versions, upgrade to version 9.5.8 build 52 and than flush the graphs. Bug ID – 954 Description – Inconsistent Bandwidth usage graph title. Displays data transfer as Bytes/Sec instead of Bits/sec for weekly, monthly and yearly reports. Bug ID – 2229 Description – Blocked Attempts report does not provide details of any attempt to blocked ActiveX, Applets, and Cookies Category. Bug ID – 2412 Description – IDP reports does not include action taken on IDP alerts. Bug ID – 2549 Description – Data fields sequence in the tabular format and CSV format is different in Web Surfing reports as well as Traffic Discovery reports. Bug ID – 4128 Description – Data field sequence mismatch in tabular and CSV format of Anti Virus report. Bug ID - 4649 Description – Data field sequence mismatch in tabular and CSV format of Spam report. Bug ID - 4855 Description – Blocked File Types (attachment) reports are included in Anti Spam reports instead of Anti Virus reports. Bug ID – 5247 Description – Even when user is not able to upload or download the entire file due data transfer restriction, entire file size is considered in web surfing report. For example, if user is restricted to upload 8 MB and tries to upload 10 MB file then web surfing report displays 10 MB of data transfer instead of 8 MB. Bug ID – 5427 Description – Traffic Discovery report by Source port incorrectly displays destination port similarly Traffic Discovery report by Destination port incorrectly displays source port. Bug ID – 5476 Description – When by mistake, system date is configured to future date, Bandwidth graph (Web Admin Console) and System health graphs (Diagnostic tool) are not generated up to the configured date and time. Graphs are not generated even after configuring correct date. E.g. If current date is 10/07/2008 and system date is set to 23/12/2009 then graphs will not be generated till 23/12/2009 Bug ID – 5508 Description – When non-English version of Google and Yahoo are used for searching, Google and Yahoo Search Keywords reports display multiple entries for each searched Keywords. Bug ID – 5518 Description – Audit log generated from CLI console and Web Admin Console do not match. Bug ID – 5521 Description – “Category wise trends for yesterday” proactive report is mailed without any data. Bug ID – 5530 Description – Data fields sequence mismatch in the tabular format and CSV format of IDP reports. Bug ID – 5556 Description – When Anti Virus and Anti Spam subscription modules are not subscribed, blank page is displayed for Periodic Data report (Report>Anti Virus>Mail Summary). Bug ID – 5562 Description – Upload and Download Data mismatch on Traffic discovery Live Connection and Connection History page. Bug ID – 6156 Description – Hourly Trend reports should display trends for 10 hours but when the report start hour is specified as 12 or higher, report does not display trends for 10 hours. Bug ID – 6221 Description – Drill down reports of Group wise Web Surfing report displays incomplete username if it exceeds 30 characters. Multiple Gateway Bug ID – 473 Description – Gateway Status change alert messages where mailed at the HA Admin Email ID only High Availability cluster is configured. Due to this, Cyberoam Administrator does not receive such mails if HA was not configured or Appliances in which HA feature is not supported. Now, all the gateway status related mails will be mailed at the Cyberoam Administrator Email ID configured from Network Configuration Wizard and not the HA Admin Email ID. HA Admin will receive only the mails related with the HA. Bug ID – 3621 Description – Even when gateway is defined explicitly in firewall rule, it is not possible to access Internet if multiple gateways are defined and both the Gateways are down. Bug ID – 3653 Description – Even when gateway is defined explicitly in firewall rule, it is not possible to access Internet if multiple gateways are defined and gateway weight configured as zero (0). Bug ID – 5982 Description – Even when load balancing is implemented between multiple gateways, Internet traffic is passing through only one gateway. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 119/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 6010 Description – When multiple gateways are configured, Gateway status is displayed as “Dead” even when gateway is “Live”. This happens because incorrect Interface information is passed to the Dead Gateway Detection module. Bug ID - 6224 Description - When three gateways are configured - two as "Active" and one as "Backup", traffic is not consistently routed through the backup gateway if both the active gateways go down simultaneously. Parent Proxy Bug ID – 361 Description – When parent proxy is configured and scanning is enabled, it is not possible to access internally hosted servers from the Internet. This is because all the requests are forwarded to parent proxy instead of the internally hosted servers. PPPoE Bug ID – 3816 Description – When PPPoE is enabled, Cyberoam terminates L2TP connection within 2 minutes. Bug ID – 4320 Description – When PPPoE is configured, VPN daemon starts twice. Once when PPPoE is enabled and second time when IP address is leased. Bug ID - 4863 Description - Multiple PPPoE connections cannot be established from single IP address subnet. Proxy Bug ID – 459 Description – It is not possible to use Outlook Web Access (OWA) when anti-virus scanning is enabled Bug ID – 2178 Description – When FTP scanning is enabled on Cyberoam and FTP proxy is not enabled in Firefox Mozilla web browser, virus infected files are not blocked for FTP over HTTP. Browser displayed ‘Failed to change directory’ 550 error. Bug ID – 2334 Description – Yahoo Webcam is not supported when Cyberoam is configured as Proxy server. Bug ID – 4251 Description – When Browser proxy is configured, it is not possible to upload data on FTP server. However it is possible to upload from Command Line Interface. Bug ID - 5245 Description – HTTP Secure (HTTPS) traffic is redirected to HTTP proxy even when Internet Access policy is configured. Bug ID – 5280 Description – FTP client timeouts while uploading large files. Rollback Bug ID - 218 Description – After Cyberoam is rollbacked from version 9.5.8.x to version 9.5.4.x, Online help is not rolled backed System Bug ID – 83 Description – When the time zone is updated from Web Admin Console, time displayed on Web Admin and CLI console does not match. One needs to restart management services from CLI console to resolve this issue. Bug ID – 316 Description – LAN Bypass rule created from Advanced Firewall rule configuration of CLI console is not removed after resetting to factory default. Bug ID – 324 Description – CLI console command “show network interfaces” does not display MSS value Bug ID – 455 Description – Cyberoam is not able to learn route when RIP routing is configured in plain mode i.e. when authentication is not enabled. Bug ID – 484 Description – When Gateway is assigned static IP address, Cyberoam ARP table does not updated when MAC address of gateway changes. Bug ID – 582 Description – When using Google Chrome browser it is not possible to configure DHCP server. Bug ID – 656 Description – Sometimes at the time of downloading an email from POP3 server, the connection drops intermittently and due to this the entire downloading process restarts. Hence user receives each mail twice or thrice. Similarly, sometimes it is not possible to send mail with an attachment from Gmail. The process takes longer than expected and display “Still Trying” message. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the deployment details. Bug ID – 2044 Description – After changing Cyberoam deployment mode from Bridge to Route, if ‘Monitor only’ Internet Access policy is configured through Network Configuration Wizard, SNAT/Masquerade policy is not automatically applied. One has to apply manually. Bug ID – 2106 Description – Anti Virus and Anti Spam reports are not included in backup. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 120/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 2520 Description – If the zone of the Ethernet port is changed using Network Configuration Wizard, changes are not automatically reflected in DDNS account configuration. One needs to manually change the DDNS configuration. Bug ID – 2521 Description – Change in IP address of Gateway is not automatically reflected in Gateway Failover condition. One needs to manually change the IP address in Failover condition. Till the IP address is changed, status of the Gateway will be displayed as Down. Bug ID – 3763 Description – Dashboard does not display HTTP Traffic Analysis and User Surfing Pattern if Internet Access policy is not applied through Firewall rule. Bug ID – 3799 Description – Cyberoam is not able to resolve to a host name if LAN zone is not configured and hence it takes time open to open Web Admin console. Bug ID – 4208 Description – Cyberoam does not save the modified Notification Email address for Reports (through Network Configuration Wizard). Due to this, mails are send to the previously configured email address only. Bug ID – 4283 Description - Single Sign on users are able to access the Internet even without authentication. Bug ID - 4521 Description – Non-standard ports traffic is also displayed in Port wise traffic discovery report. Bug ID - 4574 Description – Incorrect proxy status is displayed on Web Admin console. Bug ID - 4326 Description - After changing the Cyberoam deployment mode from Bridge to Gateway (Route), NATting is not enabled automatically in the default firewall rules. One has to manually apply MASQ policy in all the default firewall rules. Bug ID - 4994 Description – Backup mode (FTP and Mail) configured in Backup Schedule is not included in backup. Bug ID - 5071 Description – When H323 module is enabled, VoIP connection cannot be established. Bug ID - 5177 Description – When Cyberoam is configured in transparent mode, disable LAN bypass option does not work. Bug ID – 5385 Description – Network Configuration Wizard (Configure Mail Settings) allows to configure SMTP username and password even without enabling SMTP authentication. This behavior is observed with Internet Explorer web browsers only. Bug ID – 5395 Description – Cyberoam becomes inaccessible after changing the deployment mode from transparent to gateway (route), if Virtual LAN is configured. Bug ID – 5401 Description – After upgrading to version 9.5.4 build 66 from version 9.5.4 build 57, Web Admin Console takes time to come up. This behavior is observed when Cyberoam is used to perform DNS queries to resolve IP address. Bug ID – 5414 Description – Applications like Gtalk, Skype using port 443 and not following SSL standard are not accessible. Bug ID – 5416 Description – When Cyberoam is deployed as single NIC proxy, Skype does not work. Bug ID – 5426 Description – After creating a new service, if one rolls back a browser window, browser clears away certain screen components e.g. protocol details, port number fields and also allows to create another service without protocol details or port number which is mandatory information. Bug ID – 5433 Description – Multiple alerts are displayed on the Dashboard for the single event. Bug ID – 5452 Description – when parent proxy is configured in Cyberoam and IDP signature “CYBEROAM External_HTTP_Proxy“ is enabled, users are not able to access the Internet as traffic to parent proxy is dropped. Bug ID – 5453 Description – When Cyberoam is integrated with Active Directory for authentication, users are not able to logon to MyAccount if username is provided with without domain name. Bug ID – 5460 Description – Host name cannot include special characters space or underscore but when one tries to include them incorrect error message appears. The message reads “Enter valid Host name. Only alphanumeric characters, space, dot and ‘_’ allowed. “ but should read as “Enter valid Host name. Only alphanumeric characters and dot allowed.” Bug ID – 5461 Description – High CPU usage makes Cyberoam Web Admin Console inaccessible and users are not able to logon. This behavior is observed when number of HTTP Client users (concurrent) exceed 255. Workaround - From Web Admin console, disable "Keep Alive Request For HTTP Client" from the relevant group. Users are required to re-login after this configuration change. Bug ID – 5479 Description – Recent IDP Alerts doclet of Dashboard displays irrelevant numbers instead of signature name. This happens only for IDP Signature Database version 2.4.14 due to multiple message files for certain signatures. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 121/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 5480 Description – User Migration Utility imports users from Active Directory without domain name. Due to this, users cannot be authenticated and hence they cannot establish PPTP or L2TP connection. Bug ID – 5516 Description – When ZoneEdit is configured as Dynamic DNS, it does not update its database whenever Cyberoam’s External Interface IP address changes. Manage Dynamic DNS page displays “Could not connect to www.zoneedit.com” Bug ID – 5525 Description – At the time of registering the Cyberoam appliance if the page is refreshed, blank page is opened. Bug ID – 5528 Description – Cyberoam incorrectly allows to create NAT policy when configured in transparent mode. Bug ID – 5529 Description – When firewall rule for virtual host whose external and mapped port are not same then Cyberoam does not detect virus. For example, external port: 8080 and mapped port: 80 Bug ID – 5531 Description – All the modules get subscribed automatically when appliance is registered after applying factory default. Bug ID – 5535 Description – Even when Cyberoam’s HTTP and HTTPS access is denied through Local ACL, Cyberoam becomes accessible if it is configured as browser proxy. Bug ID – 5546 Description – Cyberoam does not support POP3 downloader applications used to download mails from external mail server that do not follow RFC standard. Bug ID – 5549 Description – Static routes configured through CLI console are not preserved after restoring backup of version 9.5.0 build 29 or 9.5.3 build 22 on version 9.5.4 build 72. Bug ID – 5550 Description - Advanced firewall setting configured from CLI console are not preserved after restoring backup of version 9.5.0 build 29 or 9.5.3 build 22 on version 9.5.4 build 72. Bug ID – 5551 Description – After restoring backup of version 9.5.0 build 29 on version 9.5.4 build 72, Data Transfer and Cycle Data Transfer values (Customize Client Messages page) are not retained. Bug ID – 5553 Description – After restoring backup of version 9.5.0 build 29 on version 9.5.4 build 72, mail ID in Backup schedule is not preserved. Bug ID – 5560 Description – Group login restriction does not automatically override user login restriction. To implement group login restriction, one has to manually change the restriction for the individual group users. Bug ID – 5663 Description – Cyberoam is not able to block access of Anonymous Web proxy. Bug ID – 5677 Description – Restoring backup of version 9.5.4 build 66 to version 9.5.4 build 74 does not retain MSS and MTU values. This behavior is observed only when restoring backup on cross model appliance. Bug ID – 5560 Description – Factory default retains Mail backup schedule. Bug ID – 5681 Description – Dashboard Alerts messages are not displayed after resetting to factory defaults. Bug ID – 5682 Description – Bandwidth usage graph and System health graph are retained after resetting to factory defaults. Bug ID – 5684 Description – When Cyberoam is configured as DNS server server, Cyberoam is not able to perform DNS lookups to gather IP address information of the FQDNs Bug ID – 5711 Description – HTTP client login window cannot be maximized. Bug ID – 6067 Description – In cross model backup restore, Virtual host configuration is not restored. One will have to manual delete and re-create all the virtual hosts after restoring the backup. Bug ID – 5874 Description – Web Admin Console does not change the status of Gateway immediately after the gateway goes down but changes the status only after approx. 2.5 minutes i.e. status is displayed in red color only after approx. 2.5 minutes. Traffic Discovery Bug ID – 5498 Description – When traffic discovery module is enabled, system I/O processes triggers high CPU resource. User Bug ID – 476 Description – SSO client users do not receive the disconnection message sent from the Live User Page of Web Admin Console docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 122/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 533 Description – Even when multiple login is restricted, users are able to logon multiple times. Bug ID – 958 Description – There is mismatch in the total count and number of the live users displayed on the Manage Live User page of Web Admin Console. Bug ID – 1055 Description – SSO client user session is not getting disconnected after the configured session timeout. User login time automatically gets changed every 3 minutes and due to this, session start time (login time) of the live user is changed to the current time. Bug ID - 1144 Description – Cyberoam does not authentication Active Directory users when username includes upper case characters e.g. James.Mathews Virtual host Bug ID – 5643 Description – When port range is configured, port forward rule for Virtual host does not work after management services are restarted. Virtual Private Network (VPN) Bug ID – 456 Description – There is no facility in Cyberoam to stop PPTP server after configuration. Currently to stop PPTP server, one needs to disable the VPN module from Web Admin Console (System Modules Configuration). Bug ID – 492 Description – To establish L2TP connection with “Aggressive” authentication, L2TP client should support “Aggressive authentication mode. Cyberoam does not provide an appropriate message at the time of selecting authentication type as a result when one tries to establish connection, connection is not established. Bug ID – 603 Description - Even when the PPPoE link is down, VPN connection on the link is displayed as “Active” Bug ID – 672 Description – When “*” is configured as remote gateway in Cyberoam and remote host is configured on dynamic IP address, multiple IPSec tunnels cannot be established between remote host and Cyberoam. This happens because Cyberoam does not support mix mode tunnels i.e. one tunnel with Authentication mode as “Main” and another as “Aggressive”. To establish multiple connections it is required that all the tunnels established on the Cyberoam should be either set as “Main” or “Aggressive” mode. Bug ID – 673 Description – It is not possible to establish road warrior connection if the road warrior client IP address is on the subnet of any other remote network. Bug ID – 1005 Description – The roadwarrior policy with DES-SHA1 algorithms is exported as 3DES-SHA1 i.e. wrong algorithms. Bug ID – 1036 Description – For NAT over VPN tunnel, when the LAN IP address is the first IP address in the IP address range configured as Local or Remote network in the VPN policy, Cyberoam drops such VPN traffic. Bug ID – 1097 Description – When the VPN client password length is of 16 or more characters, it is not possible to establish PPTP or L2TP tunnel. Bug ID – 3003 Description – Under the testing environment it is found that when multiple gateways are defined on Cyberoam, VPN connection from one WAN Interface does not consistently fail over to the another WAN Interface. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the scenario details. Bug ID – 3004 Description – If the VPN client initiating PPTP connection is behind the NAT box then Cyberoam allows only one PPTP connection. Bug ID - 4466 Description - It was possible to create multiple VPN connections with the same subnet configured for Remote LAN network. Bug ID - 4599 Description –When Cyberoam is deployed behind a NAT device, L2TP connection cannot be established. Bug ID – 5398 Description – After L2TP connection status is displayed as “Connected” even when disconnected. One has to disconnect manually. This behavior is observed when L2TP connection request is routed through NAT router. Bug ID – 5543 Description – One needs to restart management services to add or remove VPN routes after enabling or disabling VPN module (System Module Configuration). Bug ID – 5565 Description – It is possible to establish only one Road Warrior connection when two or more IPSec Road Warrior connections are created with the same preshared key Bug ID – 5693 Description – Cyberoam incorrectly allows to delete PPTP and L2TP users from Manage Active page. But, deleted users are displayed on PPTP and L2TP Configuration page. Bug ID – 6204 Description - L2TP connection cannot be re-established after it is frequently disconnected from Windows L2TP client Bug ID - 6269 Description - One needs to manually update L2TP configuration after changing the LAN IP address. L2TP configuration page on Web Admin Console does not even provide the warning message for updating the configuration. Similar situation is faced with PPTP configuration. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 123/409 ١١٢١٠٢/٤/ Cyberoam Docs Web Admin Console Bug ID – 270 Description – Format mismatch in advanced firewall configuration parameters when CLI console is accessed through Telnet and HTTP Interface. For example, when CLI is accessed over Telnet, parameters are displayed with special character underscore (_) e.g. source_network, while parameters are displayed without underscore e.g. source network, when CLI is accessed over HTTP Interface. Bug ID – 307 Description – Cyberoam does not support UTF-8 Encoding as a result parsing problem occurs. Bug ID – 681 Description – HTTP Client login template is not accessible from Browser Google Chrome. Bug ID – 693 Description – Gateway wise Bandwidth usage graphs contains break Bug ID – 749 Description – If more than one Firewall log is not configured for syslog server from System > Logging > Logs Configuration page, Cyberoam does not send firewall rules log to the syslog server. Bug ID – 2335 Description – Combo box is not displayed when overlapped with expanded menu if Web Admin Console is accessed using Internet Explorer. Bug ID – 5647 Description – After upgrading from version 9.5.4 build 66 to version 9.5.4 build 74, Web Admin Console becomes inaccessible. Web Admin Console becomes accessible only after restarting management services. Bug ID – 5593 Description – In Gatewaywise Composite Bandwidth Usage Graph, titles and data values are not aligned. Bug ID – 5625 Description – When Cyberoam is deployed in transparent mode, DHCP server cannot be configured. But, after upgrading from version 9.5.3 build 22 to version 9.5.4 build 74, Cyberoam incorrectly displays DHCP server configuration in Web Admin Console. Bug ID – 5688 Description – Even though Pharming protection is enabled DNS lookup is not performed. One has to disable and enable pharming protection again to perform DNS lookup. Bug ID – 5712 Description – Message "Zone Creation is not available in bridge mode" is not displayed in a default font style. Document version – 1.0-23/12/2008 1.2.1.5. V 9.5.4 1.2.1.5.1. Release Notes Release Information Compatible versions: 9.5.3 build 14 onwards Release Dates Version 9.5.4 Build 92 - 7th November, 2008 Version 9.5.4 Build 86 - 4th September, 2008 Version 9.5.4 Build 80 – 6th August, 2008 Version 9.5.4 Build 74 – 22nd July, 2008 Version 9.5.4 Build 72 – 15th July, 2008 Version 9.5.4 Build 66 – 17th June, 2008 Upgrade Information Upgrade type: Manual upgrade Upgrade procedure Download upgrade from http://downloads.cyberoam.com Log on to Cyberoam Web Admin console and go to Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to option 6 Upgrade Version and follow the on-screen instructions. Compatibility Issues: None Introduction This document contains the Release Notes for Cyberoam version 9.5.4 with the five builds - Build 66, Build 72, Build 74, Build 80 and Build 86. It is a performance and maintenance release which includes new features, enhancements and several bugs solved in response to bug reports and beta version feedback that improves quality, reliability, and performance. The following sections describe the release information in detail and provide other information that supplements the main documentation. Features docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 124/409 ١١٢١٠٢/٤/ 1. Filter HTTPS traffic based on Domain names[1] Cyberoam Docs Cyberoam now filters HTTPS traffic based on Domain names using site Certificates. Most of the content filtering solutions can detect and block the websites accessed over the HTTP protocol. To bypass these kinds of solutions, users use URL Translation or HTTP proxy websites hosted on HTTPS to access blocked sites. With this development, Cyberoam would be able to block these kinds of attempts to bypass the web content filter and sites hosted on SSL. Protocols supported - SSLv2, SSLv3 and TLS Certificate supported – X.509 By default, this option is enabled and can be disabled from Internet Access policy (IAP). Access denied message will not be displayed when access is denied. 2. Multiple Syslog server support[2] Cyberoam now supports multiple syslog servers for remote logging. One needs to configure the facility, severity and log file format for syslog servers and logging location if multiple syslog servers are configured. Maximum 5 syslog servers can be defined from Logs Configuration page of Web Admin Console. Apart from firewall and Intrusion Detection and Prevention (IDP) logs, Cyberoam now also supports logging of following activities on syslog server: AntiVirus, AntiSpam, Content Filtering Except for Traffic discovery logs, all the logs can be stored on the syslog server also. Logging of various activities to syslog server can be enabled or disabled from the Logs Configuration page of Web Admin Console. 3. Support BGP protocol for Dynamic Routing[3] Cyberoam now supports Border Gateway Protocol (BGP) for dynamic routing. BGP is a path vector protocol that is used to carry routing between routers that are in the different administrative domains (Autonomous Systems) e.g. BGP is typically used by ISPs to exchange routing information between different ISP networks. Cyberoam has implemented BGP version 4 as described in RFC 1771. Additionally, RFC 1997 (Communities Attribute), RFC 2796 (Route Reflection), RFC 2858 (Multiprotocol extensions) and RFC 2842 (Capabilities Advertisement) are also supported. CLI Console provides the Cisco compliant CLI for routing configuration. Additionally, a firewall rule is to be configured for the zone for which the BGP traffic is to be allowed i.e. LAN to LOCAL or WAN to LOCAL. 4. HTTP upload report Cyberoam Web Surfing report now provides details of HTTP upload activity carried out by each user. The following information will be available from the report: User name / IP address, URL, File name and size Enhancements Build 92 1. Streaming media bypass Cyberoam now has an ability to disable HTTP scanning of video and audio streams in order to avoid delays caused by scanning and downloading the entire stream prior to playing. By default, Cyberoam will scan video and audio files and one can disable from Antivirus, HTTP Configuration page of Web Admin Console. 2. Searchable Intrusion Prevention System (IPS) reports IPS reports can now be searched by Source IP address, destination IP address, severity and signature name. Build 86 1. Access CLI over HTTP Interface Cyberoam has introduced a smooth method of tying two Administrative consoles - Web Admin Console and CLI, by embedding CLI link in Web Admin Console. Link to CLI can be clicked for the immediate access to CLI. It initiates a telnet connection with CLI without closing Web Admin console, which avoids toggling between consoles especially when management service is to be restarted (RMS). Console link is provided in the button bar in the top right most corner on each page of Web Admin Console. Behavior: Cyberoam will not display any message like “RMS complete…” once management services are restarted. After restarting management services, one will have to open a new session as existing session will automatically expire after restarting management services After executing following commands from CLI: cyberoam check_disk data_partition, cyberoam check_disk system_partition, cyberoam repair_disk data_partition, cyberoam repair_disk system_partition, one will have to restart Cyberoam 2. Utility to monitor dropped packets from Web Admin Console Cyberoam from this version onwards provides the facility to monitor (capture) the dropped packets from Web Admin Console also. Till previous versions, it was possible to monitor from CLI only. Report will provide packet header information and details on which module is dropping packets e.g. firewall, IDP along with information like firewall rule number, user and user group, Internet Access policy number etc. This will help Cyberoam administrators to troubleshoot errant firewall rule. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 125/409 ١١٢١٠٢/٤/ Cyberoam Docs Captured dropped packets can be exported or searched by the following parameters: source and destination host, port, protocol and interface. Utility can be accessed from Diagnostic tool. 3. Dashboard Doclet information is now Copy-able For searching and using the doclet information, Dashboard Doclet Information can now be copied. For example, Signature name displayed in the “Recent IDP Alerts” doclet can be copied and used as a searching criteria in Search IDP Signature to get the signature details. Build 80 1. VPN policy Templates To make VPN connection configuration an easy task, following four default VPN policies are included for frequently used VPN deployment scenarios: Road warrior L2TP Head office connectivity Branch office connectivity 2. Block access of restricted sites through Google and Yahoo language translation services Cyberoam can now block web access through the language translation services of yahoo and google which is used as a proxy to access the restricted sites. A language translation service instantly translates text and web pages. For example, If the access to www.monster.com is blocked by blocking JobsSearch category, then user will not be able to access the site using google and yahoo translation services. 3. Configurable action for invalid HTTP traffic Cyberoam can now be configured to accept invalid traffic through HTTP port i.e. allow traffic not following HTTP protocol. The configuration can be done via the “set http_proxy relay_http_invalid_traffic” command from the CLI Console. By default, Cyberoam is configured to not to relay such traffic. 4. Web Admin Console change From this version onwards, one has to configure trusted ports only once. Prior to this previous version, one had to configure HTTPS and HTTP trusted ports separately. Build 72 1. Dashboard System Status Doclet includes secure scanning status (enabled or disabled) configured on CLI console. 2. Two additional file types - Flash Video File (.flv) and Shockwave Flash Format File (.swf) are included in default File type category. 3. VPN logs are included in debug file generated from CLI console. Build 66 1. Optimization of Startup time Startup time is reduced by approximate 35% to 45% across various models. This was achieved by performing some maintenance tasks like re-arranging booting sequence, removing obsolete files. But Cyberoam may take time to startup if it goes down abruptly e.g. after power failure. 2. Support Asymmetric routing environment[4] Cyberoam being a stateful firewall, tracks the traffic connection state. Due to this, Cyberoam drops the packets if both the outbound and return packets do not traverse through Cyberoam. In asymmetric routing environments, either outbound or return packets are seen by Cyberoam. Up till previous versions, it was not possible to deploy Cyberoam in such environments. Administrator can now configure source and destination host or network tuple from which such traffic is to be allowed from CLI console. By default, Cyberoam will drop the packets if both the outbound and return packets do not traverse through Cyberoam. Use set advanced-firewall-bypass-stateful-firewalconfig command to set such networks. 3. Multiple Active directory support Cyberoam now supports configuration of multiple Active Directory servers for user authentication. Cyberoam can be configured to authenticate users via HTTP client or Single Sign on Client. To logon using HTTP Client, users are required to specify user name along with the domain name. 4. Configurable action for Mid-stream TCP connections[5] Cyberoam can now be configured to pick up TCP connections in mid stream. Enabling midstream pickup of TCP connections will help while plugging in the Cyberoam appliance as a bridge in a live network without any loss of service. It can also be used for handling network behavior due to peculiar network design and configuration. E.g. atypical routing configurations leading to ICMP redirect messages. The configuration can be done via the “set advanced-firewall midstream_connection_pickup” command option in the CLI Console. By default, Cyberoam is configured to drop all untracked (mid-stream session) TCP connections in both the deployment modes. 5. VLAN tags preservation in bridge mode for scanned traffic From this version onwards, VLAN (Virtual LAN) tags will be preserved even when antivirus scanning, spam filtering and web filtering using Internet Access Policy (IAP) docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 126/409 ١١٢١٠٢/٤/ are applied to VLAN tagged traffic in Bridge mode. Cyberoam Docs In the earlier versions, VLAN tags were not preserved when scanning or Internet Access Policy was applied on the traffic. 6. Spam detection performance improvements Enhanced image-spam detection algorithms Optimized operation by fine-tuning parameters to improve performance and to save bandwidth Improved detection of spam and malware in nested messages Added HTTP connection pooling between the Anti Spam Engine and the Anti Spam Center Improved local caching and classification performance Support multiple Host Group membership Cyberoam now supports membership of single host in multiple host groups. 8. Dependency of restarting management services removed It is now not required to restart management services (RMS) for the following actions: defining Network in Auth Network[6] subscribing any of the modules enabling or disabling any of the System modules 9. Ability to switch on/off traffic discovery history log[7] Traffic discovery history log can now be turned off from the Configure Autopurge Utility page of Web Admin Console. If logging is enabled, then one can also specify number of days up to which logs should be retained. For example, if you specify 5 days, on the 6th day, the logs of the first day will be removed. By default, logs are retained for 7 days. 10. Utility to monitor dropped packets[8] A packet capture command is added on the CLI console to help Administrators view dropped packets. It will provide connection details and details on which module is dropping packets e.g. firewall, IDP along with information like firewall rule number, user, Internet Access policy number etc. This will help Cyberoam administrators to troubleshoot errant firewall rules. Use CLI command “packet-capture” to generate the packet dump. 11. Visibility to Spyware infected computers on Dashboard[9] “Recent Spyware Alerts” - doclet is added on the Dashboard to provide an instant visibility to spyware infected hosts. Alert provides username to help identify the spyware infected computer and take the immediate corrective action. Cyberoam constantly monitors and provides alert on the Dashboard on detecting spyware and also blocks Spyware “phone-home” traffic and other related backdoor traffic. Dashboard alert will be provided if any applications, laptops or desktops are secretly phoning home. Cyberoam detects “phone-home” traffic with IDP signature. 12. CLI console improvements Show network interface will now display interface information as per the Cyberoam nomenclature e.g. Port A, Port B instead of eth0, eth1 MTU can now also be configured when Cyberoam appliance is configured in transparent mode MTU and MSS values can now be configured from the Cyberoam Console option (set network command) and Cyberoam will now automatically configure MSS value on enabling PPPoE on the WAN interface. MTU and MSS configuration option from Network Configuration menu has been removed. Cyberoam Console option – “set network interface” command now allows configuration for the physical interfaces only. In case Cyberoam is deployed in transparent mode, only one interface would be available for configuration. In the earlier versions, Cyberoam displayed all the Ethernet interfaces including alias, ipsec and lo. Following HTTP proxy commands[10] are added Default value Command Description set http_proxy av_session set http_proxy dns_threads No. of files scanned simultaneously No. of simultaneous DNS requests that can be handled by Proxy server 20 Allowed range:1 to 64 5 Allowed range: 1 to 128 One may need to increase when Cyberoam is used as Proxy server or DNS response time is high (when DNS server is responding slowly) 1024 Allowed range: 1024 to 8192 One may need to increase when DNS server is responding slowly or number of simultaneous requests are high 4 Kbytes Allows range: 1 to 16 Kbytes One can increase in-case of high speed WAN link. OFF set http_proxy client_session No. of simultaneous client session set http_proxy rw_buffer_size Size of read/write buffer set http_proxy X- Include/Exclude X-Forwarded- docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 127/409 ١١٢١٠٢/٤/ Cyberoam Docs Forwarded-For set http_proxy deny_unknown_proto set http_proxy debug set http_proxy core_dump For header information from outbound HTTP requests Allow/deny traffic not following HTTPS protocol i.e. invalid traffic through HTTPS port Run proxy in debug mode Generate dump Applicable only in transparent mode. YES OFF OFF 13. Dashboard Alert message on failure to apply Firewall rule Cyberoam will now display Alert messages on Dashboard incase Cyberoam fails to apply any of the firewall rule on RMS (Restart Management Service), appliance reboot, or after adding, deleting or updating firewall rule. Message will prompt to “Rebuild Firewall state” from CLI console. 14. Configurable action for ICMP error message tracking[11] In the earlier versions, in-case of ICMP error, by default, Cyberoam deleted existing connection from its internal connection state. This option can now be disabled from the “set advanced-firewall” command from CLI Console. Behavior information Build 92 Following logs can be retained for maximum 90 days: Mail Virus log, Mail Spam log, IPS log, FTP log and Appliance Audit log. Previous versions allowed to retain logs for 60 days. Build 86 Alert message on failure to apply Firewall rule will be logged as Firewall rule log and can be from CLI console. One can use the command “show firewall-rule-log” to view the alerts. From this build onwards, they will not be displayed on Dashboard. Build 80 From this build onwards, default LAN to WAN (Any Host to Any Host) firewall rule will allow traffic to flow between the virtual host and the network. Prior to this version, one had to create firewall rule for the Virtual host to function, and to allow traffic to flow between the virtual host and the network. Build 66 Web Surfing logs can be retained for 365 days instead of 60 days HA failover timeout is reduced to 3 seconds. In earlier versions, failover was instant. After failover, all the Auxiliary sessions will timeout after 5 minutes if there is no traffic flow on the connection. When Cyberoam is deployed in transparent mode and is used as a direct proxy, LAN to WAN or WAN to LAN firewall rule is to be defined. For PPPoE connections, LCP echo request and reply can be disabled by setting LCP Interval and LCP Failure as zero from the Manage Interface page of Web Admin Console. After disabling HA, network configuration will be preserved on Auxiliary appliance. Till previous versions, factory defaults were restored on Auxiliary appliance on disabling HA. After disabling HA, to remove Auxiliary appliance from the cluster and use independently, reset HA from Auxiliary appliance and change IP schema through Network Configuration Wizard. Report are not synchronized when HA is configured. Cyberoam will now automatically reboot on kernel crash. Till previous versions, Administrator had to manually restart the system. Host name can include only alphanumeric characters and special character “.” Till previous versions, special characters “_” and white space were also allowed. DHCP service cannot be configured on Interface alias or virtual sub interface. Till previous versions, it was possible to configure. By default, IDP logs are not archived. One needs to enable from Configure Autopurge Utility. Discontinued Feature From Version 9.5.4 build 86 onwards, Alert message on failure to apply Firewall rule will not be displayed on Dashboard From Version 9.5.4 build 80 onwards, CLI command “set bandwidth l2tp-pptp” is discontinued From Version 9.5.4 build 66 onwards, High Availability will not be available in CR25i Appliances Bugs solved The purpose of this list is to give an overview of the bugs fixed in the various builds current release. The ID denotes the internal Cyberoam bug tracking ID and the description explains problem. Build 92 Command Line Interface (CLI) over Web Admin Console Bug ID - 6321 Description - High CPU usage is triggered when system date is updated from CLI through Web Admin Console. Firewall Bug ID – 5470 Description – When multiple administrators are performing any operation a firewall rule simultaneously, firewall configuration error occurs. Due to this, sometimes a firewall rule is created without the host group hence Dashboard flashes the message to rebuild firewall state. HTTP Proxy Bug ID – 6157 Description – When WAN to LOCAL firewall rule with Pharming or virus scanning is enabled, there is an potential vulnerability of Cyberoam acting as an open proxy docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 128/409 ١١٢١٠٢/٤/ Cyberoam Docs Internet Access policy Bug ID – 6382 Description – One needs to restart management services to apply custom Internet access policy. Intrusion Detection and Prevention (IDP) Bug ID – 6395 Description – Even when the IDP module is not subscribed, signatures included in "cyberoam signatures" category were working. By default, only custom signatures should work when IDP module is not subscribed. Logs & Reports Bug ID – 6323 Description – “Google search keywords” proactive report is sometimes mailed without username or IP address. System Bug ID – 5466 Description – On clicking “Preview” button on System>Configure>Customize Denied Message page, instead of displaying preview of custom access denied message, blank page is displayed. Bug ID – 5620 Description – On restarting management services, error “Restarting Management Service .........Failed : Route to destination already exists”. This error occurs when duplicate route entry exists in the routing table. Bug ID – 5913 Description – Traceroute functionality does not work with URL but works with IP address. For example, when one tries to determine the route for newwebmail.elitecore.com, result is not displayed but when one tries with 203.88.138.194, result is displayed. Bug ID – 5957 Description – Ping functionality used to check gateway reachability does not work when one tries to ping a URL but works when the IP address of the same URL is pinged. For example, when one pings for newwebmail.elitecore.com, ping result is not displayed while when 203.88.138.194 is pinged, result is displayed. Bug ID – 6143 Description – Virtual host stops working under certain circumstances. Bug ID – 6378 Description – At the time of configuring custom denied message for any custom category, Cyberoam does not allow selecting the required category but randomly selects a category from the list. Virtual Private Network Bug ID – 5773 Description – When multiple links are terminated on Cyberoam and Net-to-Net IPSec connection and Road Warrior connection are configured on two different links, instead of serving requests through different gateways, all the requests are served by only one gateway. Bug ID – 6184 Description – When high numbers of VPN tunnel are configured, on doing an RMS, the VPN tunnels get deactivated. Web Admin Console Bug ID – 6065 Description – If one tries to re-position the Dashboard Doclets by dragging and dropping when IDP Engine has stopped, Dashboard Doclet alignment is lost. Workaround – Restart IDP Engine from Manage IDP page and then reset the Dashboard. Bug ID – 6112 Description – “Recent IDP Alerts” doclet on Dashboard displays on additional column. Build 86 Bandwidth policy Bug ID – 5791 Description – When HTTP virus scanning and content filtering is enabled (Internet Access policy is configured), file downloading speed reduces drastically. CLI console Bug ID – 5909 Description – Word “cyberoam” is incorrectly spelled in the tcpdump command help. Help reads as “filedump Dump packets in a file. Download file from http://<cyberooam_ip>/documents/tcpdump.out” but it should read as “filedump Dump packets in a file. Download file from http://<cyberoam_ip>/documents/tcpdump.out” HTTP Proxy Bug ID – 5209 Description – When Upstream Proxy (Parent proxy) IP address is configured same as Cyberoam WAN interface IP address, Cyberoam is not able to establish connectivity with Cyberoam Registration server as a result it is not possible to register Cyberoam appliance. Logs & Reports Bug ID - 5715 Description - Data field sequence mismatch in tabular and CSV format of Top 10 users by Data transfer report(Internet Usage > Organization-Wide). Bug ID - 5855 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 129/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – Cyberoam does not forward Firewall logs to the remote logging server. System Bug ID – 5104 Description – Cyberoam incorrectly allows to configure Gateway IP address in a non-standard IP address format from Network Configuration Wizard and Manage Gateway Page of Web Admin Console. Bug ID – 5692 Description – Ping and Traceroute functionality used to check gateway reachability is not working. Bug ID – 5516 Description – When ZoneEdit is configured as Dynamic DNS, it does not update its database whenever Cyberoam’s External Interface IP address changes. Manage Dynamic DNS page displays “Could not connect to www.zoneedit.com” Bug ID – 5788 Description – When Shutdown button is clicked on Manage Server page, Cyberoam restarts instead of shutting down. This behavior is observed only in Cyberoam Appliance CR 250i. Bug ID – 5772 Description – Customize Client Preference does not support URLs ending with “.local” as home page VPN Bug ID – 5693 Description – Cyberoam incorrectly allows to delete PPTP and L2TP users from Manage Active page. But, deleted users are displayed on PPTP and L2TP Configuration page. Web Admin Console Bug ID - 5278 Description – At the time of adding PPTP and L2TP users even when group is not selected, Error message is not displayed. Cyberoam should display message as “Select at least one Group”. Same behavior is observed at the time of deleting users. Bug ID - 5908 Description – Cyberoam incorrectly retains and displays the Dashboard “Rebuild Firewall state” Alert even after upgrading Cyberoam if Cyberoam has failed to apply any of the firewall rule before upgrading Cyberoam. Build 80 Categorization Bug ID – 5564 Description – Default Web category name is spelled incorrectly as “PesonalAndBiographySites’. It should be spelled as “PersonalAndBiographySites’ Data transfer policy Bug ID – 5439 Description – Monthly Data transfer policy does not work as per the configuration. For example, 5 GB per month data transfer quota is configured for the user but user is able transfer only up to 1. Firewall Bug ID – 5523 Description – Even when Web and Application Filter module has expired, Cyberoam blocks all the HTTPS traffic. Bug ID – 5637 Description – After adding a new LAN zone, default LAN to WAN firewall rules are not added automatically. Groups Bug ID – 5116 Description – Incomplete Add Group page is displayed when not a single data transfer policy is configured. As a result it is not possible to add a new user group. In other words, one needs to configure at-least one data transfer policy to add a group. Intrusion Detection & Prevention (IDP) Bug ID – 5582 Description – IDP module triggers high CPU usage when IDP engine restarts frequently. This happens because, Cyberoam generates an alert every time IDP engine restarts and when IDP engine restarts frequently, more number of alerts are generated which results into high CPU usage. Logs & Reports Bug ID – 5530 Description – Data fields sequence mismatch in the tabular format and CSV format of IDP reports. Bug ID – 5552 Description – There is mismatch in URLs listed in User wise blocked attempts report and its drill down report Bug ID – 5614 Description – By default, HTTP and FTP logs are enabled and stored on Cyberoam Appliance itself and Cyberoam does not provide any provision to disable them. But, after updating the logging configuration, Web Admin Console incorrectly displays them as disabled. Bug ID – 5634 Description – When Cyberoam is configured as Proxy, one cannot access secure sites if content filtering log is disabled from Web Admin Console System Bug ID – 3755 Description – Under the testing environment it is found that when multiple gateways are defined on Cyberoam, gateway parameters are not defined uniquely for each gateway. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the scenario details. Bug ID – 4995 Description – When Cyberoam is configured as a Browser proxy, users are not able to access the sites like www.scdl.net which are hosted on the server on which DNSbased load balancing is implemented. This is because; Cyberoam receives a different IP address for the same site from DNS. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 130/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 5258 Description – After restoring backup of version 9.5.4 build 27 on version 9.5.4 build 55, mail ID in Backup schedule is not preserved. Due to this, one does not receive the backup mails. Bug ID – 5414 Description – Applications like Gtalk, Skype using port 443 but not following SSL standard are not accessible i.e. when Certificate based Categorization (HTTPS) is enabled from Internet Access policy. Bug ID – 5465 Description – Cyberoam incorrectly allows Inactive user with Administrator privilege to logon to Web Admin Console. Bug ID – 5675 Description – After restoring backup of version 9.5.3 build 22 on version 9.5.4 build 78, incomplete Logs Configuration page is displayed in Web Admin console. Bug ID – 5670 Description – While changing the Cyberoam deployment mode from transparent to route through Network Configuration Wizard, Cyberoam allows to configures additional port with the duplicate Gateway name. Bug ID – 5480 Description – User Migration Utility imports users from Active Directory without domain name. Due to this, users cannot be authenticated and hence they cannot establish PPTP or L2TP connection. Virtual host Bug ID – 5638 Description – IP based Virtual host does not work as per the configuration after restarting management services. Virtual Private Network (VPN) Bug ID – 5445 Description – When VPN policy is configured with different PFS (Perfect Forward Secrecy) value at both the peers, VPN service frequently restarts i.e. PFS is configured for one peer but not configured for another peer. Bug ID – 5480 Description – User Migration Utility imports users from Active Directory without domain name. Due to this, users cannot be authenticated and hence they cannot establish PPTP or L2TP connection. Build 74 Categorization Bug ID – 5609 Description – Certain default categories were not included in CIPA Internet Access policy. Firewall Bug ID – 5599 Description - After upgrading to version 9.5.4 build 72, Cyberoam does not preserve any WAN to LOCAL firewall rules configured with DNAT policy. Due to this, Internal servers became inaccessible from the WAN side. By default, they should be preserved but after upgrading to version 9.5.4 build 72 one has to create virtual host for the servers to forward the request. Bug ID – 5621 Description – When specific outgoing gateway is configured through Firewall rule, Cyberoam did not route the traffic through the configured gateway. Build 72 Antivirus Bug ID – 5392 Description – When mail attachments are blocked, Disclaimer or signatures are not added to the mails. Bug ID – 5408 Description – HTTP proxy restarts when one tries to search URL category (Categories>Web Category>Search URL) or add/delete keyword and domains in Custom Web category. Bug ID – 5448 Description – After configuring special character hash (#) in URL Regex for HTTP scanning rule, blank page is served instead of HTTP configuration page. Firewall Bug ID – 4575 Description – LAN to LAN Virtual host rules gets executed automatically at midnight. Bug ID – 5397 Description – Instead of replacing the modified default rules, Cyberoam Central Console (CCC) pushes modified default firewall rules as a new set of default rules and adds them at the top of the list in Cyberoam. Bug ID – 5454 Description – Dashboard Alert "System failed to apply firewall rule(s)" is displayed when virtual host with UDP port forwarding is configured as destination host in firewall rule. Bug ID – 5455 Description – After changing the addressing mode of the WAN interface from PPPoE to Static, proxy ARP entry for the Virtual host is not updated. Due to this, Internet users were not able to access the internal servers. Bug ID – 5471 Description – Cyberoam should not be accessible from WAN side when access is denied from Local ACL. But, it is possible to access Cyberoam when virtual host for WAN interface with traffic port forwarded to LAN IP is configured as a destination host for WAN to LAN drop firewall. Bug ID – 5536 Description – Host name cannot include special characters space or underscore but when one tries to include them incorrect error message appears. The message reads “Enter valid Host name. Only alphanumeric characters, space, dot and ‘_’ allowed“ but should read as “Enter valid Host name. Only alphanumeric characters and dot allowed.” Bug ID – 2385 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 131/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – Incorrect Access Deny message is displayed when access to “All Web Traffic” category is not allowed. Intrusion Detection and Prevention Bug ID - 5315 Description – After upgrading to Signature Database version 2.4.7, IDP Engine uses high CPU. Due to this unpredictable traffic behavior is observed in the traffic on which IDP policy is applied. Bug ID - 5559 Description - High number of IDP alerts triggers high CPU usage Logs & Reports Bug ID – 4515 Description – Google Search keywords report included URL encoding characters e.g. + or % SNMP Bug ID – 5123 Description – Cyberoam hangs every 5 minutes after starting SNMP server. System Bug ID – 5417 Description – When user gives incorrect username or password at the time to logon to MyAccount, incorrect error message appears. The message reads “Error in Authenticating, contact the administrator if problem persists” but should read as “Wrong username or password” Bug ID – 5432 Description – At the time of changing user password, Cyberoam displays “You must enter valid email ID” message when email ID is left empty. As email ID is not a mandatory field, Cyberoam should not give this error message. Bug ID – 5447 Description – After upgrading Cyberoam from version 9.5.3 build 22 to version 9.5.4 build 66 one needs to restart management services manually to access Cyberoam Web Admin Console. Bug ID – 5460 Description – Cyberoam does not support special character underscore in group name but when one tries to include incorrect error message appears. The message reads “Enter valid Group name. Only alphanumeric characters, space and ‘_’ are allowed.” but should read as “Enter valid Group name. Only alphanumeric characters and space are allowed.” Bug ID – 5507 Description – After upgrading Cyberoam from version 9.5.3 build 22 to version 9.5.4 build 66 Syslog configuration is not retained. Bug ID – 5509 Description – On resetting Cyberoam to factory defaults, DHCP client configuration is not retained if Cyberoam WAN interface is configured as DHCP client. Traffic Discovery Bug ID – 5418 Description – Download and upload data transfer column are transposed in Traffic discovery reports. Web Admin Console Bug ID – 5419 Description – ”HateAndRacism” category is included multiple times in CIPA Internet Access policy. Bug ID – 5420 Description – Font size is not consistent on all the configuration pages of Network Configuration Wizard. Bug ID – 5478 Description – One can configure username and password without enabling “Authentication Required” from Configure Mail Settings page of Network Configuration Wizard. Bug ID – 5519 Description – Even when by default, HTTP and FTP Antivirus logs are enabled, HTTP and FTP Antivirus log checkboxes are unchecked and “greyed out” Build 66 Anti Spam Bug ID – 3549 Description – Cyberoam does not detect spam mails if parent proxy is configured. Bug ID – 4510 Description – Quarantine area is rotated only when the area is full. Due to this, there is mismatch in percentage utilization of Quarantine area and actual mails displayed in the area. For example, total area utilized is 10% but repository does not display any mails. Bug ID - 4634 Description – "From Email Address" field accepts invalid email address in the Spam policy Bug ID - 4635 Description – When action defined for spam mail is “Prefix Subject” and MIME header filter contains a comma (,), Cyberoam forwards scanned mails without adding prefix to the original subject. Bug ID - 4761 Description - Users are not able to open the Quarantined (Spam and Virus) mails in any of the mail clients. Users are required to save the mails in EML format to open the mails in Outlook Express as Cyberoam downloads’ mails in HTML format. Bug ID – 4814 Description – Anti Spam General Configuration page displays incorrect status of Cyberoam Anti Spam Center. Bug ID – 4984 Description – Quarantine Spam mails are not displayed in User My Account. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 132/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 5293 Description – Only last 7 days quarantined mails were displayed in Quarantine report as well as in Self Service Quarantine area (User My Account). Due to this, there is data mismatch in Quarantine report and Quarantine utilization area. Anti Virus Bug ID - 4159 Description - Mismatch in AV scan time displayed on Captured Connection page and "Search Captured Sessions" page of HTTP Statistics when AV scanning disabled. Bug ID - 4519 Description – Cyberoam allows to configure file size threshold as zero for HTTP scanning. Cyberoam does not scan files when file size threshold is configured as zero. Bug ID - 4522 Description – Incomplete virus name is displayed in "Recent FTP Viruses detected" section of Dashboard Bug ID - 4633 Description – SMTP Email scanning rule names can include special characters like !@#$ Bug ID – 4665 Description – When HTTP scanning is enabled in Real mode, browser hangs while accessing following sites: http://tw.movie.yahoo.com, http://www.ipower.com/support, http://ctworld.org.tw Bug ID – 4667 Description – Cyberoam failed to display virus alerts on Dashboard and generate Syslog report in high traffic environment. Bug ID – 4790 Description – When “Video” file type attachment is blocked, Cyberoam blocks both “Video” and “Image” file type attachments. Bug ID – 5065 Description - When virus scanning is enabled, Rediffmail website does not open. Bug ID – 5227 Description – Anti-virus engine does not start after upgrading to version 9.5.4 build 55 Bug ID - 5290 Description - User My Account Quarantine Mail reports incorrectly displays Spam mails detected by POP/IMAP proxy as Quarantine mails. Bug ID – 5297 Description – When HTTP scanning is enabled and Internet Access policy is configured, Yahoo mail attachment can not be send. This behavior is observed only with Internet Explorer 6. Bandwidth policy Bug ID - 4345 Description - Priority level 4 is not displayed in Bandwidth policy Categorization Bug ID – 3476 Description – When no matching URL is found as per the search criteria, the “Search URL” option of Web category displays incorrect message. Bug ID – 4904 Description – It is possible to create Custom File Type category with multiple file extensions specified on multiple rows using <Enter> Bug ID – 5083 Description – When multiple File type Extensions are specified using “Enter” button while creating custom web category, the category does not work as expected. Command Line Interface (CLI) Bug ID - 4644 Description – CLI Console command "cyberoam service status" gives following error and does not generate a Debug log file. This situation occurs only if log file generation command is executed when Cyberoam is writing log records to a log file. Error: tar: cyberoam_tomcat.log: file changed as we read it tar: Error exit delayed from previous errors Bug ID – 5233 Description – Latency observed when one tries to log on to CLI console due to reverse IP address lookup. Bug ID - 5366 Description – ARP entry for Virtual host can not be deleted from CLI console. Bug ID – 5367 Description – When Cyberoam is configured in transparent mode, Interface speed can not be configured. Firewall Bug ID - 4880 Description – Changes in grouped Services are not reflected in Service Group. Bug ID – 5384 Description – Firewall rules based on Custom Application Protocol category does not work as expected. Group docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 133/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID - 4645 Description – Manage Group page displayed "Data Transfer Policy Bean" (incorrect spelling) instead of "Data Transfer Policy Name" Bug ID – 4703 Description – Save operation does not ask for confirmation before saving the Login restriction changes from the Change Group IP restriction page (Web Admin Console). Bug ID – 4704 Description – When user is allowed login from specific nodes, Edit Group page does not display login nodes details. Bug ID – 4705 Description – After adding IP address for login restriction, Change Group IP Restriction page is displayed without header Bug ID – 5074 Description – At the time of creating or updating group, if "%" is included in group name, a Java error is displayed. High Availability Bug ID - 4414 Description – HA synchronization process does not synchronize BGP configuration Bug ID - 4415 Description – Cyberoam allows to configure (add and delete) BGP routes from the Auxiliary appliance of HA cluster. Bug ID - 4430 Description – If SSH communication on the dedicated link fails, synchronization process remains incomplete. Due to this, Configure HA page displays primary appliance as Active and auxiliary as a stand-alone appliance even when HA is enabled. Bug ID - 4441 Description – It is possible to configure static routes from Auxiliary appliance of HA cluster. Bug ID - 4455 Description – Incorrect message "Applicable for primary node only when both nodes are UP" is displayed when HA load balancing is disabled from Auxiliary appliance (CLI console). Bug ID - 4567 Description – In Active-Passive HA cluster, if HA is disabled while synchronization process is going on, cluster becomes unstable. Bug ID - 4625 Description – In an Active-Passive HA cluster, deleting VPN connection on the Primary appliance does not delete connection from the Auxiliary appliance. Bug ID - 4643 Description – After failover in Active-Passive HA Cluster, it is not possible to establish Certificate based Net-to-Net VPN connections. Bug ID - 4651 Description - In Active-Passive HA cluster, after changing any network configuration from CLI console (Option 1 Network Configuration), all the logged in users on Primary appliance do not get logged in automatically on Auxiliary appliance. Bug ID – 4694 Description – In Active-Passive cluster, cluster becomes unstable when multiple events occur simultaneously e.g. dedicated link status changes during the failover process. Bug ID – 4758 Description - When an Appliance configured with VLAN and Alias, is configured as an Auxiliary appliance in Active-Passive HA cluster, Cyberoam does not remove VLAN and Alias configuration. Bug ID - 4901 Description – After restarting management services from Primary appliance of Active-Passive cluster, Auxiliary appliance can not be accessed with Auxiliary Administration IP. Bug ID - 4972 Description – If an Appliance configured with DHCP is configured as an Auxiliary appliance in Active-Passive HA cluster, Cyberoam does not remove DHCP configuration from the appliance. Bug ID – 5219 Description – HA could not be configured due to improper configuration of HA service. Bug ID - 5264 Description – HA synchronization process does not synchronize Local ACL Bug ID – 5375 Description – At the time of enabling HA, sometimes both the Appliances in HA cluster respond to the ARP request. Bug ID – 5376 Description – After HA failover, IP address added in Proxy ARP does not work as expected. Bug ID – 5377 Description – Proxy ARP does not work after restoring backup on a different appliance, but works if backup is restored on same appliance. Internet Access Policy Bug ID – 4907 Description – It is possible to create Internet Access policy with the name including all the special character like @ # $%. Now Cyberoam will allow only alphanumeric characters, space and underscore (_) in the Internet Access policy name. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 134/409 ١١٢١٠٢/٤/ Intrusion Detection and Prevention (IDP) Cyberoam Docs Bug ID – 4697 Description – Warning or Update successful confirmation message is not displayed when IDP engine status changes or signature database is updated successfully. Bug ID – 4773 Description – Administrator receives “root partition full” error mail when an IDP alert file becomes full and the update or delete operation is not completed. Bug ID - 5365 Description – After updating IDP category, one needs to restart IDP daemon manually from Web Admin console. Logs and Reports Bug ID - 4616 Description – Sometimes "NULL" is displayed as Category name in "Top 10 Categories (by Hits)" web surfing report when Cyberoam is configured in transparent mode. Bug ID – 4618 Description – User wise Web Surfing report displays junk characters in IP address column Bug ID - 4678 Description – Cyberoam does not preserve Syslog configuration on upgrading from V 9.3.0 build 09 to V 9.5.3 build 18. Hence, one has to re-configure Syslog after upgrading. Bug ID – 4682 Description – An invalid IP address can be configured for Syslog server from Manage Syslog page of Web Admin console. Bug ID – 4688 Description – Syslog configuration is not included in backup. Bug ID – 4689 Description – Update successful confirmation message is not displayed after updating log configuration from Logs Configuration page. Bug ID – 4700 Description – No validation is performed on email addresses configured in Bypass Email Ids page for Reports. Bug ID - 4730 Description – When the report END DATE is selected as current date for Appliance Audit log and Event log Cyberoam does not generate logs nor displays the Error message. Bug ID – 4748 Description – Title bar displays incorrect title for all the Compliance reports. Bug ID - 4966 Description – Cyberoam does not preserve Syslog configuration on upgrading from V 9.3.0 build 22 to V 9.5.4 build 43. Hence, one has to re-configure Syslog after upgrading. Bug ID – 4986 Description – Pie-chart for Daily and weekly proactive reports is not generated when there is no data to populate the graph. Due to this, Proactive reports are mailed without any proper message. Bug ID – 5005 Description – HTTP File Upload report provides option of viewing report in graphically format even when it is not possible. Bug ID – 5006 Description - Incase of Password Change event, action column of Audit log displays “Null” instead of the action description. Bug ID – 5008 Description – When data for Data Transfer Report by User (Internet Usage>By User) spans over multiple pages, “Next” button is displayed but does not work. Bug ID – 5164 Description – Certain events are not logged in IDP logs due to segmentation fault. Multiple Gateway Bug ID – 5055 Description – In-case of multiple gateways, Cyberoam sends multiple email alerts of gateway status even when gateway status is not changed. PPPoE Bug ID – 4784 Description – It is not possible to remove PPPoE interface using Network Configuration Wizard. Bug ID - 4785 Description – Cyberoam incorrectly allowed to update the gateway IP address of PPPoE-enabled interface from Web Admin Console. Bug ID – 4925 Description – It is not possible to update the weight of the PPPoE gateway. Bug ID – 5274 Description – Cyberoam supported only 25 characters for PPPoE username. Now it supports 60 characters. Bug ID - 5369 Description - On restarting management services (RMS), PPPoE client is killed. Proxy docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 135/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 2336 Description - Allowing Application categories or file type categories in “Deny All” Internet Access policy does not work. From the current version onwards, support to allow Application category in “Deny All”, Internet Access policy is removed. Bug ID - 3942 Description - If “Restrict HTTP Upload” category is denied, users are not able to send mails using Gmail. Instead of blocking the messages with attachment, user is denied the access to Gmail itself. Bug ID – 4171 Description – As Cyberoam does not support Active FTP, when FTP scanning is enabled, attempts to connect to an active mode FTP server gives “451 Proxy unable to comply” error. Bug ID - 4276 Description – Web Surfing reports display User name as "Unknown" if user is not logged in and tries to download virus when Cyberoam is configured as HTTP Proxy. Bug ID – 4325 Description – After changing default HTTP proxy port, Audit log are not generated for the event. Bug ID – 4490 Description – Due to incorrect HTTP header parsing, certain sites like www.cada.fr were not accessible. Bug ID – 4525 Description – HTTP downloads fail with AV scanning and transfer-encoding is set to chunk. Due to this, websites like http://www.anindakapinda.com failed to open. Bug ID - 4526 Description – Custom Web category cannot be created if HTTP Proxy is not running. Bug ID - 4604 Description – When HTTPS Categorization (from Internet Access policy) is enabled in transparent mode, users are not able to access secure (HTTPS) sites. Bug ID – 4988 Description – HTTP Proxy sends multiple IP Address information when IP lookup sites/tools e.g.www.whatismyipaddress.com, returns multiple IP Addresses. Bug ID - 5113 Description - FTP proxy restarts due to assertion failure. With Windows FTP client, Cyberoam now will give “Proxy unable to comply” message instead of restarting proxy, if server closes the connection before the process is complete. Bug ID – 5213 Description - Parent proxy configuration is retained even after disabling the parent proxy setting from Configure HTTP Proxy page of Web Admin Console. Bug ID – 5278 Description – POP, IMAP and FTP proxy restarts frequently under heavy traffic. Bug ID - 5282 Description - FTP Proxy hangs if session is terminated by FTP Client before file transfer process is complete. Bug ID - 5295 Description – FTP client hangs after it receives negative response from FTP server. This behavior is observed only when the initial response of FTP server is positive. For example, when client is uploading a 500 MB file and available space on server is only 200 MB, server will initially send positive response and later when no space is available it will send negative response. Bug ID – 5309 Description – Due to header parsing problem, HTTP Proxy restarts. Bug ID – 5368 Description – After changing the default port of HTTP proxy, BGP and HA cannot be configured. Bug ID – 5371 Description – When HTTP proxy is configured on non-standard port, HTTP proxy does not work after restoring backup. System Bug ID – 2237 Description – Backup of Cyberoam Appliance models CR50i, CR 100i, CR250i, and CR500i can not be restored on CR1000i or CR1500i Bug ID - 2437 When Cyberoam is deployed in transparent mode, Manage Gateway page on the Web Admin Console displays incorrect Ethernet Port IP address. Bug ID – 3315 Description – DHCP server does not lease IP address from the secondary interface when two LAN interfaces are configured. Bug ID – 3934 Description – If a DHCP service is configured on the Interface Alias, DHCP server is not able to lease IP address. From the current version onwards, one will not be able to enable DHCP server on Alias IP Interface Bug ID – 4179 Description – Even when custom login and logoff messages are configured, instead of custom login and logoff messages, Cyberoam displays default messages. Bug ID - 4493 Description - Yahoo messenger disconnects frequently when parent proxy is configured. Bug ID - 4494 Description – Even when gateway is not reachable, Dashboard displays gateway status as reachable. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 136/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID - 4536 Description – Cross model appliance backup cannot be restored. Bug ID - 4553 Description - When Cyberoam is configured as a DHCP client on the WAN interface, Cyberoam Gateway becomes unreachable at times. This happens because; when Cyberoam DHCP client on the WAN interfaces failed to fetch the IP address from the ISP DHCP server it does not retry again leading to loss of Internet connectivity. It was necessary to restart management services (RMS) for Cyberoam DHCP client to request again. Cyberoam DHCP client is now updated and will keep on retrying until it receives IP address from the ISP DHCP server. Bug ID - 4572 Description – Backup of v 7.4.2.x cannot be restored on v 9.5.4.xx Bug ID - 4605 Description – When Cyberoam is deployed in transparent mode, after changing the default HTTP port one could not access Web Admin Console. Bug ID - 4655 Description – When Cyberoam upgrade is applied after System date is updated to the current date, Web UI upgrades are not applied. This situation occurs only when system date was by mistake configured to some future date. Bug ID - 4664 Description - When Cyberoam is configured as DHCP Client, Cyberoam does not forward the IP lease request to DHCP server if not leased on the initial request. Bug ID – 4681 Description – An invalid URL can be configured as a Home page from Custom Client Preferences page of Web Admin console. Bug ID – 4701 Description – If port number 2812 is not free, java does not load. Bug ID – 4732 Description - When both Parent proxy and DDNS are configured, it is not possible to access the Cyberoam appliance using FQDN (hostname). This is because; proxy IP address is forwarded to DDNS instead of WAN IP address of Cyberoam. Bug ID - 4786 Description – Cyberoam incorrectly allowed to update the gateway IP address of DHCP-enabled WAN interface from Web Admin Console. Bug ID – 4793 Description – Cyberoam allows white space in the “Timeout session after” field while creating Group. Bug ID – 4794 Description – Cyberoam allows to specify Web Admin console port value as a decimal number. Due to this, Web Admin console becomes inaccessible. Bug ID – 4807 Description – After customizing contents of the HTTP client page, it is not possible to save the user password. Bug ID - 4813 Description – Special character Hyphen is not accepted as a part of Dynamic DNS host name. Bug ID – 4821 Description – User session timeout does not work as expected. Bug ID – 4822 Description – Explicitly added route for DHCP-enabled interface is removed after running Network Configuration Wizard. Bug ID - 4831 Description - When the contents of customized HTTP client page do not fit on a single page, scroll bar is not displayed and as a result users are not able to view the entire contents. Bug ID – 4833 Description – When WAN port is configured as DHCP client, Gateway failover condition does not work. Bug ID - 4853 Description – After restarting management services or rebooting Cyberoam, VPN service does not start if DHCP server is not able to lease IP address to the WAN Interface. Bug ID - 4899 Description – When Cyberoam is configured in transparent mode, the Gateway IP address cannot be changed. Bug ID - 4906 Description – When HTTP port is configured on any of the reserved port like 3128, 8007, 8384, 8088, 8090, 9001, Web Admin console becomes inaccessible. Bug ID – 4944 Description – Tip for configuring minimum and maximum days for log retention is not displayed on the Configure Auto Purge Utility page. Bug ID - 5035 Description – When Cyberoam is configured as a DNS server, users are not able to access the Internet as Cyberoam is not able to resolve the name. Bug ID – 5246 Description – Cyberoam does not detect ICMP flood as per the configuration. Bug ID – 5286 Description – As DNS server could not resolve the cached name query, users were not able to access the Internet. Bug ID – 5363 Description – “Disable Autostart” button does not work for DHCP server and Domain Name server. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 137/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 5378 Description – When Cyberoam DHCP client on the WAN interfaces fails to fetch the IP address from the ISP DHCP server, Interface based Virtual host does not work. Bug ID - 5373 Description – MSS value is not retained after running Network Configuration Wizard. Virtual host Bug ID – 4820 Description – When any of the Cyberoam interface is configured as Virtual host, IP address of the Virtual host does not change automatically if changed through Network Configuration wizard. Bug ID – 4991 Description – Port forward rule for Virtual host fails when more than 30 ports are included in the port range. Virtual Private Network (VPN) Bug ID – 2322 Description – When same network is specified as local and remote network in Connection, VPN tunnel is not establish. Bug ID - 4457 Description - L2TP tunnel gets disconnected while copying file. Bug ID - 4735 Description - VPN Client always disables NAT-T parameter irrespective of the configuration imported from Cyberoam. Bug ID – 4816 Description – VPN connection running on static IP Address fails to get activated Bug ID – 5372 Description – Cyberoam crashes due to race condition in VPN services. Bug ID – 5374 Description – VPN connections can not be deleted after the VPN module is disabled from System Modules page of Web Admin console. Traffic Discovery Bug ID – 4921 Description – Traffic discovery module cannot handle packet size greater than 2048 bytes. Due to this, packets were dropped. Bug ID – 5370 Description – Cyberoam will not classify traffic pattern even after enabling Traffic Discovery module if Traffic discovery module is disabled at the time of upgrading Cyberoam. This behavior is observed when Cyberoam is upgraded to version 9.5.4 build 55 Web Admin Console Bug ID – 5260 Description – Help option is removed from the Main page as it opened an obsolete page. [1] Refer User Guide (Document version – 95466-1.1-24/06/2008, page 81) [2] Refer User Guide (Document version – 95466-1.1-24/06/2008, page 212) [3] Refer Cyberoam Console Guide(Document version – 95466-1.0 -24/06/2008, page 30) [4] Refer Cyberoam Console Guide(Document version – 95466-1.0 -24/06/2008, page 59) [5] Refer Cyberoam Console Guide(Document version – 95466-1.0 -24/06/2008, page 59) [6] RMS is required after adding a superset range for an existing subnet range [7] Refer User Guide (Document version – 95466-1.1-24/06/2008, page 212) [8] Refer Cyberoam Console Guide(Document version – 95466-1.0 -24/06/2008, page 56) [9] Refer User Guide (Document version – 95466-1.1-24/06/2008, page 16) [10] Refer Cyberoam Console Guide(Document version – 95466-1.0 -24/06/2008, page 56) [11] Refer Cyberoam Console Guide(Document version – 95466-1.0 -24/06/2008, page 56) 1.2.1.5.2. known Issues (v 9.5.4) The purpose of this list is to give an overview of known issues. The ID denotes the internal Cyberoam bug tracking ID and will be shown in the Bug Fixes if the issue is fixed. Anti Spam Bug ID – 3618 Description – Spam filtering based on RBL (Realtime Blackhole List) does not work. Bug ID – 3620 Description – More than 10 email addresses cannot be grouped in an Email Address group. If required, addresses are to be specified one by one. Also, email address docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 138/409 ١١٢١٠٢/٤/ group field size is restricted to 255 characters. Cyberoam Docs Bug ID - 4511 Description – Change in Administrator Email id for Anti virus and Antispam notifications from Web Admin console is not reflected on CLI Console. Bug ID - 4627 Description –When Outlook 2007 is configured as a Mail Client to retrieve mails through IMAP protocol, IMAP prefix subject does not work. Bug ID - 5194 Description – Anti Spam “From Email Address” Advanced rule does not work as expected. Bug ID – 5475 Description – On General Configuration page of Antivirus and Antispam: Incorrect file size is mentioned in the SMTP File scanning Tip. Tip reads as “(Enter 0 for default size restriction of 50MB)” but should read as “(Enter 0 for default size restriction of 48.8MB)”. Incorrect file size range is mentioned in the Error message when one tries to configure value which is not within the acceptable range. Message reads as "Enter size between 0 to 50000(KB)” but should read as "Enter size between 0 to 51200(KB)” Bug ID – 5927 Description – It is not possible to create spam policy for the entire domain. When one specifies entire domain e.g. @cyberoam.com, “Enter a valid Email Address” message is displayed. Anti Virus Bug ID – 2223 Description – Virus infected files downloaded using any of the web mail clients are not detected and blocked. Most of the web mail clients like yahoo, hotmail have their own scanning process. Cyberoam may not detect virus if scanning is disabled or bypassed by mail client. Bug ID - 4157 Description - Even when Anti virus scanning is disabled in the Firewall rule, HTTP Live session statistics display AV scan time as 1 second. Bug ID – 5513 Description – When virus scanning and Internet Access policy is applied, one cannot access URLs e.g. http://webcam.www.gov.tw/index.htm which requires connecting to port 20480 through Internet Explorer browser but the same sites accessible through Mozilla Firefox. Bug ID - 5816 Description - when link speed is low and virus scanning is enabled, it is not possible to send mails with large attachments. Bug ID – 5853 Description – When virus scanning is enabled, online radio sites like http://radio.rtl.fr/player.html are not accessible. Bug ID – 5704 Description – When Cyberoam detects and strips the protected attachment from the mail, Administrator and Mail Receiver is sent a Notification mail with incorrect reason. Notification mail reads as “Infected attachment removed” but should read as “Attachment removed”. Even the name of the file which was stripped is not included in the mail. Administrator receives only the Notification mail without the original message even if “Send Original” action is configured in the Virus Scan policy. Bug ID – 5616 Description – When a firewall rule for virtual host is created for HTTP access and virus scanning is enabled, Cyberoam allows to upload the virus infected file i.e. does not detect and block the virus infected file Backup and Restore Bug ID – 6222 Description – After restoring backup, virtual host does not work. This situation occurs only when cross model backup is restored e.g. CR500i back is restored on CR100i or CR100i Bug ID – 6291 Description – When cross model backup is restored, Source zone and host are not restored and remain blank Bandwidth policy Bug ID – 4746 Description – Cyberoam does not allocate bandwidth as per the configured User based Bandwidth policy. Categorization Bug ID – 2336 Description – Allowing Application categories or file type categories in “Deny All” Internet Access policy does not work. Bug ID – 2372 Description – Cyberoam does not support MSN voice chat. Bug ID – 2382 Description – Access denied message displays incorrect category name when access to File Type category is not allowed. Bug ID – 3947 Description – Blocking “Remote Desktop Protocol” Application protocol category blocks Google Talk also. Bug ID – 3357 Description – After removing URL from the custom category, Cyberoam does not include the removed URL in any of its default categories. For example, by default, “google.com” is categorized in “SearchEngine” default category but a custom category “webmail’ is created for “google.com”. After removing “google.com” from “webmail” category, it is not included in default category. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 139/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 4389 Description – “Allow” Type Internet Access policy does not block Yahoo file transfers. Bug ID - 6172 Description – It is not possible to include white space in the custom web category name. Message reads as “Only numeric character are allowed for Web Category name” but should read as “Only alphanumeric characters are allowed in Web Category name” Command Line Interface (CLI) Bug ID - 5103 Description – Executing check_disk and repair_disk CLI commands gives error in the CR500i, CR 1000i and CR1500i appliances. Bug ID - 5786 Description – Cyberoam hangs after executing “cyberoam restart all” command. Improper Confirmation message is displayed at the time of executing the command. Message reads as “Restart Cyberoam (y/n): No (Enter) > enter 'y' or press only enter key” but it should read as “Restart Cyberoam (y/n): No (Enter) > Type ‘y’ for Yes or press <Enter> key for No” Bug ID – 6008 Description – When one tries to upgrade WebCat Database from CLI console, incorrect message is appears. Message reads as "-54% Download Completed” but it should read as "54% Download Completed” Command Line Interface (CLI) over Web Admin Console Bug ID – 5924 Description – Incorrect behavior of System Date menu. Instead of asking to configure date after configuring time zone, it is asking after the Set System Date menu is closed. Correct behavior or flow for the System Date menu should be: Set TimeZone, Set Date, Exit from menu Bug ID - 6002 Description – Incorrect behavior of System Date menu. If “y” is typed before configuring time zone, one can configure date before configuring time zone. Instead of displaying “Cyberoam corporate version 9.5.4 build 86" in new line, it is displayed Bug ID - 6005 Description – When one tries to change the date by accessing CLI through Web Admin Console, Cyberoam accepts the invalid value for month and day and does not give any error message. Data transfer policy Bug ID – 5439 Description – Monthly Data transfer policy does not work as per the configuration. For example, 5 GB per month data transfer quota is configured for the user but user is able transfer only up to 1 GB. Bug ID – 5636 Description – When cyclic data transfer limit is configured, once the limit is attained the limit counter is reset to zero if user does not log out i.e. user can transfer data beyond the limit if does not logout. Firewall Bug ID – 2417 Description – Create and Edit Firewall Rule page does not displays correct IP address of PPPoE interface. Bug ID – 4281 Description – There is mismatch in the bandwidth usage displayed on Manage Firewall page and Live user page of Web Admin Console. Bug ID – 4346 Description – When “Drop” firewall rule is configured for DMZ or WAN zone, instead of HTTP login page, blank page is displayed. Bug ID – 5403 Description – Host name cannot include special characters space or underscore but when one tries to include them incorrect error message appears. The message reads “Enter valid Host name. Only alphanumeric characters, space, dot and ‘_’ allowed“ but should read as “Enter valid Host name. Only alphanumeric characters and dot allowed.” Bug ID – 5438 Description – After adding a new rule for DMZ to WAN zone, the Internet connectivity for DMZ zone is lost. To re-establish connectivity, one has to rebuild firewall state from CLI. Bug ID – 5482 Description – When multiple administrators are performing any operation a firewall rule simultaneously, firewall configuration error is observed. This triggers the Rebuild New Firewall State Dashboard Alert. Bug ID – 5523 Description – Even when Web and Application Filter module has expired, Cyberoam blocks all the HTTPS traffic. Bug ID – 5524 Description – High CPU usage is triggered when past date is configured as System date. Bug ID – 5554 Description – When multiple gateways (for load balancing) are defined on Cyberoam i.e. SNAT policy and Internet access policy is applied, users are not able to access the Internet consistently. This is because instead of using the same gateway for routing inbound and outbound traffic, Cyberoam routes outbound and inbound traffic through different gateways. Bug ID – 5645 Description – WAN to LOCAL firewall rules are not applied and because of this entire traffic follows WAN to LAN rule. Bug ID – 5812 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 140/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – When Strict policy is applied through Wizard, users are able to access the Internet but ICMP protocol is blocked as a result not able to ping any WAN IP addressed Bug ID – 5868 Description – When the ports of multiple WAN links are swapped from Network Configuration Wizard, the WAN IP addresses in source based routing rules does not change automatically. One has to manually change the IPs in all the source based routing rules. Bug ID – 5925 Description – Advanced Firewall custom setting configured from CLI console are not retained after restoring backup from version 9.5.3 build 22 and version 9.5.4 build 66 to version 9.5.4 build 86 Bug ID – 5928 Description – After restoring backup from version 9.5.3 build 22 to version 9.5.4 build 84, LAN to WAN firewall rules are not applied. Bug ID – 6144 Description – When Alias Interface based Virtual host is configured, one can delete Alias interface before deleting virtual host. Bug ID – 6150 Description – When FTP scanning is enabled, Cyberoam drops all those connection requests whose FTP server response packet length exceeds 255 characters. Group Bug ID – 6226 Description - Error “IPs are already in use” is received when one tries to create multiple clientless users for the IP address range added to the existing logon pool. Hence, one has to create single clientless user for the individual IP address for the required range. For example, if additional 50 addresses are added in the IP range, one has to create clientless user for each IP address one by one. Again, if the network is not in the Auth Network, users will be activated but will not be able to logon. Due to this, users will not be displayed in the Manage Live User or Manage Clientless User page but search result will display the list of newly added clientless users. One needs to restart management services from CLI console after adding network in Auth Networks. Bug ID - 6312 Description – Cyberoam allows to import groups which includes special character underscore in group name. But as Cyberoam does not support special character underscore in group name it is not possible to update such groups High Availability Bug ID – 5330 Description – HA synchronization process does not synchronize date and time setting if updated from Network Configuration Wizard. Bug ID – 5361 Description – In Active-Passive HA cluster, removing interface alias from primary appliance does not remove from auxiliary appliance. Bug ID – 4452 Description – In Active-Passive HA cluster, FTP session established from Primary appliance closes after primary appliance is rebooted. Bug ID - 5221 Description – HA synchronization process does not synchronize IDP configuration. Bug ID – 5401 Description – It is possible to reset primary appliance to factory default configuration from CLI console when Active-Passive cluster is configured. Bug ID – 5444 Description – After disabling HA from either of the Appliances, HA doclet from Dashboard is not removed from the primary appliance. Bug ID – 5696 Description – HA configuration is retained after resetting to factory default. Internet Access Policy (IAP) Bug ID – 6233 Description – If the Internet Access policy created based on the policy template is not saved, it is possible to apply policy to the user but the access rules are not applied as per the policy. Intrusion Detection and Prevention (IDP) Bug ID – 2958 Description – IDP policy is not applied immediately after creation. One needs to restart management services (RMS) from Telnet Console. Bug ID – 3335 Description – Update successful confirmation message is displayed even when custom IDP signature name is not updated successfully. Bug ID - 4903 Description – Disabling IDP Signature Category does not disable all the signatures included in the category automatically. One has to manually disable all the signatures. Bug ID – 4692 Description – Skype cannot be blocked using Skype signatures. Bug ID – 5434 Description – After upgrading to version 9.5.4 build 66 from version 9.5.3 build 22, IDP logs are not generated. This happens because, in version 9.5.4 build 66, by default, IDP logging is disabled. One has to enable IDP logging from System>Manage Data> Configure Autopurge Utility page of Web Admin Console. Bug ID – 5487 Description – Certain Internet Banking sites were not accessible due to Ultrasurf IDP signature. Bug ID – 5690 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 141/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – “Recent IPS Alerts” doclet on Dashboard displays alerts with severity as zero instead of Critical, Moderate or Warning for the signature OpenSSL SSL_get_shared_ciphers Function Off-by-one Buffer Overflow Logs and Reports Bug ID – 2229 Description – Blocked Attempts report does not provide details of any attempt to blocked ActiveX, Applets, and Cookies Category. Bug ID – 2412 Description – IDP reports does not include action taken on IDP alerts. Bug ID – 2549 Description – Data fields sequence in the tabular format and CSV format is different in Web Surfing reports as well as Traffic Discovery reports. Bug ID – 4128 Description – Data field sequence mismatch in tabular and CSV format of Anti Virus report. Bug ID - 4649 Description – Data field sequence mismatch in tabular and CSV format of Spam report. Bug ID - 4855 Description – Blocked File Types (attachment) reports are included in Anti Spam reports instead of Anti Virus reports. Bug ID – 5247 Description – Even when user is not able to upload or download the entire file due data transfer restriction, entire file size is considered in web surfing report. For example, if user is restricted to upload 8 MB and tries to upload 10 MB file then web surfing report displays 10 MB of data transfer instead of 8 MB. Bug ID – 5427 Description – Traffic Discovery report by Source port incorrectly displays destination port similarly Traffic Discovery report by Destination port incorrectly displays source port. Bug ID – 5476 Description – When by mistake, system date is configured to future date, Bandwidth graph (Web Admin Console) and System health graphs (Diagnostic tool) are not generated up to the configured date and time. Graphs are not generated even after configuring correct date. E.g. If current date is 10/07/2008 and system date is set to 23/12/2009 then graphs will not be generated till 23/12/2009 Bug ID – 5508 Description – When non-English version of Google and Yahoo are used for searching, Google and Yahoo Search Keywords reports display multiple entries for each searched Keywords. Bug ID – 5518 Description – Audit log generated from CLI console and Web Admin Console do not match. Bug ID – 5521 Description – “Category wise trends for yesterday” proactive report is mailed without any data. Bug ID – 5530 Description – Data fields sequence mismatch in the tabular format and CSV format of IDP reports. Bug ID – 5556 Description – When Anti Virus and Anti Spam subscription modules are not subscribed, blank page is displayed for Periodic Data report (Report>Anti Virus>Mail Summary). Bug ID – 5562 Description – Upload and Download Data mismatch on Traffic discovery Live Connection and Connection History page. Bug ID – 5898 Description – Addition, deletion and update events of Syslog server is not logged in Audit log. Bug ID – 5902 Description – Searching Audit log by IP address produces incorrect result. For example, when one searches for events by 192.168.1.10, Cyberoam does not filter and displays events by all the IP address. Bug ID - 6115 Description - Spelling mistake in Validation Error message popup for all the reports when specified report start date is later than the end date. Message reads as “Start date must be earlier then enddate” but should read as “Start date must be earlier than end date” Bug ID – 6156 Description – Hourly Trend reports should display trends for 10 hours but when the report start hour is specified as 12 or higher, report does not display trends for 10 hours. Bug ID – 6221 Description – Drill down reports of Group wise Web Surfing report displays incomplete username if it exceeds 30 characters. Multiple Gateway Bug ID – 3621 Description – Even when gateway is defined explicitly in firewall rule, it is not possible to access Internet if multiple gateways are defined and both the Gateways are down. Bug ID – 3653 Description – Even when gateway is defined explicitly in firewall rule, it is not possible to access Internet if multiple gateways are defined and gateway weight configured as zero (0). Bug ID – 5982 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 142/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – Even when load balancing is implemented between multiple gateways, Internet traffic is passing through only one gateway. Bug ID – 6010 Description – When multiple gateways are configured, Gateway status is displayed as “Dead” even when gateway is “Live”. This happens because incorrect Interface information is passed to the Dead Gateway Detection module. PPPoE Bug ID – 3816 Description – When PPPoE is enabled, Cyberoam terminates L2TP connection within 2 minutes. Bug ID – 4320 Description – When PPPoE is configured, VPN daemon starts twice. Once when PPPoE is enabled and second time when IP address is leased. Bug ID - 4863 Description - Multiple PPPoE connections cannot be established from single IP address subnet. Proxy Bug ID – 2178 Description – When FTP scanning is enabled on Cyberoam and FTP proxy is not enabled in Firefox Mozilla web browser, virus infected files are not blocked for FTP over HTTP. Browser displayed ‘Failed to change directory’ 550 error. Bug ID – 2334 Description – Yahoo Webcam is not supported when Cyberoam is configured as Proxy server. Bug ID – 4251 Description – When Browser proxy is configured, it is not possible to upload data on FTP server. However it is possible to upload from Command Line Interface. Bug ID - 5245 Description – HTTP Secure (HTTPS) traffic is redirected to HTTP proxy even when Internet Access policy is configured. Bug ID – 5280 Description – FTP client timeouts while uploading large files. System Bug ID – 2044 Description – After changing Cyberoam deployment mode from Bridge to Route, if ‘Monitor only’ Internet Access policy is configured through Network Configuration Wizard, SNAT/Masquerade policy is not automatically applied. One has to apply manually. Bug ID – 2106 Description – Anti Virus and Anti Spam reports are not included in backup. Bug ID – 2520 Description – If the zone of the Ethernet port is changed using Network Configuration Wizard, changes are not automatically reflected in DDNS account configuration. One needs to manually change the DDNS configuration. Bug ID – 2521 Description – Change in IP address of Gateway is not automatically reflected in Gateway Failover condition. One needs to manually change the IP address in Failover condition. Till the IP address is changed, status of the Gateway will be displayed as Down. Bug ID – 3763 Description – Dashboard does not display HTTP Traffic Analysis and User Surfing Pattern if Internet Access policy is not applied through Firewall rule. Bug ID – 3799 Description – Cyberoam is not able to resolve to a host name if LAN zone is not configured and hence it takes time open to open Web Admin console. Bug ID – 4208 Description – Cyberoam does not save the modified Notification Email address for Reports (through Network Configuration Wizard). Due to this, mails are send to the previously configured email address only. Bug ID – 4283 Description - Single Sign on users are able to access the Internet even without authentication. Bug ID - 4521 Description – Non-standard ports traffic is also displayed in Port wise traffic discovery report. Bug ID - 4574 Description – Incorrect proxy status is displayed on Web Admin console. Bug ID - 4326 Description - After changing the Cyberoam deployment mode from Bridge to Gateway (Route), NATting is not enabled automatically in the default firewall rules. One has to manually apply MASQ policy in all the default firewall rules. Bug ID - 4994 Description – Backup mode (FTP and Mail) configured in Backup Schedule is not included in backup. Bug ID - 5071 Description – When H323 module is enabled, VoIP connection cannot be established. Bug ID - 5177 Description – When Cyberoam is configured in transparent mode, disable LAN bypass option does not work. Bug ID – 5385 Description – Network Configuration Wizard (Configure Mail Settings) allows to configure SMTP username and password even without enabling SMTP authentication. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 143/409 ١١٢١٠٢/٤/ Cyberoam Docs This behavior is observed with Internet Explorer web browsers only. Bug ID – 5395 Description – Cyberoam becomes inaccessible after changing the deployment mode from transparent to gateway (route), if Virtual LAN is configured. Bug ID – 5401 Description – After upgrading to version 9.5.4 build 66 from version 9.5.4 build 57, Web Admin Console takes time to come up. This behavior is observed when Cyberoam is used to perform DNS queries to resolve IP address. Bug ID – 5414 Description – Applications like Gtalk, Skype using port 443 and not following SSL standard are not accessible. Bug ID – 5416 Description – When Cyberoam is deployed as single NIC proxy, Skype does not work. Bug ID – 5426 Description – After creating a new service, if one rolls back a browser window, browser clears away certain screen components e.g. protocol details, port number fields and also allows to create another service without protocol details or port number which is mandatory information. Bug ID – 5433 Description – Multiple alerts are displayed on the Dashboard for the single event. Bug ID – 5452 Description – when parent proxy is configured in Cyberoam and IDP signature “CYBEROAM External_HTTP_Proxy“ is enabled, users are not able to access the Internet as traffic to parent proxy is dropped. Bug ID – 5453 Description – When Cyberoam is integrated with Active Directory for authentication, users are not able to logon to MyAccount if username is provided with without domain name. Bug ID – 5460 Description – Host name cannot include special characters space or underscore but when one tries to include them incorrect error message appears. The message reads “Enter valid Host name. Only alphanumeric characters, space, dot and ‘_’ allowed. “ but should read as “Enter valid Host name. Only alphanumeric characters and dot allowed.” Bug ID – 5461 Description – High CPU usage by Java process makes Cyberoam Web Admin Console inaccessible. Bug ID – 5465 Description – Inactive user with Administrator privilege can logon to Web Admin Console. Bug ID – 5476 Description – When by mistake system date is configured to future date, Bandwidth graph (Web Admin Console) and System health graphs (Diagnostic tool) are not generated up to the configured date and time. Graphs are not generated even after the date is correct date is configured. E.g. If current date is 10/07/2008 and system date is set to 23/12/2009 then graphs will not be generated till 23/12/2009. Bug ID – 5479 Description – Recent IDP Alerts doclet of Dashboard displays irrelevant numbers instead of signature name. This happens only for IDP Signature Database version 2.4.14 due to multiple message files for certain signatures. Bug ID – 5480 Description – User Migration Utility imports users from Active Directory without domain name. Due to this, users cannot be authenticated and hence they cannot establish PPTP or L2TP connection. Bug ID – 5516 Description – When ZoneEdit is configured as Dynamic DNS, it does not update its database whenever Cyberoam’s External Interface IP address changes. Manage Dynamic DNS page displays “Could not connect to www.zoneedit.com” Bug ID – 5525 Description – At the time of registering the Cyberoam appliance if the page is refreshed, blank page is opened. Bug ID – 5528 Description – Cyberoam incorrectly allows to create NAT policy when configured in transparent mode. Bug ID – 5529 Description – When firewall rule for virtual host whose external and mapped port are not same then Cyberoam does not detect virus. For example, external port: 8080 and mapped port: 80 Bug ID – 5529 Description – When firewall rule for virtual host whose external and mapped port are not same then Cyberoam does not detect virus. For example, external port: 8080 and mapped port: 80 Bug ID – 5531 Description – All the modules get subscribed automatically when appliance is registered after applying factory default. Bug ID – 5535 Description – Even when Cyberoam’s HTTP and HTTPS access is denied through Local ACL, Cyberoam becomes accessible if it is configured as browser proxy. Bug ID – 5539 Description – TCP MSS (Maximum Segment Size) value dos not get updated automatically. One needs to restart management services to update the value. Bug ID – 5545 Description – Cyberoam allows to create a custom zone without binding it to any interface/port. Due to this, System firewall rules for the custom zone are not created. Bug ID – 5546 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 144/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – Cyberoam does not support POP3 downloader applications used to download mails from external mail server that do not follow RFC standard. Bug ID – 5549 Description – Static routes configured through CLI console are not preserved after restoring backup of version 9.5.0 build 29 or 9.5.3 build 22 on version 9.5.4 build 72. Bug ID – 5550 Description - Advanced firewall setting configured from CLI console are not preserved after restoring backup of version 9.5.0 build 29 or 9.5.3 build 22 on version 9.5.4 build 72. Bug ID – 5551 Description – After restoring backup of version 9.5.0 build 29 on version 9.5.4 build 72, Data Transfer and Cycle Data Transfer values (Customize Client Messages page) are not retained. Bug ID – 5553 Description – After restoring backup of version 9.5.0 build 29 on version 9.5.4 build 72, mail ID in Backup schedule is not preserved. Bug ID – 5560 Description – Group login restriction does not automatically override user login restriction. To implement group login restriction, one has to manually change the restriction for the individual group users. Bug ID – 5662 Description – Cyberoam is not able to block google and yahoo cache pages. Bug ID – 5663 Description – Cyberoam is not able to block access of Anonymous Web proxy. Bug ID – 5677 Description – Restoring backup of version 9.5.4 build 66 to version 9.5.4 build 74 does not retain MSS and MTU values. This behavior is observed only when restoring backup on cross model appliance. Bug ID – 5560 Description – Factory default retains Mail backup schedule. Bug ID – 5681 Description – Dashboard Alerts messages are not displayed after resetting to factory defaults. Bug ID – 5682 Description – Bandwidth usage graph and System health graph are retained after resetting to factory defaults. Bug ID – 5684 Description – When Cyberoam is configured as DNS server server, Cyberoam is not able to perform DNS lookups to gather IP address information of the FQDNs Bug ID – 5692 Description – Ping and Traceroute functionality used to check gateway reachability is not working. Bug ID – 5711 Description – HTTP client login window cannot be maximized. Bug ID – 6067 Description – In cross model backup restore, Virtual host configuration is not restored. One will have to manual delete and re-create all the virtual hosts after restoring the backup. Bug ID – 5874 Description – Web Admin Console does not change the status of Gateway immediately after the gateway goes down but changes the status only after approx. 2.5 minutes i.e. status is displayed in red color only after approx. 2.5 minutes. Bug ID – 6208 Description – One needs to restart management services after defining network in Auth Network Traffic Discovery Bug ID – 5498 Description – When traffic discovery module is enabled, system I/O processes triggers high CPU resource. Virtual host Bug ID – 5643 Description – When port range is configured, port forward rule for Virtual host does not work after management services are restarted. Virtual Private Network (VPN) Bug ID – 3003 Description – Under the testing environment it is found that when multiple gateways are defined on Cyberoam, VPN connection from one WAN Interface does not consistently fail over to the another WAN Interface. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the scenario details. Bug ID – 3004 Description – If the VPN client initiating PPTP connection is behind the NAT box then Cyberoam allows only one PPTP connection. Bug ID – 3617 Description – For PPTP connection, when users are added through Group, group users are not authenticated but the same users get authenticated when added individually. Bug ID - 4466 Description - It was possible to create multiple VPN connections with the same subnet configured for Remote LAN network. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 145/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID - 4599 Description –When Cyberoam is deployed behind a NAT device, L2TP connection cannot be established. Bug ID – 5398 Description – After L2TP connection status is displayed as “Connected” even when disconnected. One has to disconnect manually. This behavior is observed when L2TP connection request is routed through NAT router. Bug ID – 5543 Description – One needs to restart management services to add or remove VPN routes after enabling or disabling VPN module (System Module Configuration). Bug ID – 5565 Description – It is possible to establish only one Road Warrior connection when two or more IPSec Road Warrior connections are created with the same preshared key Bug ID – 5693 Description – Cyberoam incorrectly allows to delete PPTP and L2TP users from Manage Active page. But, deleted users are displayed on PPTP and L2TP Configuration page. Bug ID – 5770 Description – Cyberoam incorrectly allows to configure same subnet for Local and Remote network in IPSec Connection due to which an endless loop is created and VPN tunnel cannot be established. Web Admin Console Bug ID – 2335 Description – Combo box is not displayed when overlapped with expanded menu if Web Admin Console is accessed using Internet Explorer. Bug ID – 5647 Description – After upgrading from version 9.5.4 build 66 to version 9.5.4 build 74, Web Admin Console becomes inaccessible. Web Admin Console becomes accessible only after restarting management services. Bug ID – 5593 Description – In Gatewaywise Composite Bandwidth Usage Graph, titles and data values are not aligned. Bug ID – 5625 Description – When Cyberoam is deployed in transparent mode, DHCP server cannot be configured. But, after upgrading from version 9.5.3 build 22 to version 9.5.4 build 74, Cyberoam incorrectly displays DHCP server configuration in Web Admin Console. Bug ID – 5688 Description – Even though Pharming protection is enabled DNS lookup is not performed. One has to disable and enable pharming protection again to perform DNS lookup. Bug ID – 5712 Description – Message "Zone Creation is not available in bridge mode" is not displayed in a default font style. Bug ID – 6006 Description – When one tries to delete the user attached with the firewall rule, Cyberoam does not delete the user but does not even display the error message. Cyberoam should display the message as “User cannot be deleted as Firewall rule exist for the selected user”. Similarly, when one tries to delete the user which is not attached to any firewall rule, Cyberoam deletes the user but does not display the successful deletion message. Cyberoam should display the message as “User is deleted successfully”. Bug ID – 6155 Description – Anti Virus HTTP URL regex rule is displayed without slash (\) even if it is included in the rule after restarting management services e.g. *\.swf is displayed as *.swf Document version – 1.0-04/10/2008 1.2.1.6. V 9.5.3 build 22 1.2.1.6.1. Release Notes Introduction This document contains the release notes for Cyberoam version 9.5.3 build 22. It is a maintenance release with bug fixes that improves quality, reliability, and performance. Version 9.5.3 build 22 Release Information Upgrade applicable to: version 9.4.2.0 onwards Upgrade Information Upgrade type: Manual Upgrade procedure 1. 2. 3. Download upgrade from http://downloads.cyberoam.com Log on to Web Admin console and go to Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to Telnet console and go to option 6 Upgrade Version and follow the on screen instructions. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 146/409 ١١٢١٠٢/٤/ Compatibility Issues: None Bugs solved Cyberoam Docs The purpose of this list is to give an overview of the bugs fixed in the various builds current release. The ID denotes the internal Cyberoam bug tracking ID and the description explains problem. Bug ID - 4714 Description – It is required to reboot Cyberoam appliance manually after upgrading to any builds of version 9.5.0 from v 9.4.2 build 0. If appliance is not rebooted manually, appliance is not actually upgraded but Web admin console displays that the version is upgraded i.e. v 9.5.0 build xx. Cyberoam appliance does not come up when such appliances are further upgraded to v 9.5.3 build 18. Document version - 1.0-26/03/2008 1.2.1.6.2. Known Issues (v 9.5.3 build 22) The purpose of this list is to give an overview of known issues. The ID denotes the internal Cyberoam bug tracking ID and will be shown in the Bug Fixes if the issue is fixed. Bug ID – 2044 Description – After changing Cyberoam deployment mode from Bridge to Route, if ‘Monitor only’ Internet Access policy is configured through Network Configuration Wizard, SNAT/Masquerade policy is not automatically applied. One has to apply manually. Bug ID – 2106 Description – Anti Virus and Anti Spam reports are not included in backup. Bug ID – 2178 Description – When FTP scanning is enabled on Cyberoam and FTP proxy is not enabled in Firefox Mozilla web browser, virus infected files are not blocked for FTP over HTTP. Browser displayed ‘Failed to change directory’ 550 error. Bug ID – 2223 Description – Virus infected files downloaded using any of the web mail clients are not detected and blocked. Most of the web mail clients like yahoo, hotmail have their own scanning process. Cyberoam may not detect virus if scanning is disabled or bypassed by mail client. Bug ID – 2229 Description – Blocked Attempts report does not provide details of any attempt to blocked ActiveX, Applets, and Cookies Category. Bug ID – 2237 Description – Backup of Cyberoam Appliance models CR50i, CR 100i, CR250i, and CR500i can not be restored on CR1000i or CR1500i Bug ID – 2322 Description – When same network is specified as local and remote network in Connection, VPN tunnel is not establish. Bug ID – 2334 Description – Yahoo Webcam is not supported when Cyberoam is configured as Proxy server. Bug ID – 2335 Description – Combo box is not displayed when overlapped with expanded menu if Web Admin Console is accessed using Internet Explorer. Bug ID – 2336 Description – Allowing Application categories or file type categories in “Deny All” Internet Access policy does not work. Bug ID – 2372 Description – Multiple PPPoE connections cannot be established from same subnet of PPPoE server. Bug ID – 2382 Description – Access denied message displays incorrect category name when access to File Type category is not allowed. Bug ID – 2385 Description – Incorrect Access Deny message is displayed when access to “All Web Traffic” category is not allowed. Bug ID – 2412 Description – IDP reports does not include action taken on IDP alerts. Bug ID – 2416 Description – If multiple interfaces are enabled for PPPoE and gateway for one of the PPPoE interface is changed, restarting the Management services (RMS) does not update the Gateway failover condition. Bug ID – 2417 Description – Create and Edit Firewall Rule page does not displays correct IP address of PPPoE interface. Bug ID – 2437 Description – When Cyberoam is deployed as Bridge, Manage Gateway page on Web Admin Console displays incorrect Ethernet Port IP address. Bug ID – 2520 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 147/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – If the zone of the Ethernet port is changed using Network Configuration Wizard, changes are not automatically reflected in DDNS account configuration. One needs to manually change the DDNS configuration. Bug ID – 2521 Description – Change in IP address of Gateway is not automatically reflected in Gateway Failover condition. One needs to manually change the IP address in Failover condition. Till the IP address is changed, status of the Gateway will be displayed as Down. Bug ID – 2549 Description – Data fields sequence in the tabular format and CSV format is different in Web Surfing reports as well as Traffic Discovery reports. Bug ID – 2681 Description – Gateway configuration does not automatically change after swapping IP addresses of the Ports using Network Configuration Wizard. Bug ID – 2958 Description – IDP policy is not applied immediately after creation. One needs to restart management services (RMS) from Telnet Console. Bug ID – 3003 Description – Under the testing environment it is found that when multiple gateways are defined on Cyberoam, VPN connection from one WAN Interface does not consistently fail over to the another WAN Interface. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the scenario details. Bug ID – 3004 Description – If the VPN client initiating PPTP connection is behind the NAT box then Cyberoam allows only one PPTP connection. Bug ID – 3315 Description – DHCP server does not lease IP address from the secondary interface when two LAN interfaces are configured. Bug ID – 3335 Description – Updation successful confirmation is displayed even when Custom IDP signature name is not updated successfully. Bug ID – 3476 Description – “Search URL” option of Web category displays incorrect message when no matching URL is found as per the search criteria. Bug ID – 3549 Description – Cyberoam does not detect spam mails if parent proxy is configured. Bug ID – 3617 Description – For PPTP connection, when users are added through Group, group users are not authenticated but the same users get authenticated when added individually. Bug ID – 3618 Description – Spam filtering based on RBL (Realtime Blackhole List) does not work. Bug ID – 3620 Description – More than 10 email addresses cannot be grouped in an Email Address group. If required, addresses are to be specified one by one. Also, email address group field size is restricted to 255 characters. Bug ID – 3621 Description – Even when gateway is defined explicitly in firewall rule, it is not possible to access Internet if multiple gateways are defined and both the Gateways are down. Bug ID – 3653 Description – Even when gateway is defined explicitly in firewall rule, it is not possible to access Internet if multiple gateways are defined and gateway weight configured as zero (0). Bug ID – 3755 Description – Under the testing environment it is found that when multiple gateways are defined on Cyberoam, gateway parameters are not defined uniquely for each gateway. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the scenario details. Bug ID – 3763 Description – Dashboard does not display HTTP Traffic Analysis and User Surfing Pattern if Internet Access policy is not applied through Firewall rule. Bug ID – 3799 Description – Cyberoam is not able to resolve to a host name if LAN zone is not configured and hence it takes time open to open Web Admin console. Bug ID – 3816 Description – When PPPoE is enabled, Cyberoam terminates L2TP connection within 2 minutes. Bug ID – 3934 Description – If a DHCP service is configured on the Interface Alias, DHCP server is not able to lease IP address. Bug ID – 3942 Description – If “Restrict HTTP Upload” category is denied, users are not able to send mails using Gmail. Instead of blocking the messages with attachment, access to Gmail is denied. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 148/409 ١١٢١٠٢/٤/ Bug ID – 3947 Cyberoam Docs Description – Blocking “Remote Desktop Protocol” Application protocol category blocks Google Talk also. Bug ID – 4129 Description – Cyberoam automatically restarts all the management services on resetting the management password from Telnet Console. Bug ID – 4171 Description – When FTP scanning is enabled, attempts to connect to an FTP server gives “451 Proxy unable to comply” error. Bug ID – 4179 Description – Even when custom login and logoff messages are configured, instead of custom login and logoff messages, Cyberoam displays default messages. Bug ID – 4208 Description – Cyberoam does not save the modified Notification Email address for Reports (through Network Configuration Wizard). Due to this, mails are send to the previously configured email address only. Bug ID – 4251 Description – When Browser proxy is configured, it is not possible to upload data on FTP server. However it is possible to upload from Command Line Interface. Bug ID - 4297 Description – Cyberoam does not allocate bandwidth as per the configured Shared Bandwidth policy. Bug ID – 4281 Description – There is mismatch in the bandwidth usage displayed on Manage Firewall page and Live user page of Web Admin Console. Bug ID - 4283 Description - Signle Sign on users are able to access the Internet even without authentication. Bug ID – 4320 Description – When PPPoE is configured, VPN daemon starts twice. Once when PPPoE is enabled and second time when IP address is leased. Bug ID – 4325 Description – After changing default HTTP proxy port, web surfing reports are not generated. Bug ID - 4326 Description - After changing the Cyberoam deployment mode from Bridge to Gateway (Route), NATting is not enabled automatically in the default firewall rules. One has to manually apply MASQ policy in all the default firewall rules Bug ID - 4345 Description - Priority level 4 is not displayed in Bandwidth policy. Bug ID – 4346 Description – When “Drop” firewall rule is configured for DMZ or WAN zone, instead of HTTP login page, blank page is displayed. Bug ID - 4430 Description – If SSH communication on the dedicated link fails, synchronization process remains incomplete. Due to this, incorrect status of primary and auxiliary appliance is displayed on Configure HA page. Bug ID – 4461 Description – CR 25i appliance cannot be the part of High Availability (HA) cluster i.e. HA cannot be configured on CR 25i appliance. Bug ID – 4490 Description – Due to incorrect HTTP header parsing, certain sites like www.cada.fr were not accessible. Bug ID - 4521 Description – Non-standard port traffic is also displayed in Port wise traffic discovery report. Bug ID - 4522 Description – Virus description is truncated to 10 characters in FTP Virus report. Bug ID - 4536 Description – Backup cannot be restored across various appliance models. Bug ID - 4553 Description - When DHCP client fails to fetch the IP address, Internet cannot be accessed as gateway becomes unreachable. Due to this, one needs to restart the management services (RMS). Bug ID - 4605 Description – If Cyberoam is configured in Transparent mode, one could not access the Web Admin Console if the default port was changed. Bug ID - 4635 Description – When action defined for spam mail is “Prefix Subject” and MIME header filter contains a comma (,), Cyberoam forwards scanned mails without adding prefix to the original subject. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 149/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID - 4649 Description – Data field sequence mismatch in tabular and CSV format of Spam report Bug ID - 4678 Description – Cyberoam removes entire Syslog configuration on upgrading from V 9.3.0 build 09 to V 9.5.3 build 18. Hence, one has to re-configure Syslog after upgrading. Bug ID - 4761 Description - Users are not able to open the Quarantined (Spam and Virus) mails in any of the mail clients. Users are required to save the mails in EML format to open the mails in Outlook Express as Cyberoam downloads’ mails in HTML format. Bug ID - 4831 Description - Custom HTTP Client login page does not display vertical scroll bar when page contents cannot be displayed on single screen. Bug ID - 4863 Description - Multiple PPPoE connections cannot be established from single IP address subnet Bug ID – 4692 Description – Skype cannot be blocked using Skype signatures provided in IDP. 1.2.1.7. V 9.5.3 build 18 1.2.1.7.1. Release Notes Introduction This document contains the release notes for Cyberoam version 9.5.3 build 18. The following sections describe the release in detail and provide other information that supplements the main documentation. This is a major release with few enhancements and several bug fixes that improves quality, reliability, and performance. Version 9.5.3 build 18 Release Information Upgrade applicable to: version 9.4.2.0 onwards Upgrade Information Upgrade type: Manual Upgrade procedure 1. 2. 3. Download upgrade from http://downloads.cyberoam.com Log on to Web Admin console and go to Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to Telnet console and go to option 6 Upgrade Version and follow the on-screen instructions. Compatibility Issues: None Enhancements 1. Configurable Interface speed One is required to configure interface speed, half/full duplex or auto-negotiation settings when Cyberoam is connected to the third party devices like routers and switches. Incorrect Ethernet setting between the Cyberoam and third party devices can result into no connection or traffic latency, slow performance. Speed and duplex mismatches can also result into errors and collision on interface. Configuration option is provided from Telnet console (Option 4 Cyberoam Console, set interface-speed) 2. Automatic time adjustment for future Daylight Saving Time(DST) Cyberoam will automatically adjust the System clock when the daylight savings time ends and will re-adjust again on the start of the next period. Time zone information database is updated to accommodate the future requirements. 3. Debug report generator To help Cyberoam Central Support to debug the system problems, debug file generator is provided which generates the system’s current status file. File contains details like list of all the processes currently running on system, resource usage etc. File can be generated from Telnet Console by executing following command from Cyberoam Console (option 4): corporate>cyberoam services status Download the generated file from http://<cyberoam ip address>/documents/cyberoam.debug and send it to
[email protected] for diagnosing and troubleshooting the issue. 4. Configurable TCP Sequence number check Cyberoam monitors SYN and ACK numbers within a certain window to ensure that the packet is indeed part of the session. But, certain applications and third party vendors use non-RFC method to verify validity of a packet or for some reason certain servers send packets in invalid sequence numbers and expect an acknowledgement. But, Cyberoam drops the packet when received with invalid sequence number. To allow such traffic, Cyberoam offers the ability to disable this feature. By default, this option is enabled and Cyberoam will drop all the packets with invalid sequence number. Enabling this check significantly reduces the likelihood of hijacking of TCP session while disabling this feature makes a user more vulnerable to this attack. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 150/409 ١١٢١٠٢/٤/ Cyberoam Docs Advanced firewall setting in Telnet Console provides an option to disable this check. 5. AntiVirus Engine upgrade AntiVirus engine has been upgraded for minor fixes and a license update. Bugs solved The purpose of this list is to give an overview of the bugs fixed in the various builds current release. The ID denotes the internal Cyberoam bug tracking ID and the description explains problem. Bugs solved in 9.5.3 build 16 Big ID - 2365 Description – Same IP address can be assigned to the multiple Ethernet ports via Network Configuration Wizard and Cyberoam CLI Console. Bug ID – 4048 Description – Dashboard displays gateway status as ‘Up’ even after WAN port is disconnected. Bug ID – 4478 Description – If any of the GUI components of the HTTP client login page is customized, Internet Explorer displays the blank page. Bug ID – 4490 Description – Due to incorrect HTTP header parsing, certain sites like www.cada.fr were not accessible. Bug ID – 4542 Description – Upgrading from certain builds of V 9.4.2 build 0 to V 9.5.3 build 14 makes Cyberoam Appliance non-functional. Bug ID – 4544 Description – Cyberoam does not allow creating multiple virtual hosts with same IP address and port even when port forwarding is enabled for different protocol. Bug ID – 4546 Description – Blank page is displayed instead of HTTP client page if number of users’ login and logout frequently. Bug ID – 4550 Description – For outbound requests, HTTP X-Forwarded-For header included client (internal network) IP address. Bug ID – 4551 Description – One cannot select service while creating virtual host based firewall rule. Bug ID – 4543 Description – Dashboard does not display user surfing pattern in heavy traffic environment. Bug ID – 4549 Description – IMAP virus summary graph does not display valid mail details. Virus summary graph should display details of both valid and infected mails. Bugs solved in 9.5.3 build 18 Bug ID – 4636 Description – V 9.5.3 build 14 upgrade patch was applicable on higher versions i.e. V 9.5.3 build 14 patch could be applied on V 9.5.4 build 17 Bug ID – 4637 Description – When upstream proxy (Parent proxy) is configured with FQDN, users are not able to surf websites if Cyberoam is unable to resolve the FQDN while restarting the management services (RMS) or on rebooting the Cyberoam. Bug ID – 4638 Description – Version upgrade triggers high CPU usage if SNMP is configured. This issue affects versions from 9.4.1 build 0 to V 9.5.0 build 21 as the SNMP configuration file of these versions is not compatible with the higher versions. Bug ID – 4659 Description – Cyberoam does not reset SNMP configuration on factory reset. Bug ID – 4662 Description – SNMP configuration is not included in backup file. 1.2.1.7.2. Known Issues (v 9.5.3 build 18) The purpose of this list is to give an overview of known issues. The ID denotes the internal Cyberoam bug tracking ID and will be shown in the Bug Fixes if the issue is fixed. Bug ID – 2044 Description – After changing Cyberoam deployment mode from Bridge to Route, if ‘Monitor only’ Internet Access policy is configured through Network Configuration Wizard, SNAT/Masquerade policy is not automatically applied. One has to apply manually. Bug ID – 2106 Description – Anti Virus and Anti Spam reports are not included in backup. Bug ID – 2178 Description – When FTP scanning is enabled on Cyberoam and FTP proxy is not enabled in Firefox Mozilla web browser, virus infected files are not blocked for FTP over HTTP. Browser displayed ‘Failed to change directory’ 550 error. Bug ID – 2223 Description – Virus infected files downloaded using any of the web mail clients are not detected and blocked. Most of the web mail clients like yahoo, hotmail have their own scanning process. Cyberoam may not detect virus if scanning is disabled or bypassed by mail client. Bug ID – 2229 Description – Blocked Attempts report does not provide details of any attempt to blocked ActiveX, Applets, and Cookies Category. Bug ID – 2237 Description – Backup of Cyberoam Appliance models CR50i, CR 100i, CR250i, and CR500i can not be restored on CR1000i or CR1500i Bug ID – 2322 Description – When same network is specified as local and remote network in Connection, VPN tunnel is not establish. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 151/409 ١١٢١٠٢/٤/ Bug ID – 2334 Cyberoam Docs Description – Yahoo Webcam is not supported when Cyberoam is configured as Proxy server. Bug ID – 2335 Description – Combo box is not displayed when overlapped with expanded menu if Web Admin Console is accessed using Internet Explorer. Bug ID – 2336 Description – Allowing Application categories or file type categories in “Deny All” Internet Access policy does not work. Bug ID – 2372 Description – Cyberoam does not support MSN voice chat. Bug ID – 2382 Description – Access denied message displays incorrect category name when access to File Type category is not allowed. Bug ID – 2385 Description – Incorrect Access Deny message is displayed when access to “All Web Traffic” category is not allowed. Bug ID – 2412 Description – IDP reports does not include action taken on IDP alerts. Bug ID – 2416 Description – If multiple interfaces are enabled for PPPoE and gateway for one of the PPPoE interface is changed, restarting the Management services (RMS) does not update the Gateway failover condition. Bug ID – 2417 Description – Create and Edit Firewall Rule page does not displays correct IP address of PPPoE interface. Bug ID – 2437 Description – When Cyberoam is deployed as Bridge, Manage Gateway page on Web Admin Console displays incorrect Ethernet Port IP address. Bug ID – 2520 Description – If the zone of the Ethernet port is changed using Network Configuration Wizard, changes are not automatically reflected in DDNS account configuration. One needs to manually change the DDNS configuration. Bug ID – 2521 Description – Change in IP address of Gateway is not automatically reflected in Gateway Failover condition. One needs to manually change the IP address in Failover condition. Till the IP address is changed, status of the Gateway will be displayed as Down. Bug ID – 2549 Description – Data fields sequence in the tabular format and CSV format is different in Web Surfing reports as well as Traffic Discovery reports. Bug ID – 2681 Description – Gateway configuration does not automatically change after swapping IP addresses of the Ports using Network Configuration Wizard. Bug ID – 2958 Description – IDP policy is not applied immediately after creation. One needs to restart management services (RMS) from Telnet Console. Bug ID – 3003 Description – Under the testing environment it is found that when multiple gateways are defined on Cyberoam, VPN connection from one WAN Interface does not consistently fail over to the another WAN Interface. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the scenario details. Bug ID – 3004 Description – If the VPN client initiating PPTP connection is behind the NAT box then Cyberoam allows only one PPTP connection. Bug ID – 3315 Description – DHCP server does not lease IP address from the secondary interface when configured on two LAN interfaces. Bug ID – 3549 Description – Cyberoam does not detect spam mails if parent proxy is configured. Bug ID – 3618 Description – Spam filtering based on RBL (Realtime Blackhole List) does not work. Bug ID – 3620 Description – More than 10 email addresses cannot be grouped in an Email Address group. If required, addresses are to be specified one by one. Also, email address group field size is restricted to 255 characters. Bug ID – 3621 Description – Even when gateway is defined explicitly in firewall rule, it is not possible to access Internet if multiple gateways are defined and both the Gateways are down. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 152/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 3653 Description – Even when gateway is defined explicitly in firewall rule, it is not possible to access Internet if multiple gateways are defined and gateway weight configured as zero (0). Bug ID – 3755 Description – Under the testing environment it is found that when multiple gateways are defined on Cyberoam, gateway parameters are not defined uniquely for each gateway. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the scenario details. Bug ID – 3763 Description – Dashboard does not display HTTP Traffic Analysis and User Surfing Pattern if Internet Access policy is not applied through Firewall rule. Bug ID – 3799 Description – Cyberoam is not able to resolve to a host name if LAN zone is not configured and hence it takes time open to open Web Admin console. Bug ID – 3816 Description – When PPPoE is enabled, Cyberoam terminates L2TP connection within 2 minutes. Bug ID – 3934 Description – If a DHCP service is configured on the Interface Alias, DHCP server is not able to lease IP address. Bug ID – 3942 Description – If “Restrict HTTP Upload” category is denied, users are not able to send mails using Gmail. Instead of blocking the messages with attachment, access to Gmail is denied. Bug ID – 4129 Description – Cyberoam automatically restarts all the management services on resetting the management password from Telnet Console. Bug ID – 4171 Description – When FTP scanning is enabled, attempts to connect to an FTP server gives “451 Proxy unable to comply” error. Bug ID – 4179 Description – Even when custom login and logoff messages are configured, instead of custom login and logoff messages, Cyberoam displays default messages. Bug ID – 4208 Description – Cyberoam does not save the modified Notification Email address for Reports (through Network Configuration Wizard). Due to this, mails are send to the previously configured email address only. Bug ID – 4461 Description – CR 25i appliance cannot be the part of High Availability (HA) cluster i.e. HA cannot be configured on CR 25i appliance. Bug ID – 4490 Description – Due to incorrect HTTP header parsing, certain sites like www.cada.fr were not accessible. Bug ID - 4522 Description – Virus description is truncated to 10 characters in FTP Virus report. Bug ID - 4553 Description - When DHCP client fails to fetch the IP address, Internet cannot be accessed as gateway becomes unreachable. Due to this, one needs to restart the management services (RMS). Bug ID - 4649 Description – Data field sequence mismatch in tabular and CSV format of Spam report Bug ID - 4678 Description – Cyberoam removes entire Syslog configuration on upgrading from V 9.3.0 build 09 to V 9.5.3 build 18. Hence, one has to re-configure Syslog after upgrading. 1.2.1.8. V 9.5.3 build 14 1.2.1.8.1. Release Notes Introduction This document contains the release notes for Cyberoam version 9.5.3 build 14 and the two intermediate builds - 9.5.2 build 19 and 9.5.2 build 15. The intermediate builds were distributed to the beta customers only and now as an part of this release are made available to all the customers. This is a major release with new features and enhancements in response to several bug fixes that improves quality, reliability, and performance. The following sections describe the release in detail and provide other information that supplements the main documentation. Version 9.5.3.14 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 153/409 ١١٢١٠٢/٤/ Release Information Upgrade applicable to: version 9.4.2.0 onwards Upgrade Information Upgrade type: Manual upgrade. Upgrade procedure 1. 2. 3. Download upgrade from http://downloads.cyberoam.com Cyberoam Docs Log on to Web Admin console and go to Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to Telnet console and go to option 6 Upgrade Version and follow the on-screen instructions. Compatibility Issues: None Features 1. Quarantine Area for Spam emails Cyberoam appliance now provides a spam quarantine folder for each user where it stores the quarantined spam mail sent to the user’s email address. The user can view the quarantined emails from the user my account page and download the email. The global quarantine area can also be accessed by the appliance administrator to download the quarantined emails. Quarantine can be configured as an SMTP action in the spam policies. Currently quarantine support is available only for the SMTP protocol. 2. Active Directory (AD) groups import wizard Cyberoam Web Admin Console now includes the “Active Directory Group Import Wizard” that allows to import groups from Active Directory. The Wizard can be accessed from User àAuthentication setting page of Web Admin Console. You can also define different Cyberoam policies for the imported groups using this wizard. 3. Multicast Forwarding Cyberoam can now support applications like stock ticker that multicast stock quote information. Multicast support includes: Multicast forwarding (for both Gateway and Bridge modes) Configuring static routes (for Gateway mode only) Telnet Console provides the option to configure multicast static routes when Cyberoam is deployed in Gateway mode. Router Management menu changes: Sub menu – Configure Unicast Routing includes previous version’s option for unicast dynamic routing configuration Sub menu - Configure Multicast Routing 4. HTML Editor to customize HTTP Client page HTML Editor is provided to customize GUI components of the HTTP client login page. The Editor also supports customization in 24 different languages including Hindi. The Default template can be accessed from the System menu of Web Admin Console. Enhancements 1. Virtual Host Till previous versions, 3 different steps were required to provide access of servers hosted in the LAN segment of Cyberoam to WAN. One was required to define alias, DNAT policy and firewall rule for each server. Virtual host has been designed to overcome this shortcoming. Virtual Host will map services of a public IP address to services on an internal host and will be used as the Destination address to access internal server. Proxy ARP is automatically enabled for the respective virtual host so that the Cyberoam can respond to ARP requests for public IP address. SNAT policy is renamed to NAT policy and one needs to assign only the NAT policy to the Firewall rule to provide the outbound access for any of the internal servers. Telnet Console can be used for managing Proxy ARP manually. 2. Active Directory Group Search Order The Cyberoam administrator can now define the Group Search Order for Active Directory users who are part of multiple groups. Cyberoam would decide the group membership of the authenticated users based this group search order. Based on the group membership the respective access control policies would be applied on the users. 3. HTTP Proxy Performance Statistics and session capture The “HTTP Proxy Statistics” link in the Cyberoam Diagnostic Tool provides real-time outputs of various statistics about proxy configuration and performance. Some key information and statistics provided by this tool are: DNS request time Total HTTP requests served by number and data transfer Failed requests Live session information The live session information provides an in-depth view with a detailed time wise breakup of various actions by the proxy. In addition the HTTP session information can be captured and downloaded as a file to aid in further troubleshooting and performance tuning if required. The information available in the HTTP session capture is: HTTP Request Headers HTTP Response Headers Proxy tasks statistics docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 154/409 ١١٢١٠٢/٤/ 4. DHCP leased IP list Cyberoam Docs The DHCP server now gives a list of IP addresses that have been leased to DHCP clients. The following information is available in the leased IP list: Leased IP address Lease start and end time Physical address of Client Client host name Renamed Feature SNAT(Source NAT policy) is renamed to NAT policy Obsolete Feature DNAT policy Version 9.5.2 build 19 Following features were made available to the beta customers only and were release candidate for testing purpose. From this version onwards, as an part of v 9.5.3 build 14, all the features are now made generally available. Features 1. FQDN for Parent Proxy server Now FQDN or IP address can be configured for Parent Proxy server. This will help service provider in load balancing and failover. 2. Configurable Gateway failover detection time (only for Multiple Gateway) One can now configure the time interval for checking the health of the gateway link. It can be configured from Manage Gateway page of the Web Admin Console. 3. High Availability (HA) with Load balancing and failover protection In previous version, this feature was enabled only on demand but from this version onwards, this control has been removed.This feature should be considered as Beta from this version. It will be communicated when HA feature will be made generally available in the subsequent builds on further deployments on the field. Version 9.5.2 build 15 Following features were made available to the beta customers only and were release candidate for testing purpose. From this version onwards, as an part of v 9.5.3 build 14, all the features are now made generally available. Feature 1. Regulatory Compliance Reports The Cyberoam On Appliance Reports suite has been expanded to include approximately 45 reports for SOX, HIPPA, PCI, FISMA and GLBA compliance. Enhancements 1. Performance Enhancements for better support multi-Core and multi-processor appliances The Cyberoam operating system and applications have been tuned to better support the Cyberoam appliances with multi processor and multi core CPUs. Performance improvement of 20% to 50% has been achieved for policy scanning and IDP, especially in the 1000i and 1500i appliances 2. IDP alerts over Syslog It is now possible to log IDP alerts to remote syslog servers. IDP reports are the most performance intensive reports on the appliance, thus being one of the key factors affecting the appliance real time performance. This feature gives an option to the Cyberoam administrator to choose between on appliance logging, Syslog logging or disabling logging totally. By default onappliance logging and reporting would be disabled after applying this upgrade. It will aid in fine tuning Cyberoam's on-appliance features in high traffic environments without compromising Appliance features as well as performance. 3. Ability to switch on/off traffic discovery report Traffic discovery reports can now be turned off. 4. HTTP Keep-Alive Support HTTP proxy now supports HTTP Keep-Alive thus allowing persistent connections. This can provide up to 50% speedup in latency times for web pages with lots of components. E.g. lots of images 5. Extended SNMP Traps support Cyberoam generates SNMP traps for the following SNMP Get events: Traps highCpuUsage highDiskUsage highMemUsage httpVirus smtpVirus Description High CPU usage i.e. CPU usage exceed 90% High Disk usage i.e. Disk usage exceed 90% High Memory usage i.e. memory usage exceed 90% HTTP virus detected by Cyberoam SMTP virus detected by Cyberoam docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 155/409 ١١٢١٠٢/٤/ pop3Virus imap4Virus ftpVirus linkToggle synFlood tcpFlood udpFlood icmpFlood POP3 virus detected by Cyberoam IMAP virus detected by Cyberoam FTP virus detected by Cyberoam Change of link status (up or down) Cyberoam Docs DoS attack – SYN flood detected by Cyberoam DoS attack – TCP flood detected by Cyberoam DoS attack – UDP flood detected by Cyberoam DoS attack – ICMP flood detected by Cyberoam 6. DHCP client support for “DNS server” parameter Cyberoam DHCP client now uses the "DNS Server" configuration parameter obtained from the DHCP Server. This parameter would override any DNS Server configured manually on the Cyberoam appliance. Bugs solved The purpose of this list is to give an overview of the bugs fixed in various builds of version 9.5.3, 9.5.2.15. The ID denotes the internal Cyberoam bug tracking ID and the description explains problem. Bugs solved in 9.5.3 build 14 Bug ID – 2088 Description – SFP ports I and J are not displayed on Web Admin Console and Network Configuration wizard for Cyberoam 1000i and 1500i Appliances. Bug ID – 2157 Description – VPN Client cannot be registered from any of the LAN machines behind Cyberoam. Bug ID – 2201 Description – Create Firewall rule page in Web Admin Console displays incomplete IP address (Source and Destination) and bandwidth policy name. Bug ID – 2338 Description – Mismatch in IDP alerts details displayed on the Dashboard and in the Recent IDP Alerts page. Bug ID – 4266 Description – Cyberoam deletes previously created ARP entry if ARP entry for the same IP address is added manually from Telnet console. In other words, ARP entry created on creation of Virtual host gets deleted if ARP entry for the same IP address is added manually from Telnet console. Bug ID – 4365 Description – Import Group Wizard prompts to select Internet Access Policy even if policy is selected while importing AD Groups. This happened only if “Allow All” Internet Access policy. Bugs solved in 9.5.3 build 07 Bug ID – 2411 Description – When Cyberoam is deployed as Bridge, Traffic discovery incorrectly displays that all the connections are initiated from WAN interface. Bug ID – 2425 Description – For clientless users, web Surfing report displays duplicate entries - one with the username and another with the IP address. Bug ID – 2789 Description – Bandwidth usage statistics displayed on Manage Live User page in Web Admin Console does not consistently display the correct values. Sometimes it is displayed as 0.0 K bandwidth usage. The exact configuration parameters that trigger this situation are not known. Workaround – Restart management services from Telnet Console. Bug ID – 2932 Description – IDP module triggers high CPU usage if Cyberoam is under attack. As a workaround, enable DoS attack from Web Admin console. Bug ID – 2935 Description – “Root partition full” problem is faced when Cyberoam is under attack due to temporary files generated by Traffic Discovery module. Bug ID – 3478 Description – Spelling mistake in the auto-generated message send to the Administrator on the change of Gateway status. Bug ID – 3522 Description – If link speed is slow and bandwidth restriction is applied, it is not possible to upload large files using FTP application. Bug ID – 3560 Description – Cyberoam displays junk characters in HTTP Virus Alert text. Bug ID – 3565 Description – Cyberoam does not add disclaimer or signature in outgoing mails if specified in Anti Virus General Configuration. Bug ID – 3602 Description – Even when “User Authentication Session Timeout” and “Timeout session after” fields are not mandatory, it is not possible to create group if any value is not specified. If the fields were kept empty, “Cannot create a group” error message is displayed. Work around – At the time of creating a Group, configure any value in these fields. After successful creation of the group, edit the group to remove these configured values. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 156/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug ID – 3607 Description – Cyberoam displays error page without page header when duplicate Group is created. Bug ID – 3614 Description – Mail Recipients specified in Anti Virus General Configuration are not able to extract the mail attachment. Bug ID – 3615 Description – FTP Configuration page of Web Admin Console does not provide any information on file size restriction for virus scanning of FTP traffic. Bug ID – 3619 Description – If spam scanning is disabled from custom policy, default spam policy is also not applied. Bug ID – 3710 Description – Secure sites (HTTPS) could not be accessed when Parent proxy is configured. Bug ID – 3736 Description – Anti spam logs were not generated. Versions Affected – 9.5.0 build 19 onwards Bug ID – 3745 Description – FTP logs were not generated from Telnet Console. Bug ID – 3747 Description – IDP Signatures update status is displayed as “Fail” even after successful updation. Bug ID – 3752 Description – Cyberoam Routing table does not get updated when RIP (Routing Information Protocol) is configured. Bug ID – 3757 Description – Customized Dashboard display is not retained on logout. Bug ID – 3844 Description – Error 999 was displayed while trying to access certain sites like tw.stock.yahoo.com, tw.news.yahoo.com when HTTP scanning is enabled. Bug ID – 3847 Description – “Proxy unable to comply” error is displayed at the time of enabling FTP scanning when Cyberoam is deployed as bridge. Bug ID – 4017 Description – Cyberoam could not detect and filter spam mails if email address specified in Mime Header included special characters like *, # etc. Bug ID – 4018 Description – Cyberoam allowed to update IP address of the WAN Interface acting as DHCP server from Manage Interface page of Web Admin Console. Bug ID – 4024 Description – Virus name is displayed in the Recent Mail Virus detected alert on Dashboard includes junk character. Bug ID – 4150 Description – Cyberoam automatically changes its default MTU value of WAN interface if external DHCP server leases MTU. Due to this, Internet becomes inaccessible. Bug ID – 4156 Description – If the Alias and LAN interface subnet are not same, Alias is added but is not visible Authentication Network. Due to this, user logon requests were dropped. Bug ID – 4169 Description – Special character white space is not supported between network ID and subnet mask in IP address based Address Group. For example, 192.168.15.15 255.255.255.255 Address groups are used in defining scanning rules. Bugs solved in 9.5.2 build 15 Bug ID – 4017 Description – Anti spam Advance rule does not support special characters like *,# etc.. Bug ID – 4019 Description – Not able to regularly rotate L2TP VPN logs. It is necessary to rotate logs in order to control the log size. Bug ID – 4020 Description – Cyberoam does not synchronize static route when High Availability cluster is configured with Virtual Interfaces. Bug ID – 4027 Description – Secure sites (HTTPS) could not be accessed when Browser HTTPS proxy is configured. Bug ID – 4056 Description – Dashboard SMTP virus alerts includes invalid characters in the Virus name. This is a browser specific problem faced only when Internet Explorer V 6 browser is used to access Web Admin console. Bug ID – 4060 Description – Not able to establish VPN connection when endpoints are assigned dynamic IP addresses or FQDNs. Bug ID – 4061 Description – Cyberoam Appliance models 1000i and 1500i did not display fiber ports I and J on Network configuration Wizard. Document Version – 3.0-30/01/2008 1.2.1.8.2. Known Issues (v 9.5.3 build 14) The purpose of this list is to give an overview of known issues. The ID denotes the internal Cyberoam bug tracking ID and will be shown in the Bug Fixes if the issue is fixed. Bug ID – 2044 Description – After changing Cyberoam deployment mode from Bridge to Route, if ‘Monitor only’ Internet Access policy is configured through Network Configuration Wizard, SNAT/Masquerade policy is not automatically applied. One has to apply manually. Bug ID – 2106 Description – Anti Virus and Anti Spam reports are not included in backup. Bug ID – 2178 Description – When FTP scanning is enabled on Cyberoam and FTP proxy is not enabled in Firefox Mozilla web browser, virus infected files are not blocked for FTP over HTTP. Browser displayed ‘Failed to change directory’ 550 error. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 157/409 ١١٢١٠٢/٤/ Bug ID – 2223 Cyberoam Docs Description – Virus infected files downloaded using any of the web mail clients are not detected and blocked. Most of the web mail clients like yahoo, hotmail have their own scanning process. Cyberoam may not detect virus if scanning is disabled or bypassed by mail client. Bug ID – 2229 Description – Blocked Attempts report does not provide details of any attempt to blocked ActiveX, Applets, and Cookies Category. Bug ID – 2237 Description – Backup of Cyberoam Appliance models CR50i, CR 100i, CR250i, and CR500i can not be restored on CR1000i or CR1500i Bug ID – 2322 Description – When same network is specified as local and remote network in Connection, VPN tunnel is not establish. Bug ID – 2334 Description – Yahoo Webcam is not supported when Cyberoam is configured as Proxy server. Bug ID – 2335 Description – Combo box is not displayed when overlapped with expanded menu if Web Admin Console is accessed using Internet Explorer. Bug ID – 2336 Description – Allowing Application categories or file type categories in “Deny All” Internet Access policy does not work. Bug ID – 2338 Description – Mismatch in IDP alerts details displayed on the Dashboard and in the Recent IDP Alerts page. Bug ID – 2372 Description – Cyberoam does not support MSN voice chat. Bug ID – 2382 Description – Access denied message displays incorrect category name when access to File Type category is not allowed. Bug ID – 2385 Description – Incorrect Access Deny message is displayed when access to “All Web Traffic” category is not allowed. Bug ID – 2412 Description – IDP reports does not include action taken on IDP alerts. Bug ID – 2416 Description – If multiple interfaces are enabled for PPPoE and gateway for one of the PPPoE interface is changed, restarting the Management services (RMS) does not update the Gateway failover condition. Bug ID – 2417 Description – Create and Edit Firewall Rule page does not displays correct IP address of PPPoE interface. Bug ID – 2437 Description – When Cyberoam is deployed as Bridge, Manage Gateway page on Web Admin Console displays incorrect Ethernet Port IP address. Bug ID – 2520 Description – If the zone of the Ethernet port is changed using Network Configuration Wizard, changes are not automatically reflected in DDNS account configuration. One needs to manually change the DDNS configuration. Bug ID – 2521 Description – Change in IP address of Gateway is not automatically reflected in Gateway Failover condition. One needs to manually change the IP address in Failover condition. Till the IP address is changed, status of the Gateway will be displayed as Down. Bug ID – 2549 Description – Data fields sequence in the tabular format and CSV format is different in Web Surfing reports as well as Traffic Discovery reports. Bug ID – 2681 Description – Gateway configuration does not automatically change after swapping IP addresses of the Ports using Network Configuration Wizard. Bug ID – 2958 Description – IDP policy is not applied immediately after creation. One needs to restart management services (RMS) from Telnet Console. Bug ID – 3003 Description – Under the testing environment it is found that when multiple gateways are defined on Cyberoam, VPN connection from one WAN Interface does not consistently fail over to the another WAN Interface. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the scenario details. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 158/409 ١١٢١٠٢/٤/ Bug ID – 3004 Cyberoam Docs Description – If the VPN client initiating PPTP connection is behind the NAT box then Cyberoam allows only one PPTP connection. Bug ID – 3315 Description – DHCP server does not lease IP address from the secondary interface when configured on two LAN interfaces. Bug ID – 3549 Description – Cyberoam does not detect spam mails if parent proxy is configured. Bug ID – 3618 Description – Spam filtering based on RBL (Realtime Blackhole List) does not work. Bug ID – 3620 Description – More than 10 email addresses cannot be grouped in an Email Address group. If required, addresses are to be specified one by one. Also, email address group field size is restricted to 255 characters. Bug ID – 3621 Description – Even when gateway is defined explicitly in firewall rule, it is not possible to access Internet if multiple gateways are defined and both the Gateways are down. Bug ID – 3653 Description – Even when gateway is defined explicitly in firewall rule, it is not possible to access Internet if multiple gateways are defined and gateway weight configured as zero (0). Bug ID – 3755 Description – Under the testing environment it is found that when multiple gateways are defined on Cyberoam, gateway parameters are not defined uniquely for each gateway. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the scenario details. Bug ID – 3763 Description – Dashboard does not display HTTP Traffic Analysis and User Surfing Pattern if Internet Access policy is not applied through Firewall rule. Bug ID – 3799 Description – Cyberoam is not able to resolve to a host name if LAN zone is not configured and hence it takes time open to open Web Admin console. Bug ID – 3816 Description – When PPPoE is enabled, Cyberoam terminates L2TP connection within 2 minutes. Bug ID – 3934 Description – If a DHCP service is configured on the Interface Alias, DHCP server is not able to lease IP address. Bug ID – 3942 Description – If “Restrict HTTP Upload” category is denied, users are not able to send mails using Gmail. Instead of blocking the messages with attachment, access to Gmail is denied. Bug ID – 4048 Description – Dashboard displays gateway status as ‘Up’ even after if WAN port disconnected. Bug ID – 4129 Description – Cyberoam automatically restarts all the management services on resetting the management password from Telnet Console. Bug ID – 4171 Description – When FTP scanning is enabled, attempts to connect to an FTP server gives “451 Proxy unable to comply” error. Bug ID – 4179 Description – Even when custom login and logoff messages are configured, instead of custom login and logoff messages, Cyberoam displays default messages. Bug ID – 4208 Description – Cyberoam does not save the modified Notification Email address for Reports (through Network Configuration Wizard). Due to this, mails are send to the previously configured email address only. Bug ID – 4461 Description – CR 25i appliance cannot be the part of High Availability (HA) cluster i.e. HA cannot be configured on CR 25i appliance. 1.2.1.9. Archives 1.2.1.9.1. V 9.5.0 build 29 Release Information Compatible versions: 9.5.0.19, 9.5.0.21, 9.5.0.25 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 159/409 ١١٢١٠٢/٤/ Upgrade Information Upgrade type: Auto upgrade Cyberoam Docs Compatibility Issues: None Introduction This document contains the release notes for Cyberoam version 9.5.0 build 29. This is a maintenance release with several bug solved that improves quality, reliability, and performance. Bugs Solved The purpose of this list is to give an overview of the bugs fixed in the current release. The ID denotes the internal Cyberoam bug tracking ID and the description explains problem. Bug ID – 3847 Description – “Proxy unable to comply” error is displayed at the time of enabling FTP scanning when Cyberoam is deployed as bridge. Bug ID – 3906 Description – Cyberoam displayed incorrect message when malware is detected. Instead of malware message, Web Admin console displays virus message. Bug ID – 3907 Description – Cyberoam does not support VoIP connection if VoIP device is deployed behind Cyberoam. Bug ID – 3908 Description – Cyberoam downloads corrupted mails from POP3 server when Cyberoam Anti Spam engine is not running. Bug ID – 3910 Description – Cyberoam does not open images included in the web sites tw.news.yahoo.com, tw.stocks.yahoo.com and yam.com. Big ID - 3911 Description – Incomplete virus name is displayed in HTTP Anti Virus reports. Bug ID – 3912 Description – Cyberoam is not compatible with non-pipeline supported POP3 servers. Bug ID – 3913 Description – HTTP proxy crashes when Anti virus scanning is enabled. Bug ID – 3914 Description – If special character “space” is included in the username, it is not possible to login using HTTP Client e.g. “john mac”. 1.2.1.9.2. V 9.5.0 build 21 1.2.1.9.2.1. Release Notes Release Information Compatible versions: V 9.4.2.0, 9.4.2.8, 9.4.3.0, 9.4.3.5 Upgrade Information Upgrade type: Manual upgrade. After upgrade, reboot is required for the changes to take effect. Upgrade procedure 1. 2. 3. Download upgrade from http://downloads.cyberoam.com/version9/ Log on to Web Admin console and go to Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to Telnet console and go to option 6 Upgrade Version and follow the on-screen instructions. Compatibility Issues: None docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 160/409 ١١٢١٠٢/٤/ Cyberoam Docs Introduction This document contains the release notes for Cyberoam version 9.5.0 build 21. The following sections describe the release in detail and provide other information that supplements the main documentation. This is a major release with new features and several bug solved that improves quality, reliability, and performance. New Features 1. Virtual LAN (802.1q) support in Route mode Cyberoam 9.5.0.1 release, support 802.1q VLAN processing to provide granular virtualization, scalability, and improved security through logical network segmentation by the means of virtual interface. Security zones can now include Virtual Interface and/or physical ports; inter-zone policies enable complete granularity and control. VLAN technology allows implementing multi-tier security domain network design concept to secure discrete departments, project teams, or applications without regards to the physical location of users through single Cyberoam appliance only. Network throughput improvement is achieved by introducing this feature as VLAN confines broadcast domain. Virtual interface has most of the capabilities and characteristics of a physical interface, including zone membership, security services, routing, access rule controls, IDP, virus, and spam scanning. For the ease of use, VLAN configuration and management is provided from the View Network Interface page of Web Admin Console. 2. High Availability (HA) with Load balancing and failover protection* To minimize the single point of failure, Cyberoam offers an integrated high availability solution providing efficient, continuous access to critical applications, information, and services. High availability is critical to maintaining network protection from an attack, even in the event of a device failure. To achieve high availability, HA cluster is to be defined which consists of two Cyberoam appliances and both appliances in the cluster share session and configuration information. Active-Passive HA In Active-Passive HA, primary appliance processes the entire traffic and Auxiliary appliance is in standby mode. Auxiliary appliance processes the entire network traffic only incase of primary appliance failure. Active-Active HA Session persistent Load balancing Active-Active HA increases overall network performance by sharing the load of processing network traffic and providing security services. The cluster appears to your network to be a single device, adding increased performance without changing your network configuration. Primary appliance acts as the load balancer and load balances all the TCP communications including TCP communications from Proxies but will not load balance VPN traffic. Failover In Active-Active HA both Primary and Auxiliary appliances process the network traffic and Auxiliary appliance takes over the primary appliance and processes complete traffic incase of primary appliance failure or link/monitored interface failure. Session failover Session failover occurs for forwarded TCP traffic except for virus scanned sessions that are in progress, VPN sessions, UDP, ICMP, multicast, and broadcast sessions and Proxy traffic. Synchronization Cluster configuration, routing tables, and individual cluster appliance status between Cluster appliances are synchronized automatically when a configuration event occurs. Additionally, Web Console Admin provides the option for Manual synchronization also. In addition, Cyberoam now has inbuilt monitoring services that monitor critical services in the appliance and even take the corrective and preventive actions to ensure availability. Prerequisite: Both the Appliances must have same number of Interfaces, same software version and deployed in Route mode. Known Behavior 1. 2. 3. 4. DHCP & PPPoE – High Availability (HA) cluster cannot be configured if any of the Cyberoam Interfaces is dynamically configured using DHCP and PPPoE protocols. Cyberoam upgrade - AutoUpgrade mode will automatically be disabled on both the cluster appliances once High Availability (HA) cluster is configured. To upgrade HA cluster appliances, HA mode is to be disabled and each appliance has to be upgraded individually. HA Session failover – AV Scanned sessions, VPN sessions, UDP, ICMP, multicast, and broadcast sessions and Proxy traffic sessions are not maintained when HA cluster is configured. Masqueraded Connections – In case of the following events from any of the HA cluster appliances, all the masqueraded connections will be dropped: Restart Management Service (RMS) docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 161/409 ١١٢١٠٢/٤/ Execution of Network Configuration Manual Synchronization 5. Cyberoam Docs HA Load balancing – Active-Active HA cluster does not load balance VPN sessions, UDP, ICMP, multicast, and broadcast sessions. TCP traffic for Web Admin Console or Telnet Console and VLAN traffic sessions are also not load balanced between the cluster appliances. 3. Dynamic Routing Earlier Cyberoam versions used static routing method whereby routes for each network where to be defined manually. This was a handy process for a small network with very few routes and also when links go down corrections are to done manually. It becomes a cumbersome process when network grows. By introducing Dynamic routing feature in this version, Cyberoam has overcome the limitations of static routes configuration. General benefits of dynamic routing are: · · · · · More automation: Routing updates are automatically sent to all other routers. Change notification: The dynamic routing protocol will reroute traffic around a link that is down or congested. Greater uptime for users: Because the routing protocol has intelligence and can react faster, the users may see more uptime. Greater network throughput: Because the routing protocol may be able to calculate the most responsive network link to use, the users may see less latency and more performance out of the network. Less work for administrators: As the network grows, the administrator does not have to worry about configuring all the other routers on the network. Cyberoam has implemented RIP (Routing Information Protocol) - version 2 as described in RFC2453 and version 1 as described in RFC1058 - and OSPF (Open shortest Path First) - version 2 as per RFC 2328, routing protocols for dynamic routing. Telnet Console provides the Cisco compliant CLI for routing configuration. 4. Anti spam module - Virus Outbreak Detection Technology To provide protection against new email-borne virus outbreaks, hours before the signatures are released, Cyberoam has introduced the proactive virus detection technology which detects and blocks the new outbreaks immediately and accurately. It provides a critical first layer of defense by intelligently blocking suspicious mail during the earliest stage of a virus outbreak. Defining outbreak security actions in the Spam policy from Web Admin Console allows to proactively detect, prevent, or contain, and eliminate outbreaks. 5. TCP MSS Configuration option The TCP MSS Adjustment feature enables the configuration of the maximum segment size (MSS) for transient packets that traverse a router, when PPP over Ethernet (PPPoE) is being used in the network. PPPoE truncates the Ethernet maximum transmission unit (MTU) 1492, and if the effective MTU on the hosts (PCs) is not changed, the router in between the host and the server can terminate the TCP sessions. Option for TCP MSS adjustment is provided on Telnet Console. 6. Hard disk drive Check feature With this version, Cyberoam is introducing a feature to check the Hard disk drive partition size. This feature will check hard disk drive on every reboot and will increase the partition size if a different layout from the minimum requirement is found. Enhancements 1. Anti Virus (AV) and Anti Spam (AS) reports Improvement For identifying virus and spam source, AV and AV now include: Reference Id - Reference Id is the message pattern identification tag as classified by Cyberoam Spam Detection Center and is added in the Email header for each mail. Source and Destination IP address. 2. Report titles To effectively communicate with the International customers and project a strong international image, reports menu and titles are changed. 3. Network Configuration Improvement To improve ease of use and maintenance, Interface Alias can be added from View Network Interface page of Web Admin Console. Till previous versions, one had to add Alias from Telnet Console. 4. Web Categories Cyberoam provides a new category for web filtering called ‘Hacking’ making total of 68 categories. Category includes Sites that provide information about or promote illegal or questionable access to or use of computer or communication equipment, software, or databases. Till previous versions such sites were categorized under the category ‘ComputerSecurityandHacking’. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 162/409 ١١٢١٠٢/٤/ Cyberoam Docs General Availability of Beta Version 9.4.3.0 and 9.4.3.5 Cyberoam announces the General Availability for the following Beta features of Version 9.4.3.0 and 9.4.3.5 1. Performance improvement Content filtering and Anti Virus Scanning Earlier versions of Cyberoam used the most common synchronous I/O model. After a request is made in this model, the application blocks until the request is satisfied. The calling application requires no central processing unit (CPU) while it awaits the completion of the I/O request. So the serving thread gets blocked while waiting for the completion of the I/O request. But in some cases there is a need to overlap an I/O request with other processing like serving other requests, virus scanning, etc. Types of I/O Till the earlier versions, Cyberoam proxy subsystem was built on Threaded Synchronous Blocking I/O Architecture. Higher throughput and concurrency (number of concurrent connections) was achieved by using threaded model proxy subsystem. But concurrency achieved by system was restricted by number of threads. High number of threads can achieve higher concurrency but at the same time it will degrade system performance and reduce overall throughput. Threads waiting for I/O completion in case of slow response or antivirus processing latency will decrease the connection rate drastically. To optimize the performance, Cyberoam architecture is changed. New architecture of Cyberoam Proxy Subsystem uses single threaded Asynchronous I/O. Load on the system will not be increased as new architecture uses single thread. With the non-blocking I/O asynchronous architecture, it can perform other tasks like serving other connections, virus scanning, etc… instead of waiting for I/O completion. Typical flow of the synchronous blocking I/O model (Previous Architecture) Typical flow of the asynchronous non-blocking I/O model (New Architecture) docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 163/409 ١١٢١٠٢/٤/ Cyberoam Docs Earlier versions of Cyberoam used the most common synchronous method for DNS lookups. In this method, the requesting process blocks until a response is received i.e. DNS lookup is complete or a timeout occurs. These timeouts are fairly long and absolutely nothing is done by the requesting process during this time. Asynchronous DNS lookup To optimize the performance and robustness, from the current Cyberoam has implemented asynchronous DNS lookup method. Asynchronous DNS lookup means processing continues without waiting for the completion of the lookup. By taking this approach, nothing is blocked while waiting for a reply that comes late. With this implementation, the performance will increase, particularly of those applications which need to perform DNS queries without blocking or need to perform multiple DNS queries in parallel. The primary examples of such applications are servers which communicate with multiple clients and programs with graphical user interfaces. 2. Authentication Session timeout per Group For finer granularity, Cyberoam now supports authenticated session timeout on per-group basis. Authentication session timeout is the number of minutes that after which the user will be logged out automatically. By default this option is disabled and can be enabled and configured from Create/Manage Group page of Web Admin Console. The minimum timeout that can be configured is 3 minutes and maximum is 1440 minutes (24 hours). 3. Personalized Dashboard Dashboard page is now completely customizable. Each section (System Information, License Information, Gateway status information, Usage summary etc.) can be closed or repositioned simply by dragging and dropping. Personalized Dashboard allow repositioning of the sections that requires special attention on the top and the information less used, moved to the bottom. This feature also provides a flexibility to define multiple layouts of Dashboard view for multiple Administrators and layout will persist till it is explicitly reset to the default layout. Discontinued CLI options and commands · · Command removed from Telnet Console - show memory Option for configuring Alias IP address from Network Configuration menu is removed from Telnet Console. A similar option is now provided on Web Admin Console. Bugs Solved The purpose of this list is to give an overview of the bugs fixed in the current release. The ID denotes the internal Cyberoam bug tracking ID and the description explains problem. Bug ID – 2079 Description – When FTP scanning is enabled, bandwidth restriction is not applied as per the configuration on FTP data transfer done through Windows Operating System. Bug ID – 2158 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 164/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – Interface Info graphs from DG.HTML displays Ethernet ports as eth0, eth1, eth2 etc. instead of ports A, B, C, D, etc. Bug ID – 2338 Description – Mismatch in IDP alerts details displayed on the Dashboard and in the Recent IDP Alerts page. Big ID - 2365 Description – Same IP address can be assigned to the multiple Ethernet ports via Network Configuration Wizard and Cyberoam CLI Console. Bug ID – 2368 Description – L2TP VPN tunnel cannot be established when Cyberoam is assigned non-routable IP address (private IP address). Bug ID – 2401 Description – Cyberoam does not provide PPPoE Interface link status information in Wed Admin Console. Bug ID – 2460 Description – Mails could not be detected and filtered as spam mails if the Email address specified in Mime Header From or To option include character “.” (dot) Bug ID – 2535 Description Single Alias IP address can be binded to multiple Interfaces. It is not possible to remove multiple IP addresses binded to the Interface in single attempt but one has to delete IP addresses one by one. Bug ID – 2750 Description – Enable/disable Reporting option in Internet Access policy does not work. Bug ID – 2929 Description – TCP MSS adjustment is required if PPPoE link is terminated on Cyberoam. Due to this, www.hotmail.com is not accessible, Windows OS could not be updated, and downloading is not possible. Bug ID – 2958 Description – IDP policy is not applied immediately after creation. One needs to restart management services (RMS) from Telnet Console. Bug ID – 3221 Description – Web surfing report displays complete data transfer even if file downloading is cancelled after a partial download. Bug ID – 3226 Description – After restarting management services (RMS), if VPN tunnel is established before the IPSec daemon starts then data transfer is through that link is not possible. Bug ID – 3264 Description – If link speed is slow and FTP scanning is enabled, it is not possible to upload large files using FTP application. Bug ID – 3275 Description – Following Dashboard tabs were renamed to convey the appropriate meaning: Title in earlier Version Installation Information Cyberoam Corporate Version Cyberoam Operation mode Bug ID – 3278 Description – Incorrect message is displayed in the Audit log when Cyberoam is restarted from Manage Servers page of Web Admin Console. Bug ID – 3318 Description – Start and stop time configured at the time of schedule creation is not retained. Bug ID – 3344 Description – Gateway status is displayed as ‘Up’ in the Dashboard even if the WAN port is disconnected. Bug ID – 3355 Description – Execution of IDP report queries triggers high CPU usage. Bug ID – 3358 Description – PPTP VPN connection log is not generated. Bug ID – 3377 Description – VPN service needs to be restarted to start data transfer if PPPoE leases the same IP address to the connection. Bug ID – 3380 Renamed to Appliance Information Cyberoam Software Version Cyberoam Deployment mode docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 165/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – After restarting management services from Telnet console, it is possible to establish VPN tunnel but data transfer is not possible. This situation occurs as IPSec daemon gets restarts before the firewall services are restarted. Bug ID – 3383 Description – Correct IP address if not configured if “Backspace” or “¬” key is used while configuring IP address from Serial Console of the Cyberoam Appliance. Bug ID – 3397 Description – “BAD Traffic same SRC/DST” is displayed in Recent IDP Alerts tab of Dashboard when antivirus scanning is enabled along with DNAT and IDP policy in LOCAL zone firewall rule. This also triggers high CPU usage. Workaround – Remove IDP policy or disable antivirus scanning from the firewall rule. Bug ID – 3433 Description – Bandwidth restriction is not applied as per the configuration if Cyberoam is configured as proxy server. Bug ID – 3434 Description – It is not possible to scan and filter HTTP traffic if Web Admin Console was configured on a port other than 80. Bug ID – 3435 Description – Following services are removed: svccanboot, qmail, courierimap and heartbeat services. Bug ID – 3583 Description – HTTP proxy configuration does not get updated automatically on updating DNS configuration from Web based Console. One had to manually reconfigure HTTP Proxy. Bug ID – 3585 Description – Cyberoam did not support Microsoft Netmeeting software for audio and video conferencing. Bug ID – 3588 Description – Anti spam SMTP Search report displayed SPAM mails as well as valid mails as SPAM mails. From this version onwards, SMTP spam reports will display only the spam mails where as Anti spam SMTP Search report will display list of mails as per the specified search criteria. Bug ID – 3590 Description – Dashboard was displayed with overlapping sections when viewed in Internet Explorer Version 7. Bug ID – 3613 Description – As Log command was disabled for OSPF and RIP configuration from Telnet console, Cyberoam generated Log file error when daemon re-starts. Bug ID – 3639 Description – Text message for License information in the configuration file is made more informative. Bug ID – 3640 Description – Cyberoam did not support Microsoft Exchange server when HTTP Antivirus scanning was enabled in Batch mode. * High Availability feature would be enabled on demand. Document Version – 4.3-16/08/2007 1.2.1.9.2.2. Known Issues The purpose of this list is to give an overview of known issues. The ID denotes the internal Cyberoam bug tracking ID and will be shown in the Bug Fixes if the issue is fixed. Bug ID – 2044 Description – After changing Cyberoam deployment mode from Bridge to Route, if ‘Monitor only’ Internet Access policy is configured through Network Configuration Wizard, SNAT/Masquerade policy is not automatically applied. One has to apply manually. Bug ID – 2088 Description – SFP ports I and J are not displayed on Web Admin Console and Network Configuration wizard for Cyberoam 1000i and 1500i Appliances. Bug ID – 2106 Description – Anti Virus and Anti Spam reports are not included in backup. Bug ID – 2157 Description – VPN Client cannot be registered from any of the LAN machines behind Cyberoam. Bug ID – 2178 Description – When FTP scanning is enabled on Cyberoam and FTP proxy is not enabled in Firefox Mozilla web browser, virus infected files are not blocked for FTP over HTTP. Browser displayed ‘Failed to change directory’ 550 error. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 166/409 ١١٢١٠٢/٤/ Bug ID – 2201 Cyberoam Docs Description – Create Firewall rule page in Web Admin Console displays incomplete IP address (Source and Destination) and bandwidth policy name. Bug ID – 2223 Description – Virus infected files downloaded using any of the web mail clients are not detected and blocked. Most of the web mail clients like yahoo, hotmail have their own scanning process. Cyberoam may not detect virus if scanning is disabled or bypassed by mail client. Bug ID – 2229 Description – Blocked Attempts report does not provide details of any attempt to blocked ActiveX, Applets, and Cookies Category. Bug ID – 2237 Description – Backup of Cyberoam Appliance models CR50i, CR 100i, CR250i, and CR500i can not be restored on CR1000i or CR1500i Bug ID – 2322 Description – When same network is specified as local and remote network in Connection, VPN tunnel is not establish. Bug ID – 2334 Description – Yahoo Webcam is not supported when Cyberoam is configured as Proxy server. Bug ID – 2335 Description – Combo box is not displayed when overlapped with expanded menu if Web Admin Console is accessed using Internet Explorer. Bug ID – 2336 Description – Allowing Application categories or file type categories in “Deny All” Internet Access policy does not work. Bug ID – 2338 Description – Mismatch in IDP alerts details displayed on the Dashboard and in the Recent IDP Alerts page. Bug ID – 2372 Description – Cyberoam does not support MSN voice chat. Bug ID – 2382 Description – Access denied message displays incorrect category name when access to File Type category is not allowed. Bug ID – 2385 Description – Incorrect Access Deny message is displayed when access to “All Web Traffic” category is not allowed. Bug ID – 2411 Description – When Cyberoam is deployed as Bridge, Traffic discovery incorrectly displays that all the connections are initiated from WAN interface. Bug ID – 2412 Description – IDP reports does not include action taken on IDP alerts. Bug ID – 2416 Description – If multiple interfaces are enabled for PPPoE and gateway for one of the PPPoE interface is changed, restarting the Management services (RMS) does not update the Gateway failover condition. Bug ID – 2417 Description – Create and Edit Firewall Rule page does not displays correct IP address of PPPoE interface. Bug ID – 2418 Description – FTP backup can not be taken if the FTP user account’s password includes special characters like && or $?. Bug ID – 2425 Description – For clientless users, web Surfing report displays duplicate entries - one with the username and another with the IP address. Bug ID – 2437 Description – When Cyberoam is deployed as Bridge, Manage Gateway page on Web Admin Console displays incorrect Ethernet Port IP address. Bug ID – 2520 Description – If the zone of the Ethernet port is changed using Network Configuration Wizard, changes are not automatically reflected in DDNS account configuration. One needs to manually change the DDNS configuration. Bug ID – 2521 Description – Change in IP address of Gateway is not automatically reflected in Gateway Failover condition. One needs to manually change the IP address in Failover condition. Till the IP address is changed, status of the Gateway will be displayed as Down. Bug ID – 2549 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 167/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – Data fields sequence in the tabular format and CSV format is different in Web Surfing reports as well as Traffic Discovery reports. Bug ID – 2681 Description – Gateway configuration does not automatically change after swapping IP addresses of the Ports using Network Configuration Wizard. Bug ID – 2789 Description – Bandwidth usage statistics displayed on Manage Live User page in Web Admin Console does not consistently display the correct values. Sometimes it is displayed as 0.0 K bandwidth usage. The exact configuration parameters that trigger this situation are not known. Workaround – Restart management services from Telnet Console. Bug ID – 2932 Description – IDP module triggers high CPU usage if Cyberoam is under attack. As a workaround, enable DoS attack from Web Admin console. Bug ID – 2935 Description – “Root partition full” problem is faced when Cyberoam is under attack due to temporary files generated by Traffic Discovery module. Bug ID – 3003 Description – Under the testing environment it is found that when multiple gateways are defined on Cyberoam, VPN connection from one WAN Interface does not consistently fail over to the another WAN Interface. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the scenario details. Bug ID – 3004 Description – If the VPN client initiating PPTP connection is behind the NAT box then Cyberoam allows only one PPTP connection. Bug ID – 3315 Description – DHCP server does not lease IP address from the secondary interface when configured on two LAN interfaces. Bug ID – 3522 Description – If link speed is slow and bandwidth restriction is applied, it is not possible to upload large files using FTP application. Bug ID – 3549 Description – Cyberoam does not detect spam mails if parent proxy is configured. Bug ID – 3560 Description – Cyberoam displays junk characters in HTTP Virus Alert text. Bug ID – 3565 Description – Cyberoam does not add disclaimer or signature in outgoing mails if specified in Anti Virus General Configuration. Bug ID – 3607 Description – Cyberoam displays error page without page header when duplicate Group is created. Bug ID – 3614 Description – Mail Recipients specified in Anti Virus General Configuration are not able to extract the mail attachment. Bug ID – 3615 Description – FTP Configuration page of Web Admin Console does not provide any information on file size restriction for virus scanning of FTP traffic. Bug ID – 3618 Description – Spam filtering based on RBL (Realtime Blackhole List) does not work. Bug ID – 3619 Description – If spam scanning is disabled from custom policy, default spam policy is also not applied. Bug ID – 3620 Description – More than 10 email addresses cannot be grouped in an Email Address group. If required, addresses are to be specified one by one. Also, email address group field size is restricted to 255 characters. Bug ID – 3621 Description – Even when gateway is defined explicitly in firewall rule, it is not possible to access Internet if multiple gateways are defined and both the Gateways are down. Bug ID – 3653 Description – Even when gateway is defined explicitly in firewall rule, it is not possible to access Internet if multiple gateways are defined and gateway weight configured as zero (0). Bug ID – 4461 Description – CR 25i appliance cannot be the part of High Availability (HA) cluster i.e. HA cannot be configured on CR 25i appliance. 1.2.1.9.3. V 9.4.3 build 4 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 168/409 ١١٢١٠٢/٤/ Cyberoam Docs Release Information Compatible versions: V 9.4.3.2, 9.4.3.3 Upgrade Information Upgrade type: Automatic upgrade Compatibility Issues: None Introduction This document contains the release notes for Cyberoam version 9.4.3 build 4. It is a maintenance release with few bug solved that improves quality, reliability, and performance. Bugs Solved The purpose of this list is to give an overview of the bugs fixed in the current release. The ID denotes the internal Cyberoam bug tracking ID and the description explains problem. Bug ID – 3822 Description – HTTP proxy daemon does not come up after factory reset. Bug ID – 3823 Description – Web Categories Database (Webcat) is an appliance specific database. Cyberoam does not check the appliance model before upgrading the Webcat. Due to this, incorrect Webcat upgrade was applied to Cyberoam CR 25i appliances. From this release onwards, Cyberoam will check the appliance model before upgrading the Web Categories Database (Webcat). Document Version – 1.0-03/09/2007 1.2.1.9.4. V. 9.4.2 build 0 1.2.1.9.4.1. Release notes Product Release Information Product: Cyberoam Release Number: 9.4.2 build 0 Release Date: 26th April, 2007 Compatible versions: V 9.4.1.2 Upgrade type: Auto upgrade Upgrade procedure: By default, AutoUpgrade mode is ON/Enabled so Cyberoam will be upgraded automatically. It is possible to disable the automatic upgrade. Follow the procedure to disable the AutoUpgrade mode: · Log on to Telnet Console · · Go to option 4 Cyberoam Console At the prompt, type the command, cyberoam autoupgrade off If automatic upgrade is disabled, you have to upgrade manually. Refer to How To - Upgrade Cyberoam for manual upgrade details. Downtime: Upgrade process is expected to take around 2 minutes. Customer Support: For more information or support, please visit www.cyberoam.com or email at
[email protected] Introduction This document contains the release notes for Cyberoam version 9.4.2 build 0. The following sections describe the release in detail and provide other information that supplements the main documentation. This is a major release with few new features and features enhanced in response to several bug reports that improves quality, reliability, and performance without adding any new functionality. New Features 1. Cyberoam Central Console docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 169/409 ١١٢١٠٢/٤/ Cyberoam Docs With the introduction of this tool, Cyberoam now helps Managed Security Service Providers, Enterprises – multiple branch offices same city multiple locations or in different Cities and Universities – multiple departments same campus or multiple campuses to manage and monitor their multiple Cyberoam Installations centrally. Cyberoam Central Console is an integrated management and monitoring tool allows to manage multiple, dispersed Cyberoam Installations centrally. It establishes a central point for monitoring and maintaining multiple Cyberoam Installations. Cyberoam Central Console is an independent and a separate hardware from Cyberoam i.e. not the part of Cyberoam Appliance, is to be purchased, installed, and registered separately. Prerequisite: Each Cyberoam Appliance should allow HTTPS access for Cyberoam Central Console. Web Admin Console Web Admin Console is provided to configure and manage Cyberoam Central Console Appliance which can be accessed through HTTP or secure HTTPS connection. Only configuration required on Cyberoam Central Console is the registration of all the Cyberoam Appliances that are to be managed and monitored through Cyberoam Central Console. To register a Cyberoam Appliance with Cyberoam Central Console, one needs to add IP address, Local administrator Username and password. Additionally, from Web Admin console, one can also create/update following policies and rules and apply to any of the registered Cyberoam Appliances: · · · · · Dashboard Dashboard helps to watch all the registered Cyberoam Appliances for outages and events that requires attention. Cyberoam Central Console gets all the required information from Cyberoam Appliances which is displayed on Dashboard. This saves you from time consuming manual monitoring of multiple Cyberoam Appliances individually. Dashboard displays live status / severity of following parameters of all the registered Cyberoam Appliances: Connectivity – Connectivity of Cyberoam with Cyberoam Central Console and connectivity of Cyberoam with its gateway (Mostly in case of Multiple gateway in Cyberoam) IDP Threats – Severity depends on number of events generated in last 5 minutes Virus Attack – Severity depends on % of Viruses detected with respect to total number of sites visited and mails received Spam Mails – Severity depends on % of SPAM mails received with respect to the total mails received Compatibility – Cyberoam Central Console will not be able to manage Cyberoam if not compatible, either Cyberoam Central Console / Cyberoam needs to be upgraded Subscription - Severity depends on number of days left in expiration for any module Status and severity are classified as Dangerous, Warning, OK which is based on the preconfigured threshold values in Cyberoam Central Console. Current version of Cyberoam Central Console does not support: Creation of Anti Virus and Anti Spam policies Deletion of Internet access policy, Bandwidth policy, IDP policy, IDP signature, Categories, host, and host group from Cyberoam using Cyberoam Central Console i.e. can be deleted locally from Cyberoam Central Console but can not be deleted from Cyberoam using Cyberoam Central Console. Access of Cyberoam Reports Firewall rule Internet Access policy Categories IDP policy Custom IDP signature 2. VPN Fail over[1] Cyberoam now provides automatic failover for: · · · · IPSec Net-to-Net connection IPSec Road Warrior connection Host-to-Host connection L2TP connection Depending on the connection type, connectivity with the remote peer or gateway is checked every 30 second. If the connectivity check fails, Cyberoam automatically redirects the connection to the subsequent ACTIVE connection without waiting for the intervention from the Administrator. 3. CIPA Compliance Cyberoam enables CIPA compliance for schools and libraries through its content filtering, allowing them to enforce an Internet safety policy that blocks and filters Internet access in accordance with CIPA requirements. Sample policy Name: Policy for minors Policy Type: Allow Reporting: Enable Web Categories: AdultContent Alcohol/Tobacco docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 170/409 ١١٢١٠٢/٤/ ComputerSecurityandHacking CrimeandSuicide Drugs Gambling MillitancyandExtremist Nudity PhishingandFraud Porn SexHealthandEducation SwimwearAndLingerie URL Translation sites Violence Weapons Strategy: Deny Schedule: All the time Cyberoam Docs Content filtering with CIPA compliance is required by the schools and libraries in US to receive funding under the E-Rate program which needs to have an Internet Safety Policy in place, ensuring the safety and security of minors online. Enhancements 1. IM Client blocking – Skype, Windows live and Rediff bol Popular Instant Messenger clients Skype, Windows Live and Rediff bol can now be blocked through IDP signatures. 2. 3rd party Certificate Authority[2] In this version, Cyberoam introduces significant enhancement to certificate-based authentication for VPN. Cyberoam no longer requires uploading of the Certificates issued by the following 3rd party Certificate Authority before use: · · · VeriSign Class 1, 2, 3, and 4 Primary CA Entrust.Net Secure Server Certificate Microsoft Root Certificate Authority Till previous version, for certificate-based authentication, Cyberoam required to upload the certificates before use. 3. Cyberoam Dashboard Noteworthy information related to configurations on the Cyberoam appliance that requires special attention such as password, access to critical security services, as well as notifications of subscription expirations are displayed in the Alert Messages section. The alerts that are displayed are: · · · · · · The default Web Admin Console password has not been changed. Default Telnet Console password is not changed. <Service name(s)> base management is allowed from WAN. This is not a secure configuration. It is recommended to use a good password. Your Cyberoam Appliance is not registered. <module name(s)> modules will expire within 5/10/20 days. Be sure to buy the subscription to stay protected. <module name(s)> module(s) expired 4. Search option in Anti Spam reports Search option has been added to Anti spam reports enabling to search Anti spam reports based on protocol, sender and receiver email address and email subject. 5. True bridge mode In the previous versions of Cyberoam, one had to define routes for all the networks configured in Cyberoam. This limitation has been removed in this version. Now multiple subnets can be used without any additional configuration i.e. without defining routes. This feature helps to maintain IP address transparency for routed IP addresses when virus and spam scanning as well as Internet Access policy is enabled from firewall rules. Post upgrade reboot is required to use this feature. 6. Generate binary file of traffic log generated with custom parameters Cyberoam now supports to save and download the tcpdump output in a binary file from Telnet Console using following command: tcpdump <criteria> filedump File tcpdump contains the troubleshooting information useful to analyze the traffic with advanced tool like ethereal for Cyberoam Support team. Downloaded from http://<cyberooam_ip>/documents/tcpdump.out and mail this file to Cyberoam Support team at
[email protected] Please refer to How To - Monitor packet flow using tcpdump on how to understand the tcpdump output. 7. Maximum Transmission Unit (MTU) fine-tuning option Cyberoam now allows configuring MTU as per the need whenever Cyberoam is connected with any PPPoE device such as ADSL. Fine-tuning MTU value is required due to PPPoE Architecture. Customization can be done from Option 1 Network Configuration of Telnet Console. Default Cyberoam MTU:1500 Refer to How To - Upgrade Cyberoam for more details. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 171/409 ١١٢١٠٢/٤/ Cyberoam Docs Bugs Solved The purpose of this list is to give an overview of the bugs fixed in the current release. The ID denotes the internal Cyberoam bug tracking ID and the description explains problem. Bug ID – 2222 Description – When FTP scanning is enabled, bandwidth restriction is not applied as per the configuration on FTP data transfer. Bug ID – 2337 Description – Cyberoam did not allow access to web categories defined in “Deny All” Internet Access policy. Big ID - 2339 Description - When FTP scanning was enabled, Port forward rule does not work. Bug ID – 2405 Description – L2TP VPN connection could not be activated when DHCP was enabled on WAN interface of Cyberoam. “Unable to activate” error was displayed at the time of activation. Bug ID – 2439 Description – Factory reset does not reset From and To email addresses configured in Reports Notification. Bug ID: 2446 Description – Cyberoam does not purge VPN logs. Bug ID – 2526 Description – HTTP Client Users are not able to log on to Cyberoam when external authentication is configured. Bug ID: 2534 Description – At the time of activating VPN connection, error “Unable to activate connection” is displayed, if preshared key included special character # (hash). Bug ID – 2536 Description – Diagnostic tool displayed Gateway status as “Critical” even when gateway was reachable and ping to the gateway is successful. Bug ID – 2569 Description – Web surfing reports were not included in backup of Log file. Bug ID – 2596 Description – Anti Spam reports displayed incorrect Rule Type. Bug ID: 2602 Description – The commands cyberoam dns-menu and cyberoam dialup-menu were available on Telnet Console even after the DNS and Dialup support was deprecated in the version 9.4.0.2. Bug ID – 2634 Description – If HTTP Proxy port was configured on port 8088, Cyberoam Web Admin Console became inaccessible. Bug ID: 2710 Description – Cyberoam was not able to resolve a DDNS hostname to a new IP address and re-connection if connection was lost. This situation occurred as IPSec daemon caches the previous IP address and sends the connection request on the previous IP address only. Bug ID: 2726 Description – Net-to-Net VPN connection could not be activated when DHCP was enabled on WAN interface of Cyberoam. Bug ID: 2752 Description – Diagnostic tool displayed “root partition full” error when the average load generated was high. Bug ID: 2753 Description - Cyberoam does not rebuild firewall state when deployment mode is changed i.e. Gateway to Bridge mode and vice versa. Cyberoam does not rebuild firewall state even after restoring the backup. Bug ID: 2755 Description – IDP Engine crashes if Intrusion Detection and Prevention (IDP) module is not subscribed and IDP policy is applied. Bug ID: 2759 Bug Description – Custom Web Categories did not work after restoring backup. Bug ID: 2764 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 172/409 ١١٢١٠٢/٤/ Cyberoam Docs Bug Description – When FTP scanning was enabled, Destination NAT (DNAT) rule for FTP does not work. Bug ID: 2768 Bug Description – Cyberoam did not log reboot or shutdown event in Audit log, if Cyberoam was rebooted using commands cyberoam shutdown or cyberoam restart from Telnet Console. When Cyberoam was rebooted using commands cyberoam shutdown or cyberoam restart from Telnet Console, reboot or shutdown event were not logged in Audit log. Bug ID: 2862 Description - Interface Alias configuration was not removed when Cyberoam deployment mode was changed i.e. Gateway to Bridge mode and vice versa. Bug ID: 2863 Description – When Cyberoam is configured as Proxy server and FTP scanning was enabled on Cyberoam, FTP connections were not dropped. Similar situation occurs for SMTP and POP connections. Bug ID: 2864 Description - Cyberoam did not block mails when mail scanning was enabled and ' Deny All' Internet Access policy was applied. Bug ID: 2865 Description – No provision for: viewing DHCP log, changing port to which DHCP service is binded, reserving IP address range, leasing specific IP address for MAC address. Bug ID: 2920 Description – Download and upload data transfer column are transposed in Traffic discovery reports. Upgrade has solved the issue and correct report will be displayed only after rebooting Cyberoam. Bug ID: 2930 Description – Cyberoam did not open FTP over HTTP request with username when parent proxy is configured e.g. ftp://
[email protected] Bug ID: 2931 Description – Cyberoam crashed whenever FTP server responded with the large greeting messages greater than the size permitted by FTP RFC-959. [1] Refer to VPN Management Guide (version 9420-1.0-19/04/2007 page 22) from docs.cyberoam.com for details. [2] Refer to VPN Management Guide (version 9420-1.0-19/04/2007 page 57) from docs.cyberoam.com for prerequisites and configuration details. 1.2.1.9.4.2. Known Issues The purpose of this list is to give an overview of known issues till Version 9.4.2.0 release. The ID denotes the internal Cyberoam bug tracking ID and will be shown in the Bug Fixes if the issue is fixed. Bug ID – 2079 Description – When FTP scanning is enabled, bandwidth restriction is not applied as per the configuration on FTP data transfer done through Windows Operating System. Bug ID – 2088 Description – SFP ports I and J are not displayed on Web Admin Console and Network Configuration wizard for Cyberoam 1000i and 1500i Appliances. Bug ID – 2106 Description – Anti Virus and Anti Spam reports are not included in backup. Bug ID – 2157 Description – VPN Client cannot be registered from any of the LAN machines behind Cyberoam. Bug ID – 2158 Description – Interface Info graphs from DG.HTML displays Ethernet ports as eth0, eth1, eth2 etc. instead of ports A, B, C, D, etc. Bug ID – 2178 Description – When FTP scanning is enabled on Cyberoam and FTP proxy is not enabled in Firefox Mozilla web browser, virus infected files are not blocked for FTP over HTTP. Browser displayed ‘Failed to change directory’ 550 error. Bug ID – 2201 Description – Create Firewall rule page in Web Admin Console displays incomplete IP address (Source and Destination) and bandwidth policy name. Bug ID – 2223 Description – Virus infected files downloaded using any of the web mail clients are not detected and blocked. Most of the web mail clients like yahoo, hotmail have their own scanning process. Cyberoam may not detect virus if scanning is disabled or bypassed by mail client. Bug ID – 2229 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 173/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – Blocked Attempts report does not provide details of any attempt to blocked ActiveX, Applets, and Cookies Category. Bug ID – 2237 Description – Backup of Cyberoam Appliance models CR50i, CR 100i, CR250i, and CR500i can not be restored on CR1000i or CR1500i Bug ID – 2322 Description – When same network is specified as local and remote network in Connection, VPN tunnel is not establish. Bug ID – 2334 Description – Yahoo Webcam is not supported when Cyberoam is configured as Proxy server. Bug ID – 2335 Description – Combo box is not displayed when overlapped with expanded menu if Web Admin Console is accessed using Internet Explorer. Bug ID – 2336 Description – Allowing Application categories or file type categories in “Deny All” Internet Access policy does not work. Bug ID – 2338 Description – Mismatch in IDP alerts details displayed on the Dashboard and in the Recent IDP Alerts page. Big ID - 2365 Description – Same IP address can be assigned to the multiple Ethernet ports via Network Configuration Wizard and Cyberoam CLI Console. Bug ID – 2368 Description – L2TP VPN tunnel cannot be established when Cyberoam is assigned non-routable IP address (private IP address). Bug ID – 2372 Description – Cyberoam does not support MSN voice chat. Bug ID – 2382 Description – Access denied message displays incorrect category name when access to File Type category is not allowed. Bug ID – 2385 Description – Incorrect Access Deny message is displayed when access to “All Web Traffic” category is not allowed. Bug ID – 2401 Description – Cyberoam does not provide PPPoE Interface link status information in Wed Admin Console. Bug ID – 2411 Description – When Cyberoam is deployed as Bridge, Traffic discovery incorrectly displays that all the connections are initiated from WAN interface. Bug ID – 2412 Description – IDP reports does not include action taken on IDP alerts. Bug ID – 2416 Description – If multiple interfaces are enabled for PPPoE and gateway for one of the PPPoE interface is changed, restarting the Management services (RMS) does not update the Gateway failover condition. Bug ID – 2417 Description – Create and Edit Firewall Rule page does not displays correct IP address of PPPoE interface. Bug ID – 2418 Description – FTP backup can not be taken if the FTP user account’s password includes special characters like && or $?. Bug ID – 2425 Description – For clientless users, web Surfing report displays duplicate entries - one with the username and another with the IP address. Bug ID – 2437 Description – When Cyberoam is deployed as Bridge, Manage Gateway page on Web Admin Console displays incorrect Ethernet Port IP address. Bug ID – 2460 Description – Mails could not be detected and filtered as spam mails if the Email address specified in Mime Header From or To option include character “.” (dot) Bug ID – 2520 Description – If the zone of the Ethernet port is changed using Network Configuration Wizard, changes are not automatically reflected in DDNS account configuration. One needs to manually change the DDNS configuration. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 174/409 ١١٢١٠٢/٤/ Bug ID – 2521 Cyberoam Docs Description – Change in IP address of Gateway is not automatically reflected in Gateway Failover condition. One needs to manually change the IP address in Failover condition. Till the IP address is changed, status of the Gateway will be displayed as Down. Bug ID – 2549 Description – Data fields sequence in the tabular format and CSV format is different in Web Surfing reports as well as Traffic Discovery reports. Bug ID – 2750 Description – Enable/disable Reporting option in Internet Access policy does not work. Bug ID – 2929 Description – TCP MSS adjustment is required if PPPoE link is terminated on Cyberoam. Due to this, www.hotmail.com is not accessible, Windows OS could not be updated, and downloading is not possible. Bug ID – 2932 Description – IDP module triggers high CPU usage if Cyberoam is under attack. As a workaround, enable DoS attack from Web Admin console. Bug ID – 2958 Description – IDP policy is not applied immediately after creation. One needs to restart management services (RMS) from Telnet Console. Bug ID – 3003 Description – Under the testing environment it is found that when multiple gateways are defined on Cyberoam, VPN connection from one WAN Interface does not consistently fail over to the another WAN Interface. The exact configuration parameters that trigger this situation are not known. If you face this problem, you are requested to contact at
[email protected] with the scenario details. Bug ID – 3004 Description – If the VPN client initiating PPTP connection is behind the NAT box then Cyberoam allows only one PPTP connection. 1.2.1.9.5. V 9.4.1 build 2 1.2.1.9.5.1. Release Notes Product Release Information Product: Cyberoam Release Number: 9.4.1 build 2 Release Date: 20th March, 2007 Compatible versions: 9.4.1. build 0 Upgrade: Auto Upgrade Customer Support: For more information or support, please visit www.cyberoam.com or email at
[email protected] Introduction This document contains the release notes for Cyberoam version 9.4.1 build 2. The following sections describe the release in detail and provide other information that supplements the main documentation. With this release, Cyberoam introduces few more features and feature enhancements in response to several bug reports. New Feature 1. Parent Proxy support[1] Cyberoam V 9412 will support Parent Proxy and can be configured from System > HTTP Proxy > Configure HTTP Proxy page using Web Admin Console. This feature is particularly helpful to the leased line users whose HTTP traffic is blocked by Service Provider. 2. Appliance Audit Log For auditing and tracking Appliance activities, Cyberoam can now log following events: · · · · · · · · Restart Management Services (RMS) Appliance reboot Appliance shutdown Factory reset Version upgrade Webcat Auto Upgrade Version migration Purging of Appliance Audit log 1. One can view log from Report > Audit log > Appliance Audit log report. 2. Web Admin Console provides facility to purge Appliance Audit log docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 175/409 ١١٢١٠٢/٤/ · · Cyberoam Docs manually from System > Manage Data > Purge Logs page automatically using Auto purge utility from System > Manage Data > Configure Auto Purge utility page 3. Customer Support Center access from Web Admin Console Cyberoam V 9412 provides a handy ‘Support’ button on the Web Admin Console which opens Cyberoam Customer support web page in a new browser window. From this page one can: · · · · Log on to the Customer Support Center using Customer Account created while registering Appliance View Appliance registration information Number of appliances registered Change password of the Customer Account Enhancement 1. Web Admin Console Logging Management[2] 1. One can now customize Syslog setting from System > Syslog Configuration page of Web Admin Console instead of Telnet Console. Syslog Setting menu from Telnet Console has been moved to Web Admin Console. 2. All the Network Logs except for Firewall Rules can now be enabled/disabled from Web Admin Console. 2. Web Surfing Report Site wise Web Surfing reports will now include name of the files instead of URL if uploaded via HTTP. Bug fixes The purpose of this list is to give an overview of the bugs fixed in the current release. The ID denotes the internal Cyberoam bug tracking ID and the description explains problem. Bug ID - 2004 Bug Description – Year was not displayed in the Audit log report date. Bug ID - 2079 Bug Description – Cyberoam failed to display the correct year on the Purge Log page. Bug ID - 2231 Bug Description – Cyberoam failed to display the correct date of DoS attack. Bug ID – 2298 Bug Description · · ‘Class A IP addresses not supported’ message was not displayed when the networks with Class A IP addresses were defined as Authentication Networks. Incorrect message ‘Page can not be displayed’ was displayed when user tried to log on from network which was not defined as Authentication Network. Bug ID - 2368 Bug Description – Cyberoam failed to establish L2TP VPN tunnel when connection request is routed through multiple NAT routers i.e. peer IP address is getting NATted multiple times. Bug ID - 2593 Bug Description – In Local ACL, Authentication services (Cyberoam and HTTP) and Proxy Services (HTTP) services could be enabled from the WAN port. Bug ID - 2594 Bug Description – Cyberoam failed to retain VPN directory structure on factory reset. Bug ID - 2595 Bug Description – User id was not included in user details, which was required to identify user specific firewall log entry. From V 9412 onwards, Manage Active, Manage Deactive and Manage Clientless User pages will display User ID also. Bug ID – 2633 Bug Description - Cyberoam tried to authenticate user even when FTP server allowed anonymous login if Cyberoam is used as HTTP Proxy. Bug ID – 2636 Bug Description - When POP3 scanning was enabled, Mail Client took longer to download mails. Bug ID – 2644 Bug Description – If Web Admin Console was configured on port 8088, Cyberoam Web Admin Console became inaccessible. Bug ID – 2652 Bug Description – PPTP clients behind Cyberoam are not able to establish tunnel with PPTP servers on the Internet (Client PPTP Pass-Thru). docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 176/409 ١١٢١٠٢/٤/ Bug ID – 2665 Cyberoam Docs Bug Description - Explicit routes settings are not synchronized between the HA peers i.e. Primary and Secondary appliances. Bug ID – 2689 Bug Description – If Web Admin console was configured on the port than port 80 and scanning is enabled, DNAT rule for LOCAL zone and port 80 does not work. [1] See User Guide (Docum ent Version 9412-1.0-01/03/2007 - page num ber 191) for more information [2] See User Guide (Docum ent Version 9412-1.0-01/03/2007 - page num ber 236) for more information 1.2.1.9.5.2. Known Issues The purpose of this list is to give an overview of known issues in the current release. The ID denotes the internal Cyberoam bug tracking ID and will be shown in the Bug Fixes if the issue is fixed. Release Number: 9.4.1 build 2 Bug ID – 2079 Description – For Windows Operating System when FTP scanning is enabled, Cyberoam fails to apply correct bandwidth restriction. Bug ID – 2088 Description – Cyberoam fails to display Port I and J either on Web Admin Console or Network configuration Wizard (Only for Cyberoam 1000i and 1500i Appliances). Bug ID – 2106 Description – Cyberoam fails to take the backup of Anti Virus and Anti Spam reports. Bug ID – 2157 Description – Cyberoam fails to register VPN Client fails from any of the LAN machines. Bug ID – 2158 Description – Interface Info graphs from DG.HTML fails to display Interfaces as A, B, C, D, etc. It displays as eth0, eth1, eth2 etc. Bug ID – 2178 Description – Cyberoam fails to block the infected file while trying to access virus infected files if FTP scanning is enabled but FTP proxy is not enabled from the Mozilla Browser and displays ‘Failed to change directory’ 550 error. Bug ID – 2201 Description – Due to lack of field space on Create Firewall rule, Cyberoam fails to display the complete IP address in the Host field and complete bandwidth policy name in the Bandwidth policy field. Bug ID – 2222 Description – If FTP scanning is enabled, Cyberoam fails to enforce the correct bandwidth restriction. Bug ID – 2223 Description – Cyberoam fails to block the infected file while trying to access virus infected file from webmail. Bug ID – 2229 Description – Cyberoam fails to display details of any attempts tried to access blocked ActiveX, Applets and Cookies Category in the Blocked Attempts report. Bug ID – 2237 Description – Cyberoam fails to restore the backup of Cyberoam Appliance models CR50i, CR 100i, CR250i or CR500i to CR100i or CR1500i. Bug ID – 2238 Description – Cyberoam fails to display the correct IP address of the Port after changing the mode of deployment on the Manage Gateway page. Bug ID – 2322 Description – Cyberoam fails to establish the tunnel when same network is specified as local and remote network. Bug ID – 2334 Description – Cyberoam fails to support Webcam when configured as Proxy. Bug ID – 2335 Description – Cyberoam fails to display Combo box when overlapped with expanded menu when Internet Explorer is used to access Web Admin Console (GUI). Bug ID – 2337 Description – Cyberoam fails to allow a particular category or service when “Deny All’ Internet Access policy is applied. Bug ID – 2338 Description – Cyberoam fails to display the details of the most recent IDP alerts in the Recent IDP Alerts page for the alerts displayed on the Dashboard. There is also docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 177/409 ١١٢١٠٢/٤/ Cyberoam Docs mismatch in the occurrence time displayed in the alerts on Dashboard and Recent IDP Alerts page. Big ID - 2339 Description - Port forward rule failed when FTP scanning was enabled. Big ID - 2365 Description – Cyberoam allows assigning same IP address to multiple ports via Network Configuration Wizard or Telnet Console. Bug ID – 2368 Description – Cyberoam fails to establish L2TP VPN tunnel when assigned non-routable IP address (private IP address). Bug ID – 2372 Description – Cyberoam fails to support MSN voice chat. Bug ID – 2382 Description – Cyberoam displays incorrect Category name in Access Deny message when access to File Type Category is denied. Bug ID – 2385 Description – Cyberoam displays incorrect Access Deny message when access to “All Web Traffic” category is denied. Bug ID – 2401 Description – Cyberoam does not provide PPPoE Interface link status information. Bug ID – 2405 Description – Cyberoam fails to activate L2TP connection and displays ‘Unable to active’ error. Bug ID – 2411 Description – Cyberoam Traffic discovery incorrectly displays that all the connections are initiated from WAN when deployed in bridge mode. Bug ID – 2412 Description – Cyberoam fails to report the action taken on IDP alert in the IDP Reports but displays on the Dashboard. Bug ID – 2416 Description – Even after restarting the Management services (RMS), Cyberoam fails to update the failover condition when multiple interfaces are enabled for PPPoE and gateway for one of the PPPoE interface is changed. Bug ID – 2417 Description – Create/ Edit Firewall Rule page displays incorrect IP address of PPPoE interface. Bug ID – 2418 Description – Cyberoam fails to take the ftp backup when user account password includes special characters like && or $? that has the specific meaning in Linux operating system. Bug ID – 2425 Description – Cyberoam incorrectly reports duplicate entries - one with the username and another with the IP address - for each user in Web Surfing report. Bug ID – 2437 Description – Cyberoam displays incorrect Ethernet Port IP address on the Manage Gateway page when configured as Bridge. Bug ID – 2439 Description – Factory reset does not reset the From and To email addresses configured for Reports Notification. Bug ID – 2460 Description – Spam policy fails to filter spam mails if “.” (dot) operator is specified in Mime Header From or TO option. Bug ID – 2520 Description – Cyberoam does not reflect the port changes in DDNS account configuration if port is changed from WAN to LAN zone Network Configuration Wizard. Bug ID – 2521 Description – Cyberoam does not reflect the port changes in the Failover condition when the IP address assigned to the port is changed. Bug ID – 2526 Description – HTTP Client Users are not able to log on if external authentication is configured. Bug ID – 2534 Description – Cyberoam fails to establish VPN connection if special character ‘#’ (hash) is included preshared key. Bug ID – 2536 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 178/409 ١١٢١٠٢/٤/ Cyberoam Docs Description – Diagnostic tool incorrectly displays Gateway status as Critical message even when gateway is reachable and ping to gateway is successful. Bug ID – 2549 Description – Data fields sequence in the tabular format and CSV format of the Web Surfing reports and Traffic Discovery reports is different. Bug ID – 2635 Description – If HTTP Proxy port was configured on port 8088, Cyberoam Web Admin Console became inaccessible. 1.2.2. Guides 1.2.2.1. V 9.6 1.2.2.2. V 9.5.8 1.2.2.3. V 9.5.4 build 90 1.2.2.4. V 9.5.4 build 80 1.2.2.5. V 9.5.4 build 66 1.2.2.6. V 9.5.3 build 20 1.2.2.6.1. User Guide Guide describes how to manage and customize Cyberoam to meet the specific requirements of your Organization with Cyberoam V 9.5.3 build 20. Guide contains following sections which describes how to: define Authentication process and firewall rule manage Groups and Users - add, edit and delete Users and User Groups manage and customize Policies - define and manage Surfing Quota policy, Access Time policy, Internet Access policy, Bandwidth policy and Data transfer policy manage Logon Pools - add, edit and delete Logon Pools customize Services, Schedules and Categories - create and manage Categories, Schedules and Services manage virtual hosts backup and restore define custom access deny message manage HTTP proxy configure Dynamic DNS service configure PPPoE interface Click the attachment to view the Guide. 1.2.2.6.2. Console Guide Cyberoam Console Guide provides functional and technical information of the Cyberoam Software. This Guide is written to serve as a technical reference and describes features that are specific to the Console. Guide also provides the brief summary on using the Console commands. This guide is intended for the Network Administrators and Support personnel who perform the following tasks: Configure System & Network Manage and maintain Network Manage various services Troubleshooting This guide is intended for reference purpose and readers are expected to possess basic-to-advanced knowledge of systems networking. Click the attachment to view the Guide. 1.2.2.6.3. Anti Virus Implementation Guide Guide describes Cyberoam Anti Virus service, its features and technology and how to use real time virus scanning feature of Cyberoam to protect entire network – workstations, files servers, mail system from known and unknown attacks by worms and viruses, trojans, spyware, adware, spam, hackers and all other cyber threats. Guide provides detailed instruction on configuring Cyberoam for virus protection, recurring tasks and other operating procedures like managing: various scan policy - SMTP, HTTP, FTP, POP3, IMAP address groups on which policy can be applied scanning rules to protect mails from virus and enabling or disabling scanning and reporting. Click attachment to view the Guide. 1.2.2.6.4. Anti Spam Implementation Guide Guide describes the Cyberoam Anti spam feature and technology. Guide provides detailed instruction on configuring Cyberoam for spam protection, recurring tasks and other operating procedures like managing: spam policy and rule address groups on which policy can be applied and enabling or disabling reporting. Click attachment to view the Guide. 1.2.2.6.5. Intrusion Detection and Prevention (IDP) Implementation Guide Guide describes how to use Intrusion Detection and Prevention feature of Cyberoam to protect your network from known and unknown attacks by worms and viruses, hackers and other internet risks. Guide describes: docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 179/409 ١١٢١٠٢/٤/ how to create and manage IDP policies how to enable and disable IDP categories how create and manage Custom IDP signature Click attachment to view the Guide. Cyberoam Docs 1.2.2.6.6. VPN Management Guide Guide helps understand concept of VPN an how to establish VPN connection using Cyberoam. Guide describes: various parameters of VPN policy types of VPN policy - IPSec, L2TP, PPTP VPN policy management certificate Authority and Certificate management how to configure connection failover Click attachment to view the Guide. 1.2.2.6.7. Virtual LAN Configuration Guide Guide describes how to implement Virtual LAN in Cyberoam. Guide also provides information on how to define and manage virtual subinterface. A sample VLAN implementation is also provides which helps understand how VLAN can be cinfigured using Cyberoam. Click attachment to view the Guide. 1.2.2.6.8. SNMP Configuration Guide Guide describes how to configure Cyberoam as an SNMP agent. Guide also provides information on: Cyberoam custom MIB and its description of MIB fields Traps how to create and manage community how to create and manage V3 users Click attachment to view the Guide. 1.2.2.6.9. Analytical Tool Guide The Guide helps you in understanding What is Analytical tool? How to check the health of your System? How to troubleshoot the diagnosed problems found in your System? Click attachment to view the Guide. 1.2.2.7. V 9.5.3 build 14 1.2.2.7.1. User Guide Guide describes how to manage and customize Cyberoam to meet the specific requirements of your Organization with Cyberoam V 9.5.3 build 14. Guide contains following sections which describes how to: define Authentication process and firewall rule manage Groups and Users - add, edit and delete Users and User Groups manage and customize Policies - define and manage Surfing Quota policy, Access Time policy, Internet Access policy, Bandwidth policy and Data transfer policy manage Logon Pools - add, edit and delete Logon Pools customize Services, Schedules and Categories - create and manage Categories, Schedules and Services manage virtual hosts backup and restore define custom access deny message manage HTTP proxy configure Dynamic DNS service configure PPPoE interface Click the attachment to view the Guide. 1.2.2.7.2. Anti Virus Implementation Guide Guide describes Cyberoam Anti Virus service, its features and technology and how to use real time virus scanning feature of Cyberoam to protect entire network – workstations, files servers, mail system from known and unknown attacks by worms and viruses, trojans, spyware, adware, spam, hackers and all other cyber threats. Guide provides detailed instruction on configuring Cyberoam for virus protection, recurring tasks and other operating procedures like managing: various scan policy - SMTP, HTTP, FTP, POP3, IMAP address groups on which policy can be applied scanning rules to protect mails from virus and enabling or disabling scanning and reporting. Click attachment to view the Guide. Features included in Guide are as per the Cyberoam Version 9.5.3 build 14 1.2.2.7.3. Anti Spam Implementation Guide Guide describes the Cyberoam Anti spam feature and technology. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 180/409 ١١٢١٠٢/٤/ Cyberoam Docs Guide provides detailed instruction on configuring Cyberoam for spam protection, recurring tasks and other operating procedures like managing: spam policy and rule address groups on which policy can be applied and enabling or disabling reporting. Click attachment to view the Guide. Features included in Guide are as per the Cyberoam Version 9.5.3 build 14 1.2.2.7.4. Intrusion Detection and Prevention (IDP) Implementation Guide Guide describes how to use Intrusion Detection and Prevention feature of Cyberoam to protect your network from known and unknown attacks by worms and viruses, hackers and other internet risks. Guide describes: how to create and manage IDP policies how to enable and disable IDP categories how create and manage Custom IDP signature Click attachment to view the Guide. IDP features included in Guide are as per the Cyberoam Version 9.5.3 build 14 1.2.2.7.5. VPN Management Guide Guide helps understand concept of VPN an how to establish VPN connection using Cyberoam. Guide describes: various parameters of VPN policy types of VPN policy - IPSec, L2TP, PPTP VPN policy management certificate Authority and Certificate management how to configure connection failover Click attachment to view the Guide. Features included in Guide are as per the Cyberoam Version 9.5.3 build 14 1.2.2.7.6. Virtual LAN Configuration Guide Guide describes how to implement Virtual LAN in Cyberoam. Guide also provides information on how to define and manage virtual subinterface. A sample VLAN implementation is also provides which helps understand how VLAN can be cinfigured using Cyberoam. Click attachment to view the Guide. Features included in Guide are as per the Cyberoam Version 9.5.3 build 14 1.2.2.7.7. SNMP Configuration Guide Guide describes how to configure Cyberoam as an SNMP agent. Guide also provides information on: Cyberoam custom MIB and its description of MIB fields Traps how to create and manage community how to create and manage V3 users Click attachment to view the Guide. Features included in Guide are as per the Cyberoam Version 9.5.3 build 14 1.2.2.7.8. Analytical Tool Guide The Guide helps you in understanding • What is Analytical tool? • How to check the health of your System? • How to troubleshoot the diagnosed problems found in your System? Click attachment to view the Guide. Features included in Guide are as per the Cyberoam Version 9.5.3 build 14 1.2.2.8. V 9.5.0 build 21 1.2.2.8.1. User Guide Guide describes how to manage and customize Cyberoam to meet the specific requirements of your Organization with Cyberoam V 9.5.0 build 21. Guide contains following sections which describes how to: define Authentication process and firewall rule manage Groups and Users i.e. how to add, edit and delete Users and User Groups manage VLAN i.e. how to define and manage virtual subinterfaces manage and customize Policies i.e. how to define and manage Surfing Quota policy, Access Time policy, Internet Access policy, Bandwidth policy and Data transfer policy docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 181/409 ١١٢١٠٢/٤/ Cyberoam Docs manage Logon Pools i.e. how to add, edit and delete Logon Pools customize Services, Schedules and Categories i.e. how to create and manage Categories, Schedules and Services how to upgrade upgrade Click the attachement to view the Guide. 1.2.2.8.2. High Availability (HA) Configuration Guide Guide describes how to use High Availability (HA) functionality of Cyberoam to protect your Organization against hardware failure to maximize network uptime and ensure uninterrupted access. Guide describes: HA terminology how cluster operates how to configure HA cluster how to enable and disable HA how HA peers are synchronized Click attachment to view the Guide. HA features included in Guide are as per the Cyberoam Version 9.5.0 build 21 1.2.2.8.3. Intrusion Detection and Prevention (IDP) Implementation Guide Guide describes how to use Intrusion Detection and Prevention feature of Cyberoam to protect your network from known and unknown attacks by worms and viruses, hackers and other internet risks. Guide describes: how to create and manage IDP policies how to enable and disable IDP categories how create and manage Custom IDP signature Click attachment to view the Guide. IDP features included in Guide are as per the Cyberoam Version 9.5.0 build 21 1.2.2.8.4. AntiVirus Implementation Guide Guide describes how to use real time virus scanning feature of Cyberoam to protect entire network – workstations, files servers, mail system from known and unknown attacks by worms and viruses, trojans, spyware, adware, spam, hackers and all other cyber threats. Guide describes: how to create and manage virus scanning policies fto SMTP traffic how to enable and disable scanning how protect mails from virus - POP3 and IMAP scanning how to and from where to enable HTTP traffic scanning how to and from where to enable FTP traffic scanning Click attachment to view the Guide. AV features included in the Guide are as per the Cyberoam Version 9.5.0 build 21 1.2.2.8.5. Anti Spam Implementation Guide 1.2.2.8.6. VPN Management Guide 1.2.2.8.7. Console Guide 1.2.2.9. Archives 1.2.2.9.1. V 9.4.2 build 0 1.2.2.9.1.1. User Guide Guide describes how to manage and customize Cyberoam to meet the specific requirements of your Organization. Guide contains following sections which describes how to: define Authentication process and firewall rule manage Groups and Users i.e. how to add, edit and delete Users and User Groups manage and customize Policies i.e. how to define and manage Surfing Quota policy, Access Time policy, Internet Access policy, Bandwidth policy and Data transfer policy manage Logon Pools i.e. how to add, edit and delete Logon Pools customize Services, Schedules and Categories i.e. how to create and manage Categories, Schedules and Services how to upgrade upgrade Click the attachement to view the Guide. 1.2.2.9.1.2. Console Guide Cyberoam Console Guide provides functional and technical information of the Cyberoam. This Guide is written to serve as a technical reference and describes features that are specific to the Console. Guide also provides the brief summary on using the Console commands. This guide is intended for the Network Administrators and Support personnel who perform the following tasks: · · · · Configure System & Network Manage and maintain Network Manage various services Troubleshooting This guide is intended for reference purpose and readers are expected to possess basic-to-advanced knowledge of systems networking. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 182/409 ١١٢١٠٢/٤/ Click the attachment to view the guide. Cyberoam Docs 1.2.2.9.1.3. VPN Management Guide VPN Management Guide provides a basic introduction to VPN and gives some fundamental information of those technologies that are relevant to the way Cyberoam implements VPN. It outlines how VPN tunnel is actually created and gives a detailed picture of the different settings that can be used to adjust the VPN policies using Cyberoam. 1.2.2.9.2. V 9.4.1 build 2 User Guide Console Guide Analytical Tool Guide High Availability Configuration Guide Multi Link Manager Guide Data Transfer Management Guide VPN Management Guide VPN Client Installation Guide VPN Client Configuration Guide Anti Spam Implementation Guide Anti Virus Implementation Guide IDP Implementation Guide 1.2.2.9.3. V 9410 1.2.2.9.4. V 9402 1.2.2.9.5. V 9400 1.2.2.9.6. V 9305 1.2.2.9.7. V 9202 1.2.2.9.8. V 9100 1.2.2.9.9. V 7420 1.2.2.10. Quick Start Guides Length of the quick start guide suggests that installing Cyberoam in your Network is relatively a simple process. Quick Start Guide provides you with a quick summary of the steps necessary to get your cyberoam up and running in couple of minutes. It also provides the default IP address scheme, username and password along with the front and back panel description of the Appliance. It describes what information to collect and how to install and configure your new Cyberoam in 7 simple steps: Planning the Configuration Getting Configuration Information Connecting Cyberoam Configuring Appliance What Next The purpose of the Quick Start Guide is to help you organize a Novell user group, and to give you suggestions on how to successfully manage and lead your group as a going concern. 1. 2. 3. 4. 5. Cyberoam provides appliance specific Quick Start Guide so please refer the appropriate guide. 1.2.3. Getting Started Guide 1.3. IPS IPS Signature Database version release summary Version V 3.0.54 V 3.0.53 V 3.0.52 V 3.0.51 V 3.0.50 V 3.0.49 Release date 10th April, 2012 02nd April, 2012 23rd March, 2012 15th March, 2012 02nd March, 2012 28th February, 2012 Upgrade type Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Applicable on version V 3.0.53 V 3.0.52 V 3.0.51 V 3.0.50 V 3.0.49 V 3.0.48 For all past IPS Signature Database Release Notes, click here. 1.3.1. Release Notes 1.3.1.1. V 3.0.53 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 183/409 ١١٢١٠٢/٤/ Release Information Cyberoam Docs Upgrade Applicable on: IPS Signature Database V 3.0.52 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility Annotations: None Introduction This document contains the release notes for IPS Signature Database version 3.0.53. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of ten (10) signatures are added for six (6) vulnerabilities mentioned below: Vulnerability Name Malware Backdoor.Win32.Blohi.A Runtime Detection Malware Backdoor.Win32.Geratid.A Runtime Detection Malware Backdoor.Win32.Matsnu.A Runtime Detection Malware Hack Style RAT Runtime Detection Malware Trojan.Win32.Neloweg.A Runtime Detection Malware Worm.Win32.Zaphal.B Runtime Detection Vulnerability Category Backdoor Backdoor Backdoor Spyware Spyware Spyware 1.3.1.2. V 3.0.52 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.51 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility Annotations: None Introduction This document contains the release notes for IPS Signature Database version 3.0.52. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of thirty six (36) signatures are added for eleven (11) vulnerabilities mentioned below: Vulnerability Name ABB Multiple Products RobNetScanHost.exe Stack Buffer Overflow Adobe Flash Player MP4 File Memory Corruption CA Total Defense Suite UNCWS exportReport SQL Injection EMC NetWorker nsrindexd.exe Procedure 0x01 Buffer Overflow IBM solidDB Redundant WHERE Clause Denial Of Service(Published Exploit) Vulnerability Category Exploit Exploit Exploit Exploit Exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 184/409 ١١٢١٠٢/٤/ Cyberoam Docs Microsoft SharePoint Foundation inplnview.aspx Cross-Site Scripting Microsoft Windows OpenType Font Validation Integer Overflow Novell GroupWise Addressbook Heap Buffer Overflow Novell GroupWise Messenger nmma.exe createsearch Memory Corruption Novell GroupWise Messenger nmma.exe Login Memory Corruption Novell Groupwise Messenger Server Process Memory Information Disclosure Exploit Exploit Exploit Exploit Exploit Exploit 1.3.1.3. V 3.0.51 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.50 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility Annotations: None Introduction This document contains the release notes for IPS Signature Database version 3.0.51. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of fifteen (15) signatures are added for seven (7) vulnerabilities mentioned below: Vulnerability Name Malware Backdoor.PHP.Nomno.A Runtime Detection Malware Backdoor.Win32.Dama.A Runtime Detection Malware Backdoor.Win32.Joanap.A Runtime Detection Malware Backdoor.Win32.Lowzone.bmc Runtime Detection Malware Backdoor.Win32.Weavun.A Runtime Detection Malware Backdoor.Win32.Zxshell.B Runtime Detection Microsoft Windows Remote Desktop Protocol Memory Corruption Vulnerability Category Backdoor Backdoor Backdoor Backdoor Backdoor Backdoor Exploit 1.3.1.4. V 3.0.50 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.49 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.50. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 185/409 ١١٢١٠٢/٤/ Cyberoam Docs network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of zero (0) signatures are added for zero (0) vulnerabilities mentioned below: Vulnerability Name Microsoft SharePoint wizardlist.aspx Cross-Site Scripting Microsoft Windows C Runtime Library Heap Buffer Overflow Microsoft Windows Indeo Codec Insecure Library Loading Oracle Java Web Start Command Argument Injection Remote Code Execution Oracle Java zip_util readCEN Stack Overflow Sunway ForceControl SNMP NetDBServer Stack Buffer Overflow Vulnerability Category Exploit Exploit Exploit Exploit Exploit Exploit 1.3.1.5. V 3.0.49 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.48 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.49. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of zero (0) signatures are added for zero (0) vulnerabilities mentioned below: Vulnerability Name Vulnerability Category - Changes made in IPS Signature Database Upgrade 4.0.49 A total of three (3) signatures are modified or updated for one (1) vulnerabilities mentioned below: Vulnerability Name PHP php_register_variable_ex Function Code Execution Vulnerability Category Exploit 1.3.1.6. Archive Version V 3.0.48 V 3.0.47 V 3.0.46 V 3.0.45 Release date 25th February, 2012 17th February, 2012 14th February, 2012 01st February, 2012 Upgrade type Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Applicable on version V 3.0.47 V 3.0.46 V 3.0.45 V 3.0.44 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 186/409 ١١٢١٠٢/٤/ V 3.0.44 V 3.0.43 V 3.0.42 V 3.0.41 V 3.0.40 V 3.0.39 V 3.0.38 V 3.0.37 V 3.0.36 V 3.0.35 V 3.0.34 V 3.0.33 V 3.0.32 V 3.0.31 V 3.0.30 V 3.0.28 V 3.0.27 V 3.0.26 V 3.0.25 V 3.0.24 V 3.0.23 V 3.0.22 V 3.0.21 V 3.0.20 V 3.0.19 V 3.0.18 V 3.0.17 V 3.0.16 V 3.0.15 V 3.0.14 23rd January, 2012 10th January, 2012 04th January, 2012 23rd December, 2011 14th December, 2011 07th December, 2011 28th November, 2011 23rd November, 2011 14th November, 2011 03rd November, 2011 21st October, 2011 13th October, 2011 20th September, 2011 07th September, 2011 26th August, 2011 12th August, 2011 03rd August, 2011 26th July, 2011 22nd July, 2011 07th July, 2011 30th June, 2011 10th June, 2011 27th May, 2011 19th May, 2011 12th May, 2011 06th May, 2011 29th April, 2011 21st April, 2011 13th April, 2011 06th April, 2011 Cyberoam Docs Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above. Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. V 3.0.43 V 3.0.42 V 3.0.41 V 3.0.40 V 3.0.39 V 3.0.38 V 3.0.37 V 3.0.36 V 3.0.35 V 3.0.34 V 3.0.33 V 3.0.32 V 3.0.31 V 3.0.30 V 3.0.28 and V 3.0.29 V 3.0.27 V 3.0.26 V 3.0.25 V 3.0.24 V 3.0.23 V 3.0.22 V 3.0.21 V 3.0.20 V 3.0.19 V 3.0.18 V 3.0.17 V 3.0.16 V 3.0.15 V 3.0.14 V 3.0.13 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 187/409 ١١٢١٠٢/٤/ V 3.0.13 V 3.0.12 V 3.0.11 V 3.0.10 V 3.0.9 V 3.0.8 V 3.0.7 V 3.0.6 V 3.0.5 V 3.0.4 V 2.4.57 01st April, 2011 19th March, 2011 9th March, 2011 25th February, 2011 19th February, 2011 11th February, 2011 17th January, 2011 16th November,2010 29th October, 2010 3rd September, 2010 15th November, 2010 Cyberoam Docs Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Auto Upgrade for Cyberoam Appliances currently on Version 10.00.0302 or higher Autoupgrade - Cyberoam Appliances curently on V 9.5.3 build 22 or above Manul - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.56 29th October, 2010 Autoupgrade - Cyberoam Appliances curently on V 9.5.3 build 22 or above Manul - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.55 13th October, 2010 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.54 15th September, 2010 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.53 12th August, 2010 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.52 8th July, 2010 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.51 3rd May, 2010 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.50 3rd May, 2010 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.49 22nd March, 2010 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.48 25th January, 2010 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.47 12th January, 2010 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier All the versions V 2.4.47 V 2.4.48 V 2.4.49 V 2.4.50 V 2.4.51 V 2.4.52 V 2.4.53 V 2.4.54 V 2.4.55 V 3.0.12 V 3.0.11 V 3.0.10 V 3.0.9 V 3.0.8 V 3.0.7 V 3.0.6 V 3.0.5 V 3.0.4 Version 3.0.2 or 3.0.3 V 2.4.56 V 2.4.45 22nd December, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.44 V 2.4.44 30th November, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.42 V 2.4.42 18th November, Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above V 2.4.41 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 188/409 ١١٢١٠٢/٤/ 2009 Cyberoam Docs Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.41 29th October, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.40 V 2.4.40 12th October, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.39 V 2.4.39 22nd September, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.38 V 2.4.38 7th September, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.37 V 2.4.37 18th August, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.36 V 2.4.36 27th July, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.34 V 2.4.35 V 2.4.35 27th July, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier All the versions V 2.4.34 14th July, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.33 V 2.4.33 29th June, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.32 V 2.4.32 5th June, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.31 V 2.4.31 19th May, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.30 V 2.4.30 7th May, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.29 V 2.4.29 22nd April, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.28 V 2.4.28 8th April, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier V 2.4.27 V 2.4.27 2nd April, 2009 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier All the versions docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 189/409 ١١٢١٠٢/٤/ V 2.4.24 V 2.4.23 1st April, 2009 10th March, 2009 Cyberoam Docs Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 18 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 18 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 18 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 18 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 18 or earlier V 2.4.10 3rd May, 2008 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 18 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 18 or earlier V 2.4.9 V 2.4.23 V 2.4.22 V 2.4.22 16th February, 2009 V 2.4.21 V 2.4.21 8th January, 2009 V 2.4.20 V 2.4.20 24th December, 2008 V 2.4.19 V 2.4.19 17th November, 2008 V 2.4.18 V 2.4.18 29th August, 2008 V 2.4.15, V2.4.17 V 2.4.15 V 2.4.16 3rd August, 2008 V 2.4.15 14th July, 2008 V 2.4.14 V 2.4.14 27th June, 2008 V 2.4.13 V 2.4.13 31st May, 2008 V 2.4.11 V 2.4.12 28th May, 2008 V 2.4.9 V 2.4.9 18th April, 2008 V 2.4.8 V 2.4.8 16th April, 2008 Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 18 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 18 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 18 or earlier Autoupgrade - Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual - Cyberoam Appliances currently on V 9.5.3 build 18 or earlier V 2.4.7 V 2.4.7 27th February, 2008 V 2.4.5 or V 2.4.6 V 2.4.4 V 2.4.5 21st December, 2007 V 2.4.4 20th December, 2007 V 2.4.1 1.3.1.6.1. V 3.0.48 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.47 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.48. Release includes support for new signatures. The following sections describe the release in details. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 190/409 ١١٢١٠٢/٤/ New Signatures Cyberoam Docs The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of twenty five (25) signatures are added for eight (8) vulnerabilities mentioned below: Vulnerability Name Apache HTTPD mod_log_config Cookie Handling Denial of Service(Published Exploit) HP Network Node Manager i Multiple Cross-Site Scripting Vulnerabilities Malware Backdoor.Win32.Ayuther.A Runtime Detection Malware Backdoor.Win32.Broonject.A Runtime Detection Malware Worm.Win32.Bagman.A Runtime Detection Novell iPrint Server attributes-natural-language Buffer Overflow Oracle Outside In JPEG 2000 COD and COC Parameter Heap Buffer Overflow PHP php_register_variable_ex Function Code Execution Vulnerability Category Exploit Exploit Backdoor Backdoor Spyware Exploit Exploit Exploit 1.3.1.6.2. V 3.0.47 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.46 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.47. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of zero (0) signatures are added for zero (0) vulnerabilities mentioned below: Vulnerability Name Vulnerability Category - Changes made in Application Upgrade 4.0.45 A total of two (2) signatures are modified or updated for one (2) vulnerabilities mentioned below: Vulnerability Name Oracle Database DBMS_SNAP_INTERNAL Package Buffer Overflow Microsoft ASP.NET Hash Collision Denial Of Service Vulnerability Category Exploit Exploit 1.3.1.6.3. V 3.0.46 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.45 & Appliance Firmware V 10.01.1023 or above. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 191/409 ١١٢١٠٢/٤/ Upgrade Information Cyberoam Docs Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.46. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of twelve (12) signatures are added for six (6) vulnerabilities mentioned below: Vulnerability Name HP Easy Printer Care ActiveX Control Directory Traversal IBM solidDB SQL SELECT Statement Denial of Service Malware Backdoor.Win32.IRCBot.TO Runtime Detection Malware Backdoor.Win32.Minitalviv.A Runtime Detection Malware Backdoor.Win32.Shindo.A Runtime Detection Microsoft Internet Explorer FTP Client Directory Traversal (Published Exploit) Vulnerability Category Exploit Exploit Backdoor Backdoor Backdoor Exploit 1.3.1.6.4. V 3.0.45 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.44 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.45. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of 45 signatures are added for 19 vulnerabilities mentioned below: Vulnerability Name Adobe Acrobat and Reader U3D Uninitialized Variable Apple QuickTime JPEG 2000 COD Length Integer Underflow Backdoor.Win32.Dipigger.A Backdoor.Win32.Hoverox.A Backdoor.Win32.Hupigon.dgz Backdoor.Win32.Noobot.A Backdoor.Win32.Saeeka.B Blue Coat BCAAA Stack Buffer Overflow Vulnerability Category Exploit Exploit Backdoor Backdoor Backdoor Backdoor Backdoor Exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 192/409 ١١٢١٠٢/٤/ Citrix Provisioning Services streamprocess exe Multiple Opcodes Integer Underflow Citrix Provisioning Services streamprocess exe Opcode 40020006 Integer Underflow HP Easy Printer Care ActiveX Control Directory Traversal HP OpenView Network Node Manager webappmon exe Buffer Overflow Microsoft ASP NET Hash Collision Denial Of Service Cyberoam Docs Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Spyware Microsoft Windows Object Packager Insecure Executable Loading Microsoft Windows win32k sys Memory Corruption Novell Netware XNFS NLM Caller Name xdrDecodeString Heap Buffer Overflow PHP Exif Header Parsing Integer Overflow Qualcomm WorldMail IMAP Literal Token Parsing Buffer Overflow Worm.Win32.Vaxpy.A 1.3.1.6.5. V 3.0.44 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.43 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.44. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of 16 signatures are added for 8 vulnerabilities mentioned below: Vulnerability Name Backdoor.Win32.Fynlos.A Backdoor.Win32.Rokiwobi.A Backdoor.Win32.Wergimog.C Microsoft Privilege ASP.NET Forms Authentication Elevation Vulnerability Category Backdoor Backdoor Backdoor of Exploit Exploit Microsoft Office RTF Stack Buffer Overflow Microsoft Windows Object Packager Insecure Executable Exploit Loading Microsoft ASP.NET Forms Authentication Insecure Redirect Multiple Vendors BSD telnetd Encryption Key Buffer Overflow Exploit Exploit 1.3.1.6.6. V 3.0.43 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.42 & Appliance Firmware V 10.01.1023 or above. Upgrade Information docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 193/409 ١١٢١٠٢/٤/ Cyberoam Docs Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.43. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of 2 signatures are added for a vulnerability mentioned below: Vulnerability Name Backdoor.Win32.Anglenop.A Vulnerability Category Backdoor 1.3.1.6.7. V 3.0.42 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.41 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.42. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of 17 signatures are added for 4 vulnerabilities mentioned below: Vulnerability Name Microsoft Office PowerPoint Insecure Library Loading Novell iPrint Client GetDriverSettings Stack Buffer Overflow Backdoor.Win32.Fynloski.A Backdoor.Win32.Simbot.A Vulnerability Category Exploit Exploit Backdoor Backdoor 1.3.1.6.8. V 3.0.41 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.40 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 194/409 ١١٢١٠٢/٤/ Cyberoam Docs Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.41. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of 4 signatures are added for 3 vulnerabilities mentioned below: Vulnerability Name Microsoft Time Remote Code Execution Worm.Win32.Autorun.ado Worm.Win32.Helompy.A Vulnerability Category Exploit Spyware Spyware 1.3.1.6.9. V 3.0.40 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.39 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.40. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of 3 signatures are added for 2 vulnerabilities mentioned below: Vulnerability Name Backdoor.Win32.Prvblickey.A Runtime Detection Backdoor.Win32.RShot.brw Runtime Detection Vulnerability Category Backdoor Backdoor 1.3.1.6.10. V 3.0.39 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.38 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 195/409 ١١٢١٠٢/٤/ Cyberoam Docs Introduction This document contains the release notes for IPS Signature Database version 3.0.39. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of 35 signatures are added for 16 vulnerabilities mentioned below: Vulnerability Name MicrosoftInternetExplorerFTPClientDirectoryTraversal(PublishedExploit) MicrosoftForefrontUAGDefaultReflectedCross-siteScripting Vulnerability Category Finger Exploit OracleDatabaseCTXSYS.DRVDISP.TABLEFUNC_ASOWNBufferOverflow Exploit Bennet-TecTListActiveXSaveDataArbitraryFileCreation MicrosoftExcelSubstreamParsingIntegerOverflow MicrosoftOfficeVBAModuleStreamUseafterFree(PublishedExploit) HPDataProtectorMediaOperationsMemoryCorruption MicrosoftWindowsMailandMeetingSpaceInsecureLibraryLoading MicrosoftExcelWindow2RecordUseAfterFree HPDataProtectorMultipleProductsGetPoliciesSQLInjection HPDataProtectorMediaOperationsDirectoryTraversal(PublishedExploit) FlexeraInstallShieldISGrid2.dllDoFindReplaceHeapBufferOverflows HPDataProtectorMultipleProductsFinishedCopySQLInjection MeasuresoftScadaProxfCommandExecution FTPBruteforceattack RDPBruteTool Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit FTP Miscellaneous 1.3.1.6.11. V 3.0.38 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.37 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.38. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of 101 signatures are added for 34 vulnerabilities mentioned below: docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 196/409 ١١٢١٠٢/٤/ Cyberoam Docs Vulnerability Name Apache httpd Ranges Header Field Memory Exhaustion Apple Safari WebKit innerHTML Double Free Memory Corruption (Published Exploit) Apple Safari Webkit libxslt Arbitrary File Creation (Published Exploit) Apple Safari WebKit SVG Markers Use-After-Free Memory Corruption (Published Exploit) Apple Safari WebKit SVG Memory Corruption Cisco NX-OS section and less Privilege Escalation (Published Exploit) Citrix XenApp and XenDesktop XML Service Interface Stack Buffer Overflow Digium Asterisk SIP Channel Driver Denial Of Service EMC AutoStart Error Logging Stack Buffer Overflow Freefloat FTP Server Invalid Command Buffer Overflow HP SiteScope integrationViewer Default Credentials ISC DHCP Server Packet Processing Denial of Service Microsoft Windows wab32res.dll Insecure Library Loading Mozilla Firefox and Thunderbird sensor.dll Insecure Library Loading MPlayer SAMI Subtitle sub_read_line_sami Buffer Overflow Novell GroupWise iCal RRULE Time Conversion Invalid Array Indexing Novell GroupWise Internet Agent HTTP Interface Stack Buffer Overflow Novell GroupWise Internet Agent RRULE Weekday Parsing Buffer Overflow OpenSSL ECDH Use After Free Oracle AutoVue AutoVueX ActiveX Control Export3DBom Remote File Creation Oracle AutoVue AutoVueX ActiveX Control ExportEdaBom Remote File Creation (Published Exploit) Oracle AutoVue AutoVueX ActiveX Control SaveViewStateToFile Remote File Creation Oracle Outside In CorelDRAW File Parser Integer Overflow Progea Movicon Negative Content-Length Buffer Overflow RealNetworks RealPlayer QCP Parsing Buffer Overflow Squid DNS Replies Invalid Free (Published Exploit) Squid Proxy Gopher Response Processing Buffer Overflow Sunway ForceControl SNMP NetDBServer Integer Signedness Buffer Overflow Sunway ForceControl SNMP NetDBServer Stack Buffer Overflow Sybase Open Server Function Pointer Array Code Execution Sybase Open Server Null Byte Stack Memory Corruption Symantec IM Manager Administrator Console Code Injection Symantec IM Manager Web Interface ProcessAction Code Execution Symantec Veritas Enterprise Administrator Service vxsvc Buffer Overflow Vulnerability Category Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit 1.3.1.6.12. V 3.0.37 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.36 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 197/409 ١١٢١٠٢/٤/ Cyberoam Docs Introduction This document contains the release notes for IPS Signature Database version 3.0.37. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Vulnerabilities: A total of 70 signatures are added for 39 vulnerabilities mentioned below: Vulnerability Name 7T Interactive Graphical Execution SCADA System Arbitrary File Vulnerability Category Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Exploit Sql Rules Exploit Exploit Exploit Exploit 7T Interactive Graphical SCADA System Arbitrary File Read And Overwrite Adobe Acrobat and Reader CoolType.dll Stack Buffer Over Adobe Acrobat and Reader CoolType.dll Stack Buffer Over (Published Exploit) Adobe Audition Session File Stack Buffer Over Adobe Shockwave Director File KEY Chunk Parsing Buffer Over Cisco Network Registrar Default Credentials Authentication Bypass Citrix Access Gateway Plug-in ActiveX Code Execution Citrix Provisioning Services Opcode 40020010 Stack Buffer Over isdataat Dnsmasq TFTP Service Remote Heap Buffer Over dsize EMC NetWorker librpc.dll Security Check Bypass reference FreeType PostScript Type1 Font Parsing Code Execution (Published Exploit) HP Data Protector Client EXEC_CMD Command Execution HP Intelligent Management Center dbman Buffer Over HP Intelligent Management Center imcsyslogdm Use After Free isdataat HP Intelligent Management Center img Buffer Over IBM Lotus Domino HPRAgentName Parameter Stack Buffer Over IBM Lotus Notes LZH Attachment Viewer Stack Buffer Over (Published Exploit) Microsoft IIS Server Crafted ASP Page Buffer Over Microsoft Internet Explorer Cross Frame Scripting Restriction Bypass Microsoft Internet Explorer layout-grid-char Memory Corruption Microsoft Internet Explorer Redirect Memory Corruption Microsoft Internet Explorer selection.empty Use After Free Microsoft Internet Explorer Time Element Memory Corruption Microsoft Internet Explorer VML vgx.dll Use After Free Microsoft Windows OLE Automation Remote Code Execution Microsoft Windows SMTP Service MX Record Denial Of Service Mozilla Firefox nsTreeRange Use After Free Mozilla Firefox OBJECT mChannel Use After Free Novell ZENworks Handheld Management Upload Directory Traversal Oracle Business WB_OLAP_AW_SET_SOLVE_ID SQL Injection Intelligence Oracle GlassFish Server Malformed Username Cross Site Scipting Oracle Java RMI Services Default Configuration Remote Code Execution Oracle Java Runtime Environment Insecure File Loading Oracle Outside In CorelDRAW File Parser Stack Buffer Over docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 198/409 ١١٢١٠٢/٤/ Cyberoam Docs Oracle Warehouse WB_OLAP_AW_REMOVE_SOLVE_ID SQL Injection Builder Sql Rules Exploit Exploit Exploit Postfix SMTP Server SASL AUTH Handle Reuse Memory Corruption (Published Exploit) Quest Software Big Brother Arbitrary File Deletion and Overwriting Trend Micro Control Manager CasLogDirectInsertHandler.cs Remote Code Execution 1.3.1.6.13. V 3.0.36 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.35 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.36. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 216 signatures are added for 15 applications and 10 vulnerabilities mentioned below: Application Name Facebook Applications FB Games Bejeweled FB Games CafeWorld FB Games FirmVille FB Games FrontierVille FB Games Mafia Wars FB Games MillionaireCity FB Games MindJolt FB Games PetSociety FB Games Poker FB Games TreasureIsle Gtalk IM Login Attempt Jabber Ultrasurf Youtube Website - HTTP Application Category General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet IM IM Proxy General Internet Vulnerability Name Malware BackDoor.DOQ.gen.y Runtime Detection Malware Backdoor.MacOS.Flashback.A Runtime Detection Malware Backdoor.MacOS.Imuler.A Runtime Detection Malware Backdoor.Win32.Agobot.ast Runtime Detection Malware Backdoor.Win32.Aldibot.A Runtime Detection Malware Backdoor.Win32.Arhost.D Runtime Detection Malware Backdoor.Win32.Babmote.A Runtime Detection Vulnerability Category Spyware Spyware Spyware Spyware Spyware Spyware Spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 199/409 ١١٢١٠٢/٤/ Malware Backdoor.Win32.Briewots.A Runtime Detection Malware Backdoor.Win32.Caphaw.A Runtime Detection Malware Backdoor.Win32.CBgate.A Runtime Detection Malware Backdoor.Win32.Dalbot.A Runtime Detection Malware Backdoor.Win32.Darkwebot.A Runtime Detection Malware Backdoor.Win32.Dekara.A Runtime Detection Malware Backdoor.Win32.Derusbi.A Runtime Detection Malware Backdoor.Win32.Domsingx.A Runtime Detection Malware Backdoor.Win32.Doschald.A Runtime Detection Malware Backdoor.Win32.Downbot.A Runtime Detection Malware Backdoor.Win32.Duqu.A Runtime Detection Malware Backdoor.Win32.Emudbot.A Runtime Detection Malware Backdoor.Win32.Ferabsa.A Runtime Detection Malware Backdoor.Win32.Fusing.AA Runtime Detection Malware Backdoor.Win32.Gnutler.apd Runtime Detection Malware Backdoor.Win32.Hassar.A Runtime Detection Malware Backdoor.Win32.Hinds.A Runtime Detection Malware Backdoor.Win32.Hupigon.nkor Runtime Detection Malware Backdoor.Win32.HXWAN.A Runtime Detection Malware Backdoor.Win32.Idicaf.B Runtime Detection Malware Backdoor.Win32.Inject.raw Runtime Detection Malware Backdoor.Win32.IRCBot.AAQ Runtime Detection Malware Backdoor.Win32.IRCBot.iseee Runtime Detection Malware Backdoor.Win32.Ixeshe.F Runtime Detection Malware Backdoor.Win32.Jetilms.A Runtime Detection Malware Backdoor.Win32.Kcahneila.A Runtime Detection Malware Backdoor.Win32.KukuBot.A Runtime Detection Malware Backdoor.Win32.Louisdreyfu.A Runtime Detection Malware Backdoor.Win32.Msposer.A Runtime Detection Malware Backdoor.Win32.Murcy.A Runtime Detection Malware Backdoor.Win32.Nvbpass.A Runtime Detection Malware Backdoor.Win32.PCRat.A Runtime Detection Malware Backdoor.Win32.PDFMarca.A Runtime Detection Malware Backdoor.Win32.Pefsire.A Runtime Detection Malware Backdoor.Win32.Pherbot.A Runtime Detection Malware Backdoor.Win32.Poison.AY Runtime Detection Malware Backdoor.Win32.Protux.B Runtime Detection Malware Backdoor.Win32.Qinubot.A Runtime Detection Malware Backdoor.Win32.Quejob.evl Runtime Detection Malware Backdoor.Win32.Quivoe.A Runtime Detection Malware Backdoor.Win32.R2d2.A Runtime Detection Malware Backdoor.Win32.Ramagedos.A Runtime Detection Malware Backdoor.Win32.RDPdoor.AE Runtime Detection Malware Backdoor.Win32.Reppserv.A Runtime Detection Malware Backdoor.Win32.Riern.K Runtime Detection Malware Backdoor.Win32.Ruskill.abl Runtime Detection Malware Backdoor.Win32.Russkill.C Runtime Detection Malware Backdoor.Win32.SensLiceld.A Runtime Detection Malware Backdoor.Win32.Sesent.A Runtime Detection Malware Backdoor.Win32.Shiz.ivr Runtime Detection Malware Backdoor.Win32.Showjiao.A Runtime Detection Malware Backdoor.Win32.Simbot.A Runtime Detection Malware Backdoor.Win32.Small.kbu Runtime Detection Malware Backdoor.Win32.Sogu.A Runtime Detection Malware Backdoor.Win32.Soleseq.A Runtime Detection Malware Backdoor.Win32.Spyeye Runtime Detection Malware Backdoor.Win32.SSonce.A Runtime Detection Malware Backdoor.Win32.Susnatache.A Runtime Detection Malware Backdoor.Win32.Talsab.B Runtime Detection Cyberoam Docs Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 200/409 ١١٢١٠٢/٤/ Malware Backdoor.Win32.VBasddsa.A Runtime Detection Malware Backdoor.Win32.Veebuu.BX Runtime Detection Malware Backdoor.Win32.Venik.B Runtime Detection Malware Backdoor.Win32.Wergimog.B Runtime Detection Malware Backdoor.Win32.Wisscmd.A Runtime Detection Malware Backdoor.Win32.WootBot.A Runtime Detection Malware Backdoor.Win32.Xlahlah.A Runtime Detection Malware Backdoor.Win32.Xtrat.A Runtime Detection Malware Backdoor.Win32.Yayih.A Runtime Detection Malware Backdoor.Win32.Yunsip.A Runtime Detection Malware Backdoor.Win32.Zapchast.qz Runtime Detection Malware Backdoor.Win32.Zewit.A Runtime Detection Malware Backdoor.Win32.Zmnada.A Runtime Detection Malware Backdoor.Win32.Zombie.sm Runtime Detection Malware Trojan.Win32.Agent.dhy Runtime Detection Malware Trojan.Win32.Agent.ndau Runtime Detection Malware Trojan.Win32.Bancos.QSPN Runtime Detection Malware Trojan.Win32.Carberp.D Runtime Detection Malware Trojan.Win32.Cossta.ntv Runtime Detection Malware Trojan.Win32.Ctfmon.A Runtime Detection Malware Trojan.Win32.KSpyPro.A Runtime Detection Malware Trojan.Win32.OddJob.A Runtime Detection Malware Trojan.Win32.Puprlehzae.A Runtime Detection Malware Trojan.Win32.Trup.CX Runtime Detection Malware Worm.Java.JBossjmx.A Runtime Detection Malware Worm.Win32.Ackantta.B Runtime Detection Malware Worm.Win32.Autorun.hi Runtime Detection Malware Worm.Win32.Balucaf.A Runtime Detection Malware Worm.Win32.Crass.A Runtime Detection Malware Worm.Win32.Cridex.B Runtime Detection Malware Worm.Win32.Dusta.br Runtime Detection Malware Worm.Win32.Ganelp.B Runtime Detection Malware Worm.Win32.Morto.A Runtime Detection Malware Worm.Win32.Rorpian.A Runtime Detection Malware Worm.Win32.Skopvel.A Runtime Detection Malware Worm.Win32.Vaubeg.A Runtime Detection Cyberoam Docs Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Spyware Changes made in Application upgrade 3.0.36 Note Application Count: 850 Application in categories mentioned below are modified or added. 1. General Internet 1. Facebook Applications 2. Facebook Games Bejeweled (New Application) 3. Facebook Games CafeWorld (New Application) 4. Facebook Games FirmVille (New Application) 5. Facebook Games FrontierVille (New Application) 6. FB Games Mafia Wars (New Application) 7. Facebook Games MillionaireCity (New Application) 8. Facebook Games MindJolt (New Application) 9. Facebook Games PetSociety (New Application) 10. Facebook Games Poker (New Application) 11. Facebook Games TreasureIsle (New Application) 2. IM 1. Gtalk IM Login Attempt 2. Jabber 3. Proxy 1. Ultrasurf docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 201/409 ١١٢١٠٢/٤/ 1.3.1.6.14. V 3.0.35 Cyberoam Docs Release Information Upgrade Applicable on: IPS Signature Database V 3.0.34 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.35. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 59 signatures are added for 22 vulnerabilities mentioned below: Vulnerability Name Microsoft Windows Media Center Insecure Library Loading Vulnerability Category Exploit Microsoft Forefront Unified Access Gateway NULL Session Exploit Cookie Denial of Service Microsoft Internet Explorer Select Element Memory Corruption Exploit Microsoft Internet Explorer Virtual Function Table Memory Exploit Corruption Microsoft Host Integration Server snabase.exe Infinite Loop Exploit Denial of Service Microsoft Host Access Error Integration Server snabase.exe Memory Exploit Exploit Exploit Exploit Microsoft Windows Insecure Library Loading Microsoft Office Excel BIFF5 Record Parsing Use After Free Microsoft Office Excel Out of Bounds Array Indexing Microsoft Excel Incorrect Execution BIFF2 Record Parsing Code Exploit Exploit Exploit Exploit Exploit Microsoft Office Excel Record Out of Bounds Index Microsoft Office Insecure Library Loading Microsoft SharePoint Calendar Cross-Site Scripting Microsoft SharePoint XML Handling Remote FileDisclosure Microsoft Internet Explorer toStaticHTML Cross-Site Scripting Exploit Microsoft Internet Explorer url.dll Telnet Handler Insecure Exe Exploit Loading Microsoft Internet Explorer XSLT Memory Corruption Exploit Microsoft DNS Server NAPTR Record Sign Extension Memory Exploit Corruption Microsoft Windows Library Loading Data Access Components Insecure Exploit Exploit Exploit Exploit Microsoft Remote Desktop Web Access Cross Site Scripting Microsoft Report Viewer Control Cross Site Scripting Microsoft Visio Insecure MFC71xxx.DLL Library Loading Changes made in IPS upgrade 3.0.35 Note Application Count: 840 1. Signatures are added for 22 vulnerabilities. 2. Some of the signatures are removed to resolve the issue of Ultrasurf & Freegate false positive results. These will cause the Ultrasurf & Freegate applications to bypass application filter. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 202/409 ١١٢١٠٢/٤/ 1.3.1.6.15. V 3.0.34 Cyberoam Docs Release Information Upgrade Applicable on: IPS Signature Database V 3.0.33 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.34. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 70 signatures are added for 36 applications and 2 vulnerabilities mentioned below: Application Name Adobe Update AIM Audio-Video Deezer ezPeer Grooveshark Hyves Music Hyves Music Streaming IAX Joost KKBOX Last.FM Client MEGABOX Orb PANDORA.TV QQ Messenger Login Attempt QQ Music QVod RTMPE SCCP SHOUTcast Streaming SHOUTcast Website Sirius XM SopCast Spotify SQL injection - URI Field SQL injection - USER/PASS Field Tagoo Tudou UUSEE Vakaka Vakaka Streaming Ventrilo Voddler Application Category General Internet VOIP Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media VOIP Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media IM Streaming Media Streaming Media Streaming Media VOIP Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media General Internet General Internet Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media VOIP Streaming Media docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 203/409 ١١٢١٠٢/٤/ VSee XSS In - DATA Field XSS In - URI Field Cyberoam Docs VOIP General Internet General Internet Vulnerability Name Malware TrojanSpy.Win32.Zbot.Gen (Downloads malicious files) Runtime Detection Vulnerability Category Backdoor Malware TrojanSpy.Win32.Zbot.Gen Runtime Detection (Connects Backdoor to remote server) Changes made in IPS upgrade 3.0.34 Note Application Count: 840 Some of the applications are modified to make them compatible with Application Filter while Classification is ON and there are 31 new applications. Application in categories mentioned below are modified or added. 1. General Internet 1. Adobe Update (New Application) 2. IM 1. QQ Messenger Login Attempt 3. 4. VOIP Streaming Media 1.3.1.6.16. V 3.0.33 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.32 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.33. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 60 signatures are added for 48 applications mentioned below: Application Name Adobe Share Attach Large Files File Transfer Blogger Create Blog Application Category Remote Access File Transfer General Internet docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 204/409 ١١٢١٠٢/٤/ Blogger Post Blog BookMyShow BoxNet Camoproxy CB Radio Chat Chatroulette Cricinfo Cricket DC ++ - Fetching Hub List e-Snips FileMail Application FileMail FileTransfer Webbased Flickr-Upload Freegate Friendster Login GaduGadu IM Garena Web Login Glide Google Translator Live365 Website LogMeIn Login Attempt Megaproxy MXit OLX ooVoo Login Attempt PC Anywhere PHProxy Proxeasy App Proxeasy Web Proxifier R-Login RSS Feeds SecurityKiss Serv-U - Remote Access_FTP Serv-U - Remote Access_HTTP Skydur Suresome Proxy Surrogafier Ultrasurf VNC-HTTP Way2SMS Own Inbox Waze Webmail Chat Gmail WeBuzz Web IM x11 Yoics Cyberoam Docs General Internet Android Applications File Transfer Proxy Android Applications General Internet Android Applications P2P File Transfer File Transfer File Transfer General Internet Proxy General Internet IM IM Remote Access General Internet General Internet Remote Access Proxy Android Applications Android Applications VOIP Remote Access Proxy Proxy Proxy Proxy Remote Access General Internet Proxy Remote Access Remote Access Proxy Proxy Proxy Proxy Remote Access General Internet Android Applications IM IM Remote Access Remote Access Changes made in IPS upgrade 3.0.33 Note Application Count: 809 Some of the applications are modified to make them compatible with Application Filter while the Classification is ON. Also there is inclusion of few new applications. Applications in categories listed below are modified or added. 1. Android Applications 2. General Internet 1. RSS Feeds (New Application) Note This application is for categorization/classification purpose only and will not block all RSS Feeds traffic. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 205/409 ١١٢١٠٢/٤/ 3. File Transfer 1. FileMail Application (New Application) 4. 5. P2P Proxy 1. Freegate 2. Ultrasurf Cyberoam Docs Note Surfing HTTPS websites using Internet Explorer may result in Ultrasurf & Freegate Logs. 6. 7. VOIP Remote Access 1.3.1.6.17. V 3.0.32 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.31 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: Not available for CR15wi. This document contains the release notes for IPS Signature Database version 3.0.32. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 310 signatures are added for 142 applications mentioned below: Application Name AIM App - Android Air Video All Recipes Andriod Free Movies Android Market AOL Mail Website Appliance Authentication Service BBC News Bebo Website Blogger Create Blog Blogger Post Blog Blogger BookMyShow CB Radio Chat Chatroulette Circumventor Connection Attempt CNN CodeAnywhere Craigslist Cricinfo Cricket Daily Cartoons Daum Maps Application Category Android Applications General Internet Android Applications Android Applications Android Applications General Internet Internet Protocol Android Applications General Internet General Internet General Internet Android Applications Android Applications Android Applications IM Proxy Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 206/409 ١١٢١٠٢/٤/ Dim Dim DirecTV eBay EBuddy Engadget ESPN Cricinfo ESPN Score Center Exchange Rates Facebook App - Android Facebook Applications Facebook Chat Facebook Games Facebook Limited Access Facebook Message Facebook Pics Download Facebook Pics Upload Facebook Plugin Facebook Status Update Facebook Video Chat Facebook Video Upload Facebook Website Fly Proxy Foursquare Freegate FreeU Fring Fun For Mobile GasBuddy GetRight Glype Proxy GoChat Goggles Google Plus Website Google Reader Google Sky Map Google Street View Google Translate Gree.jp Login Gtalk Android Hitpost HTTP-Tunnel HTTPort Proxy Hungama MyPlay Hushmail Login Icap ICQ IM+ IMDB imo-Chat Kik Messenger Korea Mail Last.fm Android LinkedIN Company Search LinkedIN Inbox LinkedIN Job Search LinkedIN Limited Access LinkedIN Mail Compose LinkedIN Status Update Linkedin Cyberoam Docs General Internet Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet Proxy Android Applications Proxy Proxy Android Applications Android Applications Android Applications File Transfer Proxy Android Applications Android Applications General Internet General Internet General Internet General Internet General Internet General Internet Android Applications Android Applications Proxy Proxy Android Applications General Internet General Internet Android Applications Android Applications Android Applications Android Applications Android Applications General Internet Android Applications General Internet General Internet General Internet General Internet General Internet General Internet Android Applications docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 207/409 ١١٢١٠٢/٤/ LiveProfile LivingSocial LogMeIn Login Attempt Meetup Mig33 Mobyler Moviefone Multiupload File Sharing MXit NATE App - Android NDTV News Republic NPR News Odnoklassniki App - Android OkCupid OLX Orkut App - Android Peercast Phex Plugoo Widget Proxifier Qeep Raaga Saavn Scydo SendSpace App - Android Sharebase File Transfer Shazam SnapBucket SOCK4 SOCK5 SoundCloud SoundHound Speedtest.net App - Android StumbleUpon Tagged TalkBox Tango TOR TripAdvisor Tru Phone Tumblr Tune In Radio Twitter App - Android Twitter Limited Access Twitter Video Twitter Pic and Video Upload Twitter Message Twitter Status Update Twitter Website Ultrasurf vBuzzer Vtunnel Waze WeatherBug WikiEncyclopedia Yahoo IM Chat Attempt Yahoo Live Scores Zedge Cyberoam Docs Android Applications Android Applications Remote Access Android Applications Android Applications Android Applications Android Applications File Transfer Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications P2P P2P General Internet Proxy Android Applications Android Applications Android Applications Android Applications Android Applications File Transfer Android Applications Android Applications Proxy Proxy Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Proxy Android Applications Android Applications Android Applications Android Applications Android Applications General Internet General Internet General Internet General Internet General Internet General Internet Proxy Android Applications Proxy Android Applications Android Applications Android Applications IM Android Applications Android Applications docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 208/409 ١١٢١٠٢/٤/ Zoho Mail Zoho Website Changes made in IPS upgrade 3.0.32 Note Application Count: 807 (Except CR15wi) Cyberoam Docs General Internet General Internet All the applications are modified to make them compatible with Application Filter while Classification is ON. Applications in categories listed below are modified. 1. 2. 3. 4. 5. 6. 7. Android Applications General Internet File Transfer P2P Proxy VOIP Remote Access Introduction 1.3.1.6.18. V 3.0.31 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.30 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: Not available for CR15wi. Introduction This document contains the release notes for IPS Signature Database version 3.0.31. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 26 signatures are added for 11 applications mentioned below: Application Name Apple Update DC ++ Download Attempt Facebook Plugin Facebook Video Chat Freegate Google Plus Website HTTP Request Response Squirrelmail Webmail Package TOR Ultrasurf Yahoo Toolbar Application Category General Internet P2P General Internet General Internet Proxy General Internet General Internet General Internet Proxy Proxy General Internet Changes made in IPS upgrade 3.0.31 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 209/409 ١١٢١٠٢/٤/ Note Application Count: 807 (Except CR15wi) Cyberoam Docs Few of the applications are added or modified and they are as described below: 1. 2. 3. 4. 5. 6. 7. 8. 9. Apple Update DC ++ Download Attempt (New Application) Facebook Plugin (New Application) Facebook Video Chat (New Application) Freegate (Version 7.16) Goolge Plus Website HTTP Request response Squirrelmail Webmail Package TOR 10. Ultrasurf (Version 10.17) Note Surfing HTTPS websites using Internet Explorer 6 or lower may result in Ultrasurf Logs. 11. Yahoo Toolbar (New Application) Note This application is for categorization/classification purpose only and will not block Yahoo Toolbar traffic. 1.3.1.6.19. V 3.0.30 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.28 and V3.0.29 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.30. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 9 signatures are added for 5 applications mentioned below: Application Name Attix5 Facebook Limited Access Twitter Limited Access Yahoo IM Chat Attempt Yahoo Mail-Website Application Category File Transfer General Internet General Internet IM General Internet Changes made in IPS upgrade 3.0.30 Note Application Count: 805 (Except CR15wi) Few of the applications are modified and they are as described below: 1. Facebook Limited Access Features Added docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 210/409 ١١٢١٠٢/٤/ · · · · · · 2. Groups Search Page Events Picture Thumbnail Profile Cyberoam Docs Twitter Limited Access Features Added · Picture Upload with tweet 3. 4. 5. 6. Yahoo Mail - Website (Application Renamed) Yahoo IM Chat Attempt (New Application) Attix5 Ultrasurf Note This application is compatible with Internet Explorer Version 7 and above. 1.3.1.6.20. V 3.0.28 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.27 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.28. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 55 signatures are added for 8 applications mentioned below: Application Name eMule Facebook Limited Access Freegate ISO-ip QQ Messenger Login Attempt Sales Force Login Torrent Clients Youtube Upload Application Category P2P General Internet Proxy Network Services IM General Internet P2P Streaming Media 1.3.1.6.21. V 3.0.27 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.26 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: None docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 211/409 ١١٢١٠٢/٤/ Cyberoam Docs Introduction This document contains the release notes for IPS Signature Database version 3.0.27. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 88 signatures are added for 28 application mentioned below: Application Name 56.com Streaming AED Blip.TV Streaming Daily Motion GoBoogy Login Golf TV Google Plus HEMS Jargon Knet-cmp LeTV Streaming LinkedIN Limited Access Netsc-dev Netsc-prod PCMail-srv QQ File Transfer Request QQ Live Sina Video SQL-Net Twitter Limited Access UltraVPN Ustream.TV Streaming Vimeo Way2SMS Gmail Inbox Way2SMS Own Inbox Way2SMS Yahoo Inbox WiFree World TV Application Category Streaming Media Network Services Streaming Media Streaming Media Proxy Streaming Media General Internet Network Services Network Services Network Services Streaming Media General Internet Network Services Network Services Network Services File Transfer Streaming Media Streaming Media Network Services General Internet Proxy Streaming Media Streaming Media General Internet General Internet General Internet Proxy Streaming Media Highlights: 1. Twitter Limited Access Features added: · Follow the user · Search · Tweet listing in user profile · Whom to follow · Settings · Help · Message Post · Switch to Old Version (They are shutting down old version soon) 2. Changes made to Streaming signatures to allow only YouTube application Note - One need to allow applications mentioned below from the application filter: · YouTube Videos · FLV Streaming · Shockwave Streaming · X-Flv Streaming · SWF Streaming Attempt docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 212/409 ١١٢١٠٢/٤/ Cyberoam Docs 3. LinkedIn Limited Access Features Added: · · · · Advertise on LinkedIn Recommendation Jobs and its sublinks · · · Edit Profile Organizer · · View Profile Groups and its sublink News and its sublinks See all headlines More and its sublinks · (except upgrade my account) Status like and comment · on status Search box on Homepage · for various options (People, Update, Jobs, Companies, etc.) Your LinkedIn network · (except Add Connections) Companies you may want · to follow Companies and its · sublinks LinkedIn Today · · Show more link · Colleagues and Classmates links Who viewed your profile · Advanced search options · · Jobs you may be · interested in Add an application Groups you may like · 1.3.1.6.22. V 3.0.26 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.25 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.26. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 2 signatures are added for 1 application mentioned below: Application Name Freegate Application Category Proxy 1.3.1.6.23. V 3.0.25 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.24 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 213/409 ١١٢١٠٢/٤/ Upgrade Information Cyberoam Docs Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.25. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 271 signatures are added for 133 applications mentioned below: Application Name LinkedIN Inbox LinkedIN Status Update Propel Internet Accelerator LinkedIN Job Search LinkedIN Company Search LinkedIN ReadOnly Mode Twitter ReadOnly Mode Freegate FreeU VOIP Stickam Seesmic Chatroulette VoipTalk SvrLoc NBNS SSL Telnet Cyberoam Authentication Service SSH POP3 SMTP IMAP DNS ICMP SSH FTP Delete Command(FTP DELE) FTP Upload Command(FTP STOR) FTP Download Command(FTP RETR) RADIUS DHCP CIFS Bypass Register S-Net NAMP Facebook App - Android NATE App - Android Odnoklassniki App - Android Orkut App - Android SendSpace App - Android Speedtest.net App - Android AIM App - Android Application Category General Internet General Internet General Internet General Internet General Internet General Internet General Internet Proxy VOIP VOIP VOIP IM VOIP Network Services Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Network Services Network Services Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 214/409 ١١٢١٠٢/٤/ Twitter App - Android Gtalk Android Google Street View Avaya Conference FileTransfer Badonga Application GET HTTP data more than 976 KB HTTP Resume Download MSN File Transfer Timbuktu Remote Timbuktu Chat Timbuktu File Transfer Timbuktu Exchange Twitter Video Adobe Connect AIM Website Air AIM Chat Air Video Avaya Conference Babelgum Website Baofeng Website Dim Dim Docstoc Website ERoom Facebook Applications Facebook Games Facebook Limited Access Facebook Video Upload Facebook Website Gmail Website Hotmail Website HTTP Request Response Mail.com Website Yugma Website Gtalk IM Login Attempt Hovrs Login Hyves Rediffbol Login Attempt RenRen IM Sina UC IM BootPC BootPS NTP Private Mail Camoproxy Fly Proxy FreeU Glype Proxy PHProxy Ping Tunnel Proxeasy App Proxeasy Web Reduh RPC Over HTTP Suresome Proxy Surfing - PHP Redirection Surrogafier Vtunnel Zelune Proxy Adobe Share Cyberoam Docs Android Applications Android Applications Android Applications File Transfer File Transfer File Transfer File Transfer File Transfer Remote Access IM File Transfer General Internet File Transfer General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet IM IM IM IM IM IM Network Services Network Services Network Services Network Services Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Remote Access docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 215/409 ١١٢١٠٢/٤/ Ali WangWang Bomgar Remote Dameware Mini Remote Elluminate Remote Fastviewer Glide Jump Desktop Live Meeting Mikogo My Green-PC NetOP Ondemand PC Anywhere PC Visit R-exec R-Login RDmPlus RemotelyAnywhere Authentication RSH Techinline VNC-HTTP Vyew Vyew Website Vyew Website RDP Zoho Meeting Freecall/Justvoip/LowRatevoip Live Meeting Voip NSS-Routing SGMP-Traps CMIP-man CMIP-agent XNS-Courier AIM Messenger Login Attempt Gbridge Cyberoam Docs Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access VOIP VOIP Network Services Network Services Network Services Network Services Network Services IM Proxy 1.3.1.6.24. V 3.0.24 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.23 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.24. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 125 signatures are added for 94 applications mentioned below: Application Name Ali WangWang Application Category Remote Access docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 216/409 ١١٢١٠٢/٤/ Bomgar Remote Propel Internet Accelerator Dameware Mini Remote Fastviewer Jump Desktop My Green-PC PC Anywhere PC Visit R-exec RDmPlus RSH Synergy webRDP Techinline Glide VNC-HTTP R-Login x11 Yoics Adobe Share Facebook-App Mig33 Scydo Twitter-App CNN DirecTV ESPN Cricinfo Google Reader Google Street-View IM+ Kik Messenger StumbleUpon Blogger CodeAnywhere Goggles Mobyler OkCupid Qeep Google Sky Map SnapBucket Google Translate Tumblr WeatherBug WikiEncyclopedia vBuzzer Foursquare Hitpost Hungama MyPlay imo-Chat Meetup Moviefone NDTV Saavn SoundCloud Yahoo Live Scores Last.fm Android OLX Waze BookMyShow Cyberoam Docs Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 217/409 ١١٢١٠٢/٤/ CB Radio Chat MXit Cricinfo Cricket All Recipes BBC News Craigslist Daily Cartoons Daum Maps Exchange Rates Fun For Mobile GasBuddy GoChat LiveProfile LivingSocial NATE App NPR News News Republic Odnoklassniki-App Raaga Shazam SoundHound Speedtest.net Mobile Tagged TalkBox Tango TripAdvisor Tune In Radio LinkedIN Inbox LinkedIN Status Update LinkedIN Job Search LinkedIN Company Search LinkedIN ReadOnly Mode Facebook Message Ammyy Admin Connection Attempt Cyberoam Docs Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications General Internet General Internet General Internet General Internet General Internet General Internet Remote Access 1.3.1.6.25. V 3.0.23 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.22 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.23. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 55 signatures are added for 24 applications mentioned below: Application Name Application Category docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 218/409 ١١٢١٠٢/٤/ Bittorrent_uTorrent_Thunder QQ File Transfer Request Propel Internet Accelerator LinkedIN Mail Compose Ftp Brute Force Attempt Ultrasurf Linked Inbox Linked Status Update Linked Job Search Linked Company Search Linked ReadOnly Mode Twitter Pic and Video Upload Twitter Message Twitter Status Update Twitter ReadOnly Mode Facebook ReadOnly Mode Proxifier WLM Webchat Orkut-App SendSpace-App Google Cache Blogger Create Blog Blogger Post Blog Facebook Message Cyberoam Docs P2P File Transfer General Internet General Internet General Internet Proxy General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet Proxy IM Android Applications Android Applications General Internet General Internet General Internet General Internet 1.3.1.6.26. V 3.0.22 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.21 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.22. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 43 signatures are added for 33 applications mentioned below: Application Name Freegate Hotspotshied Ultrasurf Njutrino Proxy Windows Update Pokerstars Online HTTP Tunnel Proxy Adobe Connect Avaya Conference Dim Dim Application Category Proxy Proxy Proxy Proxy General Internet Gaming Proxy General Internet General Internet General Internet docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 219/409 ١١٢١٠٢/٤/ Elluminate Remote Google Wave NetOP Ondemand Vyew Yugma Yugma Webite Https Zoho Meeting Vyew Website Vyew Website RDP AIM Andriod Free Movies ESPN Score Center EBuddy Engadget Fring Gtalk ICQ Linkedin Android Market Street View Tru Phone Zedge eBay Cyberoam Docs Remote Access General Internet Remote Access Remote Access Remote Access Genaral Internet Remote Access General Internet Remote Access Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications Android Applications 1.3.1.6.27. V 3.0.20 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.19 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.20. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 113 signatures are added for 10 applications and 32 vulnerabilities mentioned below: Application Name Gtalk File Transfer Attach Large Files File Transfer Webmail Chat Yahoo Yahoo Mail Calendar Yahoo Edit Photos Yahoo IM File Transfer Rediffbol Login Attempt Kugoo Playlist Retrieval attempt Facebook Status Update LogMeIn Login Attempt Application Category File Transfer File Transfer IM General Internet General Internet File Transfer IM P2P General Internet Remote Access Vulnerability Name Vulnerability Category docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 220/409 ١١٢١٠٢/٤/ Cyberoam Docs Microsoft WMI Administrative Tools ActiveX Control Multiple Vulnerabilities Exploit Microsoft Windows Graphics Rendering Engine Thumbnail Image Exploit Stack Buffer Overflow HP Data Protector Manager RDS Denial of Service DoS Microsoft Windows Data Access Components ADO Record Code Exploit Execution Citrix Provisioning Services Overflow streamprocess.exe Stack Buffer Exploit Microsoft Windows Fax Services Cover Page Editor Double Free Exploit Memory Corruption Realplayer vidplin.dll AVI Header Parsing Code Execution Exploit Microsoft Internet Explorer 8 Developer Tools Remote Code Exploit Execution Microsoft Office Groove Insecure Library Loading Exploit RealNetworks RealPlayer CDDA URI Uninitialized Pointer Code Exploit Execution Microsoft Windows Fax Services Cover Page Editor Heap Buffer Exploit Overflow EnterpriseDB PostgreSQL Plus Advanced Management Server Authentication Bypass Server DBA Exploit Exploit Exploit Exploit Exploit SQL Exploit Exploit Exploit Exploit Exploit Exploit Microsoft Windows DirectShow Insecure Library Loading Microsoft Remote Desktop Connection Insecure Library Loading Apple Safari WebKit Range Object Remote Code Execution Adobe Flash Player Memory Corruption Oracle Java Applet2ClassLoader Remote Code Execution RealNetworks RealPlayer IVR Handling Heap Buffer Overflow RealFlex RealWin FC_RFUSER_FCS_LOGIN Buffer Overflow RealFlex RealWin Tag Manipulation Buffer Overflow IBM solidDB solid.exe Authentication Bypass Microsoft Visual Studio MFC Insecure Library Loading Microsoft Windows Messenger ActiveX Control Code Execution Novell Netwa-re FTP Server DELE Command Stack Buffer Overflow Exploit RealFlex RealWin FC_SCRIPT_FCS_STARTPROG Buffer Overflow Exploit Microsoft Internet Explorer Object Management Memory Corruption Exploit Adobe Flash Player ActionScript callMethod Type Confusion Code Exploit Execution Microsoft Internet Explorer CSS Use After Free Memory Corruption Exploit Embarcadero InterBase Connect Request Multiple Stack Buffer Exploit Overflows HP Data Protector Backup Client Service GET_FILE Directory Web-Misc Traversal Microsoft PowerPoint TextHeaderAtom Memory Corruption Exploit HP Intelligent Management Center TFTP Server MODE Remote Exploit Code Execution 1.3.1.6.28. V 3.0.19 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.18 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.19. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 221/409 ١١٢١٠٢/٤/ Cyberoam Docs network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 98 signatures are added for 29 applications and 24 vulnerabilities mentioned below: Application Name WebM Streaming Facebook Application Facebook Pics Download Facebook Pics Upload Facebook Vids Upload Shockwave Streaming Ustream.TV Streaming Reduh Socks2Http Google-Cache Ping Tunnel RPC Over HTTP Google Analytic RenRen IM Google Translator Sina UC IM Google Safebrowsing Google Location Mikogo Live Meeting Voip Live Meeting Nateon Proxy Timbuktu Remote Timbuktu Chat Timbuktu File Transfer Timbuktu Exchange WinMX P2P Ultrasurf Freegate Application Category Streaming Media General Internet General Internet General Internet General Internet Streaming Media Streaming Media Proxy Proxy General Internet Proxy Proxy General Internet IM General Internet IM General Internet General Internet Remote Access VOIP Remote Access Proxy Remote Access IM File Transfer General Internet P2P Proxy Proxy Vulnerability Name Vulnerability Category RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass Exploit HP OpenView NNM getnnmdata.exe CGI Hostname Parameter Exploit Buffer Overflow Apache Struts2 Execution ParametersInterceptor Remote Command Exploit Exploit Exploit Exploit HP Data Protector Manager MMD Service Stack Buffer Overflow Microsoft IIS FTP Server Telnet IAC Buffer Overflow NetSupport Manager Client Buffer Overflow HP OpenView Performance Insight Server Backdoor Account Code Exploit Execution IBM DB2 Universal Database receiveDASMessage Buffer Overflow Exploit Symantec Alert Management System Modem String Stack Buffer Exploit Overflow Symantec Alert Management System AMSSendAlertAck Stack Exploit Buffer Overflow Microsoft Windows Active Directory BROWSER ELECTION Buffer Exploit Overflow Novell ZENworks Configuration Management TFTPD Heap Buffer Exploit Overflow Novell ZENworks Desktop Management on Linux TFTPD Code Exploit Execution Novell Netware XNFS.NLM Stack Buffer Overflow Multiple Products STARTTLS Plaintext Command Injection Exploit Exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 222/409 ١١٢١٠٢/٤/ Zend Zend Server Java Bridge Remote Code Execution Cyberoam Docs Exploit 7T Interactive Graphical SCADA System File Operations Buffer Exploit Overflows IBM Tivoli Directory Server ibmslapd.exe Integer Overflow Microsoft Windows LLMNR Request Stack Memory Corruption Exploit Exploit CA Total Defense Suite UNCWS UnassignFunctionalRoles Stored Exploit Procedure SQL Injection CA Total Defense Suite UNCWS getDBConfigSettings Credential Exploit Information Disclosure Cisco Unified Communications Manager Multiple SQL Injections SQL Rules CA Total Defense Suite UNCWS Multiple Report Stored Procedure SQL Rules SQL Injections HP Data Protector Backup Client Service GET_FILE Buffer Exploit Overflow 1.3.1.6.29. V 3.0.18 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.17 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.18. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 183 signatures are added for 94 applications mentioned below: Application Name Myspace - IM XSS In - DATA Field ISAKMP STMF ASA-APPL Citadel FCP Exec Biff/Comsat Login WHO Shell SysLog Printer Talk NTalk EFS Router NCP Timed Courier(RPC) NetNews NetWall Application Category IM General Internet Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 223/409 ١١٢١٠٢/٤/ UUCP Commerce AFP over TCP New-rwho RemoteFS RMonitor Monitor Submission HTTP-alt HTTP-rpc-epmap Tunnel RlzDbase MSDP REPCmd LDP OOB-ws-HTTP ASF-RMCP DHCP Failover RRP IEEE-mms REPCmd AODV/MMS/MMP RMC Mac-Srvr-Admin ACAP MSEXCH Hyperwave-ISP HA-Cluster IEEE-mms-ssl OLSR AccessNetwork EPP LMP IRIS-BEEP SILC Cisco-TDP TBRPF Kerberos Rfile Loadav/Kerberos-iv PUMP QRH RRH Tell NS DHCP Failover-2 iSCSI Rsync Ideafarm-Door FTPS-Data FTPS NAS TELNETS IMAPS POP3S Google Desktop Icap Hovrs Login Hyves Cyberoam Docs Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services General Internet General Internet IM IM docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 224/409 ١١٢١٠٢/٤/ 100 BAO Fileguri Login Youtube Upload RADIUS Teamsound VOIP QQ File Transfer Request iGoogle Applications - Listing Meebo - Gtalk Meebo - MSN Ultrasurf Orkut Freegate Cyberoam Docs P2P P2P Streaming Media Network Services VOIP IM General Internet IM IM Proxy General Internet Proxy 1.3.1.6.30. V 3.0.17 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.16 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.17. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 338 signatures are added for 138 applications mentioned below: Application Name Youtube Videos 56.com Blip TV Podcast TV Video Podcast TV QQ Live Sina Video Thunderkankan Uitzendinggemist Daily Motion Golf TV GVOD Gysoft TV World TV KK Box Last.FM MP4 Octet Streaming Le TV Oyola Google earth Babelgum Website Application Category Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming Streaming General Internet General Internet docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 225/409 ١١٢١٠٢/٤/ Peercast MSN Shell Google Toolbar DHCP CIFS GoBoogy Login IP Messenger MSN Toolbar Baidu IM Login Freenet Bypass Register HOS Proxy IP messenger file transfer ERoom Genesys Air Video Private Mail NSW-FE MSG-ICP MSG-AUTH DSP Private Printer Time RAP RLP Graphics NameServer/WINS NIC Name MPM-Flags MPM-Receive MPM-Send Ni FTP AuditD Re-Mail Check LA-Maintenance XNS-Time XNS-Clearinghouse ISI-GL XNS-Auth XNS-Mail Private File Service ni-mail ACAS WhoIs++ Covia TACASC-ds Sql*Net BootPS BootPC Gopher NetRJS Private Dial Out Service DEOS Private NetRJE Vet TCP HTTP Xfer Mit-ML Device CTF Cyberoam Docs P2P Instant Messaging General Internet Network Services Network Services Instant Messaging Instant Messaging General Internet Instant Messaging P2P Proxy Proxy File Transfer General Internet General Internet General Internet Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 226/409 ١١٢١٠٢/٤/ MFCobol Private Terminal Link RJE Daytime QoTD/Quote MSP Private Terminal Access TFTP DNSIX Metagram HostName ISO-TSAP ACR-NEMA CSO Rtelnet SNAGAS POP2 SUNRPC Auth/Ident SFTP UUCP-Path EPMAP BFTP SGMP SQLServe Print-srv XDMCP BGP IRC SMUX AT-RTMP QMTP Z39.50 IPX MPP ESRO-GEN BGMP HTTP-MGMT Novastorebakcup ASIP-Webadmin PKIX-Timestamp PTP-Event PTP-General MATIP Type A MATIP Type B ODMR Rpc2portmap CodaAuth2 Clearcase HP Alarm mgr ARNS AURP UPS Genie SvrLoc SNPP TCP nethaspsrv Dantz Cyberoam Docs Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 227/409 ١١٢١٠٢/٤/ 1.3.1.6.31. V 3.0.16 Cyberoam Docs Release Information Upgrade Applicable on: IPS Signature Database V 3.0.15 Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.16. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: A total of 100 signatures are added for 51 applications mentioned below: Application Name Active Directory/SMB Bluecoat Agent Cisco NAC Kerberos LDAP LDAPS RADIUS RADACCT TACACS/TACACS-PLUS COMPRESS NET TCPMUX NTP FINGER PROTOCOL SNMP MONITOR SNMP TRAP ECHO DISCARD SYSTAT CHARGEN FTP DATATRANSFER FTP CONTROL BigFlix Chatroulette CoolTalk Digg Login Flickr Flickr-Upload Flixster Netflix Friendfeed Login Friendster Login Hootsuite Login MySpace IM Omegle QQ Mail Login Web.de Mail Application Category Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Streaming IM IM General Internet General Internet General Internet General Internet Streaming General Internet General Internet General Internet IM IM General Internet General Internet docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 228/409 ١١٢١٠٢/٤/ WocChat Gree.jp Login Hi5 Zenbe Mail Sharebase.to Transferbig Files App Transferbig Files web Sinamail Teamviewer App Login Gtalk Way2sms Yahoo Messenger way2sms Zohomail Octet-FLV Streaming MP4 Streaming X-Flv Streaming Cyberoam Docs IM General Internet General Internet General Internet File Transfer File Transfer File Transfer General Internet Remote Access IM IM General Internet Streaming Streaming Streaming 1.3.1.6.32. V 3.0.15 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.14 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.15. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: Total signatures added: 60 Application Name QQ Messenger Login Attempt Chikka Web IM Classmates Comcast Mail Login Daum Mail Login Fastmail Login GMX Login Hushmail Login Hyves Mail ISPQ IM Korea Mail LinkedIN Mail Compose Livedoor Login Mail Ru WebAgent Mail Ru Website NateMail Website Netease Mail Website Never Mail Website OpenWebmail Login Application Category Instant Messaging Instant Messaging General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 229/409 ١١٢١٠٢/٤/ Optimum Mail Website Plugoo Widget COX WebMail FLV Streaming SWF Streaming Attempt ICU IM IMI Chat Skype Cyberoam Docs General Internet General Internet General Internet Streaming Streaming Instant Messaging Instant Messaging Instant Messaging 1.3.1.6.33. V 3.0.14 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.13 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.14. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: Total signatures added: 32 Application Name ICQ2Go IM Plus Live GO MSN2GO Meebo Repeater MessengerFX Trillian Trillian Web Caihong Gadugadu web Palringo iLoveIM Eyejot Imhaha Imo im Kool IM Meebo me Odnoklassniki WeBuzz Ebuddy IM Twitpic Camfrog Fetion Garena Garena Web IM Application Category Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging Instant Messaging docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 230/409 ١١٢١٠٢/٤/ Cyberoam Docs 1.3.1.6.34. V 3.0.13 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.12 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.13. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: Total signatures added: 40 Application Name Badongo File Sharing Boinc BoxNet CrossLoop Depositfiles Diino Filesharing Dropbox Filesharing Gadu Gadu Im Getright Filesharing IMVU IM ISL Desktop Instant-t Messenger Live-sync Filesharing Mail-ru messenger Mediafire Multiupload Nomadesk Twitvid e-Snips iBackup Rapidshare Sendspace xFire Yourfilehost QQ Messenger Cross Site Scripting Application Category Filesharing Filesharing Filesharing Remote Admin Filesharing Filesharing Filesharing IM Filesharing IM Remote Admin IM Filesharing IM Filesharing Filesharing Filesharing Filesharing Filesharing Filesharing Filesharing Filesharing IM Filesharing IM general internet 1.3.1.6.35. V 3.0.12 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.11 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 231/409 ١١٢١٠٢/٤/ Upgrade Information Cyberoam Docs Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.12. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: Total signatures added: 40 Application Name AIM Messenger (Update) AIM Express Messenger AIM Website ANTs P2P AOL Mail Website AOL Radio Website Asproxy Server AirAIM (HTTP and HTTPs) Ammyy Admin Apple Updater Direct Connect Facebook HTTPS ICQ IM IP Messenger Jango Music Jigiy P2P Live Station Metacafe Videos Miro Application Octoshape Streaming PI Chat IM PP Video Accelerator Pando File Transfer Remobo VPN StealthNet Vedivi VPN Yahoo Cricket Vnn VPN Application Category IM IM General Internet P2P General Internet General Internet Proxy General Internet Remote Access General Internet P2P General Internet IM IM General Internet Streaming Streaming Streaming P2P Streaming IM Streaming File Transfer Proxy P2P Proxy General Internet Proxy 1.3.1.6.36. V 3.0.11 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.10 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Compatibility issues: None docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 232/409 ١١٢١٠٢/٤/ Cyberoam Docs Introduction This document contains the release notes for IPS Signature Database version 3.0.11. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: Total signatures added: 29 Application Name dl-free (web based) File Mail (web based) File Mail Application Gmail (modification) Gmail HTTPS (modification) Hotfile (web based) Hotline Mute Meebo File Transfer Megashares Metin My Downloader Paltalk Sharebase Storage-to Transfer Big Files (web based) Transfer Big Files (Application) Youtube Videos Playback Application Category P2P File Transfer P2P File Transfer P2P File Transfer General Internet General Internet P2P File Transfer P2P File Transfer P2P File Transfer P2P File Transfer P2P File Transfer Gaming P2P File Transfer IM P2P File Transfer P2P File Transfer P2P File Transfer P2P File Transfer Streaming 1.3.1.6.37. V 3.0.10 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.9 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.10. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: Total signatures added: 6 Application Name Deluge Torrent Qbittorrent MSN File Transfer (Modification) Application Category P2P P2P File Transfer docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 233/409 ١١٢١٠٢/٤/ Digsby Cyberoam Docs IM 1.3.1.6.38. V 3.0.9 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.8 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.9. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: New Signatures added: 31 Signatures Deleted: 31 Total Signatures Added: 31 Application Name WLM Login Attempt TOR Attix5 Application Category Instant Messaging Proxy File Transfer 1.3.1.6.39. V 3.0.8 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.7 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.8. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: Signature modified: 3 Signatures deleted: 4 New signatures added: 3 Total signatures added: 6 Application Name Skype Hamachi VPN Client Middle Surf Application Category Instant Messaging Proxy Proxy docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 234/409 ١١٢١٠٢/٤/ FTP Upload/Download Application Category Name Corrected (Gamig -> Gaming) Cyberoam Docs File Transfer NA 1.3.1.6.40. V 3.0.7 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.6 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.7. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: Total signatures added: 14 Application Name Hotspot Shield Proxy Freegate Proxy Security Kiss Transmission BT FTP Upload/Download Application Category Proxy Proxy Proxy Torrent Client File Transfer 1.3.1.6.41. V 3.0.6 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.5 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.6. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: Total signatures added: 8 Application Name Bittorrent_uTorrent_Thunder Ultrasurf Application Category P2P Proxy docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 235/409 ١١٢١٠٢/٤/ Facebook Chat Bitcomet P2P Traffic TeamViewer Login Attempt MSN File Transfer MPEG Streaming Response RTMPT Streaming Response Cyberoam Docs IM P2P Remote Access File Transfer Streaming Media Streaming Media 1.3.1.6.42. V 3.0.5 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.4 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Manual upgrade for Cyberoam Appliances currently on V 10.00.0302 or above. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.5. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms . Report false positives at
[email protected] along with the application used. New signatures are added for the following Applications: Total signatures added: 21 Application Name Ultrasurf MP3 File Download - HTTP RAR File Download - HTTP ZIP File Download - HTTP EXE file download Facebook Applications - Listing Facebook Games - Listing Multi Threaded Download Using HTTP Flashget BitComet P2P Traffic Ares Bittorrent P2P Traffic justvoip Socialtv website Piolet Ants Phex Soulseek-Retriving chat room list Soulseek-Downloading request Tixati Napster Application Category Proxy File Transfer File Transfer File Transfer File Transfer General Internet General Internet File Transfer P2P P2P P2P P2P VOIP General Internet P2P P2P P2P P2P P2P P2P Streaming Media 1.3.1.6.43. V 3.0.4 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 236/409 ١١٢١٠٢/٤/ Release Date 3rd September, 2010 Cyberoam Docs Release Information Upgrade Applicable on: IPS Signature Database 3.0.2 or 3.0.3 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on 10.00.0302 or higher Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 3.0.4. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. Following Applications are added for the Application QOS. Total supported Applications: 19 Application Category Streaming Media File Transfer File Transfer File Transfer File Transfer General Internet IM IM IM IM P2P P2P Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Application Name Winamp Download Accelerator Plus FTP MSN File Transfer Yahoo File Transfer HTTP Gtalk Meebo Webchat Skype Yahoo Messenger Bittorrent Shareaza Adobe Player Streaming Itunes Picasa QQ Video Application Quick Player Quicktime Streaming Realmedia Following new Applications are added for the Application filter. Total supported Applications: 188 Application Category File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer File Transfer Application Name Data more than 99999 Bytes-HTTP Download Accelerator FTP EXE File Download FTP Gtalk File Transfer Gtalk File Transfer Attempt HTTP Resume Download Meebo Website Megaupload Website MP3 File Download-HTTP MSN File Transfer Multi Thread HTTP Download QQ File Transfer - Live IP QQ File Transfer – Netting RAR File Download-HTTP Yahoo File Transfer Yahoo File Transfer - Receiving Yahoo File Transfer - Sending docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 237/409 ١١٢١٠٢/٤/ File Transfer File Transfer Gaming Gaming Gaming Gaming Gaming General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet General Internet IM IM IM IM IM IM IM IM IM IM IM IM IM IM IM IM IM IM IM IM IM Internet Protocol Internet Protocol Internet Protocol Internet Protocol Internet Protocol Cyberoam Docs YousendIt Login ZIP File Download-HTTP Doom3 Games.For.Windows.Live Half-Life2 Quake-halflife Team-Fortress2 Docstoc Website Facebook Applications - Listing Facebook Games - Listing HTTP iGoogle Applications - Listing Mail.com - HTTP Mail.com - HTTPS Myspace Myspace.cn Octopz Website Picasa SQL injection - URI Field SQL injection - USER/PASS Field Way2SMS Gmail Inbox Way2SMS Own Inbox Way2SMS Yahoo Inbox XSS In - DATA Field XSS In - URI Field AIM Messenger Login Chikka Messenger Login Etisalat Messenger Login Facebook Chat Gtalk Chat Way2SMS Login Gtalk IM Login iChat Login iGoogle Chat IRC Jabber Jabber IM Client Login Meebo Webchat Nateon Messenger Login Palringo Login QQ Messenger Login Rediffbol Login Webmail Chat Gmail Webmail Chat Yahoo WLM Login Yahoo Chat Way2SMS Login Yahoo IM Login H.225 VOIP Protocol IPP MGCP NNTP PPTP ICMP Cyberoam Authentication Service DNS FTP Delete FTP Download Attempt FTP Upload Attempt IMAP NBNS Netbios POP3 SMTP SSH SSL Internet Protocol Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 238/409 ١١٢١٠٢/٤/ Network Services P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P P2P Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Proxy Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Remote Access Cyberoam Docs Telnet Apple-Juice Attempt Ares Bearshare Bittorrent_uTorrent_Thunder DC ++ - Connect Public Hub DC ++ - Fetching Hub List imesh Attempt Klite Home Get Request kugoo Attempt Kugoo Attempt Limewire_MP3Rocket Morpheus Nepster Shareaza Soul Attempt WinMX Attempt Asproxy Proxy Server Coralcdn Dynapass Freegate FreeU Freevpn Gbridge GeeMail Ghostsurf Proxy Tool GloboSurf Gtunnel Proxy Tool Hide your IP Hide-my-IP Hopster Hotspotshied HTTP-Tunnel Invisible-Surfing Tool Itshidden JAP Kongshare Launchwebs Meebo Repeater Proxy Tool OpenVPN Packetix Pingfu Proxy Tool Proxifier Proxyway Realtunnel SOCK4 SOCK5 Surfing - PHP Redirection Surfing External Proxy TOR Ultrasurf Your-Freedom Ammyy Admin Attempt LogMeIn Login Netviewer Attempt Radmin Attempt RDP RemotelyAnywhere Attempt ScreenStream Attempt Serv-U - Remote Access_FTP Serv-U - Remote Access_HTTP ShowMyPC ShowMyPC Login SkyFex Soonr Attempt docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 239/409 ١١٢١٠٢/٤/ Remote Access Remote Access Remote Access Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media Streaming Media VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP VOIP Cyberoam Docs TeamViewer Login VNC Application Yuuguu Adobe Player Streaming AOL Radio Streaming FLV http FLV Streaming Response Funshion Attempt Gmail Video Chat Attempt iTunes Limelight Streaming Web Attempt MMS Streaming Protocol PP Live Attempt PP Stream Attempt QQ Video Chat Attempt QQLive FLV Video Request QQLive Video Streaming Quick Player Quicktime Streaming Realmedia RTMP RTSP Streaming Media Player Video Streaming PP Live Willing Webcam Streaming Windows Audio Streaming Winemp Player WLM Webcam Yahoo IM Webcam Comfrog Freecall_Justvoip_LowRatevoip Gizmo5 Login Gtalk Voice Chat Attempt Headcall Login ooVoo Login SIP TelTel Login TokBox Login WLM Voice Chat Yahoo Msg Voice Chat Document Version – 1.0-08/09/2010 1.3.1.6.44. V 2.4.57 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.56 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.57. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 240/409 ١١٢١٠٢/٤/ Total signatures added: 16 Risk level: High Name Ultrasurf 10.X Cyberoam Docs Category cyberoam signatures http://idp.cyberoam.com/signatures/1101154.html Retriving Ultrasurf Server List http://idp.cyberoam.com/signatures/1101152.html Accessing Facebook Applications http://idp.cyberoam.com/signatures/1100808.html Accessing Facebook Games http://idp.cyberoam.com/signatures/1100809.html Facebook Chat - Buddy List http://idp.cyberoam.com/signatures/1100918.html Facebook Chat http://idp.cyberoam.com/signatures/1100838.html Facebook Chat http://idp.cyberoam.com/signatures/1101156.html Bitcomet Downloading http://idp.cyberoam.com/signatures/1101148.html Bitcomet UDP Downloading http://idp.cyberoam.com/signatures/1101159.html TeamViewer Authentication Attempt http://idp.cyberoam.com/signatures/1101157.html BitComet P2P Traffic http://idp.cyberoam.com/signatures/1101127.html Resolving P2P Trackers http://idp.cyberoam.com/signatures/1101140.html MSN File Transfer http://idp.cyberoam.com/signatures/1101163.html MPEG Streaming Response http://idp.cyberoam.com/signatures/1101164.html RTMPT Streaming Response http://idp.cyberoam.com/signatures/1101165.html Internet Explorer CSS Tags Memory Corruption Vulnerability http://idp.cyberoam.com/signatures/1101150.html cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures exploit 1.3.1.6.45. V 2.4.56 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.55 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.56. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 241/409 ١١٢١٠٢/٤/ Cyberoam Docs from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 24 Risk level: High Name Flashget_P2P http://idp.cyberoam.com/signatures/1101126.html BitTorrent_P2P http://idp.cyberoam.com/signatures/1101129.html BitComet P2P Traffic http://idp.cyberoam.com/signatures/1101127.html Ultrasurf Utility - DNS Resolve Attempt http://idp.cyberoam.com/signatures/1101128.html Ares P2P Chat Network connection Attempt http://idp.cyberoam.com/signatures/1100240.html Ares http://idp.cyberoam.com/signatures/1101132.html Ares http://idp.cyberoam.com/signatures/1101133.html Ares http://idp.cyberoam.com/signatures/1101134.html Ares P2P Network connection Attempt http://idp.cyberoam.com/signatures/1100239.html Ares - Retriving Chat Room List http://idp.cyberoam.com/signatures/1101136.html Bittorrent P2P Traffic http://idp.cyberoam.com/signatures/1100231.html Socialtv website http://idp.cyberoam.com/signatures/1101115.html Piolet http://idp.cyberoam.com/signatures/1101116.html Piolet http://idp.cyberoam.com/signatures/1101117.html Piolet - File Transfer http://idp.cyberoam.com/signatures/1101121.html Ants_P2P_IRC_Connect http://idp.cyberoam.com/signatures/1101123.html Ultrasurf 9.99 http://idp.cyberoam.com/signatures/1101124.html Ants P2P http://idp.cyberoam.com/signatures/1101125.html Phex P2P http://idp.cyberoam.com/signatures/1101130.html Soulseek-Retriving chat room list http://idp.cyberoam.com/signatures/1101138.html Soulseek-Downloading request http://idp.cyberoam.com/signatures/1101139.html Resolving P2P Trackers http://idp.cyberoam.com/signatures/1101140.html Tixati - P2P http://idp.cyberoam.com/signatures/1101141.html Category cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 242/409 ١١٢١٠٢/٤/ Napster – Initializing Cyberoam Docs cyberoam signatures http://idp.cyberoam.com/signatures/1101142.html 1.3.1.6.46. V 2.4.55 Release Date 13th October, 2010 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.54 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.55. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 390 Risk level: High Name SWF Streaming Attempt http://idp.cyberoam.com/signatures/1101050.html Freegate 705p http://idp.cyberoam.com/signatures/1101054.html Squirrelmail Webmail Package http://idp.cyberoam.com/signatures/1101057.html Meebo – Yahoo http://idp.cyberoam.com/signatures/1101059.html Meebo - Gtalk http://idp.cyberoam.com/signatures/1101060.html Meebo - MSN http://idp.cyberoam.com/signatures/1101061.html VOIP Application Sightspeed http://idp.cyberoam.com/signatures/1101062.html Myspace - IM http://idp.cyberoam.com/signatures/1101063.html Twitter Website http://idp.cyberoam.com/signatures/1101064.html Gmail Website – HTTPS http://idp.cyberoam.com/signatures/1101065.html Gmail Website – HTTPS http://idp.cyberoam.com/signatures/1101066.html Gmail Website – HTTP Category cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 243/409 ١١٢١٠٢/٤/ Gmail Website – HTTP Cyberoam Docs http://idp.cyberoam.com/signatures/1101067.html cyberoam signatures http://idp.cyberoam.com/signatures/1101068.html Hotmail Website – HTTP http://idp.cyberoam.com/signatures/1101069.html Hotmail Website – HTTPS http://idp.cyberoam.com/signatures/1101070.html Yahoo Website – HTTP http://idp.cyberoam.com/signatures/1101071.html Facebook Website – HTTP http://idp.cyberoam.com/signatures/1101072.html Facebook Website – HTTPS http://idp.cyberoam.com/signatures/1101073.html AIM Website – HTTP http://idp.cyberoam.com/signatures/1101110.html QQ Website http://idp.cyberoam.com/signatures/1101075.html Ymail Website http://idp.cyberoam.com/signatures/1101077.html Bebo Website http://idp.cyberoam.com/signatures/1101078.html Zoho Website http://idp.cyberoam.com/signatures/1101079.html P2P Application – NapMX http://idp.cyberoam.com/signatures/1101080.html P2P Application – WinMX http://idp.cyberoam.com/signatures/1101081.html P2P Application – Vuze http://idp.cyberoam.com/signatures/1101082.html P2P Application – Vuze http://idp.cyberoam.com/signatures/1101083.html P2P Application – Pando http://idp.cyberoam.com/signatures/1101084.html P2P Application – Pando http://idp.cyberoam.com/signatures/1101085.html P2P Application – Pando http://idp.cyberoam.com/signatures/1101086.html P2P Application – Pando http://idp.cyberoam.com/signatures/1101087.html Google Video Website http://idp.cyberoam.com/signatures/1101088.html Live365 Website http://idp.cyberoam.com/signatures/1101089.html Live365 Web Streaming http://idp.cyberoam.com/signatures/1101090.html Metacafe Website http://idp.cyberoam.com/signatures/1101091.html Youtube Website http://idp.cyberoam.com/signatures/1101092.html Hulu Website http://idp.cyberoam.com/signatures/1101093.html BBC iplayer Website http://idp.cyberoam.com/signatures/1101094.html cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 244/409 ١١٢١٠٢/٤/ Cyberoam Docs Hide-IP-Browser - Requesting proxy list http://idp.cyberoam.com/signatures/1101098.html Hide-IP-Browser - Proxy surfing http://idp.cyberoam.com/signatures/1101099.html Auto-Hide-IP - Requesting IP http://idp.cyberoam.com/signatures/1101100.html Easy-Hide-IP – Surfing http://idp.cyberoam.com/signatures/1101102.html Easy-Hide-IP - Connecting Proxy server http://idp.cyberoam.com/signatures/1101103.html Real Hide IP - Retriving IP Details http://idp.cyberoam.com/signatures/1101104.html Proxy switcher - Retriving IP Details http://idp.cyberoam.com/signatures/1101105.html Proxy switcher – Surfing http://idp.cyberoam.com/signatures/1101106.html Max Anonysurf - Fetching Proxy List http://idp.cyberoam.com/signatures/1101107.html Heatseek http://idp.cyberoam.com/signatures/1101108.html FreeRADIUS RADIUS Server rad_decode Remote Denial of Service http://idp.cyberoam.com/signatures/1090914031.html FreeRADIUS RADIUS Server rad_decode Remote Denial of Service http://idp.cyberoam.com/signatures/1090914030.html ISC BIND 9 Dynamic Update Request Denial of Service (Published Exploit) http://idp.cyberoam.com/signatures/1090728140.html ISC DHCP Server Zero Length Client ID Denial of Service http://idp.cyberoam.com/signatures/1100610050.html Microsoft ASP.NET Error Handling Denial Of Service http://idp.cyberoam.com/signatures/1090811042.html Microsoft Exchange System Attendant Denial of Service http://idp.cyberoam.com/signatures/1090210120.html Microsoft Windows SMTP Service MX Record Denial Of Service http://idp.cyberoam.com/signatures/1100413130.html MIT Kerberos KDC Authentication Denial of Service http://idp.cyberoam.com/signatures/1100217010.html MIT Kerberos KDC Cross Realm Referral Denial of Service http://idp.cyberoam.com/signatures/1091229011.html MIT Kerberos KDC Cross Realm Referral Denial of Service http://idp.cyberoam.com/signatures/1091229012.html MIT Kerberos KDC Cross Realm Referral Denial of Service http://idp.cyberoam.com/signatures/1091229010.html Multiple Vendors NTP Mode 7 Denial of Service http://idp.cyberoam.com/signatures/1091208150.html Novell NetWare NFS Portmapper RPC Module Stack Overflow http://idp.cyberoam.com/signatures/1090930111.html network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures RealNetworks Helix Server RTSP SET_PARAMETERS Request Denial of network attacks and Service anomaly http://idp.cyberoam.com/signatures/1090720045.html RealNetworks Helix Server RTSP SET_PARAMETERS Request Denial of network attacks and Service anomaly http://idp.cyberoam.com/signatures/1090720044.html RealNetworks Helix Server RTSP SET_PARAMETERS Request Denial of network attacks and docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 245/409 ١١٢١٠٢/٤/ Service Cyberoam Docs anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly exploit http://idp.cyberoam.com/signatures/1090720043.html RealNetworks Helix Server RTSP SETUP Request Denial of Service http://idp.cyberoam.com/signatures/1090720053.html RealNetworks Helix Server RTSP SETUP Request Denial of Service http://idp.cyberoam.com/signatures/1090720052.html Squid Proxy Invalid HTTP Response Status Code Denial of Service http://idp.cyberoam.com/signatures/1090727080.html Apple QuickTime RTSP Response Crafted Content-Type Header Buffer Overflow http://idp.cyberoam.com/signatures/1071123131.html Digium Asterisk IAX2 Call Number Denial Of Service http://idp.cyberoam.com/signatures/1090909110.html Dnsmasq TFTP Service Remote Heap Buffer Overflow http://idp.cyberoam.com/signatures/1090922010.html Fujitsu SystemcastWizard Lite PXEService UDP Handling Buffer Overflow http://idp.cyberoam.com/signatures/1090119110.html IBM Informix Dynamic Server librpc.dll Multiple Buffer Overflows http://idp.cyberoam.com/signatures/1100301081.html IBM Lotus Domino LDAP Heap Buffer Overflow http://idp.cyberoam.com/signatures/1100128010.html ISC DHCP dhclient script_write_params Stack Buffer Overflow (Published Exploit) http://idp.cyberoam.com/signatures/1090715050.html Microsoft Remote Desktop ActiveX Control Heap Overflow http://idp.cyberoam.com/signatures/1090811200.html Microsoft Remote Desktop ActiveX Control Heap Overflow http://idp.cyberoam.com/signatures/1090811201.html Microsoft Remote Desktop ActiveX Control Heap Overflow http://idp.cyberoam.com/signatures/1090811202.html Microsoft Remote Desktop ActiveX Control Heap Overflow http://idp.cyberoam.com/signatures/1090811203.html Microsoft Remote Desktop ActiveX Control Heap Overflow http://idp.cyberoam.com/signatures/1090811204.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090706010.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090706011.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090706012.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090706013.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090706014.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090706015.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090706016.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090706017.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090706018.html exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 246/409 ١١٢١٠٢/٤/ Cyberoam Docs Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090706019.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/2090706010.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/2090706011.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/2090706012.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/2090706013.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/2090706014.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/2090706015.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/2090706016.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/2090706017.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/2090706018.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/2090706019.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500042.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500043.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500044.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500045.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500046.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500047.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500048.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500049.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500050.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500051.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500052.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500053.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500054.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500055.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500056.html Microsoft Video ActiveX Control Stack Buffer Overflow exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 247/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1500057.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500058.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500059.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500060.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500061.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500062.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500063.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500064.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500065.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500066.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500067.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500068.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500069.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500070.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500071.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500072.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500073.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500074.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500075.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500076.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500077.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500078.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500079.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500080.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500081.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500082.html Microsoft Video ActiveX Control Stack Buffer Overflow exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 248/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1500083.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500084.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500085.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500086.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500087.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500088.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500089.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500090.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500091.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500092.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500093.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500094.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500095.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500096.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500097.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500098.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500099.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500100.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500101.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500102.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500103.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500104.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500105.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500106.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500107.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500108.html Microsoft Video ActiveX Control Stack Buffer Overflow exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 249/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1500109.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500110.html Microsoft Video ActiveX Control Stack Buffer Overflow http://idp.cyberoam.com/signatures/1500111.html Microsoft Windows AVI File Chunk Length Integer Overflow http://idp.cyberoam.com/signatures/1090811093.html Microsoft Windows AVI File Chunk Length Integer Overflow http://idp.cyberoam.com/signatures/1090811091.html Microsoft Windows AVI File Chunk Length Integer Overflow http://idp.cyberoam.com/signatures/1090811092.html Microsoft Windows AVI File Header Processing Memory Corruption http://idp.cyberoam.com/signatures/1090811080.html Microsoft Windows DirectShow Heap Buffer Overflow http://idp.cyberoam.com/signatures/1100209250.html Microsoft Windows GDIplus GpFont.SetData Integer Overflow http://idp.cyberoam.com/signatures/1090324040.html Microsoft Windows GDIplus GpFont.SetData Integer Overflow http://idp.cyberoam.com/signatures/1090324041.html Microsoft Windows GDIplus PNG Processing Integer Overflow http://idp.cyberoam.com/signatures/1091013050.html Microsoft Windows GDIplus PNG Processing Integer Overflow http://idp.cyberoam.com/signatures/1091013051.html Microsoft Windows GDIplus WMF Integer Overflow http://idp.cyberoam.com/signatures/1091013291.html Microsoft Windows GDI PNG tEXt Chunk Processing Integer Overflow http://idp.cyberoam.com/signatures/1091013300.html Microsoft Windows Kernel GDI32 Polyline Buffer Overflow http://idp.cyberoam.com/signatures/1090310105.html Microsoft Windows Kernel GDI32 Polyline Buffer Overflow http://idp.cyberoam.com/signatures/1090310104.html Microsoft Windows Kernel GDI32 Polyline Buffer Overflow http://idp.cyberoam.com/signatures/1090310102.html Microsoft Windows Kernel GDI32 Polyline Buffer Overflow http://idp.cyberoam.com/signatures/1090310103.html Microsoft Windows Mail and Outlook Express Integer Overflow http://idp.cyberoam.com/signatures/1100511022.html Microsoft Windows Media Player ASF Heap Overflow http://idp.cyberoam.com/signatures/1091013082.html Microsoft Windows Media Player ASF Heap Overflow http://idp.cyberoam.com/signatures/1091013080.html Microsoft Windows MPEG Layer-3 Audio Decoder Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100413161.html Microsoft WINS Server WPAD Registration Spoofing http://idp.cyberoam.com/signatures/1090310172.html Microsoft WINS Server WPAD Registration Spoofing http://idp.cyberoam.com/signatures/1090310170.html Microsoft WINS Server WPAD Registration Spoofing http://idp.cyberoam.com/signatures/1090310171.html Mozilla Firefox ClearTextRun Function Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1090427050.html Mozilla Firefox ConstructFrame With Floating First-letter Memory Corruption (Published Exploit) exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 250/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1090727060.html Mozilla Firefox Floating Point Number Conversion Memory Corruption http://idp.cyberoam.com/signatures/1091028050.html Mozilla Firefox JIT escape Function Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1090714030.html Mozilla Firefox nsPropertyTable PropertyList Memory Corruption http://idp.cyberoam.com/signatures/1090918090.html Mozilla Firefox SVG Data Processing Memory Corruption http://idp.cyberoam.com/signatures/1090305030.html Mozilla Firefox SVG Element Processing Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1090722061.html Mozilla Firefox Top-level Script Object Offset Calculation Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1090922023.html Mozilla Firefox Top-level Script Object Offset Calculation Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1090922027.html Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080923280.html Mozilla Firefox UTF-8 URL Handling Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080923281.html Mozilla Firefox WOFF Font Processing Integer Overflow http://idp.cyberoam.com/signatures/1100305011.html Mozilla Firefox XSL Transformation Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1090326040.html Mozilla Multiple Products JavaScript String Replace Buffer Overflow http://idp.cyberoam.com/signatures/1100319040.html MPlayer demux_open_vqf TwinVQ File Handling Buffer Overflow (Published Exploit) http://idp.cyberoam.com/signatures/1081215110.html Multiple Products libxml2 XML File Processing Long Entity Name Buffer Overflow http://idp.cyberoam.com/signatures/1080911200.html Multiple Vendors librpc.dll Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100301091.html Multiple Vendors NTP Daemon Autokey Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090519050.html MW6 Technologies Barcode.dll ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1090127050.html MW6 Technologies Barcode.dll ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1090127052.html MW6 Technologies Barcode.dll ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1090127051.html Novell eDirectory NDS Verb 0x01 Integer Overflow http://idp.cyberoam.com/signatures/1091202011.html Novell iPrint Client ienipp.ocx target-frame Stack Buffer Overflow http://idp.cyberoam.com/signatures/1091209040.html Novell iPrint Client ienipp.ocx volatile-date-time Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1091209020.html Nullsoft Winamp AIFF Parsing Heap Buffer Overflow http://idp.cyberoam.com/signatures/1090113020.html exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 251/409 ١١٢١٠٢/٤/ Cyberoam Docs OpenOffice.org XPM File Processing Integer Overflow http://idp.cyberoam.com/signatures/1100216060.html OpenOffice.org XPM File Processing Integer Overflow http://idp.cyberoam.com/signatures/1100216061.html OpenOffice Word Document Table Parsing Integer Underflow http://idp.cyberoam.com/signatures/1090901013.html Opera Browser Content Length Buffer Overflow http://idp.cyberoam.com/signatures/1100304020.html RealNetworks Helix Server RTSP SET_PARAMETER Heap Buffer Overflow http://idp.cyberoam.com/signatures/1090106051.html RealNetworks Helix Server RTSP SETUP Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090105041.html SAP GUI TabOne ActiveX Control Caption List Buffer Overflow http://idp.cyberoam.com/signatures/1090107050.html SAP GUI TabOne ActiveX Control Caption List Buffer Overflow http://idp.cyberoam.com/signatures/1090107051.html SAP GUI TabOne ActiveX Control Caption List Buffer Overflow http://idp.cyberoam.com/signatures/1090107053.html SAP GUI TabOne ActiveX Control Caption List Buffer Overflow http://idp.cyberoam.com/signatures/1090107052.html SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite http://idp.cyberoam.com/signatures/1090929040.html SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite http://idp.cyberoam.com/signatures/1090929041.html SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite http://idp.cyberoam.com/signatures/1090929042.html SAP GUI WebViewer3D ActiveX Control Arbitrary File Overwrite http://idp.cyberoam.com/signatures/1090929043.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/1090330096.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/1090330094.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/2090330092.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/2090330090.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/1090330092.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/1090330098.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/1090330090.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/1090330097.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/1090330095.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/2090330093.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/2090330091.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/1090330093.html exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 252/409 ١١٢١٠٢/٤/ Cyberoam Docs Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/1090330099.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/1090330091.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/2090330094.html Sun Java Runtime Environment GIF Parsing Memory Corruption http://idp.cyberoam.com/signatures/2090330095.html Sun Solaris sadmind RPC Request Integer Overflow http://idp.cyberoam.com/signatures/1090525041.html Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow http://idp.cyberoam.com/signatures/1091102061.html Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow http://idp.cyberoam.com/signatures/1091125012.html Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow http://idp.cyberoam.com/signatures/1091102060.html Symantec Multiple Products AeXNSConsoleUtilities Buffer Overflow http://idp.cyberoam.com/signatures/1091125011.html Symantec Products CLIproxy.dll ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1100218021.html Symantec Products CLIproxy.dll ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1100218020.html VideoLAN VLC Media Player SMB Module Win32AddConnection Buffer Overflow http://idp.cyberoam.com/signatures/1090626013.html Xpdf Splash DrawImage Integer Overflow http://idp.cyberoam.com/signatures/1091021092.html Xpdf Splash DrawImage Integer Overflow http://idp.cyberoam.com/signatures/1091021091.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323031.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323034.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323035.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323038.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323039.html Microsoft DNS Server ANY Query Cache Weakness http://idp.cyberoam.com/signatures/1090310150.html Microsoft DNS Server WPAD Registration Spoofing http://idp.cyberoam.com/signatures/1090310160.html Microsoft DNS Server WPAD Registration Spoofing http://idp.cyberoam.com/signatures/1090310161.html Microsoft Office SharePoint Server help.aspx Cross Site Scripting http://idp.cyberoam.com/signatures/1100429040.html Microsoft Office Word File FIB Processing Memory Corruption http://idp.cyberoam.com/signatures/1091110172.html Microsoft Office Word File FIB Processing Memory Corruption http://idp.cyberoam.com/signatures/1091110171.html Microsoft Windows DHTML Editing Component ActiveX Control Code miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 253/409 ١١٢١٠٢/٤/ Execution Cyberoam Docs http://idp.cyberoam.com/signatures/1090908082.html Microsoft Windows JScript Remote Code Execution http://idp.cyberoam.com/signatures/1090908070.html Microsoft Windows Media Decompression Code Execution http://idp.cyberoam.com/signatures/1100608016.html Microsoft Windows Media Decompression Code Execution http://idp.cyberoam.com/signatures/1100608013.html Microsoft Windows Media Decompression Code Execution http://idp.cyberoam.com/signatures/1100608010.html Microsoft Windows Media Decompression Code Execution http://idp.cyberoam.com/signatures/1100608014.html Microsoft Windows Media Decompression Code Execution http://idp.cyberoam.com/signatures/1100608011.html Microsoft Windows Media Decompression Code Execution http://idp.cyberoam.com/signatures/1100608015.html Microsoft Windows Media Decompression Code Execution http://idp.cyberoam.com/signatures/1100608012.html Microsoft Windows Media Runtime ASF Voice Sample Rate Code Execution http://idp.cyberoam.com/signatures/1091013061.html Microsoft Windows Media Runtime ASF Voice Sample Rate Code Execution http://idp.cyberoam.com/signatures/1091013064.html Microsoft Windows winhlp32.exe MsgBox Remote Code Execution http://idp.cyberoam.com/signatures/1100303010.html MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference http://idp.cyberoam.com/signatures/1090407041.html MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference http://idp.cyberoam.com/signatures/1090407042.html MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference http://idp.cyberoam.com/signatures/1090407040.html Mozilla Firefox PKCS11 Module Installation Code Execution http://idp.cyberoam.com/signatures/1090914040.html Mozilla Firefox XUL Tree Element Code Execution http://idp.cyberoam.com/signatures/1090320091.html Mozilla Firefox XUL Tree Element Code Execution http://idp.cyberoam.com/signatures/1090320090.html Novell QuickFinder Server Multiple Cross Site Scripting http://idp.cyberoam.com/signatures/1090211112.html Novell QuickFinder Server Multiple Cross Site Scripting http://idp.cyberoam.com/signatures/1090211111.html Novell QuickFinder Server Multiple Cross Site Scripting http://idp.cyberoam.com/signatures/1090211114.html Novell QuickFinder Server Multiple Cross Site Scripting http://idp.cyberoam.com/signatures/1090211110.html VideoLAN VLC Renamed Zip File Handling Code Execution http://idp.cyberoam.com/signatures/1100531016.html VMware Remote Console HOST and MOID Format String Code Execution http://idp.cyberoam.com/signatures/1100420030.html VMware Remote Console HOST and MOID Format String Code miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 254/409 ١١٢١٠٢/٤/ Execution Cyberoam Docs http://idp.cyberoam.com/signatures/1100420031.html Oracle Java Web Start Launch Command-Line Injection http://idp.cyberoam.com/signatures/1100408063.html Oracle Java Web Start Launch Command-Line Injection http://idp.cyberoam.com/signatures/1100408062.html Oracle Java Web Start Launch Command-Line Injection http://idp.cyberoam.com/signatures/1100408061.html Oracle Java Web Start Launch Command-Line Injection http://idp.cyberoam.com/signatures/1100408060.html dbms dbms dbms dbms Document Version – 1.0-14/10/2010 1.3.1.6.47. V 2.4.54 Release Date 15th September, 2010 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.53 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.54. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 219 Risk level: High Name iGoogle - Chat Application http://idp.cyberoam.com/signatures/1100869.html Webmail Chat Gmail http://idp.cyberoam.com/signatures/1101042.html P2P Application uTorrent http://idp.cyberoam.com/signatures/1100917.html P2P Application uTorrent http://idp.cyberoam.com/signatures/1101028.html FTP Upload http://idp.cyberoam.com/signatures/1100919.html FTP Download http://idp.cyberoam.com/signatures/1100920.html Shareaza http://idp.cyberoam.com/signatures/1101014.html MP3 File Download – HTTP http://idp.cyberoam.com/signatures/1101016.html RAR File Download – HTTP Category cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 255/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1101017.html ZIP File Download – HTTP http://idp.cyberoam.com/signatures/1101018.html Data more than 99999 bytes-HTTP http://idp.cyberoam.com/signatures/1101019.html RealPlayer Streaming http://idp.cyberoam.com/signatures/1101021.html Picasa Streaming Attempt http://idp.cyberoam.com/signatures/1101022.html QQlive Video Application – Streaming http://idp.cyberoam.com/signatures/1100755.html QQLive FLV Video Request http://idp.cyberoam.com/signatures/1101031.html Yahoo File Transfer – Receiving http://idp.cyberoam.com/signatures/1101032.html Yahoo File Transfer – Sending http://idp.cyberoam.com/signatures/1100684.html Gtalk File Transfer http://idp.cyberoam.com/signatures/1101034.html Meebo Webchat http://idp.cyberoam.com/signatures/1100768.html Adobe Flash Player ActionScript intrf_count Integer Overflow (Published Exploit) http://idp.cyberoam.com/signatures/1090810020.html Adobe Flash Player ActionScript intrf_count Integer Overflow (Published Exploit) http://idp.cyberoam.com/signatures/1090810021.html Adobe Flash Player Invalid Object Reference Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1090224130.html Adobe Illustrator EPS File DSC Comment Buffer Overflow (Published Exploit) http://idp.cyberoam.com/signatures/1091203020.html Adobe Multiple Products Embedded JBIG2 Stream Buffer Overflow http://idp.cyberoam.com/signatures/1090220010.html Adobe Multiple Products Embedded JBIG2 Stream Buffer Overflow http://idp.cyberoam.com/signatures/1090220011.html Adobe Photoshop CS4 ABR File Processing Buffer Overflow http://idp.cyberoam.com/signatures/1100527011.html Adobe Photoshop CS4 ABR File Processing Buffer Overflow http://idp.cyberoam.com/signatures/1100527013.html Adobe Photoshop CS4 ABR File Processing Buffer Overflow http://idp.cyberoam.com/signatures/1100527010.html Adobe Photoshop CS4 ABR File Processing Buffer Overflow http://idp.cyberoam.com/signatures/1100527012.html Adobe Photoshop CS4 ABR File Processing Buffer Overflow http://idp.cyberoam.com/signatures/1100527014.html Adobe Photoshop CS4 ABR File Processing Buffer Overflow http://idp.cyberoam.com/signatures/1100527015.html Adobe Photoshop CS4 ABR File Processing Buffer Overflow http://idp.cyberoam.com/signatures/1100527016.html Adobe Reader U3D CLODMeshDeclaration Shading Count Buffer Overflow cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 256/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1100413011.html Adobe Reader U3D CLODMeshDeclaration Shading Count Buffer Overflow http://idp.cyberoam.com/signatures/1100413012.html Adobe Shockwave Player DIR Files PAMI Chunk Code Execution http://idp.cyberoam.com/signatures/1100514052.html Apple iTunes PLS File Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1090922091.html Apple iTunes PLS File Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1090922092.html Apple iTunes Protocol Handler Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090602133.html Apple iTunes Protocol Handler Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090602131.html Apple iTunes Protocol Handler Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090602132.html Apple iTunes Protocol Handler Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090602130.html Apple iTunes Protocol Handler Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090602134.html Apple QuickTime FlashPix Movie File Integer Overflow http://idp.cyberoam.com/signatures/1100330190.html Apple QuickTime Image Description Atom Sign Extension Memory Corruption http://idp.cyberoam.com/signatures/1090602022.html Apple QuickTime Movie File Clipping Region Handling Heap Buffer Overflow http://idp.cyberoam.com/signatures/1090602060.html Apple QuickTime PICT Image paintPoly Parsing Heap Buffer Overflow http://idp.cyberoam.com/signatures/1090605011.html Apple Safari CSS format Argument Handling Memory Corruption http://idp.cyberoam.com/signatures/1100326080.html Apple Safari parent.close Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1100507040.html Apple Safari parent.close Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1100507041.html Apple Safari Right-to-Left Text Rendering Use After Free Vulnerability (Published Exploit) http://idp.cyberoam.com/signatures/1100326070.html Apple Safari Right-to-Left Text Rendering Use After Free Vulnerability (Published Exploit) http://idp.cyberoam.com/signatures/1100326071.html FFmpeg OGV File Format Memory Corruption http://idp.cyberoam.com/signatures/1090928030.html Google Chrome HTTP Response Handling Memory Corruption http://idp.cyberoam.com/signatures/1090623033.html Google Chrome HTTP Response Handling Memory Corruption http://idp.cyberoam.com/signatures/1090623032.html Google Chrome HTTP Response Handling Memory Corruption http://idp.cyberoam.com/signatures/1090623031.html Google Chrome HTTP Response Handling Memory Corruption http://idp.cyberoam.com/signatures/1090623030.html Google Chrome Multiple File Type Security Bypass (Published Exploit) http://idp.cyberoam.com/signatures/1091106031.html IBM Informix Client SDK NFX File Processing Stack Buffer Overflow exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 257/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1091005010.html IBM Informix Client SDK NFX File Processing Stack Buffer Overflow http://idp.cyberoam.com/signatures/1091005011.html Microsoft DirectShow QuickTime Movie Parsing Code Execution http://idp.cyberoam.com/signatures/1090528052.html Microsoft DirectShow QuickTime stsc Atom Parsing Memory Corruption http://idp.cyberoam.com/signatures/1090714040.html Microsoft HTTP Services Chunked Encoding Integer Overflow http://idp.cyberoam.com/signatures/1090414063.html Microsoft HTTP Services Chunked Encoding Integer Overflow http://idp.cyberoam.com/signatures/1090414062.html Microsoft HTTP Services Chunked Encoding Integer Overflow http://idp.cyberoam.com/signatures/1090414061.html Microsoft HTTP Services Chunked Encoding Integer Overflow http://idp.cyberoam.com/signatures/1090414060.html Microsoft Internet Explorer Cloned Object Memory Corruption http://idp.cyberoam.com/signatures/1090210100.html Microsoft Internet Explorer CSS Processing Memory Corruption http://idp.cyberoam.com/signatures/1090210140.html Microsoft Internet Explorer EMBED Element Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1090414160.html Microsoft Internet Explorer HTML Objects Memory Corruption http://idp.cyberoam.com/signatures/1090728060.html Microsoft Internet Explorer Marquee Object Handling Memory Corruption http://idp.cyberoam.com/signatures/1090414090.html Microsoft Internet Explorer Pdwizard.ocx ActiveX Object Memory Corruption http://idp.cyberoam.com/signatures/1070814140.html Microsoft Internet Explorer Pdwizard.ocx ActiveX Object Memory Corruption http://idp.cyberoam.com/signatures/1070814141.html Microsoft Internet Explorer Pdwizard.ocx ActiveX Object Memory Corruption http://idp.cyberoam.com/signatures/1070814142.html Microsoft Internet Explorer Style Object Memory Corruption http://idp.cyberoam.com/signatures/1091120060.html Microsoft Internet Explorer Tabular Data Control Memory Corruption http://idp.cyberoam.com/signatures/1100330070.html Microsoft Internet Explorer XML Processing Memory Corruption http://idp.cyberoam.com/signatures/1081210040.html Microsoft Internet Explorer XML Processing Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1081210041.html Microsoft Internet Explorer XML Processing Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1081210042.html Microsoft Multiple Products Works File Converter WPS File Processing Buffer Overflow http://idp.cyberoam.com/signatures/1090609280.html Microsoft Multiple Products Works File Converter WPS File Processing Buffer Overflow exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 258/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1090609281.html Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100309111.html Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100309117.html Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100309116.html Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100309115.html Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100309114.html Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100309113.html Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100309112.html Microsoft Office Excel EntExU2 Record Memory Corruption http://idp.cyberoam.com/signatures/1100309052.html Microsoft Office Excel EntExU2 Record Memory Corruption http://idp.cyberoam.com/signatures/1100309053.html Microsoft Office Excel ExternName Record Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1100608231.html Microsoft Office Excel ExternName Record Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1100608232.html Microsoft Office Excel ExternName Record Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1100608233.html Microsoft Office Excel Featheader Record Memory Corruption http://idp.cyberoam.com/signatures/1091110070.html Microsoft Office Excel Featheader Record Memory Corruption http://idp.cyberoam.com/signatures/1091110071.html Microsoft Office Excel Malformed Records Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090609010.html Microsoft Office Excel Malformed Records Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090609015.html Microsoft Office Excel Malformed Records Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090609013.html Microsoft Office Excel Malformed Records Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090609014.html Microsoft Office Excel Malformed Records Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090609012.html Microsoft Office Excel Malformed Records Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090609011.html Microsoft Office Excel MDXSET Record Heap Buffer Overflow exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 259/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1100309081.html Microsoft Office Excel MDXSET Record Heap Buffer Overflow http://idp.cyberoam.com/signatures/1100309082.html Microsoft Office Excel MDXTUPLE Record Heap Buffer Overflow http://idp.cyberoam.com/signatures/1100309071.html Microsoft Office Excel SXDB Memory Corruption http://idp.cyberoam.com/signatures/1091110011.html Microsoft Office Excel SXDB Memory Corruption http://idp.cyberoam.com/signatures/1091110012.html Microsoft Office Excel SXDB Memory Corruption http://idp.cyberoam.com/signatures/1091110013.html Microsoft Office Excel SXDB Memory Corruption http://idp.cyberoam.com/signatures/1091110014.html Microsoft Office Excel SXDB Memory Corruption http://idp.cyberoam.com/signatures/1091110015.html Microsoft Office Excel SXDB Memory Corruption http://idp.cyberoam.com/signatures/1091110016.html Microsoft Office Excel SXDB Memory Corruption http://idp.cyberoam.com/signatures/1091110017.html Microsoft Office Excel SXDB Memory Corruption http://idp.cyberoam.com/signatures/1091110018.html Microsoft Office Excel SXDB Memory Corruption http://idp.cyberoam.com/signatures/1091110019.html Microsoft Office Excel SXDB Memory Corruption http://idp.cyberoam.com/signatures/2091110010.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100608151.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100608153.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100608157.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100608154.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100608152.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100608158.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100608155.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100608159.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100608156.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/2100608150.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/2100608151.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/2100608152.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/2100608153.html Microsoft Office MSO.DLL Memory Corruption http://idp.cyberoam.com/signatures/1100209030.html Microsoft Office MSO.DLL Memory Corruption http://idp.cyberoam.com/signatures/1100209031.html Microsoft Office OneNote URL Validation Error Vulnerability exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 260/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1080909040.html Microsoft Office PowerPoint 2000 File Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1090512140.html Microsoft Office PowerPoint 2000 File Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1090512141.html Microsoft Office PowerPoint 2000 File Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1090512142.html Microsoft Office PowerPoint 95 Format Sound Object Buffer Overflow http://idp.cyberoam.com/signatures/1090512110.html Microsoft Office PowerPoint 95 Format Sound Object Buffer Overflow http://idp.cyberoam.com/signatures/1090512111.html Microsoft Office PowerPoint File Handling Integer Overflow http://idp.cyberoam.com/signatures/1090512040.html Microsoft Office PowerPoint File Handling Integer Overflow http://idp.cyberoam.com/signatures/1090512041.html Microsoft Office PowerPoint File Path Handling Buffer Overflow http://idp.cyberoam.com/signatures/1100209047.html Microsoft Office PowerPoint File Path Handling Buffer Overflow http://idp.cyberoam.com/signatures/1100209046.html Microsoft Office PowerPoint File Path Handling Buffer Overflow http://idp.cyberoam.com/signatures/1100209045.html Microsoft Office PowerPoint File Path Handling Buffer Overflow http://idp.cyberoam.com/signatures/1100209044.html Microsoft Office PowerPoint Notes Container Heap Corruption http://idp.cyberoam.com/signatures/1090512130.html Microsoft Office PowerPoint Notes Container Heap Corruption http://idp.cyberoam.com/signatures/1090512131.html Microsoft Office PowerPoint PP7 Component Long String Buffer Overflow http://idp.cyberoam.com/signatures/1090512120.html Microsoft Office PowerPoint PP7 Component Long String Buffer Overflow http://idp.cyberoam.com/signatures/1090512121.html Microsoft Office PowerPoint PP7 File Handling Memory Corruption http://idp.cyberoam.com/signatures/1090512080.html Microsoft Office PowerPoint PP7 File Handling Memory Corruption http://idp.cyberoam.com/signatures/1090512081.html Microsoft Office PowerPoint Viewer TextBytesAtom Record Buffer Overflow http://idp.cyberoam.com/signatures/1100209081.html Microsoft Office PowerPoint Viewer TextBytesAtom Record Buffer Overflow http://idp.cyberoam.com/signatures/1100209082.html Microsoft Office PowerPoint Viewer TextCharsAtom Record Buffer Overflow http://idp.cyberoam.com/signatures/1100209091.html Microsoft Office PowerPoint Viewer TextCharsAtom Record Buffer Overflow http://idp.cyberoam.com/signatures/1100209092.html exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 261/409 ١١٢١٠٢/٤/ Cyberoam Docs Microsoft Office VBE6.DLL Stack Memory Corruption http://idp.cyberoam.com/signatures/1100511030.html Microsoft Office Visio DXF File Inserting Buffer Overflow http://idp.cyberoam.com/signatures/1100505011.html Adobe Flash Player for Linux ActionScript ASnative Command Execution http://idp.cyberoam.com/signatures/1081217140.html Adobe Reader and Acrobat media.newPlayer Code Execution http://idp.cyberoam.com/signatures/1091215040.html Adobe Reader and Acrobat media.newPlayer Code Execution http://idp.cyberoam.com/signatures/1091215041.html Adobe Reader JavaScript getAnnots Method Memory Corruption http://idp.cyberoam.com/signatures/1090428010.html Adobe Reader JavaScript getAnnots Method Memory Corruption http://idp.cyberoam.com/signatures/1090428011.html Google Apps googleapps.url.mailto URI Argument Injection http://idp.cyberoam.com/signatures/1091002010.html IBM Installation Manager iim URI Handling Code Execution http://idp.cyberoam.com/signatures/1090930060.html Microsoft Active Template Library Remote Code Execution http://idp.cyberoam.com/signatures/1090811061.html Microsoft Active Template Library Remote Code Execution http://idp.cyberoam.com/signatures/1090811062.html Microsoft Internet Explorer 8 Developer Tools Remote Code Execution http://idp.cyberoam.com/signatures/1100608040.html Microsoft Internet Explorer Invalid Pointer Remote Code Execution http://idp.cyberoam.com/signatures/1100309030.html Microsoft Internet Explorer Invalid Pointer Remote Code Execution http://idp.cyberoam.com/signatures/1100309031.html Microsoft Office Excel ADO Object Parsing Code Execution http://idp.cyberoam.com/signatures/1100608271.html Microsoft Office Excel ADO Object Parsing Code Execution http://idp.cyberoam.com/signatures/1100608272.html Microsoft Office Excel ADO Object Parsing Code Execution http://idp.cyberoam.com/signatures/1100608273.html Microsoft Office Excel Crafted Picture Record Code Execution http://idp.cyberoam.com/signatures/1090414030.html Microsoft Office Excel Crafted Picture Record Code Execution http://idp.cyberoam.com/signatures/1090414031.html Microsoft Office Excel Crafted SST Record Code Execution http://idp.cyberoam.com/signatures/1090414110.html Microsoft Office Excel Crafted SST Record Code Execution http://idp.cyberoam.com/signatures/1090414111.html Microsoft Office Excel MDXTUPLE Record Heap Buffer Overflow http://idp.cyberoam.com/signatures/1100309072.html Microsoft Office Excel String Variable Code Execution http://idp.cyberoam.com/signatures/1100608261.html Microsoft Office Excel String Variable Code Execution http://idp.cyberoam.com/signatures/1100608262.html Microsoft Office PowerPoint Invalid Object Reference Code Execution http://idp.cyberoam.com/signatures/1090402100.html Microsoft Office PowerPoint Invalid Object Reference Code Execution http://idp.cyberoam.com/signatures/1090402102.html Microsoft Office PowerPoint Invalid Object Reference Code miscellaneous exploit exploit miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 262/409 ١١٢١٠٢/٤/ Execution Cyberoam Docs http://idp.cyberoam.com/signatures/1090402103.html Microsoft Office PowerPoint Invalid Object Reference Code Execution http://idp.cyberoam.com/signatures/1090402101.html Microsoft Office PowerPoint Invalid Object Reference Code Execution http://idp.cyberoam.com/signatures/1090402104.html Microsoft Office PowerPoint Invalid Object Reference Code Execution http://idp.cyberoam.com/signatures/1090402105.html Microsoft Office PowerPoint Invalid Object Reference Code Execution http://idp.cyberoam.com/signatures/1090402106.html Microsoft Office PowerPoint Invalid Object Reference Code Execution http://idp.cyberoam.com/signatures/1090402107.html Microsoft Office Web Component Arbitrary Code Execution http://idp.cyberoam.com/signatures/1090713013.html Microsoft Office Web Component Arbitrary Code Execution http://idp.cyberoam.com/signatures/1090713014.html Microsoft Office Web Components ActiveX Control Remote Code Execution http://idp.cyberoam.com/signatures/1090811172.html skype on 443 http://idp.cyberoam.com/signatures/1101046.html miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous skype Document Version – 1.0-13/10/2010 1.3.1.6.48. V 2.4.53 Release Date 12th August, 2010 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.52 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.53. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 277 Risk level: High Name EXE File Download http://idp.cyberoam.com/signatures/1100946.html Megaupload http://idp.cyberoam.com/signatures/1100947.html YousendIt Category cyberoam signatures cyberoam signatures cyberoam signatures docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 263/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1100948.html FLV Streaming http://idp.cyberoam.com/signatures/1100950.html Docstoc http://idp.cyberoam.com/signatures/1100951.html FTP Delete http://idp.cyberoam.com/signatures/1100952.html Game.For.Windows.Live http://idp.cyberoam.com/signatures/1100953.html HTTP Resume Download http://idp.cyberoam.com/signatures/1100955.html P2P Application - Klite http://idp.cyberoam.com/signatures/1100956.html Khanwars http://idp.cyberoam.com/signatures/1100977.html P2P Application - Kugoo http://idp.cyberoam.com/signatures/1100959.html Launchwebs http://idp.cyberoam.com/signatures/1100960.html Limelight Streaming http://idp.cyberoam.com/signatures/1100961.html Mail.com - HTTP http://idp.cyberoam.com/signatures/1100962.html Mail.com - HTTPS http://idp.cyberoam.com/signatures/1100963.html Myspace http://idp.cyberoam.com/signatures/1100964.html Myspace.cn http://idp.cyberoam.com/signatures/1100965.html Netviewer http://idp.cyberoam.com/signatures/1100966.html NNTP Protocol http://idp.cyberoam.com/signatures/1100967.html Octopz http://idp.cyberoam.com/signatures/1100968.html PPTP Protocol http://idp.cyberoam.com/signatures/1100969.html RemotelyAnywhere http://idp.cyberoam.com/signatures/1100970.html QQ File Transfer – NETTING http://idp.cyberoam.com/signatures/1100971.html QQ File Transfer – LIVEIP http://idp.cyberoam.com/signatures/1100972.html QQ Videocall http://idp.cyberoam.com/signatures/1100973.html Anonymous Proxy Application Ultrasurf 9.4 http://idp.cyberoam.com/signatures/1100713.html Proxy Application – Ultrasurf http://idp.cyberoam.com/signatures/1100827.html Proxy Application – Ultrasurf http://idp.cyberoam.com/signatures/1100883.html Proxy Application – Ultrasurf http://idp.cyberoam.com/signatures/1100888.html Proxy Application – Ultrasurf http://idp.cyberoam.com/signatures/1100887.html Proxy Application - Ultrasurf 9.97 cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 264/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1100925.html Proxy Application - Ultrasurf 9.97 http://idp.cyberoam.com/signatures/1100926.html Proxy Application - Ultrasurf 9.96 http://idp.cyberoam.com/signatures/1100927.html Proxy Application - Ultrasurf 9.96 http://idp.cyberoam.com/signatures/1100928.html Proxy Application - Freegate 7.01 Pro http://idp.cyberoam.com/signatures/1100930.html Freegate Server list accessing http://idp.cyberoam.com/signatures/1100975.html Proxy Tool - FreeU http://idp.cyberoam.com/signatures/1100937.html P2P Application uTorrent http://idp.cyberoam.com/signatures/1100880.html P2P Protocol (Bittorrent/Thunder) http://idp.cyberoam.com/signatures/1100849.html Anonymous Surfing Using FreeGate Tool http://idp.cyberoam.com/signatures/1100670.html OpenSSL TLS Connection Record Handling Denial of Service http://idp.cyberoam.com/signatures/1100325011.html OpenSSL TLS Connection Record Handling Denial of Service http://idp.cyberoam.com/signatures/1100325012.html RealNetworks Helix Server RTSP SETUP Request Denial of Service http://idp.cyberoam.com/signatures/1090720051.html RealNetworks Helix Server RTSP SETUP Request Denial of Service http://idp.cyberoam.com/signatures/1090720050.html CA ARCserve Backup Message Engine Denial of Service http://idp.cyberoam.com/signatures/1090616042.html CA ARCserve Backup Message Engine Denial of Service http://idp.cyberoam.com/signatures/1090616040.html CA ARCserve Backup Message Engine Denial of Service http://idp.cyberoam.com/signatures/1090616043.html CA ARCserve Backup Message Engine Denial of Service http://idp.cyberoam.com/signatures/1090616041.html CA ARCserve Backup Message Engine RPC Opcode 59 Denial of Service http://idp.cyberoam.com/signatures/1090616061.html CA ARCserve Backup Message Engine RPC Opcode 59 Denial of Service http://idp.cyberoam.com/signatures/1090616060.html CA ARCserve Backup Message Engine RPC Opcode 59 Denial of Service http://idp.cyberoam.com/signatures/1090616063.html CA ARCserve Backup Message Engine RPC Opcode 59 Denial of Service http://idp.cyberoam.com/signatures/1090616062.html IBM Director CIM Server Consumer Name Handling Denial of Service http://idp.cyberoam.com/signatures/1090310041.html IBM Director CIM Server Consumer Name Handling Denial of Service http://idp.cyberoam.com/signatures/1090310040.html EMC RepliStor rep_srv and ctrlservice Denial of Service http://idp.cyberoam.com/signatures/1091022020.html EMC RepliStor rep_srv and ctrlservice Denial of Service http://idp.cyberoam.com/signatures/1091022021.html Novell iManager Tree Name Denial of Service network attacks and anomaly cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 265/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1100624032.html Novell iManager Tree Name Denial of Service http://idp.cyberoam.com/signatures/1100624030.html Sun Java System Web Server Admin Server Denial of Service http://idp.cyberoam.com/signatures/1100128090.html MIT Kerberos KDC Authentication Denial of Service http://idp.cyberoam.com/signatures/1100217011.html MIT Kerberos KDC Cross Realm Referral Denial of Service http://idp.cyberoam.com/signatures/1091229014.html MIT Kerberos KDC Cross Realm Referral Denial of Service http://idp.cyberoam.com/signatures/1091229015.html MIT Kerberos KDC Cross Realm Referral Denial of Service http://idp.cyberoam.com/signatures/1091229013.html VMware Authorization Service User Credential Parsing Denial of Service http://idp.cyberoam.com/signatures/1091008011.html VMware Authorization Service User Credential Parsing Denial of Service http://idp.cyberoam.com/signatures/1091008010.html Microsoft Windows WRITE_ANDX SMB Processing Denial Of Service (Published Exploit) http://idp.cyberoam.com/signatures/1080915200.html Microsoft ASP.NET Error Handling Denial Of Service http://idp.cyberoam.com/signatures/1090811041.html Microsoft ASP.NET Error Handling Denial Of Service http://idp.cyberoam.com/signatures/1090811040.html Microsoft SharePoint Server Help.aspx Denial of Service http://idp.cyberoam.com/signatures/1100608311.html Microsoft SharePoint Server Help.aspx Denial of Service http://idp.cyberoam.com/signatures/1100608310.html Novell eDirectory NDS Verb 0x01 Integer Overflow http://idp.cyberoam.com/signatures/1091202010.html Novell Netware AFP Remote Denial of Service http://idp.cyberoam.com/signatures/1100106010.html RealNetworks Helix Server RTSP SETUP Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090105040.html HP OpenView Data Protector Application Recovery Manager Buffer Overflow http://idp.cyberoam.com/signatures/1091209100.html HP OpenView Data Protector Application Recovery Manager Buffer Overflow http://idp.cyberoam.com/signatures/1091209101.html RealVNC VNC Server ClientCutText Message Memory Corruption http://idp.cyberoam.com/signatures/1100504020.html Apple CUPS PNG Filter Overly Large Image Height Integer Overflow http://idp.cyberoam.com/signatures/1081128150.html Apple CUPS PNG Filter Overly Large Image Height Integer Overflow http://idp.cyberoam.com/signatures/1081128151.html Multiple Vendor CUPS GIF Decoding Routine Buffer Overflow http://idp.cyberoam.com/signatures/1080401081.html Multiple Vendor CUPS GIF Decoding Routine Buffer Overflow http://idp.cyberoam.com/signatures/1080401080.html Multiple Vendors CUPS HPGL Filter Remote Code Execution http://idp.cyberoam.com/signatures/1081010060.html Multiple Vendors CUPS HPGL Filter Remote Code Execution http://idp.cyberoam.com/signatures/1081010061.html Multiple Vendors AgentX receive_agentx Integer Overflow http://idp.cyberoam.com/signatures/1100419020.html Multiple Vendors AgentX receive_agentx Stack Buffer Overflow network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 266/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1100419010.html Multiple Vendors AgentX receive_agentx Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100419011.html Novell eDirectory Management Console Accept-Language Buffer Overflow http://idp.cyberoam.com/signatures/1090226111.html Novell eDirectory Management Console Accept-Language Buffer Overflow http://idp.cyberoam.com/signatures/1090226110.html Adobe RoboHelp Server Arbitrary File Upload and Execute http://idp.cyberoam.com/signatures/1090923060.html Adobe RoboHelp Server Arbitrary File Upload and Execute http://idp.cyberoam.com/signatures/1090923061.html HP Intelligent Management Center Database Credentials Information Disclosure http://idp.cyberoam.com/signatures/1100521050.html HP Intelligent Management Center Reporting Information Disclosure http://idp.cyberoam.com/signatures/1100521030.html Novell iManager Class Name Remote Buffer Overflow http://idp.cyberoam.com/signatures/1100624020.html Novell iManager Class Name Remote Buffer Overflow http://idp.cyberoam.com/signatures/1100624021.html Novell iManager Class Name Remote Buffer Overflow http://idp.cyberoam.com/signatures/1100624022.html Novell iManager Tree Name Denial of Service http://idp.cyberoam.com/signatures/1100624031.html RedHat JBoss Enterprise Application Platform JMX Console Authentication Bypass http://idp.cyberoam.com/signatures/1100510010.html Sun Java System Web Server Digest Authorization Buffer Overflow http://idp.cyberoam.com/signatures/1100201110.html iSCSI target Multiple Implementations iSNS Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100701010.html HP OpenView Network Node Manager getcvdata.exe HTTP Request Buffer Overflow http://idp.cyberoam.com/signatures/1090114090.html HP OpenView Network Node Manager netmon.exe Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100511070.html HP OpenView Network Node Manager nnmRptConfig.exe Template Buffer Overflow http://idp.cyberoam.com/signatures/1091209070.html HP OpenView Network Node Manager OpenView5 CGI Buffer Overflow http://idp.cyberoam.com/signatures/1090114120.html HP OpenView Network Node Manager OvAcceptLang Parameter Buffer Overflow http://idp.cyberoam.com/signatures/1090323080.html HP OpenView Network Node Manager ovalarm.exe AcceptLanguage Buffer Overflow http://idp.cyberoam.com/signatures/1091214010.html HP OpenView Network Node Manager ovalarm.exe AcceptLanguage Buffer Overflow http://idp.cyberoam.com/signatures/1091214011.html HP OpenView Network Node Manager ovlaunch HTTP Request Buffer Overflow http://idp.cyberoam.com/signatures/1090206190.html HP OpenView Network Node Manager ovlogin.exe Buffer Overflow http://idp.cyberoam.com/signatures/1091214091.html HP OpenView Network Node Manager ovlogin.exe Buffer Overflow http://idp.cyberoam.com/signatures/1091214090.html exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 267/409 ١١٢١٠٢/٤/ Cyberoam Docs HP OpenView Network Node Manager OvOSLocale Parameter Buffer Overflow http://idp.cyberoam.com/signatures/1090323090.html HP OpenView Network Node Manager ovsessionmgr.exe Buffer Overflow http://idp.cyberoam.com/signatures/1091214041.html HP OpenView Network Node Manager ovsessionmgr.exe Buffer Overflow http://idp.cyberoam.com/signatures/1091214040.html HP OpenView Network Node Manager OvWebHelp.exe Buffer Overflow http://idp.cyberoam.com/signatures/1091214020.html HP OpenView Network Node Manager ovwebsnmpsrv.exe OVwSelection Buffer Overflow http://idp.cyberoam.com/signatures/1091210070.html HP OpenView Network Node Manager snmp.exe Oid Variable Buffer Overflow http://idp.cyberoam.com/signatures/1091210060.html HP OpenView Network Node Manager Toolbar.exe HTTP Request Buffer Overflow http://idp.cyberoam.com/signatures/1090108070.html HP OpenView Network Node Manager webappmon.exe CGI Host Header Buffer Overflow http://idp.cyberoam.com/signatures/1091214030.html HP OpenView NNM getnnmdata.exe CGI Hostname Parameter Buffer Overflow http://idp.cyberoam.com/signatures/1100512060.html HP OpenView NNM getnnmdata.exe CGI ICount Parameter Buffer Overflow http://idp.cyberoam.com/signatures/1100512050.html HP OpenView NNM getnnmdata.exe CGI MaxAge Parameter Buffer Overflow http://idp.cyberoam.com/signatures/1100512040.html HP OpenView NNM ovutil.dll getProxiedStorageAddress Buffer Overflow http://idp.cyberoam.com/signatures/1100608400.html HP OpenView NNM ovwebsnmpsrv.exe Invalid Option Buffer Overflow http://idp.cyberoam.com/signatures/1100608390.html HP OpenView NNM snmpviewer.exe CGI Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100512031.html HP OpenView NNM snmpviewer.exe CGI Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100512030.html HP Power Manager formExportDataLogs Buffer Overflow http://idp.cyberoam.com/signatures/1100119100.html Microsoft Office Excel DbOrParamQry Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100309110.html Microsoft Office Excel ExternName Record Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1100608230.html Microsoft Office Excel MDXTUPLE Record Heap Buffer Overflow http://idp.cyberoam.com/signatures/1100309070.html Microsoft Office PowerPoint File Path Handling Buffer Overflow http://idp.cyberoam.com/signatures/1100209043.html Microsoft Office PowerPoint File Path Handling Buffer Overflow http://idp.cyberoam.com/signatures/1100209042.html Microsoft Office PowerPoint File Path Handling Buffer Overflow http://idp.cyberoam.com/signatures/1100209041.html Microsoft Office PowerPoint File Path Handling Buffer Overflow http://idp.cyberoam.com/signatures/1100209040.html nginx URI Parsing Buffer Underflow exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 268/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1090923070.html nginx URI Parsing Buffer Underflow http://idp.cyberoam.com/signatures/1090923072.html nginx URI Parsing Buffer Underflow http://idp.cyberoam.com/signatures/1090923074.html nginx URI Parsing Buffer Underflow http://idp.cyberoam.com/signatures/1090923071.html nginx URI Parsing Buffer Underflow http://idp.cyberoam.com/signatures/1090923073.html nginx URI Parsing Buffer Underflow http://idp.cyberoam.com/signatures/1090923075.html OpenOffice Word Document Table Parsing Integer Underflow http://idp.cyberoam.com/signatures/1090901010.html Rhino Software Serv-U Web Client HTTP Request Remote Buffer Overflow http://idp.cyberoam.com/signatures/1091102010.html Sun Java System Web Server WEBDAV Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100120020.html Sun Java System Web Server WEBDAV Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100120022.html Sun Java System Web Server WEBDAV Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100120021.html Sun Java System Web Server WEBDAV Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100120023.html Adobe Acrobat and Adobe Reader Deflate Parameter Integer Overflow http://idp.cyberoam.com/signatures/1091008100.html Adobe Acrobat and Adobe Reader Deflate Parameter Integer Overflow http://idp.cyberoam.com/signatures/1091008102.html Adobe Acrobat and Adobe Reader Deflate Parameter Integer Overflow http://idp.cyberoam.com/signatures/1091008101.html Adobe Acrobat and Adobe Reader FlateDecode Integer Overflow http://idp.cyberoam.com/signatures/1090611010.html Adobe Acrobat and Adobe Reader FlateDecode Integer Overflow http://idp.cyberoam.com/signatures/1090611012.html Adobe Acrobat and Adobe Reader FlateDecode Integer Overflow http://idp.cyberoam.com/signatures/1090611011.html Adobe Acrobat and Adobe Reader Plugin Object Reloading Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1091014040.html Adobe Acrobat and Reader JpxDecode Memory Corruption http://idp.cyberoam.com/signatures/1100115020.html Adobe Acrobat and Reader JpxDecode Memory Corruption http://idp.cyberoam.com/signatures/1100115021.html Adobe Acrobat and Reader JpxDecode Memory Corruption http://idp.cyberoam.com/signatures/1100115022.html Adobe Acrobat and Reader JpxDecode Memory Corruption http://idp.cyberoam.com/signatures/1100115023.html Adobe Acrobat JavaScript getIcon Method Buffer Overflow http://idp.cyberoam.com/signatures/1090318060.html Adobe Acrobat JavaScript getIcon Method Buffer Overflow http://idp.cyberoam.com/signatures/1090318061.html Adobe Acrobat PDF Font Processing Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1081104210.html Adobe Download Manager getPlus ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1100119030.html exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 269/409 ١١٢١٠٢/٤/ Cyberoam Docs Adobe Download Manager getPlus ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1102119031.html Adobe Download Manager getPlus ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1100119038.html Adobe Download Manager getPlus ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1100119032.html Adobe Download Manager getPlus ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1100119034.html Adobe Download Manager getPlus ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1100119033.html Adobe Download Manager getPlus ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1100119036.html Adobe Download Manager getPlus ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1100119039.html Adobe Download Manager getPlus ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1100119037.html Adobe Download Manager getPlus ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1102119030.html Adobe Download Manager getPlus ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1100119031.html Adobe Download Manager getPlus ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1100119035.html Microsoft Windows Workstation Service Memory Corruption http://idp.cyberoam.com/signatures/1090811130.html Microsoft Windows Workstation Service Memory Corruption http://idp.cyberoam.com/signatures/1090811131.html Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow http://idp.cyberoam.com/signatures/1090625060.html Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow http://idp.cyberoam.com/signatures/1090625061.html Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow http://idp.cyberoam.com/signatures/1090625062.html Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow http://idp.cyberoam.com/signatures/1090625063.html Novell Client NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1090406113.html Microsoft Windows Web Services on Devices API Memory Corruption http://idp.cyberoam.com/signatures/1091110030.html HP Operations Manager Server Unauthorized File Upload http://idp.cyberoam.com/signatures/1091123040.html HP Performance Manager Apache Tomcat Policy Bypass http://idp.cyberoam.com/signatures/1100521040.html MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference http://idp.cyberoam.com/signatures/1090407044.html MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference http://idp.cyberoam.com/signatures/1090407045.html MIT Kerberos ASN.1 asn1_decode_generaltime Uninitialized Pointer Reference http://idp.cyberoam.com/signatures/1090407043.html IBM WebSphere Application Server Cross Site Scripting http://idp.cyberoam.com/signatures/1090331080.html Novell ZENworks Configuration Management Preboot Service Code miscellaneous exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 270/409 ١١٢١٠٢/٤/ Execution Cyberoam Docs http://idp.cyberoam.com/signatures/1100401050.html iSCSI target Multiple Implementations Format String Code Execution http://idp.cyberoam.com/signatures/1100513010.html Apache HTTP Server mod_isapi Dangling Pointer Remote Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1100308020.html HP OpenView Network Node Manager ovet_demandpoll.exe Format String Code Execution http://idp.cyberoam.com/signatures/1100511050.html HP Power Manager formExportDataLogs Directory Traversal http://idp.cyberoam.com/signatures/1100119110.html HP Power Manager Remote Code Execution http://idp.cyberoam.com/signatures/1091105040.html Microsoft IIS 5.0 WebDav Request Directory Security Bypass http://idp.cyberoam.com/signatures/1090609160.html Microsoft IIS WebDAV Request Directory Security Bypass http://idp.cyberoam.com/signatures/1090519020.html Microsoft IIS WebDAV Request Directory Security Bypass http://idp.cyberoam.com/signatures/1090519021.html Microsoft Office Excel ADO Object Parsing Code Execution http://idp.cyberoam.com/signatures/1100608270.html Microsoft Office Excel String Variable Code Execution http://idp.cyberoam.com/signatures/1100608260.html Microsoft Office Excel SXDB Memory Corruption http://idp.cyberoam.com/signatures/1091110010.html Microsoft Office Excel SxView Record Parsing Memory Corruption http://idp.cyberoam.com/signatures/1100608150.html Adobe Acrobat PDF Font Processing Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1081104211.html Adobe Acrobat Reader U3D CLODMeshDeclaration Memory Corruption (Published Exploit) http://idp.cyberoam.com/signatures/1091027020.html Microsoft Windows SMB Negotiate Request Remote Code Execution http://idp.cyberoam.com/signatures/1090908061.html Microsoft Windows SMB Pathname Buffer Overflow http://idp.cyberoam.com/signatures/1100209211.html Microsoft Windows SMB Server Null Pointer Denial Of Service http://idp.cyberoam.com/signatures/1100209231.html Microsoft Windows SMB Server Null Pointer Denial Of Service http://idp.cyberoam.com/signatures/1100209230.html Microsoft Windows SMBv2 Infinite Loop Denial of Service http://idp.cyberoam.com/signatures/1091013030.html Samba SMB1 Packets Chaining Memory Corruption http://idp.cyberoam.com/signatures/1100616010.html Samba SMB1 Packets Chaining Memory Corruption http://idp.cyberoam.com/signatures/1100616012.html Samba smbd Session Setup AndX Security Blob Length Denial of Service http://idp.cyberoam.com/signatures/1100512110.html VideoLAN VLC Media Player SMB Module Win32AddConnection Buffer Overflow http://idp.cyberoam.com/signatures/1090626014.html Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow http://idp.cyberoam.com/signatures/1090415033.html Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous netbios netbios netbios netbios netbios netbios netbios netbios netbios dbms dbms docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 271/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1090415035.html Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow http://idp.cyberoam.com/signatures/1090415032.html Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow http://idp.cyberoam.com/signatures/1090415034.html Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow http://idp.cyberoam.com/signatures/1090415031.html Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow http://idp.cyberoam.com/signatures/1090415030.html Oracle WebLogic Server Node Manager Command Execution http://idp.cyberoam.com/signatures/1100126010.html Oracle BEA Weblogic Server console-help.portal Cross-Site Scripting http://idp.cyberoam.com/signatures/1090721020.html Oracle Application Server Portal Cross Site Scripting http://idp.cyberoam.com/signatures/1090202170.html Oracle Secure Enterprise Search search_p_groups Cross-Site Scripting http://idp.cyberoam.com/signatures/1090721030.html Oracle Application Server BPEL Module Cross Site Scripting http://idp.cyberoam.com/signatures/1090113260.html Oracle BEA WebLogic IIS connector JSESSIONID Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090113300.html Oracle BEA WebLogic Server Apache Connector Buffer Overflow http://idp.cyberoam.com/signatures/1090113100.html Oracle Secure Backup Administration Server login.php Command Injection http://idp.cyberoam.com/signatures/1090113240.html Oracle Secure Backup Administration Server login.php Cookies Command Injection http://idp.cyberoam.com/signatures/1090113230.html Oracle Secure Backup exec_qr Command Injection http://idp.cyberoam.com/signatures/1090114200.html Microsoft License Logging Server RPC Call Buffer Overflow http://idp.cyberoam.com/signatures/1091110044.html Microsoft License Logging Server RPC Call Buffer Overflow http://idp.cyberoam.com/signatures/1091110040.html Microsoft License Logging Server RPC Call Buffer Overflow http://idp.cyberoam.com/signatures/1091110045.html Microsoft License Logging Server RPC Call Buffer Overflow http://idp.cyberoam.com/signatures/1091110041.html Skype Login Attempt - To server http://idp.cyberoam.com/signatures/1200181.html Skype Login Attempt - From server http://idp.cyberoam.com/signatures/1200182.html Skype on HTTP Port http://idp.cyberoam.com/signatures/1100945.html Skype Logon Request http://idp.cyberoam.com/signatures/1200070.html Skype Logon Request http://idp.cyberoam.com/signatures/1200071.html Initial Skype Login Traffic http://idp.cyberoam.com/signatures/1200072.html Initial Skype Connect Traffic http://idp.cyberoam.com/signatures/1200073.html Skype Logon Response http://idp.cyberoam.com/signatures/1200074.html rpc dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms rpc rpc rpc skype skype skype skype skype skype skype skype docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 272/409 ١١٢١٠٢/٤/ Skype Logon Response Cyberoam Docs skype skype http://idp.cyberoam.com/signatures/1200075.html Skype Connection Establish Attempt http://idp.cyberoam.com/signatures/1200076.html Document Version – 1.0-12/08/2010 1.3.1.6.49. V 2.4.52 Release Date 8th June, 2010 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.51 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.52. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 75 Risk level: High Name Proxy Application - Freegate 7.00 Pro http://idp.cyberoam.com/signatures/1100935.html Proxy Application - Freegate 7.00 Pro http://idp.cyberoam.com/signatures/1100936.html Freegate Server list accessing using Google http://idp.cyberoam.com/signatures/1100938.html Freegate Server list accessing using Google http://idp.cyberoam.com/signatures/1100939.html Proxy Application - Ultrasurf 9.96 - 9.97 http://idp.cyberoam.com/signatures/1100925.html Proxy Application - Ultrasurf 9.96 - 9.97 http://idp.cyberoam.com/signatures/1100930.html Linux Kernel sctp_rcv_ootb Remote Denial of Service http://idp.cyberoam.com/signatures/1100407050.html Microsoft Windows SMBv2 Infinite Loop Denial of Service http://idp.cyberoam.com/signatures/1091013031.html HP OpenView Network Node Manager Denial of Service http://idp.cyberoam.com/signatures/1091117050.html Firebird SQL op_connect_request Denial of Service http://idp.cyberoam.com/signatures/1090731070.html Squid HTTP Version Number Parsing Denial of Service http://idp.cyberoam.com/signatures/1090204190.html MySQL XML Functions Scalar XPath Denial of Service http://idp.cyberoam.com/signatures/1090304051.html MySQL XML Functions Scalar XPath Denial of Service Category cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 273/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1090304050.html Linux Kernel sctp_process_unk_param SCTPChunkInit Buffer Overflow http://idp.cyberoam.com/signatures/1100430010.html Microsoft Windows Mail and Outlook Express Integer Overflow http://idp.cyberoam.com/signatures/1100511021.html Mozilla Network Security Services Regexp Heap Overflow http://idp.cyberoam.com/signatures/1090731040.html Apple QuickTime RTSP Response Crafted Content-Type Header Buffer Overflow http://idp.cyberoam.com/signatures/1071123130.html Microsoft Windows Media Runtime ASF Voice Sample Rate Code Execution http://idp.cyberoam.com/signatures/1091013062.html Microsoft Windows Media Runtime ASF Voice Sample Rate Code Execution http://idp.cyberoam.com/signatures/1091013063.html Symantec Multiple Products VRTSweb Code Execution http://idp.cyberoam.com/signatures/1091210010.html RealNetworks Helix Server NTLM Authentication Heap Overflow http://idp.cyberoam.com/signatures/1100420010.html IBM Informix Dynamic Server librpc.dll Multiple Buffer Overflows http://idp.cyberoam.com/signatures/1100301080.html Multiple Vendors librpc.dll Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100301090.html Novell NetWare NFS Portmapper RPC Module Stack Overflow http://idp.cyberoam.com/signatures/1090930110.html Symantec Alert Management System Intel File Transfer Service Arbitrary Program Execution http://idp.cyberoam.com/signatures/1090430030.html Novell Client NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1090406111.html HP OpenView Storage Data Protector Cell Manager Heap Buffer Overflow http://idp.cyberoam.com/signatures/1091217130.html IBM Tivoli Storage Manager Client CAD Service Buffer Overflow http://idp.cyberoam.com/signatures/1091118010.html Microsoft Windows 2000 Media Services Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100413050.html Microsoft Windows 2000 Media Services Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100413051.html IBM Cognos Server Backdoor Account Remote Code Execution http://idp.cyberoam.com/signatures/1100219020.html Multiple Vendors OPIE Off-by-one Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100531050.html HP OpenView Network Node Manager ovalarmsrv Integer Overflow http://idp.cyberoam.com/signatures/1090427070.html HP OpenView Network Node Manager ovalarmsrv Integer Overflow http://idp.cyberoam.com/signatures/1090427071.html HP OpenView Network Node Manager ovalarmsrv Integer Overflow http://idp.cyberoam.com/signatures/1090427073.html HP OpenView Network Node Manager ovalarmsrv Integer Overflow http://idp.cyberoam.com/signatures/1090427074.html HP OpenView Network Node Manager ovalarmsrv Integer Overflow http://idp.cyberoam.com/signatures/1090427075.html HP OpenView Network Node Manager ovalarmsrv Integer Overflow http://idp.cyberoam.com/signatures/1090427072.html HP OpenView Network Node Manager rping Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090629051.html HP OpenView Network Node Manager rping Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090629050.html exploit and anomaly exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 274/409 ١١٢١٠٢/٤/ Cyberoam Docs IBM Informix Dynamic Server librpc.dll Multiple Buffer Overflows http://idp.cyberoam.com/signatures/1100301082.html Microsoft Windows WINS Service Integer Overflow http://idp.cyberoam.com/signatures/1090811110.html Microsoft Windows WINS Service Integer Overflow http://idp.cyberoam.com/signatures/1090811111.html Microsoft Internet Information Services FTP Server Remote Buffer Overflow http://idp.cyberoam.com/signatures/1090831010.html Novell Netware FTP Server Remote Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100330010.html Novell Netware FTP Server Remote Stack Buffer Overflow http://idp.cyberoam.com/signatures/1100330011.html IBM Lotus Domino IMAP Server Buffer Overflow http://idp.cyberoam.com/signatures/1071023161.html IBM Lotus Domino IMAP Server Buffer Overflow http://idp.cyberoam.com/signatures/1071023160.html IBM Lotus Domino IMAP Server Buffer Overflow http://idp.cyberoam.com/signatures/1071023162.html Microsoft Windows Help And Support Center Trusted Document Whitelist Bypass http://idp.cyberoam.com/signatures/1100610010.html Microsoft Windows Web Services on Devices API Memory Corruption http://idp.cyberoam.com/signatures/1091110031.html Microsoft Windows Workstation Service Memory Corruption http://idp.cyberoam.com/signatures/1090811132.html Microsoft Windows Workstation Service Memory Corruption http://idp.cyberoam.com/signatures/1090811133.html IBM Tivoli Storage Manager Express Backup Heap Corruption http://idp.cyberoam.com/signatures/1090310020.html IBM Tivoli Storage Manager Express Backup Heap Corruption http://idp.cyberoam.com/signatures/1090310021.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323030.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323032.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323033.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323036.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323037.html Oracle MySQL Database COM_FIELD_LIST Buffer Overflow http://idp.cyberoam.com/signatures/1100512080.html Microsoft Windows SMB Client Pool Corruption http://idp.cyberoam.com/signatures/1100209111.html Microsoft Windows SMB Client Transaction Buffer Overflow (Published Exploit) http://idp.cyberoam.com/signatures/1100413241.html Microsoft Windows SMB Client Pool Corruption http://idp.cyberoam.com/signatures/1100209110.html Microsoft Windows SMB Client Transaction Buffer Overflow (Published Exploit) http://idp.cyberoam.com/signatures/1100413240.html Microsoft License Logging Server RPC Call Buffer Overflow http://idp.cyberoam.com/signatures/1091110046.html Microsoft License Logging Server RPC Call Buffer Overflow http://idp.cyberoam.com/signatures/1091110042.html Microsoft License Logging Server RPC Call Buffer Overflow http://idp.cyberoam.com/signatures/1091110047.html imap exploit exploit exploit ftp ftp ftp imap imap miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous dbms netbios netbios netbios netbios netbios netbios netbios docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 275/409 ١١٢١٠٢/٤/ Cyberoam Docs Microsoft License Logging Server RPC Call Buffer Overflow http://idp.cyberoam.com/signatures/1091110043.html Microsoft Windows SMB Negotiate Request Remote Code Execution http://idp.cyberoam.com/signatures/1090908060.html Microsoft Windows SMB Pathname Buffer Overflow http://idp.cyberoam.com/signatures/1100209210.html Microsoft Windows SMB Server Null Pointer Denial Of Service http://idp.cyberoam.com/signatures/1100209233.html Microsoft Windows SMB Server Null Pointer Denial Of Service http://idp.cyberoam.com/signatures/1100209232.html Samba SMB1 Packets Chaining Memory Corruption http://idp.cyberoam.com/signatures/1100616011.html Samba SMB1 Packets Chaining Memory Corruption http://idp.cyberoam.com/signatures/1100616013.html Oracle Database DBMS_JAVA.SET_OUTPUT_TO_JAVA Privilege Escalation http://idp.cyberoam.com/signatures/1100208021.html Oracle Database DBMS_JVM_EXP_PERMS System Command Execution http://idp.cyberoam.com/signatures/1100208011.html Oracle Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection http://idp.cyberoam.com/signatures/1090826121.html Oracle Database Server CREATE_TABLES SQL Injection http://idp.cyberoam.com/signatures/1091021151.html Oracle Database Server DBMS_CDC_PUBLISH Multiple Procedure SQL Injection http://idp.cyberoam.com/signatures/1100428011.html Oracle Database Server Network Authentication AUTH_SESSKEY Buffer Overflow http://idp.cyberoam.com/signatures/1091021161.html Oracle Database Application Express Component APEX Password Hash Disclosure (Published Exploit) http://idp.cyberoam.com/signatures/1090416050.html Oracle Database DBMS_JAVA.SET_OUTPUT_TO_JAVA Privilege Escalation http://idp.cyberoam.com/signatures/1100208020.html Oracle Database DBMS_JAVA.SET_OUTPUT_TO_JAVA Privilege Escalation http://idp.cyberoam.com/signatures/1100208022.html Oracle Database DBMS_JVM_EXP_PERMS System Command Execution http://idp.cyberoam.com/signatures/1100208010.html Oracle Database DBMS_JVM_EXP_PERMS System Command Execution http://idp.cyberoam.com/signatures/1100208013.html Oracle Database DBMS_JVM_EXP_PERMS System Command Execution http://idp.cyberoam.com/signatures/1100208012.html Oracle Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection http://idp.cyberoam.com/signatures/1090826120.html Oracle Database REPCAT_RPC.VALIDATE_REMOTE_RC SQL Injection http://idp.cyberoam.com/signatures/1090826122.html Oracle Database Server CREATE_TABLES SQL Injection http://idp.cyberoam.com/signatures/1091021150.html Oracle Database Server CREATE_TABLES SQL Injection http://idp.cyberoam.com/signatures/1091021152.html Oracle Database Server CREATE_TABLES SQL Injection http://idp.cyberoam.com/signatures/1091021153.html Oracle Database Server DBMS_CDC_PUBLISH Multiple Procedure SQL Injection http://idp.cyberoam.com/signatures/1100428010.html Oracle Database Server DBMS_CDC_PUBLISH Multiple Procedure SQL Injection http://idp.cyberoam.com/signatures/1100428013.html Oracle Database Server DBMS_CDC_PUBLISH Multiple Procedure SQL Injection dbms netbios netbios netbios netbios netbios netbios netbios dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 276/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1100428012.html Oracle Database Server Login Access Control Bypass http://idp.cyberoam.com/signatures/1060119120.html Oracle Database Server Login Access Control Bypass http://idp.cyberoam.com/signatures/1060119121.html Oracle Database Server Network Authentication AUTH_SESSKEY Buffer Overflow http://idp.cyberoam.com/signatures/1091021160.html Oracle Database Server Network Authentication AUTH_SESSKEY Buffer Overflow http://idp.cyberoam.com/signatures/1091021162.html Oracle TimesTen In-Memory Database evtdump CGI module Format String http://idp.cyberoam.com/signatures/1090114220.html Oracle TimesTen In-Memory Database HTTP Request Denial of Service http://idp.cyberoam.com/signatures/1100201030.html Skype on HTTP Port http://idp.cyberoam.com/signatures/1100945.html Skype Login Attempt http://idp.cyberoam.com/signatures/1200041.html Skype Logon Request http://idp.cyberoam.com/signatures/1100003.html Novell GroupWise Internet Agent Email Address Processing Buffer Overflow http://idp.cyberoam.com/signatures/1090522060.html Novell Groupwise Internet Agent RCPT Command Buffer Overflow http://idp.cyberoam.com/signatures/1090202080.html Novell GroupWise Internet Agent SMTP AUTH LOGIN Command Buffer Overflow http://idp.cyberoam.com/signatures/1090522050.html Microsoft SQL Server sp_replwritetovarbin Stored Procedure Buffer Overflow http://idp.cyberoam.com/signatures/1081209020.html ProFTPD Server Username Handling SQL Injection http://idp.cyberoam.com/signatures/1090213150.html dbms dbms dbms dbms dbms dbms skype skype skype smtp smtp smtp sql rules sql rules Document Version – 1.0-09/07/2010 1.3.1.6.50. V 2.4.51 Release Date 30th June, 2010 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.50 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.51. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 75 Risk level: High docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 277/409 ١١٢١٠٢/٤/ Name Proxy Application - Ultrasurf 9.96 Cyberoam Docs Category cyberoam signatures http://idp.cyberoam.com/signatures/1100925.html Proxy Application - Ultrasurf 9.96 http://idp.cyberoam.com/signatures/1100930.html FTP Upload Attempt http://idp.cyberoam.com/signatures/1100919.html FTP Download Attempt http://idp.cyberoam.com/signatures/1100920.html Yahoo IM Login Attempt (Modified) http://idp.cyberoam.com/signatures/1100673.html Accessing Facebook Applications http://idp.cyberoam.com/signatures/1100808.html Accessing Facebook Games http://idp.cyberoam.com/signatures/1100809.html Remote Desktop Connection http://idp.cyberoam.com/signatures/1100929.html Proxy Application - Ultrasurf 9.95 http://idp.cyberoam.com/signatures/1100827.html Proxy Application - Ultrasurf 9.95 http://idp.cyberoam.com/signatures/1100888.html Malware Worm.Win32.Dasher.C Runtime Detection (MS05-051) http://idp.cyberoam.com/signatures/1100420023.html Malware Worm.Win32.Dasher.C Runtime Detection (MS02-056) http://idp.cyberoam.com/signatures/1100420024.html Malware Worm.Win32.Dasher.C Runtime Detection (MS04-045) http://idp.cyberoam.com/signatures/1100420020.html Malware Worm.Win32.Dasher.C Runtime Detection (MS05-039) http://idp.cyberoam.com/signatures/1100420021.html Malware Worm.Win32.Dasher.C Runtime Detection (MS05-039) http://idp.cyberoam.com/signatures/1100420022.html Malware Backdoor.Win32.Zlob.P Runtime Detection (Server response) http://idp.cyberoam.com/signatures/1100531021.html Malware Zbot Config file Download Detection http://idp.cyberoam.com/signatures/1100215042.html Malware Worm.MSIL.Tawsebot.A Runtime Detection http://idp.cyberoam.com/signatures/1100510060.html Malware Worm.Win32.Mytob.fi Runtime Detection http://idp.cyberoam.com/signatures/1100517010.html Malware Worm.Win32.Mytob.fi Runtime Detection http://idp.cyberoam.com/signatures/1100517011.html Malware Worm.Win32.Yimfoca Runtime Detection http://idp.cyberoam.com/signatures/1100503010.html Malware Worm.Win32.Yimfoca Runtime Detection http://idp.cyberoam.com/signatures/1100503011.html Malware Worm.Win32.Lightmoon.H Runtime Detection http://idp.cyberoam.com/signatures/1100329010.html Malware Worm.Win32.Lightmoon.H Runtime Detection http://idp.cyberoam.com/signatures/1100329012.html Malware Worm.Win32.Lightmoon.H Runtime Detection http://idp.cyberoam.com/signatures/1100329011.html Malware Worm.Win32.Lightmoon.H Runtime Detection http://idp.cyberoam.com/signatures/1100329013.html Malware Worm.Win32.Lightmoon.H Runtime Detection http://idp.cyberoam.com/signatures/1100329014.html Malware Worm.Win32.Kolab.gqr Runtime Detection http://idp.cyberoam.com/signatures/1100614070.html cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 278/409 ١١٢١٠٢/٤/ Cyberoam Docs Malware Worm.Win32.Kolab.gqr Runtime Detection http://idp.cyberoam.com/signatures/1100614071.html Malware Worm.Win32.Kolab.gqr Runtime Detection http://idp.cyberoam.com/signatures/1100614072.html Malware Backdoor.Win32.LolBot.bu Runtime Detection http://idp.cyberoam.com/signatures/1100505040.html Malware Backdoor.Win32.LolBot variant Runtime Detection http://idp.cyberoam.com/signatures/1100505041.html Malware Backdoor.Win32.Ircbrute.dp Runtime Detection http://idp.cyberoam.com/signatures/1100622070.html Malware Backdoor.Win32.Ircbrute.dp Runtime Detection http://idp.cyberoam.com/signatures/1100622071.html Malware Backdoor.Win32.Autorun.BDS Runtime Detection http://idp.cyberoam.com/signatures/1100609040.html Malware Backdoor.Win32.Autorun.BDS Runtime Detection http://idp.cyberoam.com/signatures/1100609041.html Malware Backdoor.Win32.Ixeshe.D Runtime Detection http://idp.cyberoam.com/signatures/1100611050.html Malware Backdoor.Win32.Rebhip.A Runtime Detection A http://idp.cyberoam.com/signatures/1100514010.html Malware Backdoor.Win32.Rebhip.A Runtime Detection B http://idp.cyberoam.com/signatures/1100514011.html Malware Biodox Runtime Detection http://idp.cyberoam.com/signatures/2081215091.html Malware Hack Style RAT Runtime Detection http://idp.cyberoam.com/signatures/2081216070.html Malware Backdoor Win32.Delf.jwh Runtime Detection http://idp.cyberoam.com/signatures/2080819090.html Malware Backdoor.Win32.Httpbot.yi Runtime Detection http://idp.cyberoam.com/signatures/1090928050.html Malware Backdoor.Win32.Momibot.B Runtime Detection http://idp.cyberoam.com/signatures/1100318060.html Malware Backdoor.Win32.Pinit.A Runtime Detection http://idp.cyberoam.com/signatures/1100527040.html Malware Backdoor.Win32.Tusha.cv Runtime Detection http://idp.cyberoam.com/signatures/1091216012.html Malware Backdoor.Win32.Zlob.P Runtime Detection (Client request) http://idp.cyberoam.com/signatures/1100531020.html Malware LORD SPY PRO 1.4 Runtime Detection http://idp.cyberoam.com/signatures/2081009060.html Malware RogueSoftware.Win32.AntivirusSoft Runtime Detection (avcommand.net) http://idp.cyberoam.com/signatures/1100310031.html Malware RogueSoftware.Win32.AntivirusSoft Runtime Detection (av-crew.net) http://idp.cyberoam.com/signatures/1100310032.html Malware RogueSoftware.Win32.AntivirusSoft Runtime Detection (generic) http://idp.cyberoam.com/signatures/1100310030.html Malware TD.EXE Runtime Detection (download) http://idp.cyberoam.com/signatures/2080822171.html Malware TD.EXE Runtime Detection (getfile) http://idp.cyberoam.com/signatures/2080822170.html Malware Trojan.Win32.Aspxor.he Runtime Detection http://idp.cyberoam.com/signatures/1100607060.html Malware Trojan.Win32.Banker.aufm Runtime Detection http://idp.cyberoam.com/signatures/1100329030.html Malware Trojan.Win32.Banker.aufm Runtime Detection (POST) spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 279/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1100329031.html Malware Trojan.Win32.Buzus.zyx Runtime Detection (binary download) http://idp.cyberoam.com/signatures/1100413021.html Malware Trojan.Win32.Buzus.zyx Runtime Detection http://idp.cyberoam.com/signatures/1100413020.html Malware Trojan.Win32.Buzus.zyx Runtime Detection (script download) http://idp.cyberoam.com/signatures/1100413022.html Malware Trojan.Win32.Holisnif Runtime Detection http://idp.cyberoam.com/signatures/1100505060.html Malware Trojan.Win32.Krap.gy Runtime Detection http://idp.cyberoam.com/signatures/1100408020.html Malware Trojan.Win32.PBin.A Runtime Detection http://idp.cyberoam.com/signatures/1100614030.html Malware Trojan.Win32.Waledac.agq Runtime Detection http://idp.cyberoam.com/signatures/1100412050.html Malware Worm.Win32.Expichu Runtime Detection (download) http://idp.cyberoam.com/signatures/1100528011.html Malware Worm.Win32.Expichu Runtime Detection (Generic) http://idp.cyberoam.com/signatures/1100528010.html Malware Worm.Win32.Verst.A Runtime Detection http://idp.cyberoam.com/signatures/1100505050.html spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware Document Version – 1.0-30/06/2010 1.3.1.6.51. V 2.4.50 Release Date 3rd May, 2010 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.49 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.50. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Detection and Protection matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 716 Risk level: High Name BACKDOOR icmp cmd 1.0 runtime detection – pskill http://idp.cyberoam.com/signatures/10108.html BACKDOOR icmp cmd 1.0 runtime detection – pslist http://idp.cyberoam.com/signatures/10107.html BACKDOOR only 1 rat runtime detection - icmp request http://idp.cyberoam.com/signatures/10452.html BACKDOOR dkangel runtime detection - icmp echo reply client-to-server http://idp.cyberoam.com/signatures/6128.html BACKDOOR Infector 1.6 Client to Server Connection Request Category backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 280/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/121.html BACKDOOR up and run v1.0 beta runtime detection flowbit 1 http://idp.cyberoam.com/signatures/7078.html BACKDOOR up and run v1.0 beta runtime detection http://idp.cyberoam.com/signatures/7081.html BACKDOOR flux 1.0 runtime detection http://idp.cyberoam.com/signatures/7611.html BACKDOOR forced control uploader runtime detection - connection with password http://idp.cyberoam.com/signatures/7785.html BACKDOOR forced control uploader runtime detection directory listing flowbit set 2 http://idp.cyberoam.com/signatures/7787.html BACKDOOR forced control uploader runtime detection directory listing flowbit set 4 http://idp.cyberoam.com/signatures/7789.html BACKDOOR minicom lite runtime detection - server-to-client http://idp.cyberoam.com/signatures/7649.html BACKDOOR omerta 1.3 runtime detection http://idp.cyberoam.com/signatures/6499.html BACKDOOR omerta 1.3 runtime detection http://idp.cyberoam.com/signatures/6501.html BACKDOOR commando runtime detection - chat server-to-client http://idp.cyberoam.com/signatures/6330.html BACKDOOR commando runtime detection - initial connection http://idp.cyberoam.com/signatures/6328.html BACKDOOR boer runtime detection - init connection http://idp.cyberoam.com/signatures/11318.html BACKDOOR hack-a-tack attempt http://idp.cyberoam.com/signatures/614.html BACKDOOR silent spy 2.10 command response port 4225 http://idp.cyberoam.com/signatures/6021.html BACKDOOR silent spy 2.10 command response port 4226 http://idp.cyberoam.com/signatures/6022.html BACKDOOR access remote pc runtime detection - rpc setup http://idp.cyberoam.com/signatures/12145.html BACKDOOR outbreak_0.2.7 runtime detection - initial connection http://idp.cyberoam.com/signatures/7733.html BACKDOOR outbreak_0.2.7 runtime detection - ring server-to-client http://idp.cyberoam.com/signatures/7731.html BACKDOOR illusion runtime detection - file browser server-to-client http://idp.cyberoam.com/signatures/7688.html BACKDOOR illusion runtime detection - get remote info server-to-client http://idp.cyberoam.com/signatures/7686.html BACKDOOR erazer v1.1 runtime detection - sin notification http://idp.cyberoam.com/signatures/7084.html BACKDOOR snipernet 2.1 runtime detection - flowbit set http://idp.cyberoam.com/signatures/7645.html BACKDOOR GirlFriendaccess http://idp.cyberoam.com/signatures/145.html BACKDOOR messiah 4.0 runtime detection - enable keylogger - flowbit set http://idp.cyberoam.com/signatures/7772.html BACKDOOR messiah 4.0 runtime detection - get server info - flowbit set http://idp.cyberoam.com/signatures/7770.html BACKDOOR messiah 4.0 runtime detection - screen capture - flowbit set backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 281/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/7774.html BACKDOOR evade runtime detection - file manager http://idp.cyberoam.com/signatures/7691.html BACKDOOR remote havoc runtime detection - flowbit set 2 http://idp.cyberoam.com/signatures/7674.html BACKDOOR Vampire 1.2 connection request http://idp.cyberoam.com/signatures/3063.html BACKDOOR icmp cmd 1.0 runtime detection - pskill http://idp.cyberoam.com/signatures/10108.html BACKDOOR icmp cmd 1.0 runtime detection – pslist http://idp.cyberoam.com/signatures/10107.html BACKDOOR only 1 rat runtime detection - icmp request http://idp.cyberoam.com/signatures/10452.html BACKDOOR dkangel runtime detection - icmp echo reply client-to-server http://idp.cyberoam.com/signatures/6128.html BACKDOOR Infector 1.6 Client to Server Connection Request http://idp.cyberoam.com/signatures/121.html BACKDOOR up and run v1.0 beta runtime detection flowbit 1 http://idp.cyberoam.com/signatures/7078.html BACKDOOR up and run v1.0 beta runtime detection http://idp.cyberoam.com/signatures/7081.html BACKDOOR flux 1.0 runtime detection http://idp.cyberoam.com/signatures/7611.html BACKDOOR forced control uploader runtime detection - connection with password http://idp.cyberoam.com/signatures/7785.html BACKDOOR forced control uploader runtime detection directory listing flowbit set 2 http://idp.cyberoam.com/signatures/7787.html BACKDOOR forced control uploader runtime detection directory listing flowbit set 4 http://idp.cyberoam.com/signatures/7789.html BACKDOOR minicom lite runtime detection - server-to-client http://idp.cyberoam.com/signatures/7649.html BACKDOOR omerta 1.3 runtime detection http://idp.cyberoam.com/signatures/6499.html BACKDOOR omerta 1.3 runtime detection http://idp.cyberoam.com/signatures/6501.html BACKDOOR commando runtime detection - chat server-to-client http://idp.cyberoam.com/signatures/6330.html BACKDOOR commando runtime detection - initial connection http://idp.cyberoam.com/signatures/6328.html BACKDOOR boer runtime detection - init connection http://idp.cyberoam.com/signatures/11318.html BACKDOOR hack-a-tack attempt http://idp.cyberoam.com/signatures/614.html BACKDOOR silent spy 2.10 command response port 4225 http://idp.cyberoam.com/signatures/6021.html BACKDOOR silent spy 2.10 command response port 4226 http://idp.cyberoam.com/signatures/6022.html BACKDOOR access remote pc runtime detection - rpc setup http://idp.cyberoam.com/signatures/12145.html BACKDOOR outbreak_0.2.7 runtime detection - initial connection http://idp.cyberoam.com/signatures/7733.html backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 282/409 ١١٢١٠٢/٤/ Cyberoam Docs BACKDOOR outbreak_0.2.7 runtime detection - ring server-to-client http://idp.cyberoam.com/signatures/7731.html BACKDOOR illusion runtime detection - file browser server-to-client http://idp.cyberoam.com/signatures/7688.html BACKDOOR illusion runtime detection - get remote info server-to-client http://idp.cyberoam.com/signatures/7686.html BACKDOOR erazer v1.1 runtime detection - sin notification http://idp.cyberoam.com/signatures/7084.html BACKDOOR snipernet 2.1 runtime detection - flowbit set http://idp.cyberoam.com/signatures/7645.html BACKDOOR GirlFriendaccess http://idp.cyberoam.com/signatures/145.html BACKDOOR messiah 4.0 runtime detection - enable keylogger - flowbit set http://idp.cyberoam.com/signatures/7772.html BACKDOOR messiah 4.0 runtime detection - get server info - flowbit set http://idp.cyberoam.com/signatures/7770.html BACKDOOR messiah 4.0 runtime detection - screen capture - flowbit set http://idp.cyberoam.com/signatures/7774.html BACKDOOR evade runtime detection - file manager http://idp.cyberoam.com/signatures/7691.html BACKDOOR remote havoc runtime detection - flowbit set 2 http://idp.cyberoam.com/signatures/7674.html BACKDOOR Vampire 1.2 connection request http://idp.cyberoam.com/signatures/3063.html BACKDOOR net runner runtime detection - download file client-to-server http://idp.cyberoam.com/signatures/6120.html BACKDOOR net runner runtime detection - initial connection client-toserver http://idp.cyberoam.com/signatures/6118.html BACKDOOR beast 2.02 runtime detection - initial connection - flowbit set http://idp.cyberoam.com/signatures/7756.html BACKDOOR bifrose 1.1 runtime detection http://idp.cyberoam.com/signatures/6055.html BACKDOOR bifrose 1.1 runtime detection http://idp.cyberoam.com/signatures/6057.html BACKDOOR bionet 4.05 runtime detection - file manager - flowbit set http://idp.cyberoam.com/signatures/7736.html BACKDOOR bionet 4.05 runtime detection - initial connection - flowbit set http://idp.cyberoam.com/signatures/7734.html BACKDOOR coolcat runtime connection detection - tcp 1 http://idp.cyberoam.com/signatures/6012.html BACKDOOR coolcat runtime connection detection - tcp 2 http://idp.cyberoam.com/signatures/6013.html BACKDOOR data rape runtime detection - execute program client-to-server http://idp.cyberoam.com/signatures/7768.html BACKDOOR diems mutter runtime detection - client-to-server http://idp.cyberoam.com/signatures/7656.html BACKDOOR fade 1.0 runtime detection - enable keylogger http://idp.cyberoam.com/signatures/6040.html BACKDOOR fkwp 2.0 runtime detection - connection attempt client-toserver http://idp.cyberoam.com/signatures/6030.html BACKDOOR freak 1.0 runtime detection - initial connection client-to-server http://idp.cyberoam.com/signatures/6072.html backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 283/409 ١١٢١٠٢/٤/ Cyberoam Docs BACKDOOR hanky panky 1.1 runtime detection - initial connection flowbit set 2 http://idp.cyberoam.com/signatures/7696.html BACKDOOR hellzaddiction v1.0e runtime detection - init conn http://idp.cyberoam.com/signatures/6140.html BACKDOOR hellzaddiction v1.0e runtime detection - init conn http://idp.cyberoam.com/signatures/6141.html BACKDOOR minicommand runtime detection - initial connection client-toserver http://idp.cyberoam.com/signatures/6034.html BACKDOOR mosucker3.0 runtime detection - client-to-server http://idp.cyberoam.com/signatures/7082.html BACKDOOR nightcreature beta 0.01 runtime detection http://idp.cyberoam.com/signatures/7819.html BACKDOOR optixlite 1.0 runtime detection - connection success client-toserver http://idp.cyberoam.com/signatures/6065.html BACKDOOR sinique 1.0 runtime detection - initial connection with correct password client-to-server http://idp.cyberoam.com/signatures/7087.html BACKDOOR sinique 1.0 runtime detection - initial connection with wrong password -client-to-server http://idp.cyberoam.com/signatures/7089.html BACKDOOR small uploader 1.01 runtime detection - get server information - flowbit set http://idp.cyberoam.com/signatures/7652.html BACKDOOR small uploader 1.01 runtime detection - initial connection flowbit set http://idp.cyberoam.com/signatures/7650.html BACKDOOR small uploader 1.01 runtime detection - remote shell - flowbit set http://idp.cyberoam.com/signatures/7654.html BACKDOOR roach 1.0 runtime detection - remote control actions - flowbit set http://idp.cyberoam.com/signatures/7702.html BACKDOOR cool remote control 1.12 runtime detection - download file flowbit set http://idp.cyberoam.com/signatures/7680.html detection - upload file BACKDOOR cool remote control 1.12 runtime flowbit set http://idp.cyberoam.com/signatures/7678.html BACKDOOR amiboide uploader runtime detection - init connection http://idp.cyberoam.com/signatures/6076.html BACKDOOR softwar shadowthief runtime detection - initial connection http://idp.cyberoam.com/signatures/6305.html BACKDOOR netbus getinfo http://idp.cyberoam.com/signatures/110.html BACKDOOR acid head 1.00 runtime detection - flowbit set http://idp.cyberoam.com/signatures/7682.html BACKDOOR ieva 1.0 runtime detection - black screen http://idp.cyberoam.com/signatures/9834.html BACKDOOR ieva 1.0 runtime detection - crazy mouse http://idp.cyberoam.com/signatures/9836.html BACKDOOR ieva 1.0 runtime detection - fake delete harddisk message http://idp.cyberoam.com/signatures/9833.html BACKDOOR ieva 1.0 runtime detection - send message http://idp.cyberoam.com/signatures/9832.html BACKDOOR ieva 1.0 runtime detection - swap mouse backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 284/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/9835.html BACKDOOR clindestine 1.0 runtime detection - capture big screen http://idp.cyberoam.com/signatures/6136.html BACKDOOR clindestine 1.0 runtime detection - capture small screen http://idp.cyberoam.com/signatures/6137.html BACKDOOR clindestine 1.0 runtime detection - get computer info http://idp.cyberoam.com/signatures/6138.html BACKDOOR clindestine 1.0 runtime detection - get system directory http://idp.cyberoam.com/signatures/6139.html BACKDOOR buttman v0.9p runtime detection - remote control - set flowbit http://idp.cyberoam.com/signatures/6335.html BACKDOOR winicabras 1.1 runtime detection - explorer http://idp.cyberoam.com/signatures/10462.html BACKDOOR mithril runtime detection - get process list http://idp.cyberoam.com/signatures/8077.html BACKDOOR mithril runtime detection - get system information http://idp.cyberoam.com/signatures/8075.html BACKDOOR joker ddos v1.0.1 runtime detection - bomb http://idp.cyberoam.com/signatures/6295.html BACKDOOR joker ddos v1.0.1 runtime detection - bomb - initial flowbit http://idp.cyberoam.com/signatures/6293.html BACKDOOR chupacabra 1.0 runtime detection - delete file http://idp.cyberoam.com/signatures/6134.html BACKDOOR chupacabra 1.0 runtime detection http://idp.cyberoam.com/signatures/6131.html BACKDOOR chupacabra 1.0 runtime detection http://idp.cyberoam.com/signatures/6129.html BACKDOOR chupacabra 1.0 runtime detection - send messages http://idp.cyberoam.com/signatures/6133.html BACKDOOR cobra uploader 1.0 runtime detection http://idp.cyberoam.com/signatures/12163.html BACKDOOR cobra uploader 1.0 runtime detection http://idp.cyberoam.com/signatures/12164.html BACKDOOR infector v1.0 runtime detection - init conn http://idp.cyberoam.com/signatures/7817.html BACKDOOR remote hack 1.5 runtime detection - execute file http://idp.cyberoam.com/signatures/7097.html BACKDOOR remote hack 1.5 runtime detection - get password http://idp.cyberoam.com/signatures/7098.html BACKDOOR remote hack 1.5 runtime detection - logon http://idp.cyberoam.com/signatures/7096.html BACKDOOR remote hack 1.5 runtime detection - start keylogger http://idp.cyberoam.com/signatures/7099.html BACKDOOR incommand 1.7 runtime detection - file manage 1 http://idp.cyberoam.com/signatures/7797.html BACKDOOR incommand 1.7 runtime detection - file manage 1 http://idp.cyberoam.com/signatures/7798.html BACKDOOR superra runtime detection - issue remote control command http://idp.cyberoam.com/signatures/9667.html BACKDOOR snid x2 v1.2 runtime detection - initial connection - flowbit set http://idp.cyberoam.com/signatures/7662.html BACKDOOR hatredfriend file manage command - set flowbit http://idp.cyberoam.com/signatures/6337.html BACKDOOR ullysse runtime detection - client-to-server backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 285/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/7644.html BACKDOOR digital upload runtime detection - initial connection http://idp.cyberoam.com/signatures/7670.html BACKDOOR millenium v1.0 runtime detection http://idp.cyberoam.com/signatures/6122.html BACKDOOR NetBus Pro 2.0 connection request http://idp.cyberoam.com/signatures/3009.html BACKDOOR bugs runtime detection - file manager client-to-server http://idp.cyberoam.com/signatures/6472.html BACKDOOR schwindler 1.82 runtime detection http://idp.cyberoam.com/signatures/6063.html BACKDOOR exploiter 1.0 runtime detection http://idp.cyberoam.com/signatures/6497.html BACKDOOR girlfriend runtime detection http://idp.cyberoam.com/signatures/7106.html BACKDOOR screen control 1.0 runtime detection - flowbit set http://idp.cyberoam.com/signatures/7664.html BACKDOOR screen control 1.0 runtime detection - capture on port 2213 flowbit set http://idp.cyberoam.com/signatures/7668.html BACKDOOR RUX the Tick get system directory attempt http://idp.cyberoam.com/signatures/3011.html BACKDOOR RUX the Tick get windows directory attempt http://idp.cyberoam.com/signatures/3010.html BACKDOOR RUX the Tick upload/execute arbitrary file attempt http://idp.cyberoam.com/signatures/3012.html BACKDOOR Asylum 0.1 connection request http://idp.cyberoam.com/signatures/3013.html BACKDOOR donalddick v1.5b3 runtime detection http://idp.cyberoam.com/signatures/7113.html BACKDOOR dagger v1.1.40 runtime detection http://idp.cyberoam.com/signatures/6108.html BACKDOOR digital rootbeer runtime detection http://idp.cyberoam.com/signatures/6169.html BACKDOOR aol admin runtime detection http://idp.cyberoam.com/signatures/7104.html BACKDOOR brain wiper runtime detection - chat - flowbit set http://idp.cyberoam.com/signatures/7700.html BACKDOOR brain wiper runtime detection - launch application - flowbit set http://idp.cyberoam.com/signatures/7698.html BACKDOOR DoomJuice/mydoom.a backdoor upload/execute attempt http://idp.cyberoam.com/signatures/2375.html BACKDOOR winicabras 1.1 runtime detection - get system info http://idp.cyberoam.com/signatures/10460.html BACKDOOR BackOrifice 2000 Inbound Traffic http://idp.cyberoam.com/signatures/3155.html BACKDOOR acidbattery 1.0 runtime detection - get password http://idp.cyberoam.com/signatures/10445.html BACKDOOR acidbattery 1.0 runtime detection - get server info http://idp.cyberoam.com/signatures/10446.html BACKDOOR acidbattery 1.0 runtime detection - open ftp service http://idp.cyberoam.com/signatures/10444.html BACKDOOR acidbattery 1.0 runtime detection - sniff info backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 286/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/10443.html BACKDOOR amitis runtime command detection attacker to victim http://idp.cyberoam.com/signatures/7711.html BACKDOOR trinity connection attempt http://idp.cyberoam.com/signatures/1843.html BACKDOOR Remote PC Access connection attempt http://idp.cyberoam.com/signatures/2124.html BACKDOOR autospy runtime detection - get information http://idp.cyberoam.com/signatures/6077.html BACKDOOR autospy runtime detection - hide taskbar http://idp.cyberoam.com/signatures/6083.html BACKDOOR autospy runtime detection - make directory http://idp.cyberoam.com/signatures/6085.html BACKDOOR autospy runtime detection - show autospy http://idp.cyberoam.com/signatures/6079.html BACKDOOR autospy runtime detection - show nude pic http://idp.cyberoam.com/signatures/6081.html BACKDOOR netangel connection client-to-server http://idp.cyberoam.com/signatures/6402.html BACKDOOR war trojan ver1.0 runtime detection - disable ctrl+alt+del http://idp.cyberoam.com/signatures/7804.html BACKDOOR war trojan ver1.0 runtime detection - send messages http://idp.cyberoam.com/signatures/7803.html BACKDOOR bobo 1.0 runtime detection - initial connection http://idp.cyberoam.com/signatures/7747.html BACKDOOR bobo 1.0 runtime detection - send message - flowbit set http://idp.cyberoam.com/signatures/7748.html BACKDOOR alexmessomalex runtime detection - grab http://idp.cyberoam.com/signatures/7739.html BACKDOOR omniquad instant remote control runtime detection - initial connection - flowbit set http://idp.cyberoam.com/signatures/7705.html BACKDOOR 3xBackdoor runtime detection - set flowbit http://idp.cyberoam.com/signatures/6323.html BACKDOOR optix pro v1.32 runtime detection - upload file http://idp.cyberoam.com/signatures/12156.html BACKDOOR [x]-ztoo 1.0 or illusion runtime detection - open file manager http://idp.cyberoam.com/signatures/10458.html BACKDOOR optix pro v1.32 runtime detection - screen capturing http://idp.cyberoam.com/signatures/12160.html BACKDOOR fore v1.0 beta runtime detection - init conn http://idp.cyberoam.com/signatures/6116.html BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection http://idp.cyberoam.com/signatures/12148.html BACKDOOR [x]-ztoo 1.0 runtime detection - get system info http://idp.cyberoam.com/signatures/10455.html BACKDOOR sohoanywhere runtime detection http://idp.cyberoam.com/signatures/11323.html BACKDOOR netraider 0.0 runtime detection http://idp.cyberoam.com/signatures/6180.html BACKDOOR tron runtime detection - init connection - flowbit set http://idp.cyberoam.com/signatures/12054.html BACKDOOR Y3KRAT 1.5 Connect Client Response http://idp.cyberoam.com/signatures/3082.html BACKDOOR delirium of disorder runtime detection - enable keylogger backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 287/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/6159.html BACKDOOR delirium of disorder runtime detection - stop keylogger http://idp.cyberoam.com/signatures/6160.html BACKDOOR supervisor plus runtime detection http://idp.cyberoam.com/signatures/11953.html BACKDOOR supervisor plus runtime detection http://idp.cyberoam.com/signatures/11954.html BACKDOOR am remote client runtime detection - client-to-server http://idp.cyberoam.com/signatures/7641.html BACKDOOR dark connection inside v1.2 runtime detection http://idp.cyberoam.com/signatures/6143.html BACKDOOR fatal wound 1.0 runtime detection - execute file http://idp.cyberoam.com/signatures/7807.html BACKDOOR fatal wound 1.0 runtime detection - upload http://idp.cyberoam.com/signatures/7808.html BACKDOOR BackConstruction 2.1 Client FTP Open Request http://idp.cyberoam.com/signatures/157.html BACKDOOR fucktrojan 1.2 runtime detection - flood http://idp.cyberoam.com/signatures/6326.html BACKDOOR unicorn runtime detection - set wallpaper client-to-server http://idp.cyberoam.com/signatures/6167.html BACKDOOR nt remote controller 2000 runtime detection - foldermonitor client-to-server http://idp.cyberoam.com/signatures/7766.html BACKDOOR nt remote controller 2000 runtime detection - services clientto-server http://idp.cyberoam.com/signatures/7763.html BACKDOOR nt remote controller 2000 runtime detection - sysinfo client-toserver http://idp.cyberoam.com/signatures/7764.html BACKDOOR cookie monster 0.24 runtime detection http://idp.cyberoam.com/signatures/6173.html BACKDOOR cookie monster 0.24 runtime detection http://idp.cyberoam.com/signatures/6171.html BACKDOOR cookie monster 0.24 runtime detection - kill kernel http://idp.cyberoam.com/signatures/6175.html BACKDOOR crossfires trojan 3.0 runtime detection - chat with victim http://idp.cyberoam.com/signatures/10102.html BACKDOOR crossfires trojan 3.0 runtime detection - delete file http://idp.cyberoam.com/signatures/10101.html BACKDOOR netcontrol v1.0.8 runtime detection http://idp.cyberoam.com/signatures/6149.html BACKDOOR messiah 4.0 runtime detection - get drives - flowbit set http://idp.cyberoam.com/signatures/7776.html BACKDOOR netspy runtime detection - command pattern client-to-server http://idp.cyberoam.com/signatures/6289.html BACKDOOR remote control 1.7 runtime detection - connection request flowbit 1 http://idp.cyberoam.com/signatures/7620.html BACKDOOR remote control 1.7 runtime detection - connection request flowbit 3 http://idp.cyberoam.com/signatures/7622.html BACKDOOR QAZ Worm Client Login access http://idp.cyberoam.com/signatures/108.html BACKDOOR xhx 1.6 runtime detection - initial connection client-to-server backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 288/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/6074.html BACKDOOR lame rat v1.0 runtime detection http://idp.cyberoam.com/signatures/11949.html BACKDOOR CDK http://idp.cyberoam.com/signatures/185.html BACKDOOR dsk lite 1.0 runtime detection - initial connection http://idp.cyberoam.com/signatures/6015.html BACKDOOR neurotickat1.3 runtime detection - initial connection http://idp.cyberoam.com/signatures/6060.html BACKDOOR neurotickat1.3 runtime detection - initial connection http://idp.cyberoam.com/signatures/6061.html BACKDOOR fun factory runtime detection - connect http://idp.cyberoam.com/signatures/6047.html BACKDOOR fun factory runtime detection - do script remotely http://idp.cyberoam.com/signatures/6053.html BACKDOOR fun factory runtime detection - set volume http://idp.cyberoam.com/signatures/6051.html BACKDOOR fun factory runtime detection - upload http://idp.cyberoam.com/signatures/6049.html BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection flowbit set http://idp.cyberoam.com/signatures/7709.html BACKDOOR incommand 1.7 runtime detection - file manage 2 http://idp.cyberoam.com/signatures/7799.html BACKDOOR incommand 1.7 runtime detection - file manage 2 http://idp.cyberoam.com/signatures/7800.html BACKDOOR access remote pc runtime detection - init connection http://idp.cyberoam.com/signatures/12142.html BACKDOOR antilamer 1.1 runtime detection - set flowbit http://idp.cyberoam.com/signatures/6285.html BACKDOOR a trojan 2.0 runtime detection http://idp.cyberoam.com/signatures/6093.html BACKDOOR a trojan 2.0 runtime detection http://idp.cyberoam.com/signatures/6091.html BACKDOOR a trojan 2.0 runtime detection http://idp.cyberoam.com/signatures/6089.html BACKDOOR a trojan 2.0 runtime detection http://idp.cyberoam.com/signatures/6095.html BACKDOOR a trojan 2.0 runtime detection - init connection http://idp.cyberoam.com/signatures/6088.html BACKDOOR backage 3.1 runtime detection http://idp.cyberoam.com/signatures/6107.html BACKDOOR badrat 1.1 runtime detection - flowbit set http://idp.cyberoam.com/signatures/6475.html BACKDOOR bersek 1.0 runtime detection http://idp.cyberoam.com/signatures/9660.html BACKDOOR bersek 1.0 runtime detection http://idp.cyberoam.com/signatures/9662.html BACKDOOR bersek 1.0 runtime detection http://idp.cyberoam.com/signatures/9658.html BACKDOOR bersek 1.0 runtime detection http://idp.cyberoam.com/signatures/9656.html BACKDOOR bifrost v1.2.1 runtime detection http://idp.cyberoam.com/signatures/12298.html BACKDOOR black curse 4.0 runtime detection - inverse init connection backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 289/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/8361.html BACKDOOR black curse 4.0 runtime detection - normal init connection http://idp.cyberoam.com/signatures/8362.html BACKDOOR blue eye 1.0b runtime detection - init connection http://idp.cyberoam.com/signatures/12146.html BACKDOOR buschtrommel 1.22 runtime detection - initial connection flowbit set 2 http://idp.cyberoam.com/signatures/7751.html BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 1 http://idp.cyberoam.com/signatures/7753.html BACKDOOR charon runtime detection - download file flowbit 1 http://idp.cyberoam.com/signatures/7058.html BACKDOOR charon runtime detection - download file/log http://idp.cyberoam.com/signatures/7060.html BACKDOOR charon runtime detection - download log flowbit 1 http://idp.cyberoam.com/signatures/7061.html BACKDOOR cia runtime detection - initial connection - set flowbit http://idp.cyberoam.com/signatures/6302.html BACKDOOR cool remote control or crackdown runtime detection - initial connection - flowbit set http://idp.cyberoam.com/signatures/7676.html BACKDOOR crossbow 1.12 runtime detection http://idp.cyberoam.com/signatures/9664.html BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 http://idp.cyberoam.com/signatures/7065.html BACKDOOR dameware mini remote control runtime detection - initial connection http://idp.cyberoam.com/signatures/7719.html BACKDOOR darkmoon initial connection detection - cts http://idp.cyberoam.com/signatures/7813.html BACKDOOR darkmoon reverse connection detection - stc http://idp.cyberoam.com/signatures/7815.html BACKDOOR erazer v1.1 runtime detection - init connection http://idp.cyberoam.com/signatures/7086.html BACKDOOR fear 0.2 runtime detection - initial connection http://idp.cyberoam.com/signatures/6045.html BACKDOOR fearless lite 1.01 runtime detection http://idp.cyberoam.com/signatures/7111.html BACKDOOR fraggle rock 2.0 lite runtime detection - pc info - flowbit set http://idp.cyberoam.com/signatures/7794.html BACKDOOR glacier runtime detection - initial connection and directory browse http://idp.cyberoam.com/signatures/7758.html BACKDOOR glacier runtime detection - screen capture http://idp.cyberoam.com/signatures/7759.html BACKDOOR hav-rat 1.1 runtime detection http://idp.cyberoam.com/signatures/10103.html BACKDOOR hornet 1.0 runtime detection - fetch process list - flowbit set http://idp.cyberoam.com/signatures/7635.html BACKDOOR hornet 1.0 runtime detection - fetch system info - flowbit set http://idp.cyberoam.com/signatures/7631.html BACKDOOR hornet 1.0 runtime detection - irc connection - flowbit set http://idp.cyberoam.com/signatures/7633.html backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 290/409 ١١٢١٠٢/٤/ Cyberoam Docs BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection http://idp.cyberoam.com/signatures/12242.html BACKDOOR incommand 1.7 runtime detection - init connection http://idp.cyberoam.com/signatures/7795.html BACKDOOR insurrection 1.1.0 runtime detection - initial connection http://idp.cyberoam.com/signatures/6299.html BACKDOOR insurrection 1.1.0 runtime detection - reverse connection http://idp.cyberoam.com/signatures/6298.html BACKDOOR katux 2.0 runtime detection - chat - flowbit set http://idp.cyberoam.com/signatures/7608.html BACKDOOR katux 2.0 runtime detection - get system info - flowbit set http://idp.cyberoam.com/signatures/7606.html BACKDOOR katux 2.0 runtime detection - screen capture - flowbit set http://idp.cyberoam.com/signatures/7604.html BACKDOOR k-msnrat 1.0.0 runtime detection - init connection http://idp.cyberoam.com/signatures/10109.html BACKDOOR lan filtrator 1.1 runtime detection - initial connection request http://idp.cyberoam.com/signatures/7661.html BACKDOOR lithium 1.02 runtime detection http://idp.cyberoam.com/signatures/12165.html BACKDOOR mantis runtime detection - go to address client-to-server http://idp.cyberoam.com/signatures/6147.html BACKDOOR mantis runtime detection - sent notify option client-to-server 1 http://idp.cyberoam.com/signatures/6144.html BACKDOOR mantis runtime detection - sent notify option client-to-server 2 http://idp.cyberoam.com/signatures/6146.html BACKDOOR ncph runtime detection - initial connection http://idp.cyberoam.com/signatures/7638.html BACKDOOR net demon runtime detection - file manager request http://idp.cyberoam.com/signatures/6316.html BACKDOOR net demon runtime detection - message send http://idp.cyberoam.com/signatures/6312.html BACKDOOR net demon runtime detection - open browser request http://idp.cyberoam.com/signatures/6314.html BACKDOOR netdevil runtime detection - flowbit set 2 http://idp.cyberoam.com/signatures/7715.html BACKDOOR optix 1.32 runtime detection - init conn http://idp.cyberoam.com/signatures/6112.html BACKDOOR passhax runtime detection - initial connection http://idp.cyberoam.com/signatures/13814.html BACKDOOR poison ivy 2.1.2 runtime detection http://idp.cyberoam.com/signatures/10110.html BACKDOOR poison ivy 2.1.2 runtime detection - init connection http://idp.cyberoam.com/signatures/10111.html BACKDOOR radmin 3.0 runtime detection - initial connection http://idp.cyberoam.com/signatures/12373.html BACKDOOR radmin 3.0 runtime detection - login & remote control http://idp.cyberoam.com/signatures/12375.html BACKDOOR radmin runtime detection - client-to-server http://idp.cyberoam.com/signatures/7728.html BACKDOOR reversable ver1.0 runtime detection - execute command flowbit set http://idp.cyberoam.com/signatures/7726.html backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 291/409 ١١٢١٠٢/٤/ Cyberoam Docs BACKDOOR reversable ver1.0 runtime detection - execute command http://idp.cyberoam.com/signatures/7727.html BACKDOOR shark 2.3.2 runtime detection http://idp.cyberoam.com/signatures/12377.html BACKDOOR skyrat show runtime detection - initial connection - flowbit 1 http://idp.cyberoam.com/signatures/7625.html BACKDOOR snowdoor runtime detection client-to-server http://idp.cyberoam.com/signatures/6400.html BACKDOOR sun shadow 1.70 runtime detection - init connection http://idp.cyberoam.com/signatures/9837.html BACKDOOR sun shadow 1.70 runtime detection - keep alive http://idp.cyberoam.com/signatures/9839.html BACKDOOR superspy 2.0 beta runtime detection - get system info http://idp.cyberoam.com/signatures/8470.html BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage 2 http://idp.cyberoam.com/signatures/8474.html BACKDOOR superspy 2.0 beta runtime detection - screen capture 2 http://idp.cyberoam.com/signatures/8472.html BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 2 http://idp.cyberoam.com/signatures/7618.html BACKDOOR theef 2.10 runtime detection - connect with no password http://idp.cyberoam.com/signatures/12234.html BACKDOOR theef 2.10 runtime detection - connect with password http://idp.cyberoam.com/signatures/12236.html BACKDOOR trail of destruction 2.0 runtime detection - get system info http://idp.cyberoam.com/signatures/12053.html BACKDOOR ultimate destruction runtime detection - kill process client-toserver http://idp.cyberoam.com/signatures/6177.html BACKDOOR ultimate destruction runtime detection - kill windows client-toserver http://idp.cyberoam.com/signatures/6178.html BACKDOOR winshadow runtime detection - init connection request http://idp.cyberoam.com/signatures/11951.html BACKDOOR Wordpress backdoor feed.php code execution attempt http://idp.cyberoam.com/signatures/10196.html BACKDOOR Wordpress backdoor theme.php code execution attempt http://idp.cyberoam.com/signatures/10197.html BACKDOOR sensepost.exe command shell attempt http://idp.cyberoam.com/signatures/989.html BACKDOOR attempt http://idp.cyberoam.com/signatures/210.html BACKDOOR HidePak backdoor attempt http://idp.cyberoam.com/signatures/219.html BACKDOOR HideSource backdoor attempt http://idp.cyberoam.com/signatures/220.html BACKDOOR MISC Linux rootkit attempt http://idp.cyberoam.com/signatures/215.html BACKDOOR MISC Linux rootkit attempt http://idp.cyberoam.com/signatures/213.html BACKDOOR MISC Linux rootkit attempt lrkr0x http://idp.cyberoam.com/signatures/214.html BACKDOOR MISC Linux rootkit satori attempt backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 292/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/216.html BACKDOOR MISC r00t attempt http://idp.cyberoam.com/signatures/211.html BACKDOOR MISC rewt attempt http://idp.cyberoam.com/signatures/212.html BACKDOOR MISC sm4ck attempt http://idp.cyberoam.com/signatures/217.html BACKDOOR MISC Solaris 2.5 attempt http://idp.cyberoam.com/signatures/218.html BACKDOOR w00w00 attempt http://idp.cyberoam.com/signatures/209.html BACKDOOR remote havoc runtime detection - flowbit set 1 http://idp.cyberoam.com/signatures/7673.html BACKDOOR remote havoc runtime detection http://idp.cyberoam.com/signatures/7675.html BACKDOOR Versi TheTheef Detection http://idp.cyberoam.com/signatures/12675.html BACKDOOR Doly 1.5 server response http://idp.cyberoam.com/signatures/1985.html BACKDOOR Vampire 1.2 connection confirmation http://idp.cyberoam.com/signatures/3064.html BACKDOOR net runner runtime detection - download file server-to-client http://idp.cyberoam.com/signatures/6121.html BACKDOOR net runner runtime detection - initial connection server-toclient http://idp.cyberoam.com/signatures/6119.html BACKDOOR analftp 0.1 runtime detection - initial connection http://idp.cyberoam.com/signatures/7761.html BACKDOOR beast 2.02 runtime detection - initial connection http://idp.cyberoam.com/signatures/7757.html BACKDOOR bifrose 1.1 runtime detection http://idp.cyberoam.com/signatures/6056.html BACKDOOR bionet 4.05 runtime detection - file manager http://idp.cyberoam.com/signatures/7737.html BACKDOOR bionet 4.05 runtime detection - initial connection http://idp.cyberoam.com/signatures/7735.html BACKDOOR coolcat runtime connection detection - tcp 3 http://idp.cyberoam.com/signatures/6014.html BACKDOOR data rape runtime detection - execute program server-to-client http://idp.cyberoam.com/signatures/7769.html BACKDOOR diems mutter runtime detection - server-to-client http://idp.cyberoam.com/signatures/7657.html BACKDOOR fade 1.0 runtime detection - enable keylogger http://idp.cyberoam.com/signatures/6041.html BACKDOOR fkwp 2.0 runtime detection - connection attempt server-toclient http://idp.cyberoam.com/signatures/6031.html BACKDOOR fkwp 2.0 runtime detection - connection success http://idp.cyberoam.com/signatures/6033.html BACKDOOR freak 1.0 runtime detection - initial connection server-to-client http://idp.cyberoam.com/signatures/6073.html BACKDOOR hanky panky 1.1 runtime detection - initial connection flowbit set 1 http://idp.cyberoam.com/signatures/7695.html BACKDOOR hanky panky 1.1 runtime detection - initial connection backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 293/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/7697.html BACKDOOR minicommand runtime detection - directory listing server-toclient http://idp.cyberoam.com/signatures/6036.html BACKDOOR minicommand runtime detection - initial connection server-toclient http://idp.cyberoam.com/signatures/6035.html BACKDOOR mosucker3.0 runtime detection - server-to-client1 http://idp.cyberoam.com/signatures/7083.html BACKDOOR netbus active http://idp.cyberoam.com/signatures/109.html BACKDOOR netcontrol takeover runtime detection http://idp.cyberoam.com/signatures/7643.html BACKDOOR nightcreature beta 0.01 runtime detection http://idp.cyberoam.com/signatures/7820.html BACKDOOR nightcreature beta 0.01 runtime detection http://idp.cyberoam.com/signatures/7821.html BACKDOOR nova 1.0 runtime detection - initial connection with pwd set flowbit set http://idp.cyberoam.com/signatures/7740.html BACKDOOR nova 1.0 runtime detection - initial connection with pwd set http://idp.cyberoam.com/signatures/7741.html BACKDOOR nuclear uploader 1.0 runtime detection http://idp.cyberoam.com/signatures/7810.html BACKDOOR optixlite 1.0 runtime detection - connection failure server-toclient http://idp.cyberoam.com/signatures/6068.html BACKDOOR optixlite 1.0 runtime detection - connection success serverto-client http://idp.cyberoam.com/signatures/6066.html BACKDOOR sinique 1.0 runtime detection - initial connection with correct password server-to-client http://idp.cyberoam.com/signatures/7088.html BACKDOOR sinique 1.0 runtime detection - initial connection with wrong password server-to-client http://idp.cyberoam.com/signatures/7090.html BACKDOOR small uploader 1.01 runtime detection - get server information http://idp.cyberoam.com/signatures/7653.html BACKDOOR small uploader 1.01 runtime detection - initial connection http://idp.cyberoam.com/signatures/7651.html BACKDOOR small uploader 1.01 runtime detection - remote shell http://idp.cyberoam.com/signatures/7655.html BACKDOOR wollf runtime detection http://idp.cyberoam.com/signatures/7723.html BACKDOOR roach 1.0 runtime detection - remote control actions http://idp.cyberoam.com/signatures/7703.html BACKDOOR lurker 1.1 runtime detection - init connection http://idp.cyberoam.com/signatures/11316.html BACKDOOR backlash runtime detection http://idp.cyberoam.com/signatures/6334.html BACKDOOR cool remote control 1.12 runtime detection - download file http://idp.cyberoam.com/signatures/7681.html BACKDOOR cool remote control 1.12 runtime detection - upload file http://idp.cyberoam.com/signatures/7679.html BACKDOOR softwar shadowthief runtime detection - initial connection set flowbit http://idp.cyberoam.com/signatures/6304.html backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 294/409 ١١٢١٠٢/٤/ Cyberoam Docs BACKDOOR acid head 1.00 runtime detection http://idp.cyberoam.com/signatures/7683.html BACKDOOR globalkiller1.0 runtime detection - initial connection http://idp.cyberoam.com/signatures/6332.html BACKDOOR buttman v0.9p runtime detection - remote control http://idp.cyberoam.com/signatures/6336.html BACKDOOR winicabras 1.1 runtime detection - explorer http://idp.cyberoam.com/signatures/10463.html BACKDOOR mithril runtime detection - get process list http://idp.cyberoam.com/signatures/8078.html BACKDOOR mithril runtime detection - get system information http://idp.cyberoam.com/signatures/8076.html BACKDOOR mithril runtime detection - init connection http://idp.cyberoam.com/signatures/8074.html BACKDOOR joker ddos v1.0.1 runtime detection - bomb - second flowbit http://idp.cyberoam.com/signatures/6294.html BACKDOOR joker ddos v1.0.1 runtime detection - initial connection http://idp.cyberoam.com/signatures/6292.html BACKDOOR killav_gj http://idp.cyberoam.com/signatures/11950.html BACKDOOR chupacabra 1.0 runtime detection - get computer name http://idp.cyberoam.com/signatures/6130.html BACKDOOR chupacabra 1.0 runtime detection - get user name http://idp.cyberoam.com/signatures/6132.html BACKDOOR infector v1.0 runtime detection - init conn http://idp.cyberoam.com/signatures/7818.html BACKDOOR superra runtime detection - success init connection http://idp.cyberoam.com/signatures/9666.html BACKDOOR a-311 death runtime detection - initial connection server-toclient http://idp.cyberoam.com/signatures/6395.html BACKDOOR Crazzy Net 5.0 connection established http://idp.cyberoam.com/signatures/3636.html BACKDOOR snid x2 v1.2 runtime detection - initial connection http://idp.cyberoam.com/signatures/7663.html BACKDOOR hatredfriend file manage command http://idp.cyberoam.com/signatures/6338.html BACKDOOR digital upload runtime detection - chat http://idp.cyberoam.com/signatures/7671.html BACKDOOR Insane Network 4.0 connection established http://idp.cyberoam.com/signatures/3015.html BACKDOOR NetBus Pro 2.0 connection established http://idp.cyberoam.com/signatures/115.html BACKDOOR one runtime detection http://idp.cyberoam.com/signatures/10168.html BACKDOOR bugs runtime detection - file manager server-to-client http://idp.cyberoam.com/signatures/6473.html BACKDOOR schwindler 1.82 runtime detection http://idp.cyberoam.com/signatures/6064.html BACKDOOR exploiter 1.0 runtime detection http://idp.cyberoam.com/signatures/6498.html BACKDOOR girlfriend runtime detection http://idp.cyberoam.com/signatures/7107.html BACKDOOR fictional daemon 4.4 runtime detection - ftp backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 295/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/6288.html BACKDOOR hellzaddiction v1.0e runtime detection - ftp open http://idp.cyberoam.com/signatures/6142.html BACKDOOR screen control 1.0 runtime detection - capture on port 2208 http://idp.cyberoam.com/signatures/7667.html BACKDOOR screen control 1.0 runtime detection - initial connection http://idp.cyberoam.com/signatures/7665.html BACKDOOR screen control 1.0 runtime detection - capture on port 2213 http://idp.cyberoam.com/signatures/7669.html BACKDOOR Amanda 2.0 connection established http://idp.cyberoam.com/signatures/3635.html BACKDOOR Asylum 0.1 connection established http://idp.cyberoam.com/signatures/3014.html BACKDOOR evilftp runtime detection - init connection http://idp.cyberoam.com/signatures/6319.html BACKDOOR donalddick v1.5b3 runtime detection http://idp.cyberoam.com/signatures/7114.html BACKDOOR abacab runtime detection - banner http://idp.cyberoam.com/signatures/7812.html BACKDOOR abacab runtime detection - telnet initial http://idp.cyberoam.com/signatures/7811.html BACKDOOR fictional daemon 4.4 runtime detection - telent http://idp.cyberoam.com/signatures/6287.html BACKDOOR x2a runtime detection - init connection http://idp.cyberoam.com/signatures/8079.html BACKDOOR wincrash 2.0 runtime detection http://idp.cyberoam.com/signatures/6333.html BACKDOOR - Dagger_1.4.0 http://idp.cyberoam.com/signatures/105.html BACKDOOR dagger v1.1.40 runtime detection http://idp.cyberoam.com/signatures/6109.html BACKDOOR digital rootbeer runtime detection http://idp.cyberoam.com/signatures/6170.html BACKDOOR acessor 2.0 runtime detection - init connection http://idp.cyberoam.com/signatures/10448.html BACKDOOR aol admin runtime detection http://idp.cyberoam.com/signatures/7105.html BACKDOOR NetSphere access http://idp.cyberoam.com/signatures/146.html BACKDOOR brain wiper runtime detection - chat http://idp.cyberoam.com/signatures/7701.html BACKDOOR brain wiper runtime detection - launch application http://idp.cyberoam.com/signatures/7699.html BACKDOOR winicabras 1.1 runtime detection - get system info http://idp.cyberoam.com/signatures/10461.html BACKDOOR HackAttack 1.20 Connect http://idp.cyberoam.com/signatures/141.html BACKDOOR remoter runtime detection - initial connection http://idp.cyberoam.com/signatures/7672.html BACKDOOR amitis runtime detection victim to attacker http://idp.cyberoam.com/signatures/7712.html BACKDOOR back attack v1.4 runtime detection http://idp.cyberoam.com/signatures/6151.html backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 296/409 ١١٢١٠٢/٤/ Cyberoam Docs BACKDOOR autospy runtime detection - get information http://idp.cyberoam.com/signatures/6078.html BACKDOOR autospy runtime detection - hide taskbar http://idp.cyberoam.com/signatures/6084.html BACKDOOR autospy runtime detection - make directory http://idp.cyberoam.com/signatures/6086.html BACKDOOR autospy runtime detection - show autospy http://idp.cyberoam.com/signatures/6080.html BACKDOOR autospy runtime detection - show nude pic http://idp.cyberoam.com/signatures/6082.html BACKDOOR zzmm 2.0 runtime detection - init connection http://idp.cyberoam.com/signatures/8547.html BACKDOOR zzmm 2.0 runtime detection - init connection http://idp.cyberoam.com/signatures/8548.html BACKDOOR bobo 1.0 runtime detection - initial connection - flowbit set http://idp.cyberoam.com/signatures/7746.html BACKDOOR bobo 1.0 runtime detection - send message http://idp.cyberoam.com/signatures/7749.html BACKDOOR alexmessomalex runtime detection - initial connection http://idp.cyberoam.com/signatures/7738.html BACKDOOR omniquad instant remote control runtime detection - initial connection http://idp.cyberoam.com/signatures/7706.html BACKDOOR 3xBackdoor runtime detection http://idp.cyberoam.com/signatures/6324.html BACKDOOR optix pro v1.32 runtime detection - download file http://idp.cyberoam.com/signatures/12153.html BACKDOOR optix pro v1.32 runtime detection - download file http://idp.cyberoam.com/signatures/12154.html BACKDOOR optix pro v1.32 runtime detection - download file http://idp.cyberoam.com/signatures/12155.html BACKDOOR optix pro v1.32 runtime detection - upload file http://idp.cyberoam.com/signatures/12157.html BACKDOOR optix pro v1.32 runtime detection - upload file http://idp.cyberoam.com/signatures/12158.html BACKDOOR optix pro v1.32 runtime detection - keylogging http://idp.cyberoam.com/signatures/12159.html BACKDOOR optix pro v1.32 runtime detection - screen capturing http://idp.cyberoam.com/signatures/12161.html BACKDOOR optix pro v1.32 runtime detection - screen capturing http://idp.cyberoam.com/signatures/12162.html BACKDOOR netwindow runtime detection - init connection request http://idp.cyberoam.com/signatures/11319.html BACKDOOR fore v1.0 beta runtime detection - init conn http://idp.cyberoam.com/signatures/6117.html BACKDOOR prorat 1.9 initial connection detection http://idp.cyberoam.com/signatures/7721.html BACKDOOR bladerunner 0.80 runtime detection http://idp.cyberoam.com/signatures/6179.html BACKDOOR BackConstruction 2.1 Connection http://idp.cyberoam.com/signatures/152.html BACKDOOR back orifice 2006 - v1.1.5 runtime detection - init connection http://idp.cyberoam.com/signatures/12149.html BACKDOOR serveme runtime detection backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 297/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/7091.html BACKDOOR PhaseZero Server Active on Network http://idp.cyberoam.com/signatures/208.html BACKDOOR [x]-ztoo 1.0 runtime detection - get system info http://idp.cyberoam.com/signatures/10456.html BACKDOOR [x]-ztoo 1.0 runtime detection - init connection http://idp.cyberoam.com/signatures/10454.html BACKDOOR [x]-ztoo 1.0 runtime detection - start keylogger http://idp.cyberoam.com/signatures/10457.html BACKDOOR hrat 1.0 runtime detection http://idp.cyberoam.com/signatures/7684.html BACKDOOR sohoanywhere runtime detection http://idp.cyberoam.com/signatures/11322.html BACKDOOR WinCrash 1.0 Server Active http://idp.cyberoam.com/signatures/163.html BACKDOOR netraider 0.0 runtime detection http://idp.cyberoam.com/signatures/6181.html BACKDOOR tron runtime detection - init connection http://idp.cyberoam.com/signatures/12055.html BACKDOOR Y3KRAT 1.5 Connect http://idp.cyberoam.com/signatures/3081.html BACKDOOR Y3KRAT 1.5 Connection confirmation http://idp.cyberoam.com/signatures/3083.html BACKDOOR am remote client runtime detection - server-to-client http://idp.cyberoam.com/signatures/7642.html BACKDOOR rtb666 runtime detection http://idp.cyberoam.com/signatures/6318.html BACKDOOR Insane Network 4.0 connection established port 63536 http://idp.cyberoam.com/signatures/3016.html BACKDOOR lamespy runtime detection - initial connection http://idp.cyberoam.com/signatures/6308.html BACKDOOR lamespy runtime detection - initial connection - set flowbit http://idp.cyberoam.com/signatures/6307.html BACKDOOR fatal wound 1.0 runtime detection - initial connection http://idp.cyberoam.com/signatures/7806.html BACKDOOR fatal wound 1.0 runtime detection - upload http://idp.cyberoam.com/signatures/7809.html BACKDOOR BackConstruction 2.1 Server FTP Open Reply http://idp.cyberoam.com/signatures/158.html BACKDOOR dimbus 1.0 runtime detection - get pc info http://idp.cyberoam.com/signatures/6026.html BACKDOOR fucktrojan 1.2 runtime detection - flood http://idp.cyberoam.com/signatures/6327.html BACKDOOR fucktrojan 1.2 runtime detection - initial connection http://idp.cyberoam.com/signatures/6325.html BACKDOOR SatansBackdoor.2.0.Beta http://idp.cyberoam.com/signatures/118.html BACKDOOR unicorn runtime detection - initial connection http://idp.cyberoam.com/signatures/6166.html BACKDOOR unicorn runtime detection - set wallpaper server-to-client http://idp.cyberoam.com/signatures/6168.html BACKDOOR snipernet 2.1 runtime detection http://idp.cyberoam.com/signatures/7646.html backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 298/409 ١١٢١٠٢/٤/ Cyberoam Docs BACKDOOR nt remote controller 2000 runtime detection - foldermonitor server-to-client http://idp.cyberoam.com/signatures/7767.html BACKDOOR nt remote controller 2000 runtime detection - sysinfo serverto-client http://idp.cyberoam.com/signatures/7765.html BACKDOOR Doly 2.0 access http://idp.cyberoam.com/signatures/119.html BACKDOOR shit heep runtime detection http://idp.cyberoam.com/signatures/6306.html BACKDOOR cookie monster 0.24 runtime detection - file explorer http://idp.cyberoam.com/signatures/6174.html BACKDOOR cookie monster 0.24 runtime detection - get version info http://idp.cyberoam.com/signatures/6172.html BACKDOOR GateCrasher http://idp.cyberoam.com/signatures/147.html BACKDOOR netcontrol v1.0.8 runtime detection http://idp.cyberoam.com/signatures/6150.html BACKDOOR messiah 4.0 runtime detection - get drives http://idp.cyberoam.com/signatures/7777.html BACKDOOR desktop scout runtime detection http://idp.cyberoam.com/signatures/7720.html BACKDOOR netspy runtime detection - command pattern server-to-client http://idp.cyberoam.com/signatures/6290.html BACKDOOR Sygate Remote Administration Engine http://idp.cyberoam.com/signatures/12684.html BACKDOOR phoenix 2.1 runtime detection - flowbit set http://idp.cyberoam.com/signatures/7744.html BACKDOOR phoenix 2.1 runtime detection http://idp.cyberoam.com/signatures/7745.html BACKDOOR remote control 1.7 runtime detection - connection request flowbit 2 http://idp.cyberoam.com/signatures/7621.html BACKDOOR remote control 1.7 runtime detection - connection request http://idp.cyberoam.com/signatures/7623.html BACKDOOR remote control 1.7 runtime detection - data communication http://idp.cyberoam.com/signatures/7624.html BACKDOOR xhx 1.6 runtime detection - initial connection server-to-client http://idp.cyberoam.com/signatures/6075.html BACKDOOR jodeitor 1.1 runtime detection - initial connection http://idp.cyberoam.com/signatures/7658.html BACKDOOR undetected runtime detection http://idp.cyberoam.com/signatures/7108.html BACKDOOR dsk lite 1.0 runtime detection - disconnect http://idp.cyberoam.com/signatures/6017.html BACKDOOR dsk lite 1.0 runtime detection - initial connection http://idp.cyberoam.com/signatures/6016.html BACKDOOR http rat runtime detection - http http://idp.cyberoam.com/signatures/6398.html BACKDOOR neurotickat1.3 runtime detection - initial connection http://idp.cyberoam.com/signatures/6062.html BACKDOOR messiah 4.0 runtime detection - enable keylogger http://idp.cyberoam.com/signatures/7773.html BACKDOOR messiah 4.0 runtime detection - get server info backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 299/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/7771.htmlscreen capture BACKDOOR messiah 4.0 runtime detection http://idp.cyberoam.com/signatures/7775.html BACKDOOR fun factory runtime detection - connect http://idp.cyberoam.com/signatures/6048.html BACKDOOR fun factory runtime detection - do script remotely http://idp.cyberoam.com/signatures/6054.html BACKDOOR fun factory runtime detection - set volume http://idp.cyberoam.com/signatures/6052.html BACKDOOR fun factory runtime detection - upload http://idp.cyberoam.com/signatures/6050.html BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection flowbit set http://idp.cyberoam.com/signatures/7708.html BACKDOOR fear1.5/aciddrop1.0 runtime detection - initial connection http://idp.cyberoam.com/signatures/7710.html BACKDOOR rix3 1.0 runtime detection - init connection http://idp.cyberoam.com/signatures/10112.html BACKDOOR forced entry v1.1 beta runtime detection http://idp.cyberoam.com/signatures/6110.html BACKDOOR up and run v1.0 beta runtime detection flowbit 2 http://idp.cyberoam.com/signatures/7079.html BACKDOOR up and run v1.0 beta runtime detection flowbit 3 http://idp.cyberoam.com/signatures/7080.html BACKDOOR forced control uploader runtime detection - connection with password - flowbit set http://idp.cyberoam.com/signatures/7784.html BACKDOOR forced control uploader runtime detection directory listing flowbit set 1 http://idp.cyberoam.com/signatures/7786.html BACKDOOR forced control uploader runtime detection directory listing flowbit set 3 http://idp.cyberoam.com/signatures/7788.html BACKDOOR forced control uploader runtime detection directory listing http://idp.cyberoam.com/signatures/7790.html BACKDOOR minicom lite runtime detection - client-to-server http://idp.cyberoam.com/signatures/7648.html BACKDOOR netshadow runtime detection http://idp.cyberoam.com/signatures/6027.html BACKDOOR omerta 1.3 runtime detection http://idp.cyberoam.com/signatures/6500.html BACKDOOR tequila bandita 1.2 runtime detection - reverse connection http://idp.cyberoam.com/signatures/6025.html BACKDOOR commando runtime detection - chat client-to-server http://idp.cyberoam.com/signatures/6329.html BACKDOOR xbkdr runtime detection http://idp.cyberoam.com/signatures/7822.html BACKDOOR amitis v1.3 runtime detection - email notification http://idp.cyberoam.com/signatures/7713.html BACKDOOR cia 1.3 runtime detection - smtp notification http://idp.cyberoam.com/signatures/6301.html BACKDOOR cybernetic 1.62 runtime detection - email notification http://idp.cyberoam.com/signatures/7064.html BACKDOOR dkangel runtime detection - smtp http://idp.cyberoam.com/signatures/6125.html BACKDOOR dkangel runtime detection - smtp backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 300/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/6126.html BACKDOOR hatredfriend email notification detection http://idp.cyberoam.com/signatures/6339.html BACKDOOR http rat runtime detection - smtp http://idp.cyberoam.com/signatures/6397.html BACKDOOR netbus 1.7 runtime detection - email notification http://idp.cyberoam.com/signatures/6037.html BACKDOOR optix 1.32 runtime detection - email notification http://idp.cyberoam.com/signatures/6114.html BACKDOOR zalivator 1.4.2 pro runtime detection - smtp notification http://idp.cyberoam.com/signatures/10453.html BACKDOOR access remote pc runtime detection - rpc setup http://idp.cyberoam.com/signatures/12144.html BACKDOOR omniquad instant remote control runtime detection - file transfer setup http://idp.cyberoam.com/signatures/7707.html BACKDOOR outbreak_0.2.7 runtime detection - reverse connection http://idp.cyberoam.com/signatures/7730.html BACKDOOR outbreak_0.2.7 runtime detection - ring client-to-server http://idp.cyberoam.com/signatures/7732.html BACKDOOR illusion runtime detection - file browser client-to-server http://idp.cyberoam.com/signatures/7687.html BACKDOOR illusion runtime detection - get remote info client-to-server http://idp.cyberoam.com/signatures/7685.html BACKDOOR netwindow runtime detection - reverse mode init connection request http://idp.cyberoam.com/signatures/11320.html BACKDOOR freak 1.0 runtime detection - irc notification http://idp.cyberoam.com/signatures/6070.html BACKDOOR exception 1.0 runtime detection - notification http://idp.cyberoam.com/signatures/7692.html BACKDOOR evade runtime detection - file manager - flowbit set http://idp.cyberoam.com/signatures/7690.html BACKDOOR abremote pro 3.1 runtime detection - init connection http://idp.cyberoam.com/signatures/11317.html BACKDOOR access remote pc runtime detection - init connection http://idp.cyberoam.com/signatures/12143.html BACKDOOR acid shivers runtime detection - init telnet connection http://idp.cyberoam.com/signatures/10449.html BACKDOOR antilamer 1.1 runtime detection http://idp.cyberoam.com/signatures/6286.html BACKDOOR a trojan 2.0 runtime detection http://idp.cyberoam.com/signatures/6087.html BACKDOOR a trojan 2.0 runtime detection - get drive info http://idp.cyberoam.com/signatures/6094.html BACKDOOR a trojan 2.0 runtime detection - get harddisk info http://idp.cyberoam.com/signatures/6092.html BACKDOOR a trojan 2.0 runtime detection - get memory info http://idp.cyberoam.com/signatures/6090.html BACKDOOR a trojan 2.0 runtime detection - get system info http://idp.cyberoam.com/signatures/6096.html BACKDOOR badrat 1.1 runtime detection http://idp.cyberoam.com/signatures/6476.html BACKDOOR bandook 1.0 runtime detection backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 301/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/7075.html BACKDOOR bandook 1.35 runtime detection http://idp.cyberoam.com/signatures/12727.html BACKDOOR bandook 1.35 runtime detection http://idp.cyberoam.com/signatures/12726.html manage BACKDOOR bersek 1.0 runtime detection - file http://idp.cyberoam.com/signatures/9659.html BACKDOOR bersek 1.0 runtime detection - init connection http://idp.cyberoam.com/signatures/9657.html BACKDOOR bersek 1.0 runtime detection - show processes http://idp.cyberoam.com/signatures/9661.html BACKDOOR bersek 1.0 runtime detection - start remote shell http://idp.cyberoam.com/signatures/9663.html BACKDOOR bifrost v1.2.1 runtime detection http://idp.cyberoam.com/signatures/12297.html BACKDOOR buschtrommel 1.22 runtime detection - initial connection flowbit set 1 http://idp.cyberoam.com/signatures/7750.html BACKDOOR buschtrommel 1.22 runtime detection - spy function - flowbit set 2 http://idp.cyberoam.com/signatures/7754.html BACKDOOR buschtrommel 1.22 runtime detection - spy function http://idp.cyberoam.com/signatures/7755.html BACKDOOR cafeini 1.0 runtime detection http://idp.cyberoam.com/signatures/12151.html BACKDOOR cafeini 1.0 runtime detection - init connection http://idp.cyberoam.com/signatures/12150.html BACKDOOR charon runtime detection - download file/log flowbit 2 http://idp.cyberoam.com/signatures/7059.html BACKDOOR charon runtime detection - initial connection http://idp.cyberoam.com/signatures/7057.html BACKDOOR cool remote control or crackdown runtime detection - initial connection http://idp.cyberoam.com/signatures/7677.html BACKDOOR crossbow 1.12 runtime detection - init connection http://idp.cyberoam.com/signatures/9665.html BACKDOOR cybernetic 1.62 runtime detection - reverse connection flowbit 1 http://idp.cyberoam.com/signatures/7066.html BACKDOOR cybernetic 1.62 runtime detection - reverse connection http://idp.cyberoam.com/signatures/7067.html BACKDOOR dameware mini remote control runtime detection - initial connection - flowbit set http://idp.cyberoam.com/signatures/7718.html BACKDOOR dark moon 4.11 runtime detection http://idp.cyberoam.com/signatures/12724.html BACKDOOR dark moon 4.11 runtime detection http://idp.cyberoam.com/signatures/12725.html BACKDOOR darkmoon initial connection detection - stc http://idp.cyberoam.com/signatures/7814.html BACKDOOR darkmoon reverse connection detection - cts http://idp.cyberoam.com/signatures/7816.html BACKDOOR erazer v1.1 runtime detection http://idp.cyberoam.com/signatures/7085.html BACKDOOR evade runtime detection - initial connection backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 302/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/7689.html BACKDOOR evilotus 1.3.2 runtime detection - init connection http://idp.cyberoam.com/signatures/13506.html BACKDOOR evilotus 1.3.2 runtime detection - init connection http://idp.cyberoam.com/signatures/13507.html BACKDOOR fear 0.2 runtime detection - initial connection http://idp.cyberoam.com/signatures/6044.html BACKDOOR fearless lite 1.01 runtime detection http://idp.cyberoam.com/signatures/7112.html BACKDOOR fraggle rock 2.0 lite runtime detection - pc info http://idp.cyberoam.com/signatures/7072.html BACKDOOR furax 1.0 b2 runtime detection http://idp.cyberoam.com/signatures/6161.html BACKDOOR furax 1.0 b3 runtime detection http://idp.cyberoam.com/signatures/12245.html BACKDOOR genie 1.7 runtime detection - init connection http://idp.cyberoam.com/signatures/12240.html BACKDOOR genie 1.7 runtime detection - init connection http://idp.cyberoam.com/signatures/12241.html BACKDOOR ghost 2.3 runtime detection http://idp.cyberoam.com/signatures/7115.html BACKDOOR gwboy 0.92 runtime detection http://idp.cyberoam.com/signatures/7101.html BACKDOOR gwboy 0.92 runtime detection - init connection http://idp.cyberoam.com/signatures/7103.html BACKDOOR hav-rat 1.1 runtime detection http://idp.cyberoam.com/signatures/10104.html BACKDOOR hav-rat 1.1 runtime detection - retrieve pc info http://idp.cyberoam.com/signatures/10105.html BACKDOOR helios 3.1 runtime detection - initial connection http://idp.cyberoam.com/signatures/7630.html BACKDOOR hornet 1.0 runtime detection - fetch processes list http://idp.cyberoam.com/signatures/7636.html BACKDOOR hornet 1.0 runtime detection - fetch system info http://idp.cyberoam.com/signatures/7632.html BACKDOOR hornet 1.0 runtime detection - irc connection http://idp.cyberoam.com/signatures/7634.html BACKDOOR hotmail hacker log edition 5.0 runtime detection - init connection http://idp.cyberoam.com/signatures/12243.html BACKDOOR katux 2.0 runtime detection - chat http://idp.cyberoam.com/signatures/7609.html BACKDOOR katux 2.0 runtime detection - get system info http://idp.cyberoam.com/signatures/7607.html BACKDOOR katux 2.0 runtime detection - screen capture http://idp.cyberoam.com/signatures/7605.html BACKDOOR lan filtrator 1.1 runtime detection - initial connection request flowbit set http://idp.cyberoam.com/signatures/7660.html BACKDOOR lan filtrator 1.1 runtime detection - sin notification http://idp.cyberoam.com/signatures/7659.html BACKDOOR lithium 1.02 runtime detection http://idp.cyberoam.com/signatures/12166.html BACKDOOR mantis runtime detection - go to address server-to-client backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 303/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/6148.html BACKDOOR mantis runtime detection - sent notify option server-to-client http://idp.cyberoam.com/signatures/6145.html BACKDOOR net demon runtime detection - file manager response http://idp.cyberoam.com/signatures/6317.html BACKDOOR net demon runtime detection - initial connection - password request http://idp.cyberoam.com/signatures/6309.html BACKDOOR net demon runtime detection - message response http://idp.cyberoam.com/signatures/6313.html BACKDOOR net demon runtime detection - open browser response http://idp.cyberoam.com/signatures/6315.html BACKDOOR netdevil runtime detection - flowbit set 1 http://idp.cyberoam.com/signatures/7714.html BACKDOOR nuclear rat 2.1 runtime detection - init connection http://idp.cyberoam.com/signatures/13655.html BACKDOOR nuclear rat 2.1 runtime detection - init connection http://idp.cyberoam.com/signatures/13654.html BACKDOOR nuclear rat v6_21 runtime detection http://idp.cyberoam.com/signatures/6024.html BACKDOOR only 1 rat runtime detection - control command http://idp.cyberoam.com/signatures/10450.html BACKDOOR optix 1.32 runtime detection - init conn http://idp.cyberoam.com/signatures/6111.html BACKDOOR optix 1.32 runtime detection - init conn http://idp.cyberoam.com/signatures/6113.html BACKDOOR optix pro v1.32 runtime detection - init connection http://idp.cyberoam.com/signatures/12152.html BACKDOOR poison ivy 2.3.0 runtime detection - init connection http://idp.cyberoam.com/signatures/12699.html BACKDOOR poison ivy 2.3.0 runtime detection - init connection http://idp.cyberoam.com/signatures/12700.html BACKDOOR poison ivy 2.3.0 runtime detection - server connection http://idp.cyberoam.com/signatures/12702.html BACKDOOR poison ivy 2.3.0 runtime detection - server connection http://idp.cyberoam.com/signatures/12701.html BACKDOOR psyrat 1.0 runtime detection http://idp.cyberoam.com/signatures/6164.html BACKDOOR psyrat 1.0 runtime detection http://idp.cyberoam.com/signatures/6165.html BACKDOOR rad 1.2.3 runtime detection http://idp.cyberoam.com/signatures/6399.html BACKDOOR radmin 3.0 runtime detection - initial connection http://idp.cyberoam.com/signatures/12374.html BACKDOOR radmin 3.0 runtime detection - login & remote control http://idp.cyberoam.com/signatures/12376.html BACKDOOR radmin runtime detection - server-to-client http://idp.cyberoam.com/signatures/7729.html BACKDOOR reversable ver1.0 runtime detection - initial connection flowbit set http://idp.cyberoam.com/signatures/7724.html BACKDOOR shark 2.3.2 runtime detection http://idp.cyberoam.com/signatures/12378.html BACKDOOR skyrat show runtime detection - initial connection - flowbit 2 backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 304/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/7626.html BACKDOOR skyrat show runtime detection - initial connection - flowbit 3 http://idp.cyberoam.com/signatures/7627.html BACKDOOR skyrat show runtime detection - initial connection - flowbit 4 http://idp.cyberoam.com/signatures/7628.html BACKDOOR skyrat show runtime detection - initial connection http://idp.cyberoam.com/signatures/7629.html BACKDOOR snake trojan runtime detection http://idp.cyberoam.com/signatures/7717.html BACKDOOR snowdoor runtime detection server-to-client http://idp.cyberoam.com/signatures/6401.html BACKDOOR SubSeven 2.1 Gold server connection response http://idp.cyberoam.com/signatures/2100.html BACKDOOR sun shadow 1.70 runtime detection - init connection http://idp.cyberoam.com/signatures/9838.html BACKDOOR superspy 2.0 beta runtime detection - get system info 2 http://idp.cyberoam.com/signatures/8471.html BACKDOOR superspy 2.0 beta runtime detection - processes/active windows manage http://idp.cyberoam.com/signatures/8475.html BACKDOOR superspy 2.0 beta runtime detection - screen capture http://idp.cyberoam.com/signatures/8473.html BACKDOOR theef 2.0 runtime detection - connection request with password - flowbit 1 http://idp.cyberoam.com/signatures/7617.html BACKDOOR theef 2.0 runtime detection - connection request with password http://idp.cyberoam.com/signatures/7619.html BACKDOOR theef 2.0 runtime detection - connection without password http://idp.cyberoam.com/signatures/7616.html BACKDOOR theef 2.10 runtime detection - connect with no password http://idp.cyberoam.com/signatures/12233.html BACKDOOR theef 2.10 runtime detection - connect with password http://idp.cyberoam.com/signatures/12235.html BACKDOOR the[x] 1.2 runtime detection - execute command http://idp.cyberoam.com/signatures/12052.html BACKDOOR ultimate rat 2.1 runtime detection http://idp.cyberoam.com/signatures/12051.html BACKDOOR wineggdrop shell pro runtime detection - init connection http://idp.cyberoam.com/signatures/10459.html BACKDOOR wow 23 runtime detection http://idp.cyberoam.com/signatures/10184.html BACKDOOR xploit 1.4.5 pc runtime detection http://idp.cyberoam.com/signatures/13509.html BACKDOOR xploit 1.4.5 runtime detection http://idp.cyberoam.com/signatures/13508.html BACKDOOR yuri 1.2 runtime detection - init connection http://idp.cyberoam.com/signatures/13247.html BACKDOOR 51d 1b runtime detection - icq notification http://idp.cyberoam.com/signatures/10447.html BACKDOOR Adware.Win32.Agent.BM runtime detection #1 http://idp.cyberoam.com/signatures/14086.html BACKDOOR Adware.Win32.Agent.BM runtime detection #2 http://idp.cyberoam.com/signatures/14087.html backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 305/409 ١١٢١٠٢/٤/ Cyberoam Docs BACKDOOR air runtime detection - php notification http://idp.cyberoam.com/signatures/7639.html BACKDOOR air runtime detection - webmail notification http://idp.cyberoam.com/signatures/7640.html BACKDOOR analftp 0.1 runtime detection - icq notification http://idp.cyberoam.com/signatures/7762.html BACKDOOR apofis 1.0 runtime detection - php notification http://idp.cyberoam.com/signatures/9653.html BACKDOOR cia 1.3 runtime detection - icq notification http://idp.cyberoam.com/signatures/6300.html BACKDOOR dsk lite 1.0 runtime detection - cgi notification http://idp.cyberoam.com/signatures/6019.html BACKDOOR dsk lite 1.0 runtime detection - icq notification http://idp.cyberoam.com/signatures/6018.html BACKDOOR dsk lite 1.0 runtime detection - php notification http://idp.cyberoam.com/signatures/6020.html BACKDOOR fade 1.0 runtime detection - notification http://idp.cyberoam.com/signatures/6039.html BACKDOOR fear 0.2 runtime detection - cgi notification http://idp.cyberoam.com/signatures/6043.html BACKDOOR fear 0.2 runtime detection - php notification http://idp.cyberoam.com/signatures/6042.html BACKDOOR fkwp 2.0 runtime detection - icq notification http://idp.cyberoam.com/signatures/6029.html BACKDOOR hornet 1.0 runtime detection - icq notification http://idp.cyberoam.com/signatures/7637.html BACKDOOR infostealer.banker.c runtime detection - download cfg.bin http://idp.cyberoam.com/signatures/14084.html BACKDOOR insurrection 1.1.0 runtime detection - icq notification 1 http://idp.cyberoam.com/signatures/6296.html BACKDOOR insurrection 1.1.0 runtime detection - icq notification 2 http://idp.cyberoam.com/signatures/6297.html BACKDOOR justjoke v2.6 runtime detection http://idp.cyberoam.com/signatures/6291.html BACKDOOR MBR rootkit HTTP POST activity detected http://idp.cyberoam.com/signatures/13625.html BACKDOOR minimo v0.6 runtime detection - cgi notification http://idp.cyberoam.com/signatures/7076.html BACKDOOR minimo v0.6 runtime detection - icq notification http://idp.cyberoam.com/signatures/7077.html BACKDOOR neurotickat1.3 runtime detection - cgi notification http://idp.cyberoam.com/signatures/6059.html BACKDOOR neurotickat1.3 runtime detection - icq notification http://idp.cyberoam.com/signatures/6058.html BACKDOOR nova 1.0 runtime detection - cgi notification client-to-server http://idp.cyberoam.com/signatures/7742.html BACKDOOR optix 1.32 runtime detection - icq notification http://idp.cyberoam.com/signatures/6115.html BACKDOOR optixlite 1.0 runtime detection - icq notification http://idp.cyberoam.com/signatures/6069.html BACKDOOR prorat 1.9 cgi notification detection http://idp.cyberoam.com/signatures/7722.html BACKDOOR Pushdo client communication attempt http://idp.cyberoam.com/signatures/15165.html BACKDOOR roach 1.0 server installation notification - email backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 306/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/7704.html BACKDOOR silent spy 2.10 runtime detection - icq notification http://idp.cyberoam.com/signatures/6023.html BACKDOOR trojan agent.aarm runtime detection - download other malware http://idp.cyberoam.com/signatures/14083.html BACKDOOR trojan agent.aarm runtime detection - spread via spam http://idp.cyberoam.com/signatures/14082.html BACKDOOR trojan agent.nac runtime detection - call home http://idp.cyberoam.com/signatures/13942.html BACKDOOR trojan agent.nac runtime detection - click fraud http://idp.cyberoam.com/signatures/13941.html BACKDOOR trojan downloader small.gy runtime detection - get whitelist http://idp.cyberoam.com/signatures/13944.html BACKDOOR trojan downloader small.gy runtime detection - update http://idp.cyberoam.com/signatures/13945.html BACKDOOR trojan-spy.win32.delf.uv runtime detection http://idp.cyberoam.com/signatures/13877.html BACKDOOR w32.dumaru.genmm runtime detection - cmd http://idp.cyberoam.com/signatures/7074.html BACKDOOR w32.dumaru.genmm runtime detection - cmd http://idp.cyberoam.com/signatures/7074.html BACKDOOR war trojan ver1.0 runtime detection - ie hijacker http://idp.cyberoam.com/signatures/7805.html BACKDOOR x2a runtime detection - client update http://idp.cyberoam.com/signatures/8080.html BACKDOOR y3k 1.2 runtime detection - user-agent string detected http://idp.cyberoam.com/signatures/7118.html BACKDOOR zlob.acc runtime detection http://idp.cyberoam.com/signatures/13876.html BACKDOOR portal of doom runtime detection - udp cts http://idp.cyberoam.com/signatures/7801.html BACKDOOR matrix 1.03 by mtronic runtime detection - init connection http://idp.cyberoam.com/signatures/10169.html BACKDOOR Matrix 2.0 Client connect http://idp.cyberoam.com/signatures/161.html BACKDOOR Matrix 2.0 Server access http://idp.cyberoam.com/signatures/162.html BACKDOOR y3k 1.2 runtime detection http://idp.cyberoam.com/signatures/7119.html BACKDOOR y3k 1.2 runtime detection http://idp.cyberoam.com/signatures/7121.html BACKDOOR ptakks2.1 runtime detection - keepalive acknowledgement http://idp.cyberoam.com/signatures/6321.html BACKDOOR ambush 1.0 runtime detection - ping client-to-server http://idp.cyberoam.com/signatures/6123.html BACKDOOR DeepThroat 3.1 Connection attempt http://idp.cyberoam.com/signatures/1980.html BACKDOOR alvgus 2000 runtime detection http://idp.cyberoam.com/signatures/6099.html BACKDOOR alvgus 2000 runtime detection http://idp.cyberoam.com/signatures/6101.html BACKDOOR alvgus 2000 runtime detection backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 307/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/6097.html BACKDOOR alvgus 2000 runtime detection http://idp.cyberoam.com/signatures/6105.html BACKDOOR alvgus 2000 runtime detection http://idp.cyberoam.com/signatures/6103.html BACKDOOR DeepThroat 3.1 Connection attempt [3150] http://idp.cyberoam.com/signatures/1981.html BACKDOOR win-trin00 connection attempt http://idp.cyberoam.com/signatures/1853.html BACKDOOR DeepThroat 3.1 Connection attempt [4120] http://idp.cyberoam.com/signatures/1983.html BACKDOOR dkangel runtime detection - udp client-to-server http://idp.cyberoam.com/signatures/6127.html BACKDOOR dirtxt runtime detection - chdir client-to-server http://idp.cyberoam.com/signatures/6152.html BACKDOOR dirtxt runtime detection - info client-to-server http://idp.cyberoam.com/signatures/6154.html BACKDOOR dirtxt runtime detection - view client-to-server http://idp.cyberoam.com/signatures/6156.html BACKDOOR remote anything 5.11.22 runtime detection - chat with victim http://idp.cyberoam.com/signatures/7792.html BACKDOOR portal of doom runtime detection - udp stc http://idp.cyberoam.com/signatures/7802.html BACKDOOR minicom lite runtime detection – udp http://idp.cyberoam.com/signatures/7647.html BACKDOOR ambush 1.0 runtime detection - ping server-to-client http://idp.cyberoam.com/signatures/6124.html BACKDOOR cyberpaky runtime detection http://idp.cyberoam.com/signatures/6028.html BACKDOOR DeepThroat 3.1 Server Response http://idp.cyberoam.com/signatures/195.html BACKDOOR alvgus 2000 runtime detection - check server http://idp.cyberoam.com/signatures/6098.html BACKDOOR alvgus 2000 runtime detection - download file http://idp.cyberoam.com/signatures/6106.html BACKDOOR alvgus 2000 runtime detection - execute command http://idp.cyberoam.com/signatures/6102.html BACKDOOR alvgus 2000 runtime detection - upload file http://idp.cyberoam.com/signatures/6104.html BACKDOOR alvgus 2000 runtime detection - view content of directory http://idp.cyberoam.com/signatures/6100.html BACKDOOR DeepThroat 3.1 Server Response [3150] http://idp.cyberoam.com/signatures/1982.html BACKDOOR winshadow runtime detection - udp response http://idp.cyberoam.com/signatures/11952.html BACKDOOR DeepThroat 3.1 Server Response [4120] http://idp.cyberoam.com/signatures/1984.html BACKDOOR delta source 0.5 beta runtime detection - pc info http://idp.cyberoam.com/signatures/7069.html BACKDOOR delta source 0.5 beta runtime detection – ping http://idp.cyberoam.com/signatures/7068.html BACKDOOR dirtxt runtime detection - chdir server-to-client http://idp.cyberoam.com/signatures/6153.html backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 308/409 ١١٢١٠٢/٤/ Cyberoam Docs BACKDOOR dirtxt runtime detection - info server-to-client http://idp.cyberoam.com/signatures/6155.html BACKDOOR dirtxt runtime detection - view server-to-client http://idp.cyberoam.com/signatures/6157.html BACKDOOR y3k 1.2 runtime detection - init connection 1 http://idp.cyberoam.com/signatures/7120.html BACKDOOR y3k 1.2 runtime detection - init connection 2 http://idp.cyberoam.com/signatures/7122.html BACKDOOR netwindow runtime detection - udp broadcast http://idp.cyberoam.com/signatures/11321.html BACKDOOR ptakks2.1 runtime detection - command pattern http://idp.cyberoam.com/signatures/6322.html BACKDOOR ptakks2.1 runtime detection – keepalive http://idp.cyberoam.com/signatures/6320.html BACKDOOR netthief runtime detection http://idp.cyberoam.com/signatures/7760.html BACKDOOR remote anything 5.11.22 runtime detection - chat with attacker http://idp.cyberoam.com/signatures/7793.html BACKDOOR remote anything 5.11.22 runtime detection - victim response http://idp.cyberoam.com/signatures/7791.html Freegate 6.98 http://idp.cyberoam.com/signatures/1100908.html Freegate 6.98 http://idp.cyberoam.com/signatures/1100903.html Freegate 6.98 http://idp.cyberoam.com/signatures/1100907.html Freegate Server list accessing using Google http://idp.cyberoam.com/signatures/1100905.html Proxy Tool - FreeU http://idp.cyberoam.com/signatures/1100911.html Facebook Chat - Buddy List http://idp.cyberoam.com/signatures/1100918.html Freegate 6.98 - DNS http://idp.cyberoam.com/signatures/1100909.html Proxy Tool - Dynapass http://idp.cyberoam.com/signatures/1100913.html cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor backdoor cyberoam signatures cyberoam signatures cyberoam signatures Document Version – 1.0-03/05/2010 1.3.1.6.52. V 2.4.49 Release Date 22nd March, 2010 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.48 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure 1. 2. 3. 4. Download upgrade fromhttp://download.cyberoam.com/ips Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 309/409 ١١٢١٠٢/٤/ Compatibility issues: None Introduction Cyberoam Docs This document contains the release notes for IPS Signature Database version 2.4.49. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 655 Risk level: High Name Anonymous Proxy Application JAP New http://idp.cyberoam.com/signatures/1100721.html Anonymous Proxy Application JAP http://idp.cyberoam.com/signatures/1100685.html Way2SMS - Gmail Inbox http://idp.cyberoam.com/signatures/1100860.html Way2SMS - Yahoo Inbox http://idp.cyberoam.com/signatures/1100861.html Yahoo Chat Attempt Using Way2SMS http://idp.cyberoam.com/signatures/1100760.html Gtalk Chat Attempt Using Way2SMS http://idp.cyberoam.com/signatures/1100761.html Way2SMS - Inbox http://idp.cyberoam.com/signatures/1100862.html Webmail Chat Attempt - Gmail (HTTPS) http://idp.cyberoam.com/signatures/1100738.html Yahoo Messenger File Transfer http://idp.cyberoam.com/signatures/1100863.html Desktop Sharing Tool ShowMyPC http://idp.cyberoam.com/signatures/1100864.html Desktop Sharing Tool ShowMyPC http://idp.cyberoam.com/signatures/1100865.html Desktop Sharing Tool ShowMyPC http://idp.cyberoam.com/signatures/1100866.html Desktop Sharing Website SkyFex http://idp.cyberoam.com/signatures/1100867.html Desktop Sharing Tool Yuuguu http://idp.cyberoam.com/signatures/1100868.html iGoogle - Chat Application http://idp.cyberoam.com/signatures/1100869.html iGoogle - All Application http://idp.cyberoam.com/signatures/1100870.html Desktop Sharing Tool ScreenStream http://idp.cyberoam.com/signatures/1100871.html Desktop Sharing Tool Ammyy Admin http://idp.cyberoam.com/signatures/1100872.html Desktop Sharing Tool Soonr http://idp.cyberoam.com/signatures/1100873.html Desktop Sharing Tool Radmin http://idp.cyberoam.com/signatures/1100874.html Gtalk chat Using iChat http://idp.cyberoam.com/signatures/1100875.html Category cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 310/409 ١١٢١٠٢/٤/ Jabber - Chat Client Cyberoam Docs cyberoam signatures http://idp.cyberoam.com/signatures/1100766.html Desktop Sharing Tool VNC http://idp.cyberoam.com/signatures/1100796.html Desktop Sharing Tool VNC http://idp.cyberoam.com/signatures/1100797.html bittorrent_p2p_traffic_detection1 http://idp.cyberoam.com/signatures/1100231.html P2P Application uTorrent http://idp.cyberoam.com/signatures/1100876.html P2P Application uTorrent http://idp.cyberoam.com/signatures/1100877.html P2P Application uTorrent http://idp.cyberoam.com/signatures/1100878.html P2P Application uTorrent http://idp.cyberoam.com/signatures/1100879.html P2P Application uTorrent http://idp.cyberoam.com/signatures/1100882.html P2P Application uTorrent http://idp.cyberoam.com/signatures/1100881.html P2P Application uTorrent http://idp.cyberoam.com/signatures/1100880.html Proxy Application - Ultrasurf http://idp.cyberoam.com/signatures/1100827.html Proxy Application - Ultrasurf http://idp.cyberoam.com/signatures/1100888.html OpenVPN - VPN Application http://idp.cyberoam.com/signatures/1100820.html OpenVPN - VPN Application http://idp.cyberoam.com/signatures/1100791.html OpenVPN - VPN Application http://idp.cyberoam.com/signatures/1100821.html VOIP-SIP Asterisk data length field overflow http://idp.cyberoam.com/signatures/12359.html VOIP-SIP Via header missing SIP field http://idp.cyberoam.com/signatures/11975.html VOIP-SIP CSeq header invalid characters detected http://idp.cyberoam.com/signatures/11996.html VOIP-SIP CSeq header format string attempt http://idp.cyberoam.com/signatures/11991.html VOIP-SIP overflow in URI type - Tel http://idp.cyberoam.com/signatures/11977.html VOIP-SIP SDP version overflow attempt http://idp.cyberoam.com/signatures/12001.html VOIP-SIP Cisco 7940/7960 INVITE Remote-Party-ID denial of service attempt http://idp.cyberoam.com/signatures/11970.html VOIP-SIP Via header hostname buffer overflow attempt http://idp.cyberoam.com/signatures/11973.html VOIP-SIP SDP oversized time value http://idp.cyberoam.com/signatures/11984.html VOIP-SIP outbound 604 Does Not Exist Anywhere message http://idp.cyberoam.com/signatures/12175.html VOIP-SIP SDP attribute buffer overflow attempt cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures cyberoam signatures miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 311/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/11980.html VOIP-SIP outbound INVITE message http://idp.cyberoam.com/signatures/12006.html VOIP-SIP invalid characters in authorization response parameter http://idp.cyberoam.com/signatures/11986.html VOIP-SIP outbound 501 Not Implemented message http://idp.cyberoam.com/signatures/12173.html VOIP-SIP inbound 481 Call/Leg Transaction Does Not Exist http://idp.cyberoam.com/signatures/12178.html VOIP-SIP inbound INVITE message http://idp.cyberoam.com/signatures/11968.html SIP request line equal To zero http://idp.cyberoam.com/signatures/12061.html VOIP-SIP inbound 415 Unsupported Media Type message http://idp.cyberoam.com/signatures/12176.html VOIP-SIP Expires header overflow attempt http://idp.cyberoam.com/signatures/11985.html VOIP-SIP Content-Type header format string attempt http://idp.cyberoam.com/signatures/11992.html VOIP-SIP SIP URI overflow attempt http://idp.cyberoam.com/signatures/12113.html VOIP-SIP outbound 404 Not Found http://idp.cyberoam.com/signatures/12181.html VOIP-SIP outbound 408 Request Timeout message http://idp.cyberoam.com/signatures/12171.html VOIP-SIP outbound 100 Trying message http://idp.cyberoam.com/signatures/12074.html VOIP-SIP CSeq buffer overflow attempt http://idp.cyberoam.com/signatures/11971.html VOIP-SIP from header field buffer overflow attempt http://idp.cyberoam.com/signatures/11978.html VOIP-SIP From header format string attempt http://idp.cyberoam.com/signatures/11988.html VOIP-SIP CANCEL flood http://idp.cyberoam.com/signatures/12003.html VOIP-SIP SDP negative time value http://idp.cyberoam.com/signatures/11983.html VOIP-SIP To header invalid characters detected http://idp.cyberoam.com/signatures/11998.html VOIP-SIP outbound 401 Unauthorized message http://idp.cyberoam.com/signatures/12007.html VOIP-SIP Contact header format string attempt http://idp.cyberoam.com/signatures/11990.html VOIP-SIP overflow in URI type - SIP http://idp.cyberoam.com/signatures/11976.html VOIP-SIP Call-ID header format string attempt http://idp.cyberoam.com/signatures/11989.html VOIP-SIP MultiTech INVITE field buffer overflow attempt http://idp.cyberoam.com/signatures/11981.html VOIP-SIP Via header invalid characters detected http://idp.cyberoam.com/signatures/11999.html VOIP-SIP inbound 501 Not Implemented message http://idp.cyberoam.com/signatures/12172.html miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 312/409 ١١٢١٠٢/٤/ Cyberoam Docs VOIP-SIP INVITE invalid IP address http://idp.cyberoam.com/signatures/12000.html VOIP-SIP response code not three digits http://idp.cyberoam.com/signatures/12072.html VOIP-SIP Contact header invalid characters detected http://idp.cyberoam.com/signatures/11994.html VOIP-SIP From header invalid characters detected http://idp.cyberoam.com/signatures/11997.html VOIP-SIP Via header format string attempt http://idp.cyberoam.com/signatures/11987.html VOIP-SIP invalid SDP connection value http://idp.cyberoam.com/signatures/12005.html VOIP-SIP inbound 604 Does Not Exist Anywhere message http://idp.cyberoam.com/signatures/12174.html VOIP-SIP response too small http://idp.cyberoam.com/signatures/11974.html VOIP-SIP multiple at signs in SIP URI http://idp.cyberoam.com/signatures/12167.html VOIP-SIP Max-Forwards value over 70 http://idp.cyberoam.com/signatures/11972.html VOIP-SIP Content-Type header invalid characters detected http://idp.cyberoam.com/signatures/11995.html VOIP-SIP recursive URL-encoded data in To header http://idp.cyberoam.com/signatures/11982.html VOIP-SIP outbound 415 Unsupported Media Type message http://idp.cyberoam.com/signatures/12177.html VOIP-SIP Sivus scanner detected http://idp.cyberoam.com/signatures/12112.html VOIP-SIP inbound 100 Trying message http://idp.cyberoam.com/signatures/12073.html VOIP-SIP inbound 401 unauthorized message http://idp.cyberoam.com/signatures/11969.html VOIP-SIP inbound 404 Not Found http://idp.cyberoam.com/signatures/12180.html VOIP-SIP inbound 408 Request Timeout message http://idp.cyberoam.com/signatures/12170.html VOIP-SIP BYE flood http://idp.cyberoam.com/signatures/12002.html VOIP-SIP Call-ID header invalid characters detected http://idp.cyberoam.com/signatures/11993.html VOIP-SIP INVITE message invalid Content-Length size of zero http://idp.cyberoam.com/signatures/12004.html VOIP-SIP oversized SDP media port http://idp.cyberoam.com/signatures/11979.html VOIP-SIP outbound 481 Call/Leg Transaction Does Not Exist http://idp.cyberoam.com/signatures/12179.html VOIP-SIP From header field buffer overflow attempt - UDP http://idp.cyberoam.com/signatures/12683.html VOIP-SIP SIP URI possible overflow http://idp.cyberoam.com/signatures/12681.html VOIP-SIP Via header hostname buffer overflow attempt - TCP http://idp.cyberoam.com/signatures/12680.html VOIP-SIP From header field buffer overflow attempt - TCP miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 313/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/12682.html VOIP-SIP OPTIONS request misplaced Via field - after terminating newline http://idp.cyberoam.com/signatures/13589.html VOIP-SIP OPTIONS request misplaced Call-ID field - after terminating newline http://idp.cyberoam.com/signatures/13590.html VOIP-SIP OPTIONS request missing RFC-mandated Via field http://idp.cyberoam.com/signatures/13587.html VOIP-SIP OPTIONS request missing RFC-mandated Call-ID field http://idp.cyberoam.com/signatures/13588.html VOIP-SIP hexadecimal characters in IP address portion of Remote-Party-ID field http://idp.cyberoam.com/signatures/13664.html VOIP-SIP invalid RTP payload type - possible Asterisk memory overwrite http://idp.cyberoam.com/signatures/13693.html VOIP-SIP SDP T.38 fax rate management attribute possible buffer overflow http://idp.cyberoam.com/signatures/14608.html VOIP-SIP SDP T.38 fax UDP EC attribute possible buffer overflow http://idp.cyberoam.com/signatures/14609.html Skype SSL Login Attempt http://idp.cyberoam.com/signatures/1200044.html Malware ISpy Professional v1.2 Runtime Detection (icmp ping request) http://idp.cyberoam.com/signatures/2080924140.html Malware Trojan.Win32.Agent.btxm Runtime Detection (IRC) http://idp.cyberoam.com/signatures/2090413070.html Malware Kaju BackDoor Runtime Detection (Keylog) http://idp.cyberoam.com/signatures/2081212101.html Malware Win32.Neeris.gen.C Runtime Detection (IRC) http://idp.cyberoam.com/signatures/2090409040.html Malware Fouad 1.0 Runtime Detection (init) http://idp.cyberoam.com/signatures/2090119060.html Malware Kaju BackDoor Runtime Detection (screencapture) http://idp.cyberoam.com/signatures/2081212103.html Malware Backdoor.Win32.Poebot.BP Runtime Detection http://idp.cyberoam.com/signatures/2090602031.html Malware Win32.Neeris.gen.C Runtime Detection (IRC-6667) http://idp.cyberoam.com/signatures/2090409041.html Malware Worm.Win32.Basun.wsc Runtime Detection http://idp.cyberoam.com/signatures/1091118050.html Malware Trojan-Dropper.Win32.Small.awa Runtime Detection http://idp.cyberoam.com/signatures/2090903050.html Malware Trojan.Win32.Agent.cws Runtime Detection http://idp.cyberoam.com/signatures/2090420060.html Malware Win32.Conficker.C Runtime Detection (RPC Bind) http://idp.cyberoam.com/signatures/1500005.html Malware Win32.Conficker.C Runtime Detection (RPC DCOM Vulnerability) http://idp.cyberoam.com/signatures/1500006.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326086.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326088.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326087.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous skype spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 314/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2090326089.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/1500003.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/1500004.html Malware BRX Rat 0.02 Runtime Detection (getdrivers) http://idp.cyberoam.com/signatures/2081223053.html Malware BRX Rat 0.02 Runtime Detection (getinfo) http://idp.cyberoam.com/signatures/2081223054.html Malware BRX Rat 0.02 Runtime Detection (keylogger) http://idp.cyberoam.com/signatures/2081223051.html Malware BRX Rat 0.02 Runtime Detection (listproce) http://idp.cyberoam.com/signatures/2081223052.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326080.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326082.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326081.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326083.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326084.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326085.html Malware Silent Keylogger 1.5 Runtime Detection http://idp.cyberoam.com/signatures/2081218070.html Malware Biodox Runtime Detection http://idp.cyberoam.com/signatures/2081215090.html Malware BugsPrey Runtime Detection (Init Connection) http://idp.cyberoam.com/signatures/2080819070.html Malware BugsPrey Runtime Detection (Init Connection) http://idp.cyberoam.com/signatures/2080819071.html Malware DarkstRat 2008 First Runtime Detection http://idp.cyberoam.com/signatures/2081212080.html Malware Keylogger WL-Keylogger Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081006090.html Malware LOST DOOR 3.0 Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081103080.html Malware Octopus 0.1 Runtime Detection http://idp.cyberoam.com/signatures/2090202100.html Malware PaiN RAT 0.1 Runtime Detection http://idp.cyberoam.com/signatures/2081217080.html Malware Spy-Net 0.7 Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081021050.html Malware SRaT 1.6 Runtime Detection http://idp.cyberoam.com/signatures/2081121111.html Malware SynRat 2.1 Pro Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081106041.html Malware Win32.Conficker.C Runtime Detection (Remote Shellcode Commands) http://idp.cyberoam.com/signatures/1500007.html Malware System Security 2009 Installtime Detection spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 315/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2090401042.html Malware Trojan-Downloader.Win32.Monkif.J Runtime Detection http://idp.cyberoam.com/signatures/1090817041.html Malware Zbot Config file Download Detection http://idp.cyberoam.com/signatures/1100215042.html Malware Backdoor.Win32.Hupigon.eqlo Runtime Detection http://idp.cyberoam.com/signatures/2090414180.html Malware Trojan-Downloader.Win32.Banload.aajq Runtime Detection (1) http://idp.cyberoam.com/signatures/2090122270.html Malware Monitor.Win32.Perflogger Runtime Detection http://idp.cyberoam.com/signatures/2081110100.html Malware Trojan.Crypt.ULPM.Gen Runtime Detection http://idp.cyberoam.com/signatures/2090424070.html Malware Backdoor.Win32.Rbot.BWOJ Runtime Detection http://idp.cyberoam.com/signatures/1100211030.html Malware Allaple.e Runtime Detection (RPC Bind) http://idp.cyberoam.com/signatures/2090227110.html Malware Allaple.e Runtime Detection (RPC DoS) http://idp.cyberoam.com/signatures/2090227111.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028126.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028128.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028127.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028129.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/1500040.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/1500041.html Malware W32.Bindo.worm Runtime Detection (port 139) http://idp.cyberoam.com/signatures/2090129220.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130206.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130208.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130207.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130209.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/1500001.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/1500002.html Malware Win32.Poisonivy.E Runtime Detection http://idp.cyberoam.com/signatures/2090417050.html Malware Backdoor.Win32.Small.D Runtime Detection http://idp.cyberoam.com/signatures/1091204020.html spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 316/409 ١١٢١٠٢/٤/ Cyberoam Docs Malware Kaju BackDoor Runtime Detection (Keylog) http://idp.cyberoam.com/signatures/2081212102.html Malware Win32.Apptom Runtime Detection http://idp.cyberoam.com/signatures/2090406120.html Malware Trojan-Backdoor.Win32.Veslorn.gen.A Runtime Detection http://idp.cyberoam.com/signatures/2090602120.html Malware PWS.Win32.Scofted Runtime Detection http://idp.cyberoam.com/signatures/2090408040.html Malware PWS.Win32.Scofted Runtime Detection http://idp.cyberoam.com/signatures/2090408041.html Malware SpyYahoo v2.2 Runtime Detection http://idp.cyberoam.com/signatures/2080917190.html Malware Trojan.Win32.Agent.dbzx Runtime Detection http://idp.cyberoam.com/signatures/1100119090.html Malware Kaju BackDoor Runtime Detection (confirmation) http://idp.cyberoam.com/signatures/2081212105.html Malware aSpy v2.12 Runtime Detection http://idp.cyberoam.com/signatures/2080926040.html Malware Cheat Monitor Runtime Detection http://idp.cyberoam.com/signatures/2081105070.html Malware EgySpy KeyLogger 1.13 Runtime Detection http://idp.cyberoam.com/signatures/2081126060.html Malware Email-Worm.CryptBox-A Runtime Detection (Hallmark) http://idp.cyberoam.com/signatures/2090120282.html Malware Email-Worm.CryptBox-A Runtime Detection (IKEA) http://idp.cyberoam.com/signatures/2090120281.html Malware Tong Keylogger Runtime Detection http://idp.cyberoam.com/signatures/2090112112.html Malware Tong Keylogger Runtime Detection http://idp.cyberoam.com/signatures/2090112110.html Malware Tong Keylogger Runtime Detection http://idp.cyberoam.com/signatures/2090112111.html Malware Worm.Win32.Ackantta.B Runtime Detection (Coca Cola) http://idp.cyberoam.com/signatures/1100303072.html Malware Worm.Win32.Ackantta.B Runtime Detection (Coca Cola) http://idp.cyberoam.com/signatures/1100303073.html Malware Worm.Win32.Ackantta.B Runtime Detection (hallmark/americangreetings) http://idp.cyberoam.com/signatures/1100303070.html Malware Worm.Win32.Ackantta.B Runtime Detection (hallmark/americangreetings) http://idp.cyberoam.com/signatures/1100303071.html Malware Worm.Win32.Ackantta.B Runtime Detection (Huxley) http://idp.cyberoam.com/signatures/1100303074.html Malware Worm.Win32.Ackantta.B Runtime Detection (Huxley) http://idp.cyberoam.com/signatures/1100303075.html Malware Worm.Win32.Plurp.A Runtime Detection http://idp.cyberoam.com/signatures/1100112040.html Malware Virus.Win32.Parite.B Runtime Detection http://idp.cyberoam.com/signatures/2090608040.html Malware Virus.Win32.Parite.B Runtime Detection http://idp.cyberoam.com/signatures/2090608041.html Malware Gen-Trojan.Heur Runtime Detection http://idp.cyberoam.com/signatures/2090505020.html spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 317/409 ١١٢١٠٢/٤/ Cyberoam Docs Malware Exploit-PDF.t Runtime Detection http://idp.cyberoam.com/signatures/2090727070.html Malware Exploit-PDF.t Runtime Detection http://idp.cyberoam.com/signatures/2090727071.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028120.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028122.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028121.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028123.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028124.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028125.html Malware W32.Bindo.worm Runtime Detection (port 445) http://idp.cyberoam.com/signatures/2090129221.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130200.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130202.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130201.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130203.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130204.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130205.html Malware Backdoor.Win32.MeSub.ac Runtime Detection http://idp.cyberoam.com/signatures/1100127040.html Malware Fouad 1.0 Runtime Detection (init) http://idp.cyberoam.com/signatures/2090119061.html Malware Backdoor.Win32.Initor.ag Runtime Detection http://idp.cyberoam.com/signatures/1100114030.html Malware Backdoor.Win32.Poebot.AD Runtime Detection http://idp.cyberoam.com/signatures/1100107060.html Malware Worm.Win32.AutoRun.fmo Runtime Detection http://idp.cyberoam.com/signatures/2090806020.html Malware Kaju BackDoor Runtime Detection (screencapture) http://idp.cyberoam.com/signatures/2081212104.html Malware Backdoor.Win32.Poebot.BP Runtime Detection http://idp.cyberoam.com/signatures/2090602030.html Malware Backdoor.IRC.Zapchast.zwrc Runtime Detection http://idp.cyberoam.com/signatures/2090805090.html Malware Worm.Win32.Sddrop.D Runtime Detection http://idp.cyberoam.com/signatures/2090825010.html Malware Worm.Win32.Sddrop.D Runtime Detection http://idp.cyberoam.com/signatures/2090825011.html Malware Backdoor.Win32.IRCBot.GVP Runtime Detection spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 318/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1100309010.html Malware Backdoor.Win32.Rbot.gen Runtime Detection http://idp.cyberoam.com/signatures/2090513030.html Malware Backdoor.Win32.Wallop.de Runtime Detection (irc join) http://idp.cyberoam.com/signatures/1100121023.html Malware Worm.MSIL.AiO.a Runtime Detection (irc) http://idp.cyberoam.com/signatures/1091125081.html Malware Email-Worm.Win32.Agent.bx Runtime Detection http://idp.cyberoam.com/signatures/1091026060.html Malware Backdoor.Win32.Ceckno.cmz Runtime Detection http://idp.cyberoam.com/signatures/1091211040.html Malware Backdoor.Win32.Agent.alqt Runtime Detection http://idp.cyberoam.com/signatures/1091029010.html Malware Trojan.Win32.LogonInvader.a Runtime Detection http://idp.cyberoam.com/signatures/1100315020.html Malware Backdoor.Win32.Refpron.P Runtime Detection http://idp.cyberoam.com/signatures/2090811030.html Malware Backdoor.Win32.Agent.tnr Runtime Detection http://idp.cyberoam.com/signatures/2091016010.html Malware Arabian-Attacker 1.1.0 Runtime Detection http://idp.cyberoam.com/signatures/2081219070.html Malware Biodox Runtime Detection http://idp.cyberoam.com/signatures/2081215091.html Malware Classroom Spy Professional Runtime Detection (Initial connection) http://idp.cyberoam.com/signatures/2081006142.html Malware Classroom Spy Professional Runtime Detection (Initial connection) http://idp.cyberoam.com/signatures/2081006143.html Malware Classroom Spy Professional Runtime Detection (Initial connection) http://idp.cyberoam.com/signatures/2081006140.html Malware Classroom Spy Professional Runtime Detection (Initial connection) http://idp.cyberoam.com/signatures/2081006141.html Malware DarkstRat 2008 First Runtime Detection http://idp.cyberoam.com/signatures/2081212081.html Malware Hack Style RAT Runtime Detection http://idp.cyberoam.com/signatures/2081216070.html Malware Keylogger WL-Keylogger Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081006091.html Malware LOST DOOR 3.0 Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081103081.html Malware Net-Worm.Win32.Kolabc.fic Runtime Detection (Command and Control) http://idp.cyberoam.com/signatures/2090205211.html Malware Spy-Net 0.7 Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081021051.html Malware SRaT 1.6 Runtime Detection http://idp.cyberoam.com/signatures/2081121110.html Malware SynRat 2.1 Pro Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081106040.html Malware Virut.n Runtime Detection http://idp.cyberoam.com/signatures/2090225100.html Malware Win32.Conficker.C Runtime Detection (FTP download) http://idp.cyberoam.com/signatures/1500008.html Malware 007 Anti-Spyware Runtime Detection spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 319/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2090804020.html Malware 0desa Msn Pass Stealer 8.5 Runtime Detection http://idp.cyberoam.com/signatures/2081114090.html Malware 6SQ Toolbar Runtime Detection http://idp.cyberoam.com/signatures/2080904120.html Malware Adclicker Trojan Zlob.dnz Runtime Detection (ads) http://idp.cyberoam.com/signatures/2081014151.html Malware Adclicker Trojan Zlob.dnz Runtime Detection (pass user info to remote server) http://idp.cyberoam.com/signatures/2081014150.html Malware Additional Guard Runtime Detection http://idp.cyberoam.com/signatures/1091127010.html Malware Adware Professional Runtime Detection http://idp.cyberoam.com/signatures/1091125050.html Malware Adware.Virtumonde Runtime Detection (85.17.166.172) http://idp.cyberoam.com/signatures/2081201110.html Malware Adware.Virtumonde Runtime Detection (Registry Defender) http://idp.cyberoam.com/signatures/2081201111.html Malware Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 (install-time) Install-time Detection http://idp.cyberoam.com/signatures/2090108180.html Malware Adware.Win32.Frosty Goes Skiing Screen Saver 2.2 (run-time) Runtime Detection http://idp.cyberoam.com/signatures/2090108181.html Malware ANG AntiVirus 09 Runtime Detection http://idp.cyberoam.com/signatures/2090423060.html Malware AntiMalware Pro Runtime Detection http://idp.cyberoam.com/signatures/1091126030.html Malware Antivirus 2009 Installtime Detection #1 (Download AntiVirus 2009 Executable) http://idp.cyberoam.com/signatures/2080820124.html Malware Antivirus 2009 Installtime Detection #2 (Download Malicious Code) http://idp.cyberoam.com/signatures/2080820125.html Malware Antivirus 2009 Installtime Detection #3 (Download Malicious Code) http://idp.cyberoam.com/signatures/2080820126.html Malware Antivirus 2009 Runtime Detection (False Tip message inside homepage) http://idp.cyberoam.com/signatures/2080820120.html Malware Antivirus 2009 Runtime Detection (Hijack homepage to IE page) http://idp.cyberoam.com/signatures/2080820122.html Malware Antivirus 2009 Runtime Detection (Redirect to order page) http://idp.cyberoam.com/signatures/2080820121.html Malware Antivirus 2009 Runtime Detection (Redirect to presale page) http://idp.cyberoam.com/signatures/2080820123.html Malware Antivirus 2010 Install Detection http://idp.cyberoam.com/signatures/2090209100.html Malware Antivirus 360 Runtime Detection (first run) http://idp.cyberoam.com/signatures/2090216100.html Malware AntivirusDoktor2009 Runtime Detection http://idp.cyberoam.com/signatures/2090601010.html Malware Antivirus PC 2009 Install-time Detection http://idp.cyberoam.com/signatures/1100104030.html Malware Antivirus PC 2009 Runtime Detection http://idp.cyberoam.com/signatures/1100104031.html Malware Antivirus XP 2008 Runtime Detection (buy) http://idp.cyberoam.com/signatures/2080911070.html spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 320/409 ١١٢١٠٢/٤/ Cyberoam Docs Malware Antivirus XP 2008 Runtime Detection (update) http://idp.cyberoam.com/signatures/2080911071.html Malware Antivirus Xp Pro Runtime Detection http://idp.cyberoam.com/signatures/1091123020.html Malware Asprox Runtime Detection http://idp.cyberoam.com/signatures/2090210180.html Malware Backdoor Hupigon.pv Runtime Detection http://idp.cyberoam.com/signatures/2090113040.html Malware Backdoor.Win32.Agent.amjz Runtime Detection (papaanarhia.cn) http://idp.cyberoam.com/signatures/1091104070.html Malware Backdoor.Win32.Agent.amjz Runtime Detection (pzdulina.cn) http://idp.cyberoam.com/signatures/1091104071.html Malware Backdoor Win32.Agent.wwe Runtime Detection http://idp.cyberoam.com/signatures/2090203070.html Malware Backdoor.Win32.DeAlfa.fa Runtime Detection http://idp.cyberoam.com/signatures/1091103020.html Malware Backdoor Win32.Delf.jwh Runtime Detection http://idp.cyberoam.com/signatures/2080819090.html Malware Backdoor.Win32.Dreamy.bc Runtime Detection http://idp.cyberoam.com/signatures/2090715060.html Malware Backdoor.Win32.EggDrop.acn Runtime Detection (stat1) http://idp.cyberoam.com/signatures/1100215060.html Malware Backdoor.Win32.EggDrop.acn Runtime Detection (stat2) http://idp.cyberoam.com/signatures/1100215061.html Malware Backdoor.Win32.GGDoor.22 Runtime Detection http://idp.cyberoam.com/signatures/2090423050.html Malware Backdoor.Win32.Httpbot.yi Runtime Detection http://idp.cyberoam.com/signatures/1090928050.html Malware Backdoor.Win32.Kbot.qd Runtime Detection http://idp.cyberoam.com/signatures/1091013370.html Malware Backdoor.Win32.Kbot.s Runtime Detection http://idp.cyberoam.com/signatures/1100104070.html Malware Backdoor.Win32.PcClient.AI Runtime Detection http://idp.cyberoam.com/signatures/1091007030.html Malware Backdoor.Win32.Poison.pg Runtime Detection http://idp.cyberoam.com/signatures/1100303020.html Malware Backdoor.Win32.Possador.ux Runtime Detection http://idp.cyberoam.com/signatures/1091201020.html Malware Backdoor.Win32.Prorat.K Runtime Detection http://idp.cyberoam.com/signatures/2090514020.html Malware Backdoor.Win32.Safis Runtime Detection http://idp.cyberoam.com/signatures/1100129010.html Malware Backdoor.Win32.Sinowal.abe Runtime Detection http://idp.cyberoam.com/signatures/2090330050.html Malware Backdoor.Win32.Small.yw Runtime Detection http://idp.cyberoam.com/signatures/1091002040.html Malware Backdoor.Win32.SpyAgent.B Runtime Detection http://idp.cyberoam.com/signatures/2090511050.html Malware Backdoor.Win32.Tusha.cv Runtime Detection http://idp.cyberoam.com/signatures/1091216012.html Malware Backdoor.Win32.Tusha.cv Runtime Detection http://idp.cyberoam.com/signatures/1091216010.html Malware Backdoor.Win32.Tusha.cv Runtime Detection spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 321/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1091216011.html Malware Backdoor.Win32.UltimateDefender.xv Runtime Detection http://idp.cyberoam.com/signatures/2090819010.html Malware Backdoor.Win32.Virut.BM Runtime Detection http://idp.cyberoam.com/signatures/1100225030.html Malware Backdoor.Win32.Wallop.de Runtime Detection (belmeb.net) http://idp.cyberoam.com/signatures/1100121021.html Malware Backdoor.Win32.Wallop.de Runtime Detection (narod.ru) http://idp.cyberoam.com/signatures/1100121020.html Malware Backdoor.Win32.Wallop.de Runtime Detection (smslift.ru) http://idp.cyberoam.com/signatures/1100121022.html Malware Cinmus Variant Runtime Detection http://idp.cyberoam.com/signatures/2090109170.html Malware Cleanvaccine Runtime Detection (First request) http://idp.cyberoam.com/signatures/1100222090.html Malware Cleanvaccine Runtime Detection (Second request) http://idp.cyberoam.com/signatures/1100222091.html Malware CoreGuard Antivirus 2009 Runtime Detection http://idp.cyberoam.com/signatures/2090505030.html Malware CramToolbar Runtime Detection (hijack) http://idp.cyberoam.com/signatures/2080826051.html Malware CramToolbar Runtime Detection (search) http://idp.cyberoam.com/signatures/2080826052.html Malware Downloader-ASH.gen.b Runtime Detection (3264.php) http://idp.cyberoam.com/signatures/2081118101.html Malware Downloader-ASH.gen.b Runtime Detection (adload) http://idp.cyberoam.com/signatures/2081118100.html Malware Downloader.Banload.AKBB Runtime Detection http://idp.cyberoam.com/signatures/2090504050.html Malware Downloader_Trojan_Gen2 Runtime Detection (Antivirus scan Page) http://idp.cyberoam.com/signatures/2080912060.html Malware Downloader_Trojan_Gen2 Runtime Detection (Remote connection) http://idp.cyberoam.com/signatures/2080912061.html Malware Downloader Trojan.Gen3 Runtime Detection http://idp.cyberoam.com/signatures/2080923050.html Malware Email-Worm.CryptBox-A Runtime Detection (childhe) http://idp.cyberoam.com/signatures/2090120280.html Malware Faceback.exe Runtime Detection http://idp.cyberoam.com/signatures/2081009130.html Malware Fouad 1.0 Runtime Detection (http request) http://idp.cyberoam.com/signatures/2090119062.html Malware Infostealer.Gampass Runtime Detection http://idp.cyberoam.com/signatures/2090421060.html Malware iPRIVACY Runtime Detection http://idp.cyberoam.com/signatures/1091013020.html Malware iWonBar Runtime Detection (cfg request) http://idp.cyberoam.com/signatures/2081016120.html Malware iWonBar Runtime Detection (hijacking) http://idp.cyberoam.com/signatures/2081016121.html Malware Kamyab Keylogger v.3 Runtime Detection http://idp.cyberoam.com/signatures/2080929160.html Malware LORD SPY PRO 1.4 Runtime Detection http://idp.cyberoam.com/signatures/2081009060.html spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 322/409 ١١٢١٠٢/٤/ Cyberoam Docs Malware MS Antispyware 2009 Runtime Detection (pay) http://idp.cyberoam.com/signatures/2090224101.html Malware MS Antispyware 2009 Runtime Detection (start) http://idp.cyberoam.com/signatures/2090224100.html Malware Net-Worm.Win32.Kolabc.fic Runtime Detection (HTTP Download) http://idp.cyberoam.com/signatures/2090205210.html Malware Net-Worm.Win32.Piloyd.m Runtime Detection (download) http://idp.cyberoam.com/signatures/1091021111.html Malware Net-Worm.Win32.Piloyd.m Runtime Detection (request html) http://idp.cyberoam.com/signatures/1091021110.html Malware NoAdware Runtime Detection http://idp.cyberoam.com/signatures/2090910020.html Malware OwlForce Runtime Detection (Remote server 1) http://idp.cyberoam.com/signatures/2081021120.html Malware OwlForce Runtime Detection (Remote server 2) http://idp.cyberoam.com/signatures/2081021121.html Malware P2P-Worm.Win32.Malas.r Runtime Detection http://idp.cyberoam.com/signatures/2090826010.html Malware Packed.Win32.Klone.bj Runtime Detection http://idp.cyberoam.com/signatures/2090616020.html Malware Packed.Win32.Krap.i Runtime Detection http://idp.cyberoam.com/signatures/2090715030.html Malware Packed.Win32.Krap.w Runtime Detection http://idp.cyberoam.com/signatures/2090914010.html Malware PC AntiSpyware 2010 Runtime Detection http://idp.cyberoam.com/signatures/2090812050.html Malware PerfectDefender2009 Runtime Detection http://idp.cyberoam.com/signatures/2090506020.html Malware Personal Antivirus Runtime Detection http://idp.cyberoam.com/signatures/2090724040.html Malware Personal Guard 2009 Runtime Detection http://idp.cyberoam.com/signatures/2090909040.html Malware PointGuide Runtime Detection http://idp.cyberoam.com/signatures/2081008050.html Malware Pro Antispyware 2009 Runtime Detection (purchase) http://idp.cyberoam.com/signatures/2090325010.html Malware PWS-QQGame Runtime Detection http://idp.cyberoam.com/signatures/2090511020.html Malware PWS.Win32.Ldpinch.gen Runtime Detection http://idp.cyberoam.com/signatures/2090616050.html Malware PWS.Win32.Zbot.gen.Q Runtime Detection http://idp.cyberoam.com/signatures/1090915030.html Malware PWS.Win32.Zbot.PJ Runtime Detection http://idp.cyberoam.com/signatures/2090520010.html Malware RogueSoftware.Win32.ControlCenter Runtime Detection http://idp.cyberoam.com/signatures/1100302050.html Malware RogueSoftware.Win32.DesktopSecurity2010 Runtime Detection http://idp.cyberoam.com/signatures/1100219050.html Malware RogueSoftware.Win32.LivePcCare Installtime Detection http://idp.cyberoam.com/signatures/1100118021.html Malware RogueSoftware.Win32.LivePcCare Runtime Detection http://idp.cyberoam.com/signatures/1100118020.html Malware Spyware Guard 2008 Runtime Detection (Contacts Remote Server) spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 323/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2081023190.html Malware Spyware Guard 2008 Runtime Detection (Purchase Page) http://idp.cyberoam.com/signatures/2081023191.html Malware Spyware Protect 2009 Runtime Detection (block) http://idp.cyberoam.com/signatures/2090203021.html Malware Spyware Protect 2009 Runtime Detection (purchase request) http://idp.cyberoam.com/signatures/2090203020.html Malware Starware Videos Runtime Detection (get weather info) http://idp.cyberoam.com/signatures/2080911140.html Malware Starware Videos Runtime Detection (hijacking activities) http://idp.cyberoam.com/signatures/2080911141.html Malware Superiorads Runtime Detection http://idp.cyberoam.com/signatures/2080925040.html Malware Sus.BancDl-B Runtime Detection http://idp.cyberoam.com/signatures/2090609040.html Malware System Security 2009 Installtime Detection http://idp.cyberoam.com/signatures/2090401041.html Malware System Security 2009 Runtime Detection http://idp.cyberoam.com/signatures/2090401040.html Malware Targetedbanner.biz Adrotator Runtime Detection (ads) http://idp.cyberoam.com/signatures/2080827071.html Malware Targetedbanner.biz Adrotator Runtime Detection (pass user info to remote server) http://idp.cyberoam.com/signatures/2080827070.html Malware TD.EXE Runtime Detection (download) http://idp.cyberoam.com/signatures/2080822171.html Malware TD.EXE Runtime Detection (getfile) http://idp.cyberoam.com/signatures/2080822170.html Malware Teevsock C Runtime Detection http://idp.cyberoam.com/signatures/2090831070.html Malware ThreatNuker Runtime Detection (build_info) http://idp.cyberoam.com/signatures/2090303101.html Malware ThreatNuker Runtime Detection (install) http://idp.cyberoam.com/signatures/2090303100.html Malware ThreatNuker Runtime Detection (order) http://idp.cyberoam.com/signatures/2090303102.html Malware Total Protect 2009 Install-time Detectioni (install) http://idp.cyberoam.com/signatures/2090210191.html Malware Total Protect 2009 Runtime Detection (purchase) http://idp.cyberoam.com/signatures/2090210190.html Malware Trojan-Banker.Win32.Banbra.mcq Runtime Detection http://idp.cyberoam.com/signatures/2090727010.html Malware Trojan-Banker.Win32.Banbra.spw Runtime Detection http://idp.cyberoam.com/signatures/1100223090.html Malware Trojan-Banker.Win32.Banker.agum Runtime Detection http://idp.cyberoam.com/signatures/1100203030.html Malware Trojan.BAT.Shutdown.ef Runtime Detection http://idp.cyberoam.com/signatures/2090820010.html Malware Trojan-Clicker.Win32.Agent.dlg Runtime Detection http://idp.cyberoam.com/signatures/1091120020.html Malware Trojan-Clicker.Win32.Hatigh.C Runtime Detection http://idp.cyberoam.com/signatures/1091203010.html Malware Trojan.Crypt.CY Runtime Detection http://idp.cyberoam.com/signatures/2090320080.html spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 324/409 ١١٢١٠٢/٤/ Cyberoam Docs Malware Trojan Downloader.Agent.vhb Runtime Detection (Contact server) http://idp.cyberoam.com/signatures/2080924050.html Malware Trojan Downloader.Agent.vhb Runtime Detection (Contact server login page) http://idp.cyberoam.com/signatures/2080924051.html Malware Trojan.Downloader.Delf.RGL Runtime Detection http://idp.cyberoam.com/signatures/2090601050.html Malware Trojan Downloader Exchan.Gen variant Runtime Detection http://idp.cyberoam.com/signatures/2080820170.html Malware Trojan Downloader Exchanger.Gen2 Runtime Detection http://idp.cyberoam.com/signatures/2081112050.html Malware Trojan Downloader.NSIS.Agent.s Runtime Detection http://idp.cyberoam.com/signatures/2080916120.html Malware TrojanDownloader.Win32.Adload.BG Runtime Detection (kwtoolbar.com) http://idp.cyberoam.com/signatures/1091105030.html Malware TrojanDownloader.Win32.Adload.BG Runtime Detection (www.accelget.com) http://idp.cyberoam.com/signatures/1091105031.html Malware Trojan-Downloader.Win32.Agent.amwd Runtime Detection (addressbar.net) http://idp.cyberoam.com/signatures/2081208112.html Malware Trojan-Downloader.Win32.Agent.amwd Runtime Detection (isearchmoa.com) http://idp.cyberoam.com/signatures/2081208111.html Malware Trojan-Downloader.Win32.Agent.amwd Runtime Detection (recommandsite.com) http://idp.cyberoam.com/signatures/2081208110.html Malware Trojan-Downloader.Win32.Agent.atff Runtime Detection http://idp.cyberoam.com/signatures/2090408110.html Malware Trojan-Downloader.Win32.Agent.avzz Runtime Detection (hse) http://idp.cyberoam.com/signatures/2090128280.html Malware Trojan-Downloader.Win32.Agent.avzz Runtime Detection (pc-simple) http://idp.cyberoam.com/signatures/2090128281.html Malware Trojan-Downloader.Win32.Agent.biiw Runtime Detection http://idp.cyberoam.com/signatures/2090422110.html Malware Trojan-Downloader.Win32.Agent.bjkd Runtime Detection (1add) http://idp.cyberoam.com/signatures/2090409030.html Malware Trojan-Downloader.Win32.Agent.bjkd Runtime Detection (xy7) http://idp.cyberoam.com/signatures/2090409031.html Malware Trojan-Downloader.Win32.Agent.bjkd Runtime Detection (zabasearch) http://idp.cyberoam.com/signatures/2090409032.html Malware Trojan.Downloader.Win32.Agent.bkwx Runtime Detection http://idp.cyberoam.com/signatures/2090522100.html Malware Trojan-Downloader.Win32.Agent.bqlu Runtime Detection http://idp.cyberoam.com/signatures/1091001020.html Malware Trojan-Downloader.Win32.Agent.NMS Runtime Detection http://idp.cyberoam.com/signatures/1100219010.html Malware Trojan-Downloader.Win32.Agent.NMS Runtime Detection (POST) http://idp.cyberoam.com/signatures/1100219011.html Malware Trojan-Downloader.Win32.Banload.aajq Runtime Detection (2) http://idp.cyberoam.com/signatures/2090122271.html Malware Trojan-Downloader.Win32.Banload.aajs Install-time Detection (1) http://idp.cyberoam.com/signatures/2090121280.html Malware Trojan-Downloader.Win32.Banload.aajs Install-time Detection (2) spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 325/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2090121281.html Malware Trojan-Downloader.Win32.Banload.agcw Runtime Detection http://idp.cyberoam.com/signatures/2090723010.html Malware Trojan-Downloader.Win32.Banload.bda Runtime Detection http://idp.cyberoam.com/signatures/2090603010.html Malware Trojan-Downloader.Win32.Banload.bvk Runtime Detection http://idp.cyberoam.com/signatures/2090702030.html Malware Trojan-Downloader.Win32.Banload.ykl Runtime Detection http://idp.cyberoam.com/signatures/2081205110.html Malware Trojan-Downloader.Win32.Carberp.A Runtime Detection http://idp.cyberoam.com/signatures/1100224040.html Malware TrojanDownloader.Win32.Cornfemo.A Runtime Detection (newdonkey.net) http://idp.cyberoam.com/signatures/1091015020.html Malware TrojanDownloader.Win32.Cornfemo.A Runtime Detection (suggestbar.net) http://idp.cyberoam.com/signatures/1091015021.html Malware Trojan.Downloader.Win32.Cutwail.AI Runtime Detection http://idp.cyberoam.com/signatures/2090706020.html Malware Trojan-Downloader.Win32.Delf.phh Runtime Detection (0000005738.exe) http://idp.cyberoam.com/signatures/2081022073.html Malware Trojan-Downloader.Win32.Delf.phh Runtime Detection (57329.exe) http://idp.cyberoam.com/signatures/2081022072.html Malware Trojan-Downloader.Win32.Delf.phh Runtime Detection (file.exe 2) http://idp.cyberoam.com/signatures/2081022071.html Malware Trojan-Downloader.Win32.Delf.phh Runtime Detection (file.exe) http://idp.cyberoam.com/signatures/2081022070.html Malware Trojan-Downloader.Win32.Delf.phh Runtime Detection (sft_ver1.1454.0.exe) http://idp.cyberoam.com/signatures/2081022074.html Malware Trojan-Downloader.Win32.Delf.tbv Runtime Detection http://idp.cyberoam.com/signatures/2090526010.html Malware Trojan-Downloader.Win32.FraudLoad.dyl Runtime Detection http://idp.cyberoam.com/signatures/2090421110.html Malware Trojan-Downloader.Win32.FraudLoad.dzm Runtime Detection http://idp.cyberoam.com/signatures/2090805031.html Malware Trojan-Downloader.Win32.FraudLoad.dzm Runtime Detection http://idp.cyberoam.com/signatures/2090805030.html Malware Trojan-Downloader.Win32.FraudLoad.emq Runtime Detection http://idp.cyberoam.com/signatures/1091201040.html Malware Trojan-Downloader.Win32.FraudLoad.eys Runtime Detection http://idp.cyberoam.com/signatures/2090713020.html Malware Trojan-Downloader.Win32.Genome.aior Runtime Detection http://idp.cyberoam.com/signatures/1100218040.html Malware Trojan-Downloader.Win32.Genome.amqj Runtime Detection http://idp.cyberoam.com/signatures/1100311010.html Malware Trojan-Downloader.Win32.Genome.vau Runtime Detection http://idp.cyberoam.com/signatures/1091110020.html Malware Trojan-Downloader.Win32.Homa.dk Runtime Detection http://idp.cyberoam.com/signatures/1091207030.html Malware Trojan-Downloader.Win32.Malushka.T Runtime Detection http://idp.cyberoam.com/signatures/2090724010.html Malware Trojan-Downloader.Win32.Monkif.J Runtime Detection spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 326/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1090817040.html Malware Trojan-Downloader.Win32.Perkesh Runtime Detection http://idp.cyberoam.com/signatures/2090714120.html Malware Trojan-Downloader.Win32.Perkesh Runtime Detection http://idp.cyberoam.com/signatures/2090714121.html Malware Trojan-Downloader.Win32.Small.akow Runtime Detection http://idp.cyberoam.com/signatures/1091207040.html Malware Trojan-Downloader.Win32.Small.jog Runtime Detection http://idp.cyberoam.com/signatures/2090427010.html Malware TrojanDownloader.Win32.Uloadis.A Runtime Detection http://idp.cyberoam.com/signatures/1091009010.html Malware Trojan-Downloader.Win32.Utka.A Runtime Detection http://idp.cyberoam.com/signatures/1100126020.html Malware Trojan-Downloader.Win32.VB.nec Runtime Detection http://idp.cyberoam.com/signatures/2090708010.html Malware Trojan-Downloader.Win32.VB.pnc Runtime Detection http://idp.cyberoam.com/signatures/2090728110.html Malware Trojan-Downloader.Win32.VB.uxz Runtime Detection http://idp.cyberoam.com/signatures/1100315030.html Malware TrojanDownloader.Win32.Wixud.B Runtime Detection http://idp.cyberoam.com/signatures/1090917030.html Malware Trojan-Downloader.Win32.Zlob.wwv Installtime Detection http://idp.cyberoam.com/signatures/2081113172.html Malware Trojan-Downloader.Win32.Zlob.wwv Runtime Detection (childhe) http://idp.cyberoam.com/signatures/2081113171.html Malware Trojan-Downloader.Win32.Zlob.wwv Runtime Detection (onestoponlineshop) http://idp.cyberoam.com/signatures/2081113170.html Malware Trojan-Dropper.Agent.IK Runtime Detection http://idp.cyberoam.com/signatures/2090629030.html Malware Trojan-Dropper.IRC.TKB Runtime Detection (dir4you) http://idp.cyberoam.com/signatures/2081203110.html Malware Trojan-Dropper.IRC.TKB Runtime Detection (dxcpm) http://idp.cyberoam.com/signatures/2081203112.html Malware Trojan-Dropper.IRC.TKB Runtime Detection (lordhack) http://idp.cyberoam.com/signatures/2081203111.html Malware Trojan.Dropper.Win32.Agent.alda Runtime Detection http://idp.cyberoam.com/signatures/2090625010.html Malware Trojan-Dropper.Win32.Agent.aqpn Runtime Detection http://idp.cyberoam.com/signatures/2090630010.html Malware Trojan-Dropper.Win32.Agent.wdv Runtime Detection http://idp.cyberoam.com/signatures/2081017060.html Malware Trojan-Dropper.Win32.Delf.aba Runtime Detection (999cha) http://idp.cyberoam.com/signatures/2090113281.html Malware Trojan-Dropper.Win32.Delf.aba Runtime Detection (by920) http://idp.cyberoam.com/signatures/2090113280.html Malware Trojan-Dropper.Win32.Lukicsel.E Runtime Detection http://idp.cyberoam.com/signatures/1100111020.html Malware Trojan.Lineage.Gen.Pac.3 Runtime Detection http://idp.cyberoam.com/signatures/2090106180.html Malware Trojan.LooksLike.Zaplot Runtime Detection http://idp.cyberoam.com/signatures/2090527050.html Malware Trojan-Proxy.Win32.Dosenjo.C Runtime Detection spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 327/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1091106090.html Malware Trojan-PSW.Win32.Papras.dm Runtime Detection http://idp.cyberoam.com/signatures/2090319060.html Malware Trojan.PSW.Win32.QQPass.amx Runtime Detection http://idp.cyberoam.com/signatures/2090320070.html Malware Trojan-PSW.Win32.QQPass.gam Installtime Detection http://idp.cyberoam.com/signatures/2090224150.html Malware TrojanSpy.Win32.Banker.OO Runtime Detection (segurancanet.com) http://idp.cyberoam.com/signatures/1091005050.html Malware TrojanSpy.Win32.Banker.OO Runtime Detection (www.segundoplanoo.hpg.com.br) http://idp.cyberoam.com/signatures/1091005051.html Malware TrojanSpy.Win32.Banker.OO Runtime Detection (www.verbalize.hpg.com.br) http://idp.cyberoam.com/signatures/1091005052.html Malware Trojan-Spy.Win32.PerfectKeylogger Runtime Detection http://idp.cyberoam.com/signatures/2090714110.html Malware Trojan-Spy.Win32.Pophot Runtime Detection (Download malicious files) http://idp.cyberoam.com/signatures/2081118071.html Malware Trojan-Spy.Win32.Pophot Runtime Detection (Get update list) http://idp.cyberoam.com/signatures/2081118070.html Malware Trojan-Spy.Win32.VB.btm Runtime Detection http://idp.cyberoam.com/signatures/2090709050.html Malware TrojanSpy.Win32.Zbot.gen.C Runtime Detection http://idp.cyberoam.com/signatures/2090529010.html Malware TrojanSpy.Win32.Zbot.Gen Runtime Detection (Connects to remote server) http://idp.cyberoam.com/signatures/2081204091.html Malware TrojanSpy.Win32.Zbot.Gen Runtime Detection (Downloads malicious files) http://idp.cyberoam.com/signatures/2081204090.html Malware Trojan-Spy.Win32.Zbot.Svr Runtime Detection http://idp.cyberoam.com/signatures/1100215040.html Malware Trojan-Spy.Win32.Zbot.Svr Runtime Detection http://idp.cyberoam.com/signatures/1100215041.html Malware Trojan-Spy.Win32.Zbot.wti Runtime Detection http://idp.cyberoam.com/signatures/2090625020.html Malware Trojan.Spy.ZBot.RD Runtime Detection http://idp.cyberoam.com/signatures/2090605020.html Malware Trojan.Spy.Zbot.SO Runtime Detection http://idp.cyberoam.com/signatures/2090602100.html Malware Trojan.Spy.Zeus.1.Gen Runtime Detection (cfg) http://idp.cyberoam.com/signatures/2090304110.html Malware Trojan.Spy.Zeus.1.Gen Runtime Detection (sys) http://idp.cyberoam.com/signatures/2090304111.html Malware Trojan.Swizzor-D Runtime Detection (ayb) http://idp.cyberoam.com/signatures/2090227100.html Malware Trojan.TDSS.1.Gen Install-time Detection (findzproportal1.com) http://idp.cyberoam.com/signatures/2081120101.html Malware Trojan.TDSS.1.Gen Install-time Detection (yournewsblog.net) http://idp.cyberoam.com/signatures/2081120100.html Malware Trojan.URLZone Runtime Detection http://idp.cyberoam.com/signatures/1091002021.html Malware Trojan.URLZone Runtime Detection spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 328/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1091002020.html Malware Trojan.URLZone Runtime Detection http://idp.cyberoam.com/signatures/1091002022.html Malware Trojan.Win32.Agent2.kxu Runtime Detection http://idp.cyberoam.com/signatures/2090914050.html Malware Trojan.Win32.Agent2.lfw Runtime Detection http://idp.cyberoam.com/signatures/1091221020.html Malware Trojan Win32.Agent.aah Runtime Detection http://idp.cyberoam.com/signatures/2081001190.html Malware Trojan.Win32.Agent.asjk Runtime Detection (s2.offersfortoday.com) http://idp.cyberoam.com/signatures/2081210110.html Malware Trojan.Win32.Agent.asjk Runtime Detection (searchersmart.com) http://idp.cyberoam.com/signatures/2081210111.html Malware Trojan.Win32.Agent.aulk Runtime Detection (buyaohenchang) http://idp.cyberoam.com/signatures/2090116280.html Malware Trojan.Win32.Agent.aulk Runtime Detection (redirect to 6700.cn) http://idp.cyberoam.com/signatures/2090116282.html Malware Trojan.Win32.Agent.aulk Runtime Detection (woyaochidongxi) http://idp.cyberoam.com/signatures/2090116281.html Malware Trojan.Win32.Agent.chgp Runtime Detection http://idp.cyberoam.com/signatures/2090519030.html Malware Trojan.Win32.Agent.dhbq Runtime Detection http://idp.cyberoam.com/signatures/1100208040.html Malware Trojan.Win32.Agent.kih Runtime Detection http://idp.cyberoam.com/signatures/1091030020.html Malware Trojan Win32.Agent.vvm Runtime Detection http://idp.cyberoam.com/signatures/2080902150.html Malware Trojan.Win32.Alureon.DG Runtime Detection http://idp.cyberoam.com/signatures/1100309020.html Malware Trojan.Win32.Banload.HH Runtime Detection (he-consulting.com) http://idp.cyberoam.com/signatures/2090501020.html Malware Trojan.Win32.Banload.HH Runtime Detection (www.arealconsult.no) http://idp.cyberoam.com/signatures/2090501021.html Malware Trojan.Win32.Buzus.AWGQ Runtime Detection http://idp.cyberoam.com/signatures/2090525010.html Malware Trojan.Win32.Crypt.vb Runtime Detection http://idp.cyberoam.com/signatures/2090506050.html Malware Trojan.Win32.Dialer.ngb Runtime Detection http://idp.cyberoam.com/signatures/1100205020.html Malware Trojan.Win32.Ertfor.A Runtime Detection (quikup.info) http://idp.cyberoam.com/signatures/2090429051.html Malware Trojan.Win32.Ertfor.A Runtime Detection (updatesabout.com) http://idp.cyberoam.com/signatures/2090429050.html Malware Trojan.Win32.FraudPack.ogk Runtime Detection http://idp.cyberoam.com/signatures/2090707030.html Malware Trojan.Win32.Gaboc.A Runtime Detection http://idp.cyberoam.com/signatures/1100208070.html Malware Trojan.Win32.Hiloti.C Runtime Detection (bauhath.com) http://idp.cyberoam.com/signatures/1100129020.html Malware Trojan.Win32.Hiloti.C Runtime Detection (lambrie.com) http://idp.cyberoam.com/signatures/1100129021.html Malware Trojan.Win32.Krap.af Runtime Detection spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 329/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1091019010.html Malware Trojan.Win32.Nebuler.D Runtime Detection (oberaufseher) http://idp.cyberoam.com/signatures/2090403051.html Malware Trojan.Win32.Nebuler.D Runtime Detection (pornfat) http://idp.cyberoam.com/signatures/2090403050.html Malware Trojan.Win32.Nebuler.D Runtime Detection (wnames0603) http://idp.cyberoam.com/signatures/2090403052.html Malware Trojan.Win32.Qbot.B Runtime Detection http://idp.cyberoam.com/signatures/1090626030.html Malware Trojan.Win32.Qbot.B Runtime Detection http://idp.cyberoam.com/signatures/1090626031.html Malware Trojan.Win32.Rabbit.e Runtime Detection (HTTP) http://idp.cyberoam.com/signatures/2090309120.html Malware Trojan.Win32.Scar.iej Runtime Detection http://idp.cyberoam.com/signatures/1090928060.html Malware Trojan.Win32.Small.bwj Runtime Detection http://idp.cyberoam.com/signatures/2090428020.html Malware Trojan.Win32.Small.byt Runtime Detection http://idp.cyberoam.com/signatures/1091202020.html Malware Trojan.Win32.Smser.cx Runtime Detection http://idp.cyberoam.com/signatures/1090922080.html Malware Trojan.Win32.TDSS.aa Runtime Detection http://idp.cyberoam.com/signatures/1100120010.html Malware Trojan.Win32.VB.ktq Runtime Detection http://idp.cyberoam.com/signatures/1090921020.html Malware Trojan.Win32.Zbot.PG Runtime Detection http://idp.cyberoam.com/signatures/1100106040.html Malware Trojan.Zlob Runtime Detection (s2.offersfortoday) http://idp.cyberoam.com/signatures/2081105080.html Malware Trojan.Zlob Runtime Detection (s3.offersfortoday) http://idp.cyberoam.com/signatures/2081105081.html Malware Trojan.Zlob Runtime Detection (topqualityads) http://idp.cyberoam.com/signatures/2081105083.html Malware Trust Warrior Runtime Detection http://idp.cyberoam.com/signatures/1090923020.html Malware VirusRemover 2008 Runtime Detection http://idp.cyberoam.com/signatures/2080922030.html Malware Virus.Win32.Sality.aa Runtime Detection (lestarisweethome) http://idp.cyberoam.com/signatures/2090126261.html Malware Virus.Win32.Sality.aa Runtime Detection (mirc1) http://idp.cyberoam.com/signatures/2090126260.html Malware W32.Autorun.worm.dq Runtime Detection (df-123) http://idp.cyberoam.com/signatures/2090317050.html Malware W32.Autorun.worm.dq Runtime Detection (jiu66) http://idp.cyberoam.com/signatures/2090317051.html Malware W32.Fiala.A Runtime Detection http://idp.cyberoam.com/signatures/1091030040.html Malware W32.Fnumbot Runtime Detection http://idp.cyberoam.com/signatures/2090910030.html Malware W32.Sality.AM Runtime Detection (hotelkalingaindore) http://idp.cyberoam.com/signatures/2090715010.html Malware W32.Sality.AM Runtime Detection (lasercareindia) http://idp.cyberoam.com/signatures/2090715011.html Malware W32.Smalltroj.MHYR Runtime Detection spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 330/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2090324030.html Malware Waledac Runtime Detection (.htm file) http://idp.cyberoam.com/signatures/2090217100.html Malware Waledac Runtime Detection (.php file) http://idp.cyberoam.com/signatures/2090217102.html Malware Waledac Runtime Detection (.png file) http://idp.cyberoam.com/signatures/2090217101.html Malware WeatherStudio Runtime Detection http://idp.cyberoam.com/signatures/2080908040.html Malware Win32.Cekar Variant Runtime Detection http://idp.cyberoam.com/signatures/2080909030.html Malware Win32-FakeAlert.KL Installtime Detection (Downloads Files) http://idp.cyberoam.com/signatures/2081202070.html Malware Win32-FakeAlert.KL Installtime Detection (Updates) http://idp.cyberoam.com/signatures/2081202071.html Malware Win32-FakeAlert.KL Runtime Detection http://idp.cyberoam.com/signatures/2081202072.html Malware Win32.Fruspam Runtime Detection http://idp.cyberoam.com/signatures/2090416030.html Malware Win32.Mudrop.lj Runtime Detection http://idp.cyberoam.com/signatures/2090402050.html Malware Windows Antivirus 2008 Runtime Detection (Pre-sale page) http://idp.cyberoam.com/signatures/2081120060.html Malware Windows Antivirus 2008 Runtime Detection (Registration and Payment page) http://idp.cyberoam.com/signatures/2081120061.html Malware Windows System Defender Runtime Detection http://idp.cyberoam.com/signatures/1091111070.html Malware Win PC Defender Installtime Detection http://idp.cyberoam.com/signatures/2090323051.html Malware Win PC Defender Runtime Detection http://idp.cyberoam.com/signatures/2090323050.html Malware WinReanimator Runtime Detection (daily update) http://idp.cyberoam.com/signatures/2080903181.html Malware WinReanimator Runtime Detection (register request) http://idp.cyberoam.com/signatures/2080903180.html Malware Worm.Brontok.C Runtime Detection (HTTP) http://idp.cyberoam.com/signatures/2090220100.html Malware Worm.MSIL.AiO.a Runtime Detection (http) http://idp.cyberoam.com/signatures/1091125080.html Malware Worm.Win32.AutoDoor.aa Runtime Detection (3322.org) http://idp.cyberoam.com/signatures/1091111010.html Malware Worm.Win32.AutoDoor.aa Runtime Detection (dns.org) http://idp.cyberoam.com/signatures/1091111012.html Malware Worm.Win32.AutoDoor.aa Runtime Detection (icp.net) http://idp.cyberoam.com/signatures/1091111011.html Malware Worm.Win32.AutoRun.aczu Runtime Detection http://idp.cyberoam.com/signatures/2090407020.html Malware Worm.Win32.AutoRun.aw Runtime Detection http://idp.cyberoam.com/signatures/2090615020.html Malware Worm.Win32.AutoRun.qgg Runtime Detection (Razmgah) http://idp.cyberoam.com/signatures/2090311101.html Malware Worm.Win32.AutoRun.qgg Runtime Detection (Reg) spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 331/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2090311100.html Malware Worm.Win32.Bagle.gen.C Runtime Detection http://idp.cyberoam.com/signatures/2090430040.html Malware Worm.Win32.Deecee.a Runtime Detection http://idp.cyberoam.com/signatures/2090421080.html Malware Worm.Win32.Emold.U Runtime Detection http://idp.cyberoam.com/signatures/2090908020.html Malware Worm.Win32.Koobface.dq Runtime Detection (achcheck) http://idp.cyberoam.com/signatures/2090316100.html Malware Worm.Win32.Koobface.dq Runtime Detection (con-sole) http://idp.cyberoam.com/signatures/2090316102.html Malware Worm.Win32.Koobface.dq Runtime Detection (gen) http://idp.cyberoam.com/signatures/2090316101.html Malware Worm.Win32.Koobface.hy Runtime Detection http://idp.cyberoam.com/signatures/2090526020.html Malware Worm.Win32.Kufgal.A Runtime Detection http://idp.cyberoam.com/signatures/1100125040.html Malware Worm.Win32.Magania.clfv Runtime Detection http://idp.cyberoam.com/signatures/1100204060.html Malware Worm.Win32.Oneraw.I.Trojan Runtime Detection (zone-searching) http://idp.cyberoam.com/signatures/2090319050.html Malware Worm.Win32.Sohanad.bm Runtime Detection http://idp.cyberoam.com/signatures/2090521030.html Malware Worm.Win32.Sohanad.ila Runtime Detection http://idp.cyberoam.com/signatures/1091209010.html Malware Wowpa KI Runtime Detection http://idp.cyberoam.com/signatures/2090527010.html Malware XP Antispyware 2009 Runtime Detection http://idp.cyberoam.com/signatures/2081104110.html Malware XP Antivirus Protection Runtime Detection (Installation) http://idp.cyberoam.com/signatures/2090604020.html Malware XP Antivirus Protection Runtime Detection (Runtime) http://idp.cyberoam.com/signatures/2090604021.html Malware XP Guardian 2010 Runtime Detection http://idp.cyberoam.com/signatures/1100210020.html Malware XP Guardian 2010 Runtime Detection (proantivirus21) http://idp.cyberoam.com/signatures/1100210021.html Malware XP Police Antivirus Install-time Detection (install) http://idp.cyberoam.com/signatures/2090218071.html Malware XP Police Antivirus Runtime Detection (purchase) http://idp.cyberoam.com/signatures/2090218070.html Malware XP-Shield Runtime Detection http://idp.cyberoam.com/signatures/2090608030.html Malware XP-Shield Runtime Detection (Installation) http://idp.cyberoam.com/signatures/2090608031.html Malware Backdoor.Win32.Virut.BM Runtime Detection http://idp.cyberoam.com/signatures/1100225031.html Malware Trojan-Proxy.Win32.Agent.boe Runtime Detection http://idp.cyberoam.com/signatures/2090731030.html DELETED SPECIFIC-THREATS b.js download - possible Asprox trojan attack http://idp.cyberoam.com/signatures/13952.html EXPLOIT HP OpenView Network Node Manger cdpnode command injection attempt spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware sql rules sql rules docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 332/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/14775.html EXPLOIT HP OpenView Network Node Manger connectedNodes command injection attempt http://idp.cyberoam.com/signatures/14774.html EXPLOIT HP OpenView Network Node Manager freeIPaddrs command injection attempt http://idp.cyberoam.com/signatures/14776.html ORACLE DBMS_EXPORT_EXTENSION SQL injection attempt http://idp.cyberoam.com/signatures/7207.html ORACLE SYS.KUPW-WORKER sql injection attempt http://idp.cyberoam.com/signatures/8059.html ORACLE Oracle Database DBMS_AQADM_SYS package GRANT_TYPE_ACCESS procedure SQL injection attempt http://idp.cyberoam.com/signatures/11204.html ORACLE sys.dbms_upgrade_internal access attempt http://idp.cyberoam.com/signatures/11205.html ORACLE Oracle database SYS.LT.FINDRICSET SQL injection attempt http://idp.cyberoam.com/signatures/13366.html ORACLE Oracle XDB.XDB_PITRIG_PKG sql injection attempt http://idp.cyberoam.com/signatures/13551.html ORACLE Secure Backup exec_qr command injection attempt http://idp.cyberoam.com/signatures/15261.html ORACLE Secure Backup POST exec_qr command injection attempt http://idp.cyberoam.com/signatures/15262.html ORACLE Secure Backup common.php variable based command injection attempt http://idp.cyberoam.com/signatures/15257.html ORACLE Secure Backup login.php variable based command injection attempt http://idp.cyberoam.com/signatures/15258.html ORACLE BPEL process manager XSS injection attempt http://idp.cyberoam.com/signatures/15256.html ORACLE Oracle Database Server RollbackWorkspace SQL injection attempt http://idp.cyberoam.com/signatures/15515.html ORACLE Oracle database server CompressWorkspaceTree SQL injection attempt http://idp.cyberoam.com/signatures/15723.html ORACLE Oracle database server RemoveWorkspace SQL injection attempt http://idp.cyberoam.com/signatures/15725.html ORACLE Oracle database server MergeWorkspace SQL injection attempt http://idp.cyberoam.com/signatures/15724.html SMTP ClamAV recipient command injection attempt http://idp.cyberoam.com/signatures/12592.html SMTP outlook web access script injection attempt http://idp.cyberoam.com/signatures/15367.html SPECIFIC THREAT Metasploit Framework xmlrpc.php command injection attempt http://idp.cyberoam.com/signatures/13816.html SPECIFIC-THREATS alternate xmlrpc.php command injection attempt http://idp.cyberoam.com/signatures/13818.html SPECIFIC-THREATS xmlrpc.php command injection attempt http://idp.cyberoam.com/signatures/13817.html SPECIFIC-THREATS Asprox trojan initial query http://idp.cyberoam.com/signatures/13953.html SPECIFIC-THREATS Oracle database server Workspace Manager multiple SQL injection attempt sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 333/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/15722.htmlruntime detection - spyware SPYWARE-PUT Trickler generic downloader.g injection http://idp.cyberoam.com/signatures/7051.html SQL SAP MaxDB shell command injection attempt http://idp.cyberoam.com/signatures/13356.html SQL generic sql insert injection atttempt - GET parameter http://idp.cyberoam.com/signatures/13513.html SQL generic sql exec injection attempt - GET parameter http://idp.cyberoam.com/signatures/13512.html SQL generic sql update injection attempt - GET parameter http://idp.cyberoam.com/signatures/13514.html SQL oversized cast statement - possible sql injection obfuscation http://idp.cyberoam.com/signatures/13791.html SQL large number of calls to char function - possible sql injection obfuscation http://idp.cyberoam.com/signatures/13989.html SQL union select - possible sql injection attempt - GET parameter http://idp.cyberoam.com/signatures/13990.html SQL oversized convert statement - possible sql injection obfuscation http://idp.cyberoam.com/signatures/13987.html SQL large number of calls to concat function - possible sql injection obfuscation http://idp.cyberoam.com/signatures/14008.html SQL large number of calls to ascii function - possible sql injection obfuscation http://idp.cyberoam.com/signatures/13988.html SQL char and sysobjects - possible sql injection recon attempt http://idp.cyberoam.com/signatures/15584.html SQL union select - possible sql injection attempt - POST parameter http://idp.cyberoam.com/signatures/15874.html SQL generic sql update injection attempt - POST parameter http://idp.cyberoam.com/signatures/15876.html SQL generic sql insert injection atttempt - POST parameter http://idp.cyberoam.com/signatures/15875.html SQL generic sql exec injection attempt - POST parameter http://idp.cyberoam.com/signatures/15877.html WEB-CGI Nucleus CMS action.php itemid SQL injection http://idp.cyberoam.com/signatures/3690.html WEB-MISC Demarc SQL injection attempt http://idp.cyberoam.com/signatures/2063.html WEB-MISC Twiki viewfile rev command injection attempt http://idp.cyberoam.com/signatures/4987.html WEB-MISC Twiki rdiff rev command injection attempt http://idp.cyberoam.com/signatures/4985.html WEB-MISC Twiki view rev command injection attempt http://idp.cyberoam.com/signatures/4986.html WEB-MISC Symantec Sygate Policy Manager SQL injection http://idp.cyberoam.com/signatures/11616.html WEB-MISC Adobe RoboHelp r0 SQL injection attempt http://idp.cyberoam.com/signatures/13928.html WEB-MISC Adobe RoboHelp rx SQL injection attempt http://idp.cyberoam.com/signatures/13929.html WEB-PHP Wordpress cache_lastpostdate code injection attempt http://idp.cyberoam.com/signatures/8708.html WEB-PHP cacti graph_image SQL injection attempt http://idp.cyberoam.com/signatures/8713.html sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules sql rules docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 334/409 ١١٢١٠٢/٤/ Cyberoam Docs WEB-PHP cacti graph_image SQL injection attempt http://idp.cyberoam.com/signatures/8716.html WEB-PHP cacti graph_image SQL injection attempt http://idp.cyberoam.com/signatures/8715.html WEB-PHP cacti graph_image SQL injection attempt http://idp.cyberoam.com/signatures/8714.html WEB-PHP vbulletin php code injection http://idp.cyberoam.com/signatures/11668.html WEB-PHP PHP function CRLF injection attempt http://idp.cyberoam.com/signatures/12360.html WEB-PHP phpBB mod shoutbox sql injection attempt http://idp.cyberoam.com/signatures/15424.html WEB-PHP phpBB mod tag board sql injection attempt http://idp.cyberoam.com/signatures/15425.html sql rules sql rules sql rules sql rules sql rules sql rules sql rules 1.3.1.6.53. V 2.4.48 Release Date 25th January, 2010 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.47 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure Download upgrade fromhttp://download.cyberoam.com/ips Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions. 1. 2. 3. 4. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.48. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 62 Risk level: High Name Microsoft Active Directory LDAP Search Request Buffer Overflow http://idp.cyberoam.com/signatures/1081014162.html Microsoft Active Directory LDAP Search Request Buffer Overflow http://idp.cyberoam.com/signatures/1081014161.html Microsoft Active Directory LDAP Search Request Buffer Overflow http://idp.cyberoam.com/signatures/1081014160.html Microsoft Active Directory LDAP Search Request Buffer Overflow http://idp.cyberoam.com/signatures/1081014164.html Microsoft Windows Active Directory Denial of Service http://idp.cyberoam.com/signatures/1080610101.html Category miscellaneous miscellaneous miscellaneous miscellaneous network attacks and anomaly docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 335/409 ١١٢١٠٢/٤/ Cyberoam Docs Microsoft Windows Active Directory Denial of Service http://idp.cyberoam.com/signatures/1080610103.html Novell eDirectory LDAP NULL Search Parameter Buffer Overflow http://idp.cyberoam.com/signatures/1080710091.html Novell eDirectory LDAP NULL Search Parameter Buffer Overflow http://idp.cyberoam.com/signatures/1080710092.html Novell eDirectory LDAP NULL Search Parameter Buffer Overflow http://idp.cyberoam.com/signatures/1080710090.html OpenLDAP ber_get_next BER Decoding Denial of Service http://idp.cyberoam.com/signatures/1080630160.html Oracle Internet Directory Pre-Authentication LDAP Denial of Service http://idp.cyberoam.com/signatures/1080716020.html Unisys Business Information Server Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090625040.html Alt-N Technologies SecurityGateway username Buffer Overflow http://idp.cyberoam.com/signatures/1080602040.html Alt-N Technologies SecurityGateway username Buffer Overflow http://idp.cyberoam.com/signatures/1080602041.html Alt-N Technologies SecurityGateway username Buffer Overflow http://idp.cyberoam.com/signatures/1080602042.html CA ARCserve Backup Discovery Service Denial of Service http://idp.cyberoam.com/signatures/1080417020.html CA ARCserve Backup Discovery Service Denial of Service http://idp.cyberoam.com/signatures/1080417021.html Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow http://idp.cyberoam.com/signatures/1090415033.html Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow http://idp.cyberoam.com/signatures/1090415035.html Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow http://idp.cyberoam.com/signatures/1090415032.html Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow http://idp.cyberoam.com/signatures/1090415034.html Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow http://idp.cyberoam.com/signatures/1090415031.html Oracle BEA WebLogic Server Plug-ins Certificate Buffer Overflow http://idp.cyberoam.com/signatures/1090415030.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404045.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404040.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404046.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404047.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404048.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404049.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404041.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404042.html CA Multiple Products Alert Notification Server Buffer Overflow miscellaneous network attacks and anomaly miscellaneous miscellaneous miscellaneous network attacks and anomaly dbms exploit miscellaneous miscellaneous network attacks and anomaly network attacks and anomaly dbms dbms dbms dbms dbms dbms miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 336/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1080404043.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404044.html Microsoft SQL Server sp_replwritetovarbin Stored Procedure Buffer Overflow http://idp.cyberoam.com/signatures/1081209021.html Microsoft SQL Server sp_replwritetovarbin Stored Procedure Buffer Overflow http://idp.cyberoam.com/signatures/1081209022.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1081023105.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1381023107.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1381023100.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1081023100.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1081023108.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1081023106.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1081023109.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1081023107.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1481023101.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1381023108.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1481023102.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1381023109.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1481023103.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1481023100.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1081023103.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1081023101.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1581023108.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1081023104.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1081023102.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1381023104.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1381023101.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1381023105.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1381023102.html rpc miscellaneous sql rules sql rules rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc rpc docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 337/409 ١١٢١٠٢/٤/ Cyberoam Docs Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1381023106.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1381023103.html Microsoft Windows SMB Authentication Reflection Remote Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1081111104.html Microsoft Windows SMB Authentication Reflection Remote Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1081111105.html Microsoft Windows SMB Authentication Reflection Remote Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1081111107.html Microsoft Windows SMB Authentication Reflection Remote Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1081111106.html Microsoft Windows SMB OPEN2 Request Error Handling Memory Corruption http://idp.cyberoam.com/signatures/1090113140.html Microsoft Windows SMB OPEN2 Request Error Handling Memory Corruption http://idp.cyberoam.com/signatures/1090113141.html Microsoft Windows SMB Search Request Buffer Overflow http://idp.cyberoam.com/signatures/1081014250.html Microsoft Windows SMB TRANS Request Error Handling Memory Corruption http://idp.cyberoam.com/signatures/1090113131.html Microsoft Windows SMB TRANS Request Error Handling Memory Corruption http://idp.cyberoam.com/signatures/1090113130.html Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow http://idp.cyberoam.com/signatures/1090625060.html Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow http://idp.cyberoam.com/signatures/1090625061.html Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow http://idp.cyberoam.com/signatures/1090625062.html Motorola Timbuktu Pro PlughNTCommand Stack Based Buffer Overflow http://idp.cyberoam.com/signatures/1090625063.html Novell Client NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1090406112.html Novell Client NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1090406113.html Samba Root File System Access Security Bypass http://idp.cyberoam.com/signatures/1090105110.html Samba Root File System Access Security Bypass http://idp.cyberoam.com/signatures/1090105111.html Symantec Veritas Storage Foundation Scheduler Service NULL Session Authentication Bypass http://idp.cyberoam.com/signatures/1080814160.html IBM DB2 Database Server CONNECT Request Denial of Service http://idp.cyberoam.com/signatures/1090402020.html IBM DB2 Database Server Invalid Data Stream Denial of Service (Published Exploit) http://idp.cyberoam.com/signatures/1090402030.html IBM DB2 Universal Database XML Query Buffer Overflow http://idp.cyberoam.com/signatures/1080917060.html RealNetworks Helix Server RTSP SET_PARAMETER Heap Buffer Overflow http://idp.cyberoam.com/signatures/1090106050.html netbios rpc rpc exploit exploit exploit exploit netbios netbios netbios netbios miscellaneous miscellaneous miscellaneous miscellaneous exploit exploit miscellaneous miscellaneous miscellaneous network attacks and anomaly network attacks and anomaly miscellaneous miscellaneous docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 338/409 ١١٢١٠٢/٤/ Cyberoam Docs RealNetworks Helix Server RTSP SET_PARAMETERS Request Denial of Service http://idp.cyberoam.com/signatures/1090720042.html Request Denial of Service RealNetworks Helix Server RTSP SET_PARAMETERS http://idp.cyberoam.com/signatures/1090720041.html RealNetworks Helix Server RTSP SET_PARAMETERS Request Denial of Service http://idp.cyberoam.com/signatures/1090720040.html RealNetworks Helix Server RTSP SETUP Stack Buffer Overflow http://idp.cyberoam.com/signatures/1090105040.html Oracle Application Server 10g OPMN Service Format String Vulnerability http://idp.cyberoam.com/signatures/1090415010.html Oracle Application Server 10g OPMN Service Format String Vulnerability http://idp.cyberoam.com/signatures/1090415011.html Apple CUPS PNG Filter Overly Large Image Height Integer Overflow http://idp.cyberoam.com/signatures/1081128150.html Apple CUPS PNG Filter Overly Large Image Height Integer Overflow http://idp.cyberoam.com/signatures/1081128151.html Apple CUPS Text-to-PostScript texttops Filter Integer Overflow http://idp.cyberoam.com/signatures/1081010050.html Apple CUPS Text-to-PostScript texttops Filter Integer Overflow http://idp.cyberoam.com/signatures/1081010052.html Apple CUPS Text-to-PostScript texttops Filter Integer Overflow http://idp.cyberoam.com/signatures/1081010053.html Apple CUPS Text-to-PostScript texttops Filter Integer Overflow http://idp.cyberoam.com/signatures/1081010055.html Apple CUPS Text-to-PostScript texttops Filter Integer Overflow http://idp.cyberoam.com/signatures/1081010054.html Apple CUPS Text-to-PostScript texttops Filter Integer Overflow http://idp.cyberoam.com/signatures/1081010051.html Multiple Vendor CUPS GIF Decoding Routine Buffer Overflow http://idp.cyberoam.com/signatures/1080401081.html Multiple Vendor CUPS GIF Decoding Routine Buffer Overflow http://idp.cyberoam.com/signatures/1080401080.html Multiple Vendors CUPS HPGL Filter Remote Code Execution http://idp.cyberoam.com/signatures/1081010060.html Multiple Vendors CUPS HPGL Filter Remote Code Execution http://idp.cyberoam.com/signatures/1081010061.html Gbridge Tool http://idp.cyberoam.com/signatures/1100853.html Skype Connection Establish Attempt http://idp.cyberoam.com/signatures/1100735.html GeeMail Tool http://idp.cyberoam.com/signatures/1100854.html Anonymous Proxy Application Your-Freedom (HTTPS) http://idp.cyberoam.com/signatures/1100858.html miscellaneous miscellaneous miscellaneous miscellaneous dbms dbms miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous miscellaneous cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures 1.3.1.6.54. V 2.4.47 Release Date 12th January, 2010 Release Information Upgrade Applicable on: Any Older IPS Signature Database Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 339/409 ١١٢١٠٢/٤/ Manual Upgrade procedure 1. 2. 3. 4. Cyberoam Docs Download upgrade fromhttp://download.cyberoam.com/ips Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.47. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. We have enhanced following points. · · · Enhanced performance of IPS by streamlining the architecture of IPS and related modules Merge signatures to give better performance Performance enhancement by removing redundant signatures New signatures are added for the following vulnerabilities: Total signatures added: 14 Risk level: High Name Surfing Using Pingfu Proxy Application http://idp.cyberoam.com/signatures/1100840.html Meebo Repreater Tool http://idp.cyberoam.com/signatures/1100841.html Surfing Using Realtunnel http://idp.cyberoam.com/signatures/1100842.html Surfing Using Realtunnel http://idp.cyberoam.com/signatures/1100843.html Surfing Using Realtunnel http://idp.cyberoam.com/signatures/1100844.html Gmail Video Chat Attempt http://idp.cyberoam.com/signatures/1100845.html Gtalk File Transfer Attempt http://idp.cyberoam.com/signatures/1100846.html Gtalk Voice Chat Attempt http://idp.cyberoam.com/signatures/1100847.html Webmail Chat Attempt - Gmail (HTTPS) http://idp.cyberoam.com/signatures/1100848.html P2P Protocol (Bittorrent/Thunder) http://idp.cyberoam.com/signatures/1100816.html P2P Protocol (Bittorrent/Thunder) http://idp.cyberoam.com/signatures/1100817.html P2P Protocol (Bittorrent/Thunder) http://idp.cyberoam.com/signatures/1100818.html P2P Protocol (Bittorrent/Thunder) http://idp.cyberoam.com/signatures/1100819.html SQL Injection Attempt http://idp.cyberoam.com/signatures/1100850.html Category cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures 1.3.1.6.55. V 2.4.45 Release Date 22nd December, 2009 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.44 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 340/409 ١١٢١٠٢/٤/ Upgrade Information Cyberoam Docs Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure 1. 2. 3. 4. Download upgrade fromhttp://download.cyberoam.com/ips Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.45. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 62 Risk level: High Name Nateon Messenger http://idp.cyberoam.com/signatures/1100831.html Surfing using Freevpn Tool http://idp.cyberoam.com/signatures/1100832.html Surfing Using Packetix Tool http://idp.cyberoam.com/signatures/1100833.html HTTP DoS Attack - Slowloris http://idp.cyberoam.com/signatures/1100834.html Proxy Server Asproxy http://idp.cyberoam.com/signatures/1100835.html Suring Using Coralcdn Domain http://idp.cyberoam.com/signatures/1100836.html Surfing Using Ghostsurf Tool http://idp.cyberoam.com/signatures/1100837.html Surfing Using PHP Redirection (Web Proxy) http://idp.cyberoam.com/signatures/1100815.html Proxy Application - Ultrasurf 9.6 http://idp.cyberoam.com/signatures/1100826.html Proxy Application - Ultrasurf 9.6 http://idp.cyberoam.com/signatures/1100827.html Facebook Chat http://idp.cyberoam.com/signatures/1100838.html Linux Kernel SCTP FWD-TSN Handling Buffer Overflow http://idp.cyberoam.com/signatures/1090106230.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1481023108.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1481023105.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1481023109.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1481023106.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow Category cyberoamsignatures cyberoamsignatures cyberoamsignatures dos cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures exploit netbios netbios netbios netbios netbios docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 341/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1581023100.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1481023107.html Microsoft Windows SMB Authentication Reflection Remote Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1081111100.html Microsoft Windows SMB Authentication Reflection Remote Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1081111101.html Microsoft Windows SMB Authentication Reflection Remote Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1081111103.html Microsoft Windows SMB Authentication Reflection Remote Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1081111102.html Microsoft Windows SMB OPEN2 Request Error Handling Memory Corruption http://idp.cyberoam.com/signatures/1090113142.html Microsoft Windows SMB OPEN2 Request Error Handling Memory Corruption http://idp.cyberoam.com/signatures/1090113143.html Microsoft Windows SMB Search Request Buffer Overflow http://idp.cyberoam.com/signatures/1081014251.html Microsoft Windows SMB TRANS Request Error Handling Memory Corruption http://idp.cyberoam.com/signatures/1090113133.html Microsoft Windows SMB TRANS Request Error Handling Memory Corruption http://idp.cyberoam.com/signatures/1090113132.html Novell Client NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1090406110.html Novell Client NetIdentity Agent Remote Arbitrary Pointer Dereference Code Execution (Published Exploit) http://idp.cyberoam.com/signatures/1090406111.html Microsoft SQL Server sp_replwritetovarbin Stored Procedure Buffer Overflow http://idp.cyberoam.com/signatures/1081209023.html IBM Tivoli Storage Manager Express Backup Heap Corruption http://idp.cyberoam.com/signatures/1090310020.html IBM Tivoli Storage Manager Express Backup Heap Corruption http://idp.cyberoam.com/signatures/1090310021.html IBM Tivoli Storage Manager Express Backup Heap Corruption http://idp.cyberoam.com/signatures/1090310023.html IBM Tivoli Storage Manager Express Backup Heap Corruption http://idp.cyberoam.com/signatures/1090310022.html IBM Tivoli Storage Manager Agent Client Generic String Handling Buffer Overflow http://idp.cyberoam.com/signatures/1090504030.html IBM Tivoli Storage Manager Client dsmagent.exe NodeName Buffer Overflow http://idp.cyberoam.com/signatures/1090504020.html IBM Tivoli Storage Manager Client dsmagent.exe NodeName Buffer Overflow http://idp.cyberoam.com/signatures/1090504021.html Oracle TimesTen In-Memory Database evtdump CGI module Format String http://idp.cyberoam.com/signatures/1090114220.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323030.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323032.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323033.html Linux Kernel nfsd CAP_MKNOD Security Bypass netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios misc misc misc misc misc misc misc oracle misc misc misc misc docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 342/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1090323036.html Linux Kernel nfsd CAP_MKNOD Security Bypass http://idp.cyberoam.com/signatures/1090323037.html ProFTPD Server Username Handling SQL Injection http://idp.cyberoam.com/signatures/1090213150.html Rhino Software Serv-U FTP Server rnto Command Directory Traversal http://idp.cyberoam.com/signatures/1081003180.html Novell GroupWise Internet Agent Email Address Processing Buffer Overflow http://idp.cyberoam.com/signatures/1090522060.html Novell Groupwise Internet Agent RCPT Command Buffer Overflow http://idp.cyberoam.com/signatures/1090202080.html Novell GroupWise Internet Agent SMTP AUTH LOGIN Command Buffer Overflow http://idp.cyberoam.com/signatures/1090522050.html HP OpenView Network Node Manager ovalarmsrv Integer Overflow http://idp.cyberoam.com/signatures/1090427070.html HP OpenView Network Node Manager ovalarmsrv Integer Overflow http://idp.cyberoam.com/signatures/1090427071.html HP OpenView Network Node Manager ovalarmsrv Integer Overflow http://idp.cyberoam.com/signatures/1090427073.html HP OpenView Network Node Manager ovalarmsrv Integer Overflow http://idp.cyberoam.com/signatures/1090427074.html HP OpenView Network Node Manager ovalarmsrv Integer Overflow http://idp.cyberoam.com/signatures/1090427075.html HP OpenView Network Node Manager ovalarmsrv Integer Overflow http://idp.cyberoam.com/signatures/1090427072.html Squid HTTP Version Number Parsing Denial of Service http://idp.cyberoam.com/signatures/1090204190.html MySQL XML Functions Scalar XPath Denial of Service http://idp.cyberoam.com/signatures/1090304051.html MySQL XML Functions Scalar XPath Denial of Service http://idp.cyberoam.com/signatures/1090304050.html Sun MySQL mysql_log Format String Vulnerability http://idp.cyberoam.com/signatures/1090709060.html Sun MySQL mysql_log Format String Vulnerability http://idp.cyberoam.com/signatures/1090709061.html Symantec Alert Management System Intel Alert Originator Service Buffer Overflow http://idp.cyberoam.com/signatures/1090430021.html Symantec Alert Management System Intel Alert Originator Service Buffer Overflow http://idp.cyberoam.com/signatures/1090430020.html Microsoft Active Directory LDAP Search Request Buffer Overflow http://idp.cyberoam.com/signatures/1081014163.html exploit misc ftp ftp smtp smtp smtp misc misc misc misc misc misc dos mysql mysql mysql mysql exploit ldap 1.3.1.6.56. V 2.4.44 Release Date 30th November,2009 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.42 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure 1. Download upgrade fromhttp://download.cyberoam.com/ips docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 343/409 ١١٢١٠٢/٤/ 2. 3. 4. Cyberoam Docs Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.44. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added:55 Risk level: High Category exploit Name Linux Kernel SCTP FWD-TSN Handling Buffer Overflow http://idp.cyberoam.com/signatures/1090106230.html Microsoft Windows Print Spooler Service Buffer Overflow http://idp.cyberoam.com/signatures/2090609240.html Microsoft Windows Print Spooler Service Buffer Overflow http://idp.cyberoam.com/signatures/2090609241.html Microsoft Windows Print Spooler Service Buffer Overflow http://idp.cyberoam.com/signatures/2090609244.html Microsoft Windows Print Spooler Service Buffer Overflow http://idp.cyberoam.com/signatures/2090609245.html FlashGet FTP PWD Command Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080814060.html Ipswitch WS_FTP Client Format String Vulnerability http://idp.cyberoam.com/signatures/1080818060.html Microsoft Windows Internet Printing Service Integer Overflow http://idp.cyberoam.com/signatures/1081014242.html Microsoft Windows Print Spooler Service Buffer Overflow http://idp.cyberoam.com/signatures/1090609242.html Microsoft Windows Print Spooler Service Buffer Overflow http://idp.cyberoam.com/signatures/1090609243.html Microsoft Windows Print Spooler Service Buffer Overflow http://idp.cyberoam.com/signatures/1090609246.html Microsoft Windows Print Spooler Service Buffer Overflow http://idp.cyberoam.com/signatures/1090609247.html Cerulean Studios Trillian AIM XML Tag Handling Heap Buffer Overflow http://idp.cyberoam.com/signatures/1081205050.html Cerulean Studios Trillian Image Filename XML Tag Stack Buffer Overflow http://idp.cyberoam.com/signatures/1081205030.html mIRC PRIVMSG Message Processing Buffer Overflow http://idp.cyberoam.com/signatures/1081003050.html Oracle Secure Backup NDMP CONECT_CLIENT_AUTH Command Buffer Overflow http://idp.cyberoam.com/signatures/1090115060.html Oracle Secure Backup NDMP Packet Handling Multiple Memory Corruption http://idp.cyberoam.com/signatures/1090115110.html Oracle Secure Backup NDMP Packet Handling Multiple Memory Corruption http://idp.cyberoam.com/signatures/1090115111.html Oracle Database DBMS_AQADM_SYS Package GRANT_TYPE_ACCESS Procedure SQL Injection netbios netbios netbios netbios ftp ftp netbios netbios netbios netbios netbios misc misc misc oracle oracle oracle oracle docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 344/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1090417070.html Oracle Database DBMS_AQADM_SYS Package GRANT_TYPE_ACCESS Procedure SQL Injection http://idp.cyberoam.com/signatures/1090417072.html Oracle Database Server LT.ROLLBACKWORKSPACE SQL Injection http://idp.cyberoam.com/signatures/1090511010.html Oracle Database Server Workspace Manager Multiple SQL Injection http://idp.cyberoam.com/signatures/1090706040.html Oracle Database Server Workspace Manager Multiple SQL Injection http://idp.cyberoam.com/signatures/1090706041.html Oracle Database Server Workspace Manager Multiple SQL Injection http://idp.cyberoam.com/signatures/1090706042.html Oracle Database Server Workspace Manager Multiple SQL Injection http://idp.cyberoam.com/signatures/1090706043.html Oracle Database Server Workspace Manager Multiple SQL Injection (Published Exploit) http://idp.cyberoam.com/signatures/1090706044.html Oracle Database SYS.OLAPIMPL_T Package ODCITABLESTART Buffer Overflow http://idp.cyberoam.com/signatures/1090203190.html Sun Solaris sadmind RPC Request Integer Overflow http://idp.cyberoam.com/signatures/1090525040.html Sun Solstice AdminSuite sadmind service adm_build_path Buffer Overflow http://idp.cyberoam.com/signatures/1081015042.html Sun Solstice AdminSuite sadmind service adm_build_path Buffer Overflow http://idp.cyberoam.com/signatures/1081015041.html Microsoft SQL Server sp_replwritetovarbin Stored Procedure Buffer Overflow http://idp.cyberoam.com/signatures/1081209023.html Microsoft SQL Server sp_replwritetovarbin Stored Procedure Buffer Overflow http://idp.cyberoam.com/signatures/1081209024.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1281023105.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1581023101.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1481023104.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1281023100.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1281023108.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1281023106.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1281023109.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1281023107.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1581023105.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1581023102.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1581023106.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow netbios oracle oracle oracle oracle oracle oracle oracle oracle oracle misc misc sql sql netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 345/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1581023103.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1581023107.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1581023104.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1281023103.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1281023101.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1281023104.html Microsoft Windows Server Service RPC Request Handling Buffer Overflow http://idp.cyberoam.com/signatures/1281023102.html Proxy Application - Ultrasurf 9.6 http://idp.cyberoam.com/signatures/1100826.html Proxy Application - Ultrasurf 9.6 http://idp.cyberoam.com/signatures/1100827.html Proxy Application - HTTP-Tunnel http://idp.cyberoam.com/signatures/1100828.html Proxy Application - HTTP-Tunnel http://idp.cyberoam.com/signatures/1100829.html Proxy Application - HTTP-Tunnel http://idp.cyberoam.com/signatures/1100830.html netbios netbios Netbios netbios netbios netbios cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures 1.3.1.6.57. V 2.4.42 Release Date 18th November,2009 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.41 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure 1. 2. 3. 4. Download upgrade fromhttp://download.cyberoam.com/ips Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.42. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added:18 Risk level: High Name Itshidden - VPN Application http://idp.cyberoam.com/signatures/1100789.html Proxy Application Hide-my-IP Category cyberoam-signatures cyberoam-signatures docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 346/409 ١١٢١٠٢/٤/ Ultravpn - VPN Application Cyberoam Docs http://idp.cyberoam.com/signatures/1100790.html cyberoam-signatures cyberoam-signatures http://idp.cyberoam.com/signatures/1100791.html Proxy Application Hide your IP http://idp.cyberoam.com/signatures/1100792.html Proxy Application Hotspot http://idp.cyberoam.com/signatures/1100794.html Proxy Application Proxyway http://idp.cyberoam.com/signatures/1100795.html Remote control software - VNC http://idp.cyberoam.com/signatures/1100797.html Proxy Application - Ultrasurf 9.6 http://idp.cyberoam.com/signatures/1100801.html Ultrasurf Utility - DNS Resolve Attempt http://idp.cyberoam.com/signatures/1100802.html Surfing Using Freegate Utility http://idp.cyberoam.com/signatures/1100807.html Accessing Facebook Applications http://idp.cyberoam.com/signatures/1100808.html Accessing Facebook Games http://idp.cyberoam.com/signatures/1100809.html Surfing using Hopster Tool http://idp.cyberoam.com/signatures/1100810.html Webmail Chat Attempt - Gmail (HTTPS) http://idp.cyberoam.com/signatures/1100811.html OpenVPN - VPN Application http://idp.cyberoam.com/signatures/1100821.html Jabber Own server Connect - Chat Client http://idp.cyberoam.com/signatures/1100822html Proxy Application - Ultrasurf 9.6 http://idp.cyberoam.com/signatures/1100823.html Ultrasurf Server list accessing using Google http://idp.cyberoam.com/signatures/1100824.html cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures 1.3.1.6.58. V 2.4.41 Release Date 29th October, 2009 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.40 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure 1. 2. 3. 4. Download upgrade fromhttp://download.cyberoam.com/ips Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions.s Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.41. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 347/409 ١١٢١٠٢/٤/ Cyberoam Docs Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 81 Risk level: High Name Microsoft Office Web Components DateSource Code Execution http://idp.cyberoam.com/signatures/1080311171.html Microsoft Office Web Components URL Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1080311130.html Microsoft Office Web Components URL Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1080311132.html Microsoft Office Web Components URL Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1080311131.html Microsoft SQL Server Backup Restoring Memory Corruption http://idp.cyberoam.com/signatures/1080708050.html Microsoft SQL Server Backup Restoring Memory Corruption http://idp.cyberoam.com/signatures/1080708051.html Microsoft Visio DXF File Handling Code Execution http://idp.cyberoam.com/signatures/1080408161.html Microsoft Visio DXF File Handling Code Execution http://idp.cyberoam.com/signatures/1080408162.html Microsoft Windows ActiveX Control hxvz.dll Memory Corruption http://idp.cyberoam.com/signatures/1080408100.html Microsoft Windows ActiveX Control hxvz.dll Memory Corruption http://idp.cyberoam.com/signatures/1080408101.html Microsoft Windows Explorer Search-ms File Parsing Code Execution http://idp.cyberoam.com/signatures/1080708090.html Microsoft Windows Explorer Search-ms File Parsing Code Execution http://idp.cyberoam.com/signatures/1080708091.html Microsoft Windows GDI EMF Image File Handling Stack Overflow http://idp.cyberoam.com/signatures/1080408150.html Microsoft Windows GDI EMF Image File Handling Stack Overflow http://idp.cyberoam.com/signatures/1080408151.html Microsoft Windows Scripting Engines Script Encoding Code Execution http://idp.cyberoam.com/signatures/1080408131.html Microsoft Windows Scripting Engines Script Encoding Code Execution http://idp.cyberoam.com/signatures/1080408130.html Microsoft Word Cascading Style Sheet Processing Code Execution http://idp.cyberoam.com/signatures/1080513080.html Microsoft Word Cascading Style Sheet Processing Code Execution http://idp.cyberoam.com/signatures/1080513081.html Microsoft Word Cascading Style Sheet Processing Code Execution http://idp.cyberoam.com/signatures/1080513084.html Microsoft Word Cascading Style Sheet Processing Code Execution http://idp.cyberoam.com/signatures/1080513085.html Microsoft Word Cascading Style Sheet Processing Code Execution http://idp.cyberoam.com/signatures/1080513082.html Microsoft Word Cascading Style Sheet Processing Code Execution http://idp.cyberoam.com/signatures/1080513083.html Microsoft Word Cascading Style Sheet Processing Code Execution http://idp.cyberoam.com/signatures/1080513086.html OpenOffice OLE File Stream Buffer Overflow http://idp.cyberoam.com/signatures/1080512060.html Category web-misc web-misc web-misc web-misc sql Sql web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 348/409 ١١٢١٠٢/٤/ Cyberoam Docs OpenOffice OLE File Stream Buffer Overflow http://idp.cyberoam.com/signatures/1080512061.html RealNetworks RealPlayer ActiveX Import Method Buffer Overflow http://idp.cyberoam.com/signatures/1080725211.html RealNetworks RealPlayer ActiveX Import Method Buffer Overflow http://idp.cyberoam.com/signatures/1080725210.html RealNetworks RealPlayer ActiveX Import Method Buffer Overflow http://idp.cyberoam.com/signatures/1080725213.html RealNetworks RealPlayer ActiveX Import Method Buffer Overflow http://idp.cyberoam.com/signatures/1080725212.html RealNetworks RealPlayer ActiveX Import Method Buffer Overflow http://idp.cyberoam.com/signatures/1080725214.html Sun Java Web Start JNLP java-vm-args Heap Buffer Overflow http://idp.cyberoam.com/signatures/1080722050.html Sun Java Web Start JNLP java-vm-args Heap Buffer Overflow http://idp.cyberoam.com/signatures/1080722051.html Sun Java Web Start JNLP vm args Stack Overflow http://idp.cyberoam.com/signatures/1080721070.html Sun Java Web Start JNLP vm args Stack Overflow http://idp.cyberoam.com/signatures/1080721071.html Trend Micro OfficeScan objRemoveCtrl ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1080728160.html Trend Micro OfficeScan objRemoveCtrl ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1080728166.html Trend Micro OfficeScan objRemoveCtrl ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1080728165.html Trend Micro OfficeScan objRemoveCtrl ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1080728163.html Trend Micro OfficeScan objRemoveCtrl ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1080728164.html Trend Micro OfficeScan objRemoveCtrl ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1080728161.html Trend Micro OfficeScan objRemoveCtrl ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1080728162.html Trend Micro OfficeScan objRemoveCtrl ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1080728167.html CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow http://idp.cyberoam.com/signatures/1080731124.html CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow http://idp.cyberoam.com/signatures/1080731125.html Microsoft Windows Active Directory Denial of Service http://idp.cyberoam.com/signatures/1080610104.html Microsoft Windows Active Directory Denial of Service http://idp.cyberoam.com/signatures/1080610106.html Microsoft Windows Active Directory Denial of Service http://idp.cyberoam.com/signatures/1080610100.html Microsoft Windows Active Directory Denial of Service http://idp.cyberoam.com/signatures/1080610102.html CA eTrust Secure Content Manager Gateway FTP PASV Stack Overflow http://idp.cyberoam.com/signatures/1080604270.html Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution http://idp.cyberoam.com/signatures/1080409200.html web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc misc misc dos dos dos dos ftp web-attacks docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 349/409 ١١٢١٠٢/٤/ Cyberoam Docs Adobe Multiple Products BMP Image Header Handling Buffer Overflow http://idp.cyberoam.com/signatures/1080421060.html Apple QuickTime PICT Multiple Records Handling Buffer Overflow http://idp.cyberoam.com/signatures/1080403081.html Apple QuickTime PICT Multiple Records Handling Buffer Overflow http://idp.cyberoam.com/signatures/1080403080.html Apple Safari for Windows and Internet Explorer Combined Code Execution http://idp.cyberoam.com/signatures/1080602030.html Apple Safari for Windows and Internet Explorer Combined Code Execution http://idp.cyberoam.com/signatures/1080602031.html Apple Safari for Windows and Internet Explorer Combined Code Execution http://idp.cyberoam.com/signatures/1080602032.html Microsoft Excel File Importing Code Execution http://idp.cyberoam.com/signatures/1080311151.html Microsoft Excel File Importing Code Execution http://idp.cyberoam.com/signatures/1080311150.html Microsoft Visio DXF File Handling Code Execution http://idp.cyberoam.com/signatures/1080408160.html Sun Solaris rpc.ypupdated Command Injection Vulnerability http://idp.cyberoam.com/signatures/1080324040.html Multiple Vendor SNMPv3 HMAC Handling Authentication Bypass http://idp.cyberoam.com/signatures/1080610181.html Multiple Vendor SNMPv3 HMAC Handling Authentication Bypass http://idp.cyberoam.com/signatures/1080610182.html Multiple Vendor SNMPv3 HMAC Handling Authentication Bypass http://idp.cyberoam.com/signatures/1080610183.html Multiple Vendor SNMPv3 HMAC Handling Authentication Bypass http://idp.cyberoam.com/signatures/1080610180.html Castle Rock Computing SNMPc Network Manager Community String Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080430034.html Castle Rock Computing SNMPc Network Manager Community String Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080430035.html Castle Rock Computing SNMPc Network Manager Community String Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080430033.html Castle Rock Computing SNMPc Network Manager Community String Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080430037.html Castle Rock Computing SNMPc Network Manager Community String Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080430038.html Castle Rock Computing SNMPc Network Manager Community String Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080430036.html Castle Rock Computing SNMPc Network Manager Community String Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080430031.html Castle Rock Computing SNMPc Network Manager Community String Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080430032.html Castle Rock Computing SNMPc Network Manager Community String Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080430030.html Castle Rock Computing SNMPc Network Manager Community String Stack Buffer Overflow web-attacks web-attacks web-attacks web-attacks web-attacks web-attacks web-attacks web-attacks web-attacks exploit snmp snmp snmp snmp snmp snmp snmp snmp snmp snmp snmp snmp snmp snmp docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 350/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1080430039.html Castle Rock Computing SNMPc Network Manager Community String Stack Buffer Overflow http://idp.cyberoam.com/signatures/2080430030.html Digium Asterisk Invalid RTP Payload Type Number Memory Corruption http://idp.cyberoam.com/signatures/1080319020.html Digium Asterisk Invalid RTP Payload Type Number Memory Corruption http://idp.cyberoam.com/signatures/1080319021.html TFTP Server Error Packet Handling Buffer Overflow http://idp.cyberoam.com/signatures/1080508180.html McAfee ePolicy Orchestrator Framework Services Log Handling Format String Vulnerability http://idp.cyberoam.com/signatures/1080312152.html McAfee ePolicy Orchestrator Framework Services Log Handling Format String Vulnerability http://idp.cyberoam.com/signatures/1080312150.html McAfee ePolicy Orchestrator Framework Services Log Handling Format String Vulnerability http://idp.cyberoam.com/signatures/1080312151.html snmp misc misc tftp misc misc misc 1.3.1.6.59. V 2.4.40 Release Date 12th October, 2009 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.39 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure 1. 2. 3. 4. Download upgrade fromhttp://download.cyberoam.com/ips Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.40. Release includes removal of obsolete signatures as well as includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. Total signatures added: 9 Risk level: High New signatures are added for the following vulnerabilities: Name Freegate Utility - DNS Resolve Attempt http://idp.cyberoam.com/signatures/1100780.html Gtunnel Proxy Attempt http://idp.cyberoam.com/signatures/1100782.html Gtunnel Utility - DNS Resolve Attempt http://idp.cyberoam.com/signatures/1100781.html External SOCK4 Attempt – Stream http://idp.cyberoam.com/signatures/1100783.html External SOCK4 Attempt http://idp.cyberoam.com/signatures/1100784.html External SOCK4 Attempt – Portbinding http://idp.cyberoam.com/signatures/1100785.html Category Cyberoam-signatures Cyberoam-signatures Cyberoam-signatures Cyberoam-signatures Cyberoam-signatures Cyberoam-signatures docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 351/409 ١١٢١٠٢/٤/ External SOCK5 Attempt – Stream http://idp.cyberoam.com/signatures/1100786.html External SOCK5 Attempt – Portbinding http://idp.cyberoam.com/signatures/1100787.html External SOCK5 Attempt http://idp.cyberoam.com/signatures/1100788.html Cyberoam Docs Cyberoam-signatures Cyberoam-signatures Cyberoam-signatures Removal of Obsolete Signatures Total signatures removed: 256 Risk level: Low Signatures removed for the following vulnerabilities: Name WEB-IIS cross-site scripting attempt http://idp.cyberoam.com/signatures/1007.html WEB-IIS encoding access http://idp.cyberoam.com/signatures/1010.html WEB-IIS scripts-browse access http://idp.cyberoam.com/signatures/1029.html WEB-IIS Unauthorized IP Access Attempt http://idp.cyberoam.com/signatures/1045.html WEB-MISC ftp attempt http://idp.cyberoam.com/signatures/1057.html WEB-MISC xp_enumdsn attempt http://idp.cyberoam.com/signatures/1058.html WEB-MISC xp_filelist attempt http://idp.cyberoam.com/signatures/1059.html WEB-MISC xp_availablemedia attempt http://idp.cyberoam.com/signatures/1060.html WEB-MISC xp_cmdshell attempt http://idp.cyberoam.com/signatures/1061.html WEB-MISC xp_regread attempt http://idp.cyberoam.com/signatures/1069.html BACKDOOR subseven DEFCON8 2.1 access http://idp.cyberoam.com/signatures/107.html WEB-IIS postinfo.asp access http://idp.cyberoam.com/signatures/1075.html WEB-IIS repost.asp access http://idp.cyberoam.com/signatures/1076.html WEB-MISC queryhit.htm access http://idp.cyberoam.com/signatures/1077.html WEB-MISC counter.exe access http://idp.cyberoam.com/signatures/1078.html WEB-MISC whisker tab splice attack http://idp.cyberoam.com/signatures/1087.html SCAN nmap XMAS http://idp.cyberoam.com/signatures/1228.html WEB-IIS ISAPI .ida access http://idp.cyberoam.com/signatures/1242.html Category web access web access web access web access web access web access web access web access web access web access backdoor web access web access web access web access web access network attacks and anomaly web access docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 352/409 ١١٢١٠٢/٤/ Cyberoam Docs TELNET bsd exploit client finishing http://idp.cyberoam.com/signatures/1253.html DOS Winnuke attack http://idp.cyberoam.com/signatures/1257.html WEB-CGI store.cgi product directory traversal attempt http://idp.cyberoam.com/signatures/1306.html WEB-CGI zsh access http://idp.cyberoam.com/signatures/1309.html BAD-TRAFFIC 0 ttl http://idp.cyberoam.com/signatures/1321.html BAD-TRAFFIC bad frag bits http://idp.cyberoam.com/signatures/1322.html EXPLOIT ssh CRC32 overflow filler http://idp.cyberoam.com/signatures/1325.html FTP wu-ftp bad file completion attempt http://idp.cyberoam.com/signatures/1378.html WEB-IIS cross-site scripting attempt http://idp.cyberoam.com/signatures/1380.html WEB-PHP PHP-Nuke remote file include attempt http://idp.cyberoam.com/signatures/1399.html SNMP public access udp http://idp.cyberoam.com/signatures/1411.html SNMP request udp http://idp.cyberoam.com/signatures/1417.html SHELLCODE x86 0xEB0C NOOP http://idp.cyberoam.com/signatures/1424.html WEB-PHP content-disposition http://idp.cyberoam.com/signatures/1425.html TELNET Solaris memory mismanagement exploit attempt http://idp.cyberoam.com/signatures/1430.html BAD-TRAFFIC syn to multicast address http://idp.cyberoam.com/signatures/1431.html ATTACK-RESPONSES oracle one hour install http://idp.cyberoam.com/signatures/1464.html WEB-IIS mkilog.exe access http://idp.cyberoam.com/signatures/1485.html WEB-IIS ctss.idc access http://idp.cyberoam.com/signatures/1486.html WEB-MISC cross site scripting attempt http://idp.cyberoam.com/signatures/1497.html WEB-MISC Cisco /%% DOS attempt http://idp.cyberoam.com/signatures/1546.html BAD-TRAFFIC Unassigned/Reserved IP protocol http://idp.cyberoam.com/signatures/1627.html DOS DB2 dos attempt http://idp.cyberoam.com/signatures/1641.html WEB-IIS trace.axd access http://idp.cyberoam.com/signatures/1660.html ORACLE select union attempt http://idp.cyberoam.com/signatures/1676.html dbms network attacks and anomaly web access network attacks and anomaly web access web access web access web access network attacks and anomaly network attacks and anomaly telnet web access shellcode snmp snmp web access web access ftp exploit network attacks and anomaly network attacks and anomaly web access web access telnet network attacks and anomaly docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 353/409 ١١٢١٠٢/٤/ Cyberoam Docs ORACLE select like '%' attempt http://idp.cyberoam.com/signatures/1677.html ORACLE select like '%' attempt backslash escaped http://idp.cyberoam.com/signatures/1678.html ORACLE describe attempt http://idp.cyberoam.com/signatures/1679.html ORACLE all_constraints access http://idp.cyberoam.com/signatures/1680.html ORACLE all_views access http://idp.cyberoam.com/signatures/1681.html ORACLE all_source access http://idp.cyberoam.com/signatures/1682.html ORACLE all_tables access http://idp.cyberoam.com/signatures/1683.html ORACLE all_tab_columns access http://idp.cyberoam.com/signatures/1684.html ORACLE all_tab_privs access http://idp.cyberoam.com/signatures/1685.html ORACLE dba_tablespace access http://idp.cyberoam.com/signatures/1686.html ORACLE dba_tables access http://idp.cyberoam.com/signatures/1687.html ORACLE user_tablespace access http://idp.cyberoam.com/signatures/1688.html ORACLE sys.all_users access http://idp.cyberoam.com/signatures/1689.html ORACLE grant attempt http://idp.cyberoam.com/signatures/1690.html ORACLE ALTER USER attempt http://idp.cyberoam.com/signatures/1691.html ORACLE drop table attempt http://idp.cyberoam.com/signatures/1692.html ORACLE create table attempt http://idp.cyberoam.com/signatures/1693.html ORACLE alter table attempt http://idp.cyberoam.com/signatures/1694.html ORACLE truncate table attempt http://idp.cyberoam.com/signatures/1695.html ORACLE create database attempt http://idp.cyberoam.com/signatures/1696.html ORACLE alter database attempt http://idp.cyberoam.com/signatures/1697.html WEB-CGI calendar-admin.pl access http://idp.cyberoam.com/signatures/1701.html WEB-IIS users.xml access http://idp.cyberoam.com/signatures/1750.html WEB-IIS as_web.exe access http://idp.cyberoam.com/signatures/1753.html WEB-IIS as_web4.exe access web access web access web access web access dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 354/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1754.html WEB-IIS pbserver access http://idp.cyberoam.com/signatures/1772.html NNTP return code buffer overflow attempt http://idp.cyberoam.com/signatures/1792.html WEB-IIS .asa HTTP header buffer overflow attempt http://idp.cyberoam.com/signatures/1802.html WEB-IIS .cer HTTP header buffer overflow attempt http://idp.cyberoam.com/signatures/1803.html WEB-IIS .cdx HTTP header buffer overflow attempt http://idp.cyberoam.com/signatures/1804.html WEB-MISC mailman cross site scripting attempt http://idp.cyberoam.com/signatures/1839.html WEB-CLIENT Javascript URL host spoofing attempt http://idp.cyberoam.com/signatures/1841.html FTP SITE NEWER attempt http://idp.cyberoam.com/signatures/1864.html MISC xdmcp info query http://idp.cyberoam.com/signatures/1867.html ATTACK-RESPONSES id check returned userid http://idp.cyberoam.com/signatures/1882.html SCAN UPnP service discover attempt http://idp.cyberoam.com/signatures/1917.html RPC portmap proxy attempt UDP http://idp.cyberoam.com/signatures/1923.html DNS zone transfer UDP http://idp.cyberoam.com/signatures/1948.html FTP DELE overflow attempt http://idp.cyberoam.com/signatures/1975.html MISC CVS missing cvsroot response http://idp.cyberoam.com/signatures/2012.html WEB-MISC Lotus Notes .csp script source download attempt http://idp.cyberoam.com/signatures/2064.html WEB-MISC Lotus Notes .csp script source download attempt http://idp.cyberoam.com/signatures/2065.html WEB-MISC Lotus Notes .pl script source download attempt http://idp.cyberoam.com/signatures/2066.html WEB-MISC Lotus Notes .exe script source download attempt http://idp.cyberoam.com/signatures/2067.html WEB-IIS WEBDAV exploit attempt http://idp.cyberoam.com/signatures/2090.html WEB-IIS Battleaxe Forum login.asp access http://idp.cyberoam.com/signatures/2117.html FTP CWD Root directory transversal attempt http://idp.cyberoam.com/signatures/2125.html WEB-IIS MS BizTalk server access http://idp.cyberoam.com/signatures/2133.html WEB-IIS register.asp access http://idp.cyberoam.com/signatures/2134.html BAD-TRAFFIC IP Proto 53 SWIPE network attacks and anomaly web access web access ftp web access web access web access web access web access web access web access ftp dns rpc network attacks and anomaly network attacks and anomaly web access ftp web client access web access web access web access web access nntp web access docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 355/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2186.html BAD-TRAFFIC IP Proto 55 IP Mobility http://idp.cyberoam.com/signatures/2187.html BAD-TRAFFIC IP Proto 77 Sun ND http://idp.cyberoam.com/signatures/2188.html BAD-TRAFFIC IP Proto 103 PIM http://idp.cyberoam.com/signatures/2189.html IMAP login brute force attempt http://idp.cyberoam.com/signatures/2273.html POP3 login brute force attempt http://idp.cyberoam.com/signatures/2274.html SHELLCODE x86 0x71FB7BAB NOOP http://idp.cyberoam.com/signatures/2312.html SHELLCODE x86 0x71FB7BAB NOOP unicode http://idp.cyberoam.com/signatures/2313.html NETBIOS DCERPC ISystemActivator path overflow attempt little endian unicode http://idp.cyberoam.com/signatures/2351.html NETBIOS DCERPC ISystemActivator path overflow attempt big endian unicode http://idp.cyberoam.com/signatures/2352.html WEB-MISC schema overflow attempt http://idp.cyberoam.com/signatures/2381.html NETBIOS SMB Session Setup AndX request username overflow attempt http://idp.cyberoam.com/signatures/2401.html NETBIOS SMB-DS Session Setup AndX request username overflow attempt http://idp.cyberoam.com/signatures/2402.html NETBIOS SMB Session Setup AndX request unicode username overflow attempt http://idp.cyberoam.com/signatures/2403.html NETBIOS SMB-DS Session Setup AndX request unicode username overflow attempt http://idp.cyberoam.com/signatures/2404.html DDOS shaft synflood http://idp.cyberoam.com/signatures/241.html WEB-CGI MDaemon form2raw.cgi overflow attempt http://idp.cyberoam.com/signatures/2433.html WEB-CLIENT RealPlayer arbitrary javascript command attempt http://idp.cyberoam.com/signatures/2437.html WEB-CLIENT RealPlayer playlist file URL overflow attempt http://idp.cyberoam.com/signatures/2438.html WEB-CLIENT RealPlayer playlist http URL overflow attempt http://idp.cyberoam.com/signatures/2439.html WEB-CLIENT RealPlayer playlist rtsp URL overflow attempt http://idp.cyberoam.com/signatures/2440.html DDOS mstream handler to client http://idp.cyberoam.com/signatures/250.html NETBIOS SMB-DS DCERPC LSASS DsRolerUpgradeDownlevelServer exploit attempt http://idp.cyberoam.com/signatures/2514.html netbios network attacks and anomaly web client access web client access web client access web client access web access network attacks and anomaly netbios netbios netbios netbios web access netbios netbios shellcode shellcode Pop imap network attacks and anomaly network attacks and anomaly network attacks and anomaly docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 356/409 ١١٢١٠٢/٤/ Cyberoam Docs WEB-MISC PCT Client_Hello overflow attempt http://idp.cyberoam.com/signatures/2515.html FTP MDTM overflow attempt http://idp.cyberoam.com/signatures/2546.html MISC HP Web JetAdmin remote file upload attempthttp://idp.cyberoam.com/signatures/2547.html MISC HP Web JetAdmin setinfo access http://idp.cyberoam.com/signatures/2548.html DNS zone transfer TCP http://idp.cyberoam.com/signatures/255.html WEB-MISC server negative Content-Length attempt http://idp.cyberoam.com/signatures/2580.html SMTP MAIL FROM overflow attempt http://idp.cyberoam.com/signatures/2590.html WEB-MISC SSLv2 Client_Hello Challenge Length overflow attempt http://idp.cyberoam.com/signatures/2656.html WEB-MISC SSLv2 Client_Hello with pad Challenge Length overflow attempt http://idp.cyberoam.com/signatures/2657.html WEB-CLIENT JPEG parser heap overflow attempt http://idp.cyberoam.com/signatures/2705.html WEB-CLIENT JPEG parser multipacket heap overflow http://idp.cyberoam.com/signatures/2707.html DOS UDP echo+chargen bomb http://idp.cyberoam.com/signatures/271.html DOS NAPTHA http://idp.cyberoam.com/signatures/275.html DOS Real Server template.html http://idp.cyberoam.com/signatures/277.html DOS Real Server template.html http://idp.cyberoam.com/signatures/278.html DOS Bay/Nortel Nautica Marlin http://idp.cyberoam.com/signatures/279.html POP2 x86 Linux overflow http://idp.cyberoam.com/signatures/284.html POP2 x86 Linux overflow http://idp.cyberoam.com/signatures/285.html DNS UDP inverse query http://idp.cyberoam.com/signatures/2921.html DNS TCP inverse query http://idp.cyberoam.com/signatures/2922.html NNTP XPAT pattern overflow attempt http://idp.cyberoam.com/signatures/2927.html NETBIOS SMB NDdeSetTrustedShareW unicode overflow attempt http://idp.cyberoam.com/signatures/2937.html NETBIOS SMB-DS NDdeSetTrustedShareW overflow attempt http://idp.cyberoam.com/signatures/2938.html NETBIOS SMB-DS NDdeSetTrustedShareW unicode overflow attempt netbios netbios netbios nntp dns dns pop pop network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly web client access web client access web access web access smtp web access dns web access web access ftp web access docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 357/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2939.html NETBIOS SMB NDdeSetTrustedShareW little endian overflow attempt http://idp.cyberoam.com/signatures/2946.html NETBIOS SMB NDdeSetTrustedShareW unicode little endian overflow attempt http://idp.cyberoam.com/signatures/2947.html NETBIOS SMB-DS NDdeSetTrustedShareW little endian overflow attempt http://idp.cyberoam.com/signatures/2948.html NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian overflow attempt http://idp.cyberoam.com/signatures/2949.html NETBIOS SMB NDdeSetTrustedShareW andx overflow attempt http://idp.cyberoam.com/signatures/2964.html NETBIOS SMB NDdeSetTrustedShareW little endian andx overflow attempt http://idp.cyberoam.com/signatures/2965.html NETBIOS SMB NDdeSetTrustedShareW unicode andx overflow attempt http://idp.cyberoam.com/signatures/2966.html NETBIOS SMB NDdeSetTrustedShareW unicode little endian andx overflow attempt http://idp.cyberoam.com/signatures/2967.html NETBIOS SMB-DS NDdeSetTrustedShareW andx overflow attempt http://idp.cyberoam.com/signatures/2968.html NETBIOS SMB-DS NDdeSetTrustedShareW little endian andx overflow attempt http://idp.cyberoam.com/signatures/2969.html NETBIOS SMB-DS NDdeSetTrustedShareW unicode andx overflow attempt http://idp.cyberoam.com/signatures/2970.html NETBIOS SMB-DS NDdeSetTrustedShareW unicode little endian andx overflow attempt http://idp.cyberoam.com/signatures/2971.html EXPLOIT WINS overflow attempt http://idp.cyberoam.com/signatures/3017.html IMAP append literal overflow attempt http://idp.cyberoam.com/signatures/3065.html NNTP SEARCH pattern overflow attempt http://idp.cyberoam.com/signatures/3078.html MISC Unreal Tournament secure overflow attempt http://idp.cyberoam.com/signatures/3080.html NETBIOS SMB llsrconnect little endian overflow attempt http://idp.cyberoam.com/signatures/3115.html NETBIOS SMB llsrconnect unicode overflow attempt http://idp.cyberoam.com/signatures/3116.html NETBIOS SMB llsrconnect unicode little endian overflow attempt http://idp.cyberoam.com/signatures/3117.html NETBIOS SMB llsrconnect andx overflow attempt http://idp.cyberoam.com/signatures/3118.html NETBIOS SMB llsrconnect little endian andx overflow attempt http://idp.cyberoam.com/signatures/3119.html EXPLOIT ntpdx overflow attempt exploit netbios netbios netbios netbios netbios web access nntp imap exploit netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 358/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/312.html NETBIOS SMB llsrconnect unicode andx overflow attempt http://idp.cyberoam.com/signatures/3120.html NETBIOS SMB llsrconnect unicode little endian andx overflow attempt http://idp.cyberoam.com/signatures/3121.html NETBIOS SMB-DS llsrconnect overflow attempt http://idp.cyberoam.com/signatures/3122.html NETBIOS SMB-DS llsrconnect little endian overflow attempt http://idp.cyberoam.com/signatures/3123.html NETBIOS SMB-DS llsrconnect unicode overflow attempt http://idp.cyberoam.com/signatures/3124.html NETBIOS SMB-DS llsrconnect unicode little endian overflow attempt http://idp.cyberoam.com/signatures/3125.html NETBIOS SMB-DS llsrconnect andx overflow attempt http://idp.cyberoam.com/signatures/3126.html NETBIOS SMB-DS llsrconnect little endian andx overflow attempt http://idp.cyberoam.com/signatures/3127.html NETBIOS SMB-DS llsrconnect unicode andx overflow attempt http://idp.cyberoam.com/signatures/3128.html NETBIOS SMB-DS llsrconnect unicode little endian andx overflow attempt http://idp.cyberoam.com/signatures/3129.html WEB-CLIENT PNG large image width download attempt http://idp.cyberoam.com/signatures/3132.html WEB-CLIENT PNG large image height download attempt http://idp.cyberoam.com/signatures/3133.html NETBIOS SMB CoGetInstanceFromFile overflow attempt http://idp.cyberoam.com/signatures/3176.html NETBIOS SMB CoGetInstanceFromFile little endian overflow attempt http://idp.cyberoam.com/signatures/3177.html NETBIOS SMB CoGetInstanceFromFile unicode overflow attempt http://idp.cyberoam.com/signatures/3178.html NETBIOS SMB CoGetInstanceFromFile unicode little endian overflow attempt http://idp.cyberoam.com/signatures/3179.html NETBIOS SMB CoGetInstanceFromFile andx overflow attempt http://idp.cyberoam.com/signatures/3180.html NETBIOS SMB CoGetInstanceFromFile little endian andx overflow attempt http://idp.cyberoam.com/signatures/3181.html NETBIOS SMB CoGetInstanceFromFile unicode andx overflow attempt http://idp.cyberoam.com/signatures/3182.html NETBIOS SMB CoGetInstanceFromFile unicode little endian andx overflow attempt http://idp.cyberoam.com/signatures/3183.html NETBIOS SMB-DS CoGetInstanceFromFile overflow attempt http://idp.cyberoam.com/signatures/3184.html NETBIOS SMB-DS CoGetInstanceFromFile little endian overflow netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios web client access web client access netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 359/409 ١١٢١٠٢/٤/ attempt Cyberoam Docs http://idp.cyberoam.com/signatures/3185.html NETBIOS SMB-DS CoGetInstanceFromFile unicode overflow attempt http://idp.cyberoam.com/signatures/3186.html NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian overflow attempt http://idp.cyberoam.com/signatures/3187.html NETBIOS SMB-DS CoGetInstanceFromFile andx overflow attempt http://idp.cyberoam.com/signatures/3188.html NETBIOS SMB-DS CoGetInstanceFromFile little endian andx overflow attempt http://idp.cyberoam.com/signatures/3189.html NETBIOS SMB-DS CoGetInstanceFromFile unicode andx overflow attempt http://idp.cyberoam.com/signatures/3190.html NETBIOS SMB-DS CoGetInstanceFromFile unicode little endian andx overflow attempt http://idp.cyberoam.com/signatures/3191.html NETBIOS name query overflow attempt TCP http://idp.cyberoam.com/signatures/3195.html NETBIOS name query overflow attempt UDP http://idp.cyberoam.com/signatures/3196.html NETBIOS DCERPC ISystemActivator path overflow attempt little endian http://idp.cyberoam.com/signatures/3197.html NETBIOS DCERPC ISystemActivator path overflow attempt big endian http://idp.cyberoam.com/signatures/3198.html NETBIOS SMB OpenKey little endian overflow attempt http://idp.cyberoam.com/signatures/3219.html NETBIOS SMB OpenKey unicode overflow attempt http://idp.cyberoam.com/signatures/3220.html NETBIOS SMB OpenKey unicode little endian overflow attempt http://idp.cyberoam.com/signatures/3221.html NETBIOS SMB OpenKey andx overflow attempt http://idp.cyberoam.com/signatures/3222.html NETBIOS SMB OpenKey little endian andx overflow attempt http://idp.cyberoam.com/signatures/3223.html NETBIOS SMB OpenKey unicode andx overflow attempt http://idp.cyberoam.com/signatures/3224.html NETBIOS SMB OpenKey unicode little endian andx overflow attempt http://idp.cyberoam.com/signatures/3225.html NETBIOS SMB-DS OpenKey overflow attempt http://idp.cyberoam.com/signatures/3226.html NETBIOS SMB-DS OpenKey little endian overflow attempt http://idp.cyberoam.com/signatures/3227.html NETBIOS SMB-DS OpenKey unicode overflow attemp thttp://idp.cyberoam.com/signatures/3228.html NETBIOS SMB-DS OpenKey andx overflow attempt http://idp.cyberoam.com/signatures/3230.html netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios netbios docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 360/409 ١١٢١٠٢/٤/ Cyberoam Docs NETBIOS SMB-DS OpenKey little endian andx overflow attempt http://idp.cyberoam.com/signatures/3231.html NETBIOS Messenger message little endian overflow attempt http://idp.cyberoam.com/signatures/3234.html NETBIOS Messenger message overflow attempt http://idp.cyberoam.com/signatures/3235.html FINGER Query http://idp.cyberoam.com/signatures/333.html MS-SQL DNS query with 1 requests http://idp.cyberoam.com/signatures/3443.html MS-SQL DNS query with 2 requests http://idp.cyberoam.com/signatures/3444.html MS-SQL DNS query with 3 requests http://idp.cyberoam.com/signatures/3445.html MS-SQL DNS query with 4 requests http://idp.cyberoam.com/signatures/3446.html MS-SQL DNS query with 5 requests http://idp.cyberoam.com/signatures/3447.html MS-SQL DNS query with 6 requests http://idp.cyberoam.com/signatures/3448.html MS-SQL DNS query with 7 requests http://idp.cyberoam.com/signatures/3449.html MS-SQL DNS query with 8 requests http://idp.cyberoam.com/signatures/3450.html MS-SQL DNS query with 9 requests http://idp.cyberoam.com/signatures/3451.html MS-SQL DNS query with 10 requests http://idp.cyberoam.com/signatures/3452.html FTP SITE EXEC attempt http://idp.cyberoam.com/signatures/361.html INFO FTP no password http://idp.cyberoam.com/signatures/489.html INFO TELNET login failed http://idp.cyberoam.com/signatures/492.html MISC Source Port 20 to <1024 http://idp.cyberoam.com/signatures/503.html MISC source port 53 to <1024 http://idp.cyberoam.com/signatures/504.html MISC gopher proxy http://idp.cyberoam.com/signatures/508.html MISC Large UDP Packet http://idp.cyberoam.com/signatures/521.html BAD-TRAFFIC ip reserved bit set http://idp.cyberoam.com/signatures/523.html BAD-TRAFFIC tcp port 0 traffic http://idp.cyberoam.com/signatures/524.html BAD-TRAFFIC udp port 0 traffic http://idp.cyberoam.com/signatures/525.html network attacks and anomaly network attacks and anomaly network attacks and anomaly web access web access web access web access information information ftp dbms dbms dbms dbms dbms dbms dbms dbms dbms dbms finger netbios netbios netbios docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 361/409 ١١٢١٠٢/٤/ Cyberoam Docs BAD-TRAFFIC data in TCP SYN packet http://idp.cyberoam.com/signatures/526.html NETBIOS NT NULL session http://idp.cyberoam.com/signatures/530.html POLICY FTP anonymous login attempt http://idp.cyberoam.com/signatures/553.html RPC DOS ttdbserv Solaris http://idp.cyberoam.com/signatures/572.html RPC portmap ypserv request UDP http://idp.cyberoam.com/signatures/590.html SCAN cybercop os probe http://idp.cyberoam.com/signatures/619.html SCAN FIN http://idp.cyberoam.com/signatures/621.html SCAN ipEye SYN scan http://idp.cyberoam.com/signatures/622.html SCAN NULL http://idp.cyberoam.com/signatures/623.html SCAN SYN FIN http://idp.cyberoam.com/signatures/624.html SCAN XMAS http://idp.cyberoam.com/signatures/625.html SCAN synscan portscan http://idp.cyberoam.com/signatures/630.html SHELLCODE x86 stealth NOOP http://idp.cyberoam.com/signatures/651.html SHELLCODE x86 0x90 unicode NOOP http://idp.cyberoam.com/signatures/653.html SMTP RCPT TO overflow http://idp.cyberoam.com/signatures/654.html WEB-CGI whois_raw.cgi arbitrary command execution attempt http://idp.cyberoam.com/signatures/809.html WEB-CGI csh access http://idp.cyberoam.com/signatures/862.html WEB-CGI ksh access http://idp.cyberoam.com/signatures/865.html WEB-CGI rsh access http://idp.cyberoam.com/signatures/868.html WEB-CGI tcsh access http://idp.cyberoam.com/signatures/872.html WEB-CGI rksh access http://idp.cyberoam.com/signatures/877.html WEB-CGI bash access http://idp.cyberoam.com/signatures/885.html WEB-IIS Directory transversal attempt http://idp.cyberoam.com/signatures/974.html WEB-IIS .cnf access http://idp.cyberoam.com/signatures/977.html WEB-IIS MSProxy access web access web access web access web access web access web access web access web access web access web access smtp shellcode network attacks and anomaly shellcode network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly network attacks and anomaly rpc rpc policy network attacks and anomaly netbios docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 362/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/986.html WEB-IIS achg.htr access http://idp.cyberoam.com/signatures/991.html WEB-IIS /scripts/iisadmin/default.htm access http://idp.cyberoam.com/signatures/994.html WEB-IIS anot.htr access http://idp.cyberoam.com/signatures/996.html web access web access web access 1.3.1.6.60. V 2.4.39 Release Date 22nd September, 2009 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.38 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure 1. 2. 3. 4. Download upgrade fromhttp://download.cyberoam.com/ips Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.39. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Detection and Protection matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 156 Risk level: High Name Surfing Using Invisible-Surfing Tool http://idp.cyberoam.com/signatures/1100777.html Palringo Messenger http://idp.cyberoam.com/signatures/1100778.html Surfing Using Proxifier Application http://idp.cyberoam.com/signatures/1100779.html Malware ISpy Professional v1.2 Runtime Detection (icmp ping request) http://idp.cyberoam.com/signatures/2080924140.html Malware Trojan.Win32.Agent.btxm Runtime Detection (IRC) http://idp.cyberoam.com/signatures/2090413070.html Malware Kaju BackDoor Runtime Detection (Keylog) http://idp.cyberoam.com/signatures/2081212101.html Malware Win32.Neeris.gen.C Runtime (IRC) http://idp.cyberoam.com/signatures/2090409040.html Malware Fouad 1.0 Runtime Detection (init) http://idp.cyberoam.com/signatures/2090119060.htm l spyware category cyberoam signatures cyberoam signatures cyberoam signatures spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 363/409 ١١٢١٠٢/٤/ Cyberoam Docs Malware Kaju BackDoor Runtime Detection (screencapture) http://idp.cyberoam.com/signatures/2081212103.html Malware Backdoor.Win32.Poebot.BP Runtime Detection http://idp.cyberoam.com/signatures/2090602031.html Malware Win32.Neeris.gen.C Runtime Detection (IRC-6667) http://idp.cyberoam.com/signatures/2090409041.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326086.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326088.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326087.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326089.html Malware BRX Rat 0.02 Runtime Detection (getdrivers) http://idp.cyberoam.com/signatures/2081223053.html Malware BRX Rat 0.02 Runtime Detection (getinfo) http://idp.cyberoam.com/signatures/2081223054.html Malware BRX Rat 0.02 Runtime Detection (keylogger) http://idp.cyberoam.com/signatures/2081223051.html Malware BRX Rat 0.02 Runtime Detection (listproce) http://idp.cyberoam.com/signatures/2081223052.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326080.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326082.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326081.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326083.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326084.html Malware Win32.Conficker.C Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090326085.html Malware Silent Keylogger 1.5 Runtime Detection http://idp.cyberoam.com/signatures/2081218070.html Malware Biodox Runtime Detection http://idp.cyberoam.com/signatures/2081215090.html Malware BugsPrey Runtime Detection (Init Connection) http://idp.cyberoam.com/signatures/2080819070.html Malware BugsPrey Runtime Detection (Init Connection) http://idp.cyberoam.com/signatures/2080819071.html Malware DarkstRat 2008 First Runtime Detection http://idp.cyberoam.com/signatures/2081212080.html Malware Keylogger WL-Keylogger Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081006090.html Malware LOST DOOR 3.0 Runtime Detection (init connection) spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 364/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2081103080.html Malware Octopus 0.1 Runtime Detection http://idp.cyberoam.com/signatures/2090202100.html Malware PaiN RAT 0.1 Runtime Detection http://idp.cyberoam.com/signatures/2081217080.html Malware Spy-Net 0.7 Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081021050.html Malware SRaT 1.6 Runtime Detection http://idp.cyberoam.com/signatures/2081121111.html Malware SynRat 2.1 Pro Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081106041.html Malware Backdoor.Win32.Hupigon.eqlo Runtime Detection http://idp.cyberoam.com/signatures/2090414180.html Malware Monitor.Win32.Perflogger Runtime Detection http://idp.cyberoam.com/signatures/2081110100.html Malware Allaple.e Runtime Detection (RPC Bind) http://idp.cyberoam.com/signatures/2090227110.html Malware Allaple.e Runtime Detection (RPC DoS) http://idp.cyberoam.com/signatures/2090227111.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028126.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028128.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028127.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028129.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/1500040.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/1500041.html Malware W32.Bindo.worm Runtime Detection (port 139) http://idp.cyberoam.com/signatures/2090129220.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130206.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130208.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130207.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130209.html Malware Kaju BackDoor Runtime Detection (Keylog) http://idp.cyberoam.com/signatures/2081212102.html Malware SpyYahoo v2.2 Runtime Detection http://idp.cyberoam.com/signatures/2080917190.html Malware Kaju BackDoor Runtime Detection (confirmation) http://idp.cyberoam.com/signatures/2081212105.html Malware aSpy v2.12 Runtime Detection http://idp.cyberoam.com/signatures/2080926040.html Malware Cheat Monitor Runtime Detection spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 365/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2081105070.html Malware EgySpy KeyLogger 1.13 Runtime Detection http://idp.cyberoam.com/signatures/2081126060.html Malware Email-Worm.CryptBox-A Runtime Detection (Hallmark) http://idp.cyberoam.com/signatures/2090120282.html Malware Email-Worm.CryptBox-A Runtime Detection (IKEA) http://idp.cyberoam.com/signatures/2090120281.html Malware Tong Keylogger Runtime Detection http://idp.cyberoam.com/signatures/2090112112.html Malware Tong Keylogger Runtime Detection http://idp.cyberoam.com/signatures/2090112110.html Malware Tong Keylogger Runtime Detection http://idp.cyberoam.com/signatures/2090112111.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028120.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028122.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028121.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028123.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028124.html Malware Trojan Gimmiv.A Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2081028125.html Malware W32.Bindo.worm Runtime Detection (port 445) http://idp.cyberoam.com/signatures/2090129221.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130200.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130202.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130201.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130203.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130204.html Malware W32.Conficker.worm Runtime Detection (RPC Request Buffer Overflow) http://idp.cyberoam.com/signatures/2090130205.html Malware Fouad 1.0 Runtime Detection (init) http://idp.cyberoam.com/signatures/2090119061.html Malware Kaju BackDoor Runtime Detection (screencapture) http://idp.cyberoam.com/signatures/2081212104.html Malware Backdoor.Win32.Poebot.BP Runtime Detection http://idp.cyberoam.com/signatures/2090602030.html Malware Arabian-Attacker 1.1.0 Runtime Detection http://idp.cyberoam.com/signatures/2081219070.html Malware Biodox Runtime Detection http://idp.cyberoam.com/signatures/2081215091.html Malware Classroom Spy Professional Runtime Detection (Initial connection) spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 366/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2081006142.html Malware Classroom Spy Professional Runtime Detection (Initial connection) http://idp.cyberoam.com/signatures/2081006143.html Malware Classroom Spy Professional Runtime Detection (Initial connection) http://idp.cyberoam.com/signatures/2081006140.html Malware Classroom Spy Professional Runtime Detection (Initial connection) http://idp.cyberoam.com/signatures/2081006141.html Malware DarkstRat 2008 First Runtime Detection http://idp.cyberoam.com/signatures/2081212081.html Malware Hack Style RAT Runtime Detection http://idp.cyberoam.com/signatures/2081216070.html Malware Keylogger WL-Keylogger Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081006091.html Malware LOST DOOR 3.0 Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081103081.html Malware Net-Worm. Win32.Kolabc.fic Runtime Detection (Command and Control) http://idp.cyberoam.com/signatures/2090205211.html Malware Spy-Net 0.7 Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081021051.html Malware SRaT 1.6 Runtime Detection http://idp.cyberoam.com/signatures/2081121110.html Malware Salware SynRat 2.1 Pro Runtime Detection (init connection) http://idp.cyberoam.com/signatures/2081106040.html Malware Asprox Runtime Detection http://idp.cyberoam.com/signatures/2090210180.html Malware Backdoor Hupigon.pv Runtime Detection http://idp.cyberoam.com/signatures/2090113040.html Malware Backdoor Win32.Agent.wwe Runtime Detection http://idp.cyberoam.com/signatures/2090203070.html Malware Backdoor Win32.Delf.jwh Runtime Detection http://idp.cyberoam.com/signatures/2080819090.html Malware Backdoor.Win32.Sinowal.abe Runtime Detection http://idp.cyberoam.com/signatures/2090330050.html Malware Downloader_Trojan_Gen2 Runtime Detection (Antivirus scan Page) http://idp.cyberoam.com/signatures/2080912060.html Malware Downloader_Trojan_Gen2 Runtime Detection (Remote Connection) http://idp.cyberoam.com/signatures/2080912061.html Malware Downloader Trojan.Gen3 Runtime Detection http://idp.cyberoam.com/signatures/2080923050.html Malware Email-Worm.CryptBox-A Runtime Detection (childhe) http://idp.cyberoam.com/signatures/2090120280.html Malware Faceback.exe Runtime Detection http://idp.cyberoam.com/signatures/2081009130.html Malware Fouad 1.0 Runtime Detection (http request) http://idp.cyberoam.com/signatures/2090119062.html Malware LORD SPY PRO 1.4 Runtime Detection http://idp.cyberoam.com/signatures/2081009060.html Malware Net-Worm.Win32.Kolabc.fic Runtime Detection (HTTP Download) http://idp.cyberoam.com/signatures/2090205210.html Malware PWS. Win32.Ldpinch.gen Runtime Detection http://idp.cyberoam.com/signatures/2090616050.html Malware TD.EXE Runtime Detection (download) spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 367/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2080822171.html Malware TD.EXE Runtime Detection (getfile) http://idp.cyberoam.com/signatures/2080822170.html Malware Trojan.Crypt.CY Runtime Detection http://idp.cyberoam.com/signatures/2090320080.html Malware Trojan Downloader.Agent.vhb Runtime Detection (Contact server) http://idp.cyberoam.com/signatures/2080924050.html Malware Trojan Downloader.Agent.vhb Runtime Detection (Contact server login page) http://idp.cyberoam.com/signatures/2080924051.html Malware Trojan Downloader Exchan.Gen variant Runtime Detection http://idp.cyberoam.com/signatures/2080820170.html Malware Trojan Downloader Exchanger.Gen2 Runtime Detection http://idp.cyberoam.com/signatures/2081112050.html Malware Trojan-Downloader.Win32.Agent.amwd Runtime Detection (address-bar.net) http://idp.cyberoam.com/signatures/2081208112.html Malware Trojan-Downloader.Win32.Agent.amwd Runtime Detection (isearchmoa.com) http://idp.cyberoam.com/signatures/2081208111.html Malware Trojan-Downloader.Win32.Agent.amwd Runtime Detection (recommandsite.com) http://idp.cyberoam.com/signatures/2081208110.html Malware Trojan-Downloader.Win32.Agent.atff Runtime Detection http://idp.cyberoam.com/signatures/2090408110.html Malware Trojan-Downloader.Win32.Agent.avzz Runtime Detection (hse) http://idp.cyberoam.com/signatures/2090128280.html Malware Trojan-Downloader.Win32.Agent.avzz Runtime Detection (pcsimple) http://idp.cyberoam.com/signatures/2090128281.html Malware Trojan-Downloader.Win32.Delf.phh Runtime Detection (0000005738.exe) http://idp.cyberoam.com/signatures/2081022073.html Malware Trojan-Downloader.Win32.Delf.phh Runtime Detection (57329.exe) http://idp.cyberoam.com/signatures/2081022072.html Malware Trojan-Downloader.Win32.Delf.phh Runtime Detection (file.exe 2) http://idp.cyberoam.com/signatures/2081022071.html Malware Trojan-Downloader.Win32.Delf.phh Runtime Detection (file.exe) http://idp.cyberoam.com/signatures/2081022070.html Malware Trojan-Downloader.Win32.Delf.phh Runtime Detection (sft_ver1.1454.0.exe) http://idp.cyberoam.com/signatures/2081022074.html Malware Trojan-Dropper.IRC.TKB Runtime Detection (dir4you) http://idp.cyberoam.com/signatures/2081203110.html Malware Trojan-Dropper.IRC.TKB Runtime Detection (dxcpm) http://idp.cyberoam.com/signatures/2081203112.html Malware Trojan-Dropper.IRC.TKB Runtime Detection (lordhack) http://idp.cyberoam.com/signatures/2081203111.html Malware Trojan-Dropper.Win32.Agent.wdv Runtime Detection http://idp.cyberoam.com/signatures/2081017060.html Malware Trojan-Dropper.Win32.Delf.aba Runtime Detection (999cha) http://idp.cyberoam.com/signatures/2090113281.html Malware Trojan-Dropper.Win32.Delf.aba Runtime Detection (by920) http://idp.cyberoam.com/signatures/2090113280.html Malware Trojan.Lineage.Gen.Pac.3 Runtime Detection spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 368/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2090106180.html Malware Trojan-PSW.Win32.Papras.dm Runtime Detection http://idp.cyberoam.com/signatures/2090319060.html Malware TrojanSpy.Win32.Zbot.Gen Runtime Detection (Connects to remote server) http://idp.cyberoam.com/signatures/2081204091.html Malware TrojanSpy.Win32.Zbot.Gen Runtime Detection (Downloads malicious files) http://idp.cyberoam.com/signatures/2081204090.html Malware Trojan.Spy.Zeus.1.Gen Runtime Detection (cfg) http://idp.cyberoam.com/signatures/2090304110.html Malware Trojan.Spy.Zeus.1.Gen Runtime Detection (sys) http://idp.cyberoam.com/signatures/2090304111.html Malware Trojan.TDSS.1.Gen Install-time Detection (findzproportal1.com) http://idp.cyberoam.com/signatures/2081120101.html Malware Trojan.TDSS.1.Gen Install-time Detection (yournewsblog.net) http://idp.cyberoam.com/signatures/2081120100.html Malware Trojan Win32.Agent.aah Runtime Detection http://idp.cyberoam.com/signatures/2081001190.html Malware Trojan.Win32.Agent.aulk Runtime Detection (buyaohenchang) http://idp.cyberoam.com/signatures/2090116280.html Malware Trojan.Win32.Agent.aulk Runtime Detection (redirect to 6700.cn) http://idp.cyberoam.com/signatures/2090116282.html Malware Trojan.Win32.Agent.aulk Runtime Detection (woyaochidongxi) http://idp.cyberoam.com/signatures/2090116281.html Malware Trojan Win32.Agent.vvm Runtime Detection http://idp.cyberoam.com/signatures/2080902150.html Malware Trojan Win32.Agent.vvm Runtime Detection (HTTP) http://idp.cyberoam.com/signatures/2090309120.html Malware W32.Sality.AM Runtime Detection (hotelkalingaindore) http://idp.cyberoam.com/signatures/2090715010.html Malware W32.Sality.AM Runtime Detection (lasercareindia) http://idp.cyberoam.com/signatures/2090715011.html Malware Win32.Cekar Variant Runtime Detection http://idp.cyberoam.com/signatures/2080909030.html Malware Win32.Fruspam Runtime Detection http://idp.cyberoam.com/signatures/2090416030.html Malware Worm.Brontok.C Runtime Detection (HTTP) http://idp.cyberoam.com/signatures/2090220100.html Malware Worm.Win32.AutoRun.qgg Runtime Detection (Razmgah) http://idp.cyberoam.com/signatures/2090311101.html Malware Worm.Win32.AutoRun.qgg Runtime Detection (Reg) http://idp.cyberoam.com/signatures/2090311100.html Malware Worm.Win32.Koobface.dq Runtime Detection (achcheck) http://idp.cyberoam.com/signatures/2090316100.html Malware Worm.Win32.Koobface.dq Runtime Detection (con-sole) http://idp.cyberoam.com/signatures/2090316102.html Malware Worm.Win32.Koobface.dq Runtime Detection (gen) http://idp.cyberoam.com/signatures/2090316101.html Malware Wowpa KI Runtime Detection http://idp.cyberoam.com/signatures/2090527010.html spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware spyware 1.3.1.6.61. V 2.4.38 Release Date 7th September, 2009 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 369/409 ١١٢١٠٢/٤/ Release Information Upgrade Applicable on: IPS Signature Database V 2.4.37 Upgrade Information Cyberoam Docs Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure 1. 2. 3. 4. Download upgrade fromhttp://download.cyberoam.com/ips Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.38. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Prevention matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 100 Risk level: High Name Borland StarTeam Multicast Service HTTP Handling Buffer Overflow http://idp.cyberoam.com/signatures/1080403241.html Borland StarTeam Multicast Service HTTP Handling Buffer Overflow http://idp.cyberoam.com/signatures/1080403240.html Microsoft Windows Active Directory Denial of Service http://idp.cyberoam.com/signatures/1080610105.html Microsoft Windows Active Directory Denial of Service http://idp.cyberoam.com/signatures/1080610107.html Microsoft Windows Active Directory Denial of Service http://idp.cyberoam.com/signatures/1080610101.html Microsoft Windows Active Directory Denial of Service http://idp.cyberoam.com/signatures/1080610103.html Novell eDirectory LDAP NULL Search Parameter Buffer Overflow http://idp.cyberoam.com/signatures/1080710091.html Novell eDirectory LDAP NULL Search Parameter Buffer Overflow http://idp.cyberoam.com/signatures/1080710092.html Novell eDirectory LDAP NULL Search Parameter Buffer Overflow http://idp.cyberoam.com/signatures/1080710090.html OpenLDAP ber_get_next BER Decoding Denial of Service http://idp.cyberoam.com/signatures/1080630160.html Oracle Internet Directory Pre-Authentication LDAP Denial of Service http://idp.cyberoam.com/signatures/1080716020.html Alt-N Technologies SecurityGateway username Buffer Overflow http://idp.cyberoam.com/signatures/1080602040.html Alt-N Technologies SecurityGateway username Buffer Overflow http://idp.cyberoam.com/signatures/1080602041.html Alt-N Technologies SecurityGateway username Buffer Overflow http://idp.cyberoam.com/signatures/1080602042.html CA ARCserve Backup Discovery Service Denial of Service dos Category web-misc web-misc dos dos dos misc misc misc misc dos misc misc misc dos docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 370/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1080417020.html CA ARCserve Backup Discovery Service Denial of Service http://idp.cyberoam.com/signatures/1080417021.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404045.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404040.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404046.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404047.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404048.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404049.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404041.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404042.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404043.html CA Multiple Products Alert Notification Server Buffer Overflow http://idp.cyberoam.com/signatures/1080404044.html Multiple Vendor CUPS GIF Decoding Routine Buffer Overflow http://idp.cyberoam.com/signatures/1080401081.html Multiple Vendor CUPS GIF Decoding Routine Buffer Overflow http://idp.cyberoam.com/signatures/1080401080.html HP OpenView Network Node Manager HTTP Handling Buffer Overflow http://idp.cyberoam.com/signatures/1080402080.html HP OpenView Network Node Manager HTTP Handling Buffer Overflow http://idp.cyberoam.com/signatures/1080402081.html Novell eDirectory HTTP Headers Denial of Service http://idp.cyberoam.com/signatures/1080402060.html Novell eDirectory HTTP Headers Denial of Service http://idp.cyberoam.com/signatures/1080402062.html Novell eDirectory HTTP Headers Denial of Service http://idp.cyberoam.com/signatures/1080402061.html Novell eDirectory HTTP Headers Denial of Service http://idp.cyberoam.com/signatures/1080402063.html McAfee ePolicy Orchestrator Framework Services HTTP Buffer Overflow Published Exploit http://idp.cyberoam.com/signatures/1080402050.html McAfee ePolicy Orchestrator Framework Services HTTP Buffer Overflow Published Exploit http://idp.cyberoam.com/signatures/1080402051.html IBM Lotus Sametime Server Multiplexer Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080521201.html CA eTrust Secure Content Manager Gateway FTP PASV Stack Overflow http://idp.cyberoam.com/signatures/1080604271.html CA eTrust Secure Content Manager Gateway FTP PASV Stack Overflow http://idp.cyberoam.com/signatures/1080604272.html CA eTrust Secure Content Manager Gateway FTP PASV Stack Overflow http://idp.cyberoam.com/signatures/1080604273.html ftp misc dos misc misc misc misc misc misc misc misc misc misc misc misc misc dos dos dos dos exploit exploit misc ftp ftp docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 371/409 ١١٢١٠٢/٤/ Cyberoam Docs CA eTrust Secure Content Manager Gateway FTP PASV Stack Overflow http://idp.cyberoam.com/signatures/1080604274.html GNOME Project libxslt Library RC4 Key String Buffer Overflow http://idp.cyberoam.com/signatures/1080731090.html GNOME Project libxslt Library RC4 Key String Buffer Overflow http://idp.cyberoam.com/signatures/1080731091.html GNOME Project libxslt Library RC4 Key String Buffer Overflow http://idp.cyberoam.com/signatures/1080731092.html GNOME Project libxslt Library RC4 Key String Buffer Overflow http://idp.cyberoam.com/signatures/1080731094.html GNOME Project libxslt Library RC4 Key String Buffer Overflow http://idp.cyberoam.com/signatures/1080731093.html Microsoft Windows GDI Metafile Image Handling Heap Overflow http://idp.cyberoam.com/signatures/1080408120.html Microsoft Windows GDI Metafile Image Handling Heap Overflow http://idp.cyberoam.com/signatures/1080408121.html Microsoft Windows GDI Metafile Image Handling Heap Overflow http://idp.cyberoam.com/signatures/1080408122.html Microsoft Windows GDI Metafile Image Handling Heap Overflow http://idp.cyberoam.com/signatures/1080408123.html Microsoft Windows GDI Metafile Image Handling Heap Overflow http://idp.cyberoam.com/signatures/1080408126.html Microsoft Windows GDI Metafile Image Handling Heap Overflow http://idp.cyberoam.com/signatures/1080408127.html Microsoft Windows GDI Metafile Image Handling Heap Overflow http://idp.cyberoam.com/signatures/1080408128.html Microsoft Windows GDI Metafile Image Handling Heap Overflow http://idp.cyberoam.com/signatures/1080408124.html Microsoft Windows GDI Metafile Image Handling Heap Overflow http://idp.cyberoam.com/signatures/1080408125.html Cisco Secure Access Control Server UCP Application CSuserCGI.exe Buffer Overflow http://idp.cyberoam.com/signatures/1080312090.html IBM Lotus Domino Web Server HTTP Header Buffer Overflow http://idp.cyberoam.com/signatures/1080521020.html Published Exploit - BEA WebLogic Server Apache Connector HTTP Version String Buffer Overflow http://idp.cyberoam.com/signatures/1080721020.html Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution http://idp.cyberoam.com/signatures/1080409201.html Adobe Flash Player Multimedia File DefineSceneAndFrameLabelData Code Execution http://idp.cyberoam.com/signatures/1080409202.html Adobe Multiple Products BMP Image Header Handling Buffer Overflow http://idp.cyberoam.com/signatures/1080421061.html Apple QuickTime Obji Atom Parsing Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080403030.html Apple QuickTime PICT Multiple Records Handling Buffer Overflow http://idp.cyberoam.com/signatures/1080403082.html CA Multiple Products ActiveX Control ListCtrl AddColumn Buffer Overflow http://idp.cyberoam.com/signatures/1080317060.html CA Multiple Products ActiveX Control ListCtrl AddColumn Buffer Overflow http://idp.cyberoam.com/signatures/1080317062.html CA Multiple Products ActiveX Control ListCtrl AddColumn Buffer Overflow web-client ftp misc misc misc misc misc misc misc misc misc misc misc misc misc misc exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 372/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1080317063.html CA Multiple Products ActiveX Control ListCtrl AddColumn Buffer Overflow http://idp.cyberoam.com/signatures/1080317064.html IBM Lotus Expeditor cai URI Handler Command Execution http://idp.cyberoam.com/signatures/1080424110.html Microsoft Access Snapshot Viewer ActiveX Control snapview.ocx Code Execution http://idp.cyberoam.com/signatures/1080707150.html Microsoft Access Snapshot Viewer ActiveX Control snapview.ocx Code Execution http://idp.cyberoam.com/signatures/1080707151.html Microsoft DirectX SAMI Format Parsing Code Execution http://idp.cyberoam.com/signatures/1080610090.html Microsoft DirectX SAMI Format Parsing Code Execution http://idp.cyberoam.com/signatures/1080610091.html Microsoft Excel Conditional Formatting Values Handling Code Execution http://idp.cyberoam.com/signatures/1080311200.html Microsoft Excel Conditional Formatting Values Handling Code Execution http://idp.cyberoam.com/signatures/1080311201.html Microsoft Excel Conditional Formatting Values Handling Code Execution http://idp.cyberoam.com/signatures/1080311202.html Microsoft Excel Data Validation Record Processing Code Execution http://idp.cyberoam.com/signatures/1080311100.html Microsoft Excel Data Validation Record Processing Code Execution http://idp.cyberoam.com/signatures/1080311101.html Microsoft Excel Data Validation Record Processing Code Execution http://idp.cyberoam.com/signatures/1080311103.html Microsoft Excel Data Validation Record Processing Code Execution http://idp.cyberoam.com/signatures/1080311102.html Microsoft Excel File Importing Code Execution http://idp.cyberoam.com/signatures/1080311152.html Microsoft Excel Malformed Formula Parsing Code Execution http://idp.cyberoam.com/signatures/1080311180.html Microsoft Excel Malformed Formula Parsing Code Execution http://idp.cyberoam.com/signatures/1080311182.html Microsoft Excel Malformed Formula Parsing Code Execution http://idp.cyberoam.com/signatures/1080311181.html Microsoft Excel Rich Text Handling Code Execution http://idp.cyberoam.com/signatures/1080311190.html Microsoft Excel Rich Text Handling Code Execution http://idp.cyberoam.com/signatures/1080311193.html Microsoft Excel Rich Text Handling Code Execution http://idp.cyberoam.com/signatures/1080311192.html Microsoft Excel Rich Text Handling Code Execution http://idp.cyberoam.com/signatures/1080311194.html Microsoft Excel Rich Text Handling Code Execution http://idp.cyberoam.com/signatures/1080311191.html Microsoft Internet Explorer Data Stream Handling Memory Corruption http://idp.cyberoam.com/signatures/1080408111.html Microsoft Internet Explorer Data Stream Handling Memory Corruption http://idp.cyberoam.com/signatures/1080408110.html Microsoft Internet Explorer HTML Objects Memory Corruption http://idp.cyberoam.com/signatures/1080610150.html web-attacks exploit exploit web-attacks exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit web-attacks web-attacks docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 373/409 ١١٢١٠٢/٤/ Cyberoam Docs Microsoft Internet Explorer Location Property Cross Domain Scripting http://idp.cyberoam.com/signatures/1080626080.html Microsoft Internet Explorer Request Header Cross Domain Information Disclosure http://idp.cyberoam.com/signatures/1080610162.html Microsoft Internet Explorer Request Header Cross Domain Information Disclosure http://idp.cyberoam.com/signatures/1080610161.html Microsoft Internet Explorer Request Header Cross Domain Information Disclosure http://idp.cyberoam.com/signatures/1080610160.html Microsoft Internet Explorer Request Header Cross Domain Information Disclosure http://idp.cyberoam.com/signatures/1080610163.html Microsoft Office Drawing Shapes Handling Memory Corruption http://idp.cyberoam.com/signatures/1080311140.html Microsoft Office Drawing Shapes Handling Memory Corruption http://idp.cyberoam.com/signatures/1080311141.html Microsoft Office Outlook mailto URI Handling Code Execution http://idp.cyberoam.com/signatures/1080311120.html Microsoft Office Web Components DateSource Code Execution http://idp.cyberoam.com/signatures/1080311170.html web-attacks web-attacks web-attacks web-attacks web-attacks web-misc web-misc web-misc exploit 1.3.1.6.62. V 2.4.37 Release Date 18th August, 2009 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.36 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure 1. 2. 3. 4. Download upgrade from http://download.cyberoam.com/ips Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.37 Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Protection System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 115 Risk level: High Name Linux Kernel IPv6 over IPv4 Memory Leak Denial of Service http://idp.cyberoam.com/signatures/1080515050.html Microsoft Windows Pragmatic General Multicast Packet Handling DoS http://idp.cyberoam.com/signatures/1080610080.html Microsoft Windows Pragmatic General Multicast Packet Handling DoS Category dos dos dos docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 374/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1080610081.html Microsoft Windows Pragmatic General Multicast Packet Handling DoS http://idp.cyberoam.com/signatures/1080610082.html Microsoft SQL Server Backup Restoring Memory Corruption http://idp.cyberoam.com/signatures/1080708052.html Microsoft SQL Server Backup Restoring Memory Corruption http://idp.cyberoam.com/signatures/1080708053.html Microsoft SQL Server Backup Restoring Memory Corruption http://idp.cyberoam.com/signatures/1080708054.html Microsoft SQL Server Backup Restoring Memory Corruption http://idp.cyberoam.com/signatures/1080708055.html Samba receive_smb_raw SMB Packets Parsing Buffer Overflow (Published Exploit) http://idp.cyberoam.com/signatures/1080528010.html Novell GroupWise Messenger HTTP Response Handling Stack Overflow http://idp.cyberoam.com/signatures/1080609040.html Sun Solaris rpc.ypupdated Command Injection Vulnerability http://idp.cyberoam.com/signatures/1080324041.html CA BrightStor ARCserve Backup caloggerd Opcode 79 Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080527211.html HP StorageWorks Storage Mirroring Double Take Service Code Execution http://idp.cyberoam.com/signatures/1080603025.html HP StorageWorks Storage Mirroring Double Take Service Code Execution http://idp.cyberoam.com/signatures/1080603024.html HP StorageWorks Storage Mirroring Double Take Service Code Execution http://idp.cyberoam.com/signatures/1080603023.html HP StorageWorks Storage Mirroring Double Take Service Code Execution http://idp.cyberoam.com/signatures/1080603022.html HP StorageWorks Storage Mirroring Double Take Service Code Execution http://idp.cyberoam.com/signatures/1080603021.html HP StorageWorks Storage Mirroring Double Take Service Code Execution http://idp.cyberoam.com/signatures/1080603020.html HP StorageWorks Storage Mirroring Double Take Service Code Execution http://idp.cyberoam.com/signatures/2080603021.html HP StorageWorks Storage Mirroring Double Take Service Code Execution http://idp.cyberoam.com/signatures/2080603020.html HP StorageWorks Storage Mirroring Double Take Service Code Execution http://idp.cyberoam.com/signatures/1080603029.html HP StorageWorks Storage Mirroring Double Take Service Code Execution http://idp.cyberoam.com/signatures/1080603028.html HP StorageWorks Storage Mirroring Double Take Service Code Execution http://idp.cyberoam.com/signatures/1080603027.html HP StorageWorks Storage Mirroring Double Take Service Code Execution http://idp.cyberoam.com/signatures/1080603026.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/1080326250.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/2080326255.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/2080326252.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/2080326253.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/2080326254.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/3080326250.html IBM solidDB Logging Function Format String Vulnerability exploit misc dos sql sql sql sql exploit rpc misc misc misc misc misc misc misc misc misc misc misc misc misc exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 375/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/2080326257.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/2080326258.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/2080326259.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/2080326256.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/2080326251.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/1080326255.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/1080326252.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/1080326253.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/1080326254.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/2080326250.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/1080326257.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/1080326258.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/1080326259.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/1080326256.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/1080326251.html Microsoft SQL Server CONVERT Function Buffer Overflow http://idp.cyberoam.com/signatures/1080708030.html Microsoft SQL Server INSERT Statement Buffer Overflow http://idp.cyberoam.com/signatures/1080708040.html Microsoft SQL Server INSERT Statement Buffer Overflow http://idp.cyberoam.com/signatures/1080708041.html Microsoft SQL Server INSERT Statement Buffer Overflow http://idp.cyberoam.com/signatures/1080708042.html Microsoft SQL Server INSERT Statement Buffer Overflow http://idp.cyberoam.com/signatures/1080708043.html Microsoft SQL Server INSERT Statement Buffer Overflow http://idp.cyberoam.com/signatures/1080708044.html Microsoft SQL Server INSERT Statement Buffer Overflow http://idp.cyberoam.com/signatures/1080708045.html Alt-N MDaemon IMAP Server FETCH Command Buffer Overflow http://idp.cyberoam.com/signatures/1080313200.html Oracle Database Server DBMS_AQELM Package Buffer Overflow http://idp.cyberoam.com/signatures/1080716030.html Oracle Database Server DBMS_AQELM Package Buffer Overflow http://idp.cyberoam.com/signatures/1080716031.html IBM Lotus Sametime Server Multiplexer Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080521200.html CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow http://idp.cyberoam.com/signatures/1080731120.html CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow http://idp.cyberoam.com/signatures/1080731121.html sql exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit sql sql sql sql sql sql imap oracle oracle exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 376/409 ١١٢١٠٢/٤/ Cyberoam Docs CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow http://idp.cyberoam.com/signatures/1080731122.html CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow http://idp.cyberoam.com/signatures/1080731123.html CA ARCserve Backup for Laptops and Desktops LGServer Handshake Buffer Overflow http://idp.cyberoam.com/signatures/1080731126.html CA ARCServe Backup for Laptops and Desktops LGServer Service Code Execution http://idp.cyberoam.com/signatures/1080404050.html CA ARCserve Backup for Laptops and Desktops NetBackup Arbitrary File Upload http://idp.cyberoam.com/signatures/1080404061.html CA ARCserve Backup for Laptops and Desktops NetBackup Arbitrary File Upload http://idp.cyberoam.com/signatures/1080404060.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/3080326251.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/4080326256.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/4080326253.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/4080326254.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/4080326255.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/5080326251.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/4080326258.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/4080326259.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/5080326250.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/4080326257.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/4080326252.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/3080326256.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/3080326253.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/3080326254.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/3080326255.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/4080326251.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/3080326258.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/3080326259.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/4080326250.html IBM solidDB Logging Function Format String Vulnerability http://idp.cyberoam.com/signatures/3080326257.html IBM solidDB Logging Function Format String Vulnerability exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 377/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/3080326252.html IBM Lotus Notes Applix Graphics Parsing Buffer Overflow http://idp.cyberoam.com/signatures/1080409190.html HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow http://idp.cyberoam.com/signatures/1080408030.html HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow http://idp.cyberoam.com/signatures/2080408030.html HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow http://idp.cyberoam.com/signatures/1080408031.html HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow http://idp.cyberoam.com/signatures/1080408032.html HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow http://idp.cyberoam.com/signatures/1080408033.html HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow http://idp.cyberoam.com/signatures/1080408037.html HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow http://idp.cyberoam.com/signatures/1080408034.html HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow http://idp.cyberoam.com/signatures/2080408031.html HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow http://idp.cyberoam.com/signatures/1080408038.html HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow http://idp.cyberoam.com/signatures/1080408039.html HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow http://idp.cyberoam.com/signatures/1080408035.html HP OpenView Network Node Manager Ovalarmsrv Service Buffer Overflow http://idp.cyberoam.com/signatures/1080408036.html Borland InterBase Database Message Handling Buffer Overflow http://idp.cyberoam.com/signatures/1080520130.html Borland Software InterBase ibserver.exe Service Attach Request Buffer Overflow http://idp.cyberoam.com/signatures/1080411040.html Kongshare - VPN Application http://idp.cyberoam.com/signatures/1100765.html Jabber - Chat Client http://idp.cyberoam.com/signatures/1100766.html GloboSurf - VPN Application http://idp.cyberoam.com/signatures/1100767.html Meebo Webchat http://idp.cyberoam.com/signatures/1100768.html H.225 VOIP Protocol http://idp.cyberoam.com/signatures/1100769.html SIP UDP Protocol http://idp.cyberoam.com/signatures/1100770.html Gizmo5 - VOIP Application http://idp.cyberoam.com/signatures/1100771.html Comfrog - VOIP Application http://idp.cyberoam.com/signatures/1100772.html Media Gateway Control Protocol http://idp.cyberoam.com/signatures/1100773.html Headcall - VOIP Application http://idp.cyberoam.com/signatures/1100774.html ooVoo - VOIP Application http://idp.cyberoam.com/signatures/1100775.html Willing Webcam Streaming Attempt http://idp.cyberoam.com/signatures/1100776.html Sightspeed - VOIP Application http://idp.cyberoam.com/signatures/1100777.html exploit misc misc misc misc misc misc misc misc misc misc misc misc misc misc cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 378/409 ١١٢١٠٢/٤/ 1.3.1.6.63. V 2.4.36 Release Date 27th July, 2009 Release Information Cyberoam Docs Upgrade Applicable on: IPS Signature Database V 2.4.34 and V 2.4.35 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure 1. 2. 3. 4. Download upgrade from http://download.cyberoam.com/ips Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.36 Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Protection System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 17 Risk level: High Name TelTel Application – VOIP http://idp.cyberoam.com/signatures/1100750.html TokBox Application – VOIP http://idp.cyberoam.com/signatures/1100751.html Funshion Application – Streaming http://idp.cyberoam.com/signatures/1100752.html Funshion Application – Streaming http://idp.cyberoam.com/signatures/1100753.html Funshion Application – Streaming http://idp.cyberoam.com/signatures/1100754.html QQ Video Application – Streaming http://idp.cyberoam.com/signatures/1100755.html AOL Radio Streaming Attempt http://idp.cyberoam.com/signatures/1100756.html RTSP Streaming Protocol http://idp.cyberoam.com/signatures/1100757.html MMS Streaming Protocol http://idp.cyberoam.com/signatures/1100758.html Etisalat Messenger Login Attempt http://idp.cyberoam.com/signatures/1100759.html Yahoo Chat Attempt Using Way2SMS http://idp.cyberoam.com/signatures/1100760.html Gtalk Chat Attempt Using Way2SMS http://idp.cyberoam.com/signatures/1100761.html Download Using Thunder Application - P2P Functionality http://idp.cyberoam.com/signatures/1100762.html Serv-U Application - Remote Access(HTTP) http://idp.cyberoam.com/signatures/1100763.html Category cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures cyberoam-signatures docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 379/409 ١١٢١٠٢/٤/ Cyberoam Docs Serv-U Application - Remote Access(FTP) http://idp.cyberoam.com/signatures/1100764.html cyberoam-signatures 1.3.1.6.64. V 2.4.35 Release Date 27th July, 2009 Release Information Upgrade Applicable on: Any version lower to 2.4.35 This consolidated upgrade will allow you to upgrade IPS signatures database directly to the version 2.4.35 from any version starting from 2.4.0. For example, if the current IPS signatures database version in your Cyberoam is 2.4.28 then with this upgrade you will be able to directly upgrade to the version 2.4.35 instead of upgrading each intermediate version individually. Upgrade process 1. 2. 3. 4. Download upgrade from http://download.cyberoam.com/ips Log on to Cyberoam Web Admin console Go to menu Help> Upload Upgrade and upload the file downloaded in step 1 Once the file is uploaded successfully, log on to CLI console and go to menu “Option 6 Upgrade Version” and follow the on-screen instructions. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.35. Release includes support for new signatures. The following sections describe the release in details. Enhancements The Cyberoam Intrusion Protection System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. Performance enhancement was achieved by: · · · Streamlining architecture Signatures merging Removing redundant signatures 1.3.1.6.65. V 2.4.34 Release Date 14th July, 2009 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.33 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure Log on to Web Admin console and go to IPS>Manage IPS page and click “Update” button against IPS Signatures. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.34. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Protection System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 380/409 ١١٢١٠٢/٤/ Total signatures added: 73 Risk level: High Cyberoam Docs Name Microsoft Internet Explorer Image Processing Argument Handling Memory Corruption http://idp.cyberoam.com/signatures/1080212163.html Microsoft Internet Explorer Image Processing Argument Handling Memory Corruption http://idp.cyberoam.com/signatures/1080212165.html Microsoft Internet Explorer Image Processing Argument Handling Memory Corruption http://idp.cyberoam.com/signatures/1080212167.html Microsoft Internet Explorer Image Processing Argument Handling Memory Corruption http://idp.cyberoam.com/signatures/1080212166.html Microsoft Internet Explorer Pdwizard.ocx ActiveX Object Memory Corruption http://idp.cyberoam.com/signatures/1070814140.html Microsoft Internet Explorer Pdwizard.ocx ActiveX Object Memory Corruption http://idp.cyberoam.com/signatures/1070814141.html Microsoft Internet Explorer Pdwizard.ocx ActiveX Object Memory Corruption http://idp.cyberoam.com/signatures/1070814142.html Microsoft Office Web Components DateSource Code Execution http://idp.cyberoam.com/signatures/1080311170.html Microsoft Office Web Components DateSource Code Execution http://idp.cyberoam.com/signatures/1080311171.html Symantec Products ActiveX Control NavComUI.dll Code Execution http://idp.cyberoam.com/signatures/1070809086.html Symantec Products ActiveX Control NavComUI.dll Code Execution http://idp.cyberoam.com/signatures/1070809084.html Symantec Products ActiveX Control NavComUI.dll Code Execution http://idp.cyberoam.com/signatures/2070809080.html Symantec Products ActiveX Control NavComUI.dll Code Execution http://idp.cyberoam.com/signatures/1070809088.html Symantec Products ActiveX Control NavComUI.dll Code Execution http://idp.cyberoam.com/signatures/1070809085.html Symantec Products ActiveX Control NavComUI.dll Code Execution http://idp.cyberoam.com/signatures/1070809087.html Symantec Products ActiveX Control NavComUI.dll Code Execution http://idp.cyberoam.com/signatures/1070809089.html Symantec Products ActiveX Control NavComUI.dll Code Execution http://idp.cyberoam.com/signatures/2070809081.html Microsoft Office Drawing Shapes Handling Memory Corruption http://idp.cyberoam.com/signatures/1080311140.html Microsoft Office Drawing Shapes Handling Memory Corruption http://idp.cyberoam.com/signatures/1080311141.html Microsoft Windows ShellExecute and IE7 URL Handling Code Execution http://idp.cyberoam.com/signatures/1070726106.html Microsoft Windows ShellExecute and IE7 URL Handling Code Execution http://idp.cyberoam.com/signatures/1070726101.html Microsoft Windows ShellExecute and IE7 URL Handling Code Execution http://idp.cyberoam.com/signatures/1070726102.html Microsoft Windows ShellExecute and IE7 URL Handling Code Execution http://idp.cyberoam.com/signatures/1070726103.html Microsoft Windows ShellExecute and IE7 URL Handling Code Execution http://idp.cyberoam.com/signatures/1070726104.html Microsoft Windows ShellExecute and IE7 URL Handling Code Execution Category web-client web-client web-client web-client web-client web-client web-client web-client web-client web-client web-client web-client web-client web-client web-client web-client web-client web-misc web-misc web-misc web-misc web-misc web-misc web-misc web-misc docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 381/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1070726105.html Microsoft XML Core Services Memory Corruption Vulnerability http://idp.cyberoam.com/signatures/1070814060.html Microsoft XML Core Services Memory Corruption Vulnerability http://idp.cyberoam.com/signatures/1070814062.html Microsoft XML Core Services Memory Corruption Vulnerability http://idp.cyberoam.com/signatures/1070814061.html Microsoft XML Core Services Memory Corruption Vulnerability http://idp.cyberoam.com/signatures/1070814063.html Samba Domain Controller Service Crafted Mailslot Name Buffer Overflow http://idp.cyberoam.com/signatures/1071210100.html Microsoft Office Works File Converter WPS File Field Length Stack Overflow http://idp.cyberoam.com/signatures/1080212220.html Microsoft Office Works File Converter WPS File Field Length Stack Overflow http://idp.cyberoam.com/signatures/1080212222.html Microsoft Office Works File Converter WPS File Field Length Stack Overflow http://idp.cyberoam.com/signatures/1080212221.html Microsoft Windows OLE Automation Remote Code Execution http://idp.cyberoam.com/signatures/1080212120.html Microsoft Windows OLE Automation Remote Code Execution http://idp.cyberoam.com/signatures/1080212121.html Microsoft Windows OLE Automation Remote Code Execution http://idp.cyberoam.com/signatures/1080212122.html Microsoft Works File Converter WPS File Section Length Headers Memory Corruption http://idp.cyberoam.com/signatures/1080212200.html Microsoft Works File Converter WPS File Section Length Headers Memory Corruption http://idp.cyberoam.com/signatures/1080212201.html RealNetworks RealPlayer Playlist Handling Buffer Overflow http://idp.cyberoam.com/signatures/1071022032.html Sun Java Web Start Charset Encoding Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080306131.html Sun Java Web Start Charset Encoding Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080306130.html Motorola Timbuktu Crafted Login Request Buffer Overflow http://idp.cyberoam.com/signatures/1070827111.html Microsoft Rich Textbox Control SaveFile Insecure Method Arbitrary File Overwrite http://idp.cyberoam.com/signatures/1080110040.html Microsoft Rich Textbox Control SaveFile Insecure Method Arbitrary File Overwrite http://idp.cyberoam.com/signatures/1080110041.html Microsoft Rich Textbox Control SaveFile Insecure Method Arbitrary File Overwrite http://idp.cyberoam.com/signatures/1080110043.html Microsoft Rich Textbox Control SaveFile Insecure Method Arbitrary File Overwrite http://idp.cyberoam.com/signatures/1080110042.html Microsoft Visual FoxPro vfp6r.dll DoCmd ActiveX Control Command Execution http://idp.cyberoam.com/signatures/1080109110.html Microsoft Visual FoxPro vfp6r.dll DoCmd ActiveX Control Command Execution http://idp.cyberoam.com/signatures/1080109111.html Skype skype4com URI Handler Remote Heap Corruption http://idp.cyberoam.com/signatures/1071206130.html Apple QuickTime Crafted HTTP Error Response Buffer Overflow http://idp.cyberoam.com/signatures/1080110080.html Apple QuickTime Image Descriptor Atom Parsing Memory Corruption web-misc web-misc web-misc web-misc web-misc exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit misc misc misc misc misc misc misc misc misc docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 382/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1080115250.html Apple QuickTime PICT Image Poly Structure Memory Corruption http://idp.cyberoam.com/signatures/1071105191.html Apple QuickTime PICT Image Poly Structure Memory Corruption http://idp.cyberoam.com/signatures/1071105190.html Microsoft DirectX SAMI File Parsing Code Execution http://idp.cyberoam.com/signatures/1071211096.html Microsoft DirectX SAMI File Parsing Code Execution http://idp.cyberoam.com/signatures/1071211093.html Microsoft DirectX SAMI File Parsing Code Execution http://idp.cyberoam.com/signatures/1071211092.html Microsoft DirectX SAMI File Parsing Code Execution http://idp.cyberoam.com/signatures/1071211094.html Microsoft DirectX SAMI File Parsing Code Execution http://idp.cyberoam.com/signatures/1071211095.html Microsoft DirectX SAMI File Parsing Code Execution http://idp.cyberoam.com/signatures/1071211090.html Microsoft DirectX SAMI File Parsing Code Execution http://idp.cyberoam.com/signatures/1071211091.html Microsoft Excel File Handling Code Execution Vulnerability http://idp.cyberoam.com/signatures/1080116020.html Microsoft Excel File Importing Code Execution http://idp.cyberoam.com/signatures/1080311151.html Microsoft Excel File Importing Code Execution http://idp.cyberoam.com/signatures/1080311150.html Chikka Messenger Login Attempt http://idp.cyberoam.com/signatures/1100739.html AIM Messenger Login Attempt http://idp.cyberoam.com/signatures/1100740.html iTunes Streaming Attempt http://idp.cyberoam.com/signatures/1100741.html Quicktime Streaming Attempt http://idp.cyberoam.com/signatures/1100742.html Adobe Player Streaming Attempt http://idp.cyberoam.com/signatures/1100745.html RTMP Streaming http://idp.cyberoam.com/signatures/1100744.html Picasa Streaming Attempt http://idp.cyberoam.com/signatures/1100746.html Winemp Player Streaming Attempt http://idp.cyberoam.com/signatures/1100747.html Etisalat Messenger Login Attempt http://idp.cyberoam.com/signatures/1100748.html TeamViewer Authentication Attempt http://idp.cyberoam.com/signatures/1100749.html misc misc misc misc misc misc misc misc misc misc misc misc cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures cyberoamsignatures 1.3.1.6.66. V 2.4.33 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.32 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 383/409 ١١٢١٠٢/٤/ Cyberoam Docs Log on to Web Admin console and go to IPS>Manage IPS page and click “Update” button against IPS Signatures. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.33. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Protection System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 102 Risk level: High Name Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/2071211167.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/2071211163.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/2071211161.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/2071211164.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/2071211162.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/3071211160.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/3071211165.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/3071211168.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/3071211166.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/3071211169.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/3071211167.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/3071211163.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/3071211161.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/3071211164.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/3071211162.html Cisco Unified Communications Manager CTL Provider Heap Overflow http://idp.cyberoam.com/signatures/1080116100.html Motorola Timbuktu Crafted Login Request Buffer Overflow http://idp.cyberoam.com/signatures/1070827110.html SAP MaxDB Remote Arbitrary Commands Execution http://idp.cyberoam.com/signatures/1080109090.html Novell GroupWise Client IMG Tag SRC Parameter Buffer Overflow (Published Exploit) http://idp.cyberoam.com/signatures/1071214060.html HP OpenView Network Node Manager CGI Application Buffer Overflow http://idp.cyberoam.com/signatures/1071206120.html Microsoft Excel Workspace Index Value Memory Corruption http://idp.cyberoam.com/signatures/1070814050.html Microsoft Excel Workspace Index Value Memory Corruption http://idp.cyberoam.com/signatures/1070814051.html Category exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 384/409 ١١٢١٠٢/٤/ Cyberoam Docs 3ivx MPEG-4 MP4 File Handling Stack Overflow http://idp.cyberoam.com/signatures/1071210011.html Adobe Flash Player JPG Embedded SWF Processing Heap Overflow http://idp.cyberoam.com/signatures/1071228040.html Adobe Flash Player JPG Embedded SWF Processing Heap Overflow http://idp.cyberoam.com/signatures/1071228041.html Apple QuickTime Crafted HTTP Error Response Buffer Overflow http://idp.cyberoam.com/signatures/1080110081.html FLAC Project libFLAC Picture Metadata MIME-Type Size Buffer Overflow http://idp.cyberoam.com/signatures/1071121050.html FLAC Project libFLAC Picture Metadata MIME-Type Size Buffer Overflow http://idp.cyberoam.com/signatures/1071121051.html FLAC Project libFLAC Picture Metadata MIME-Type Size Buffer Overflow http://idp.cyberoam.com/signatures/1071121052.html FLAC Project libFLAC Picture Metadata MIME-Type Size Buffer Overflow http://idp.cyberoam.com/signatures/1071121053.html FLAC Project libFLAC Picture Metadata Picture Description Size Buffer overflow http://idp.cyberoam.com/signatures/1071123040.html FLAC Project libFLAC Picture Metadata Picture Description Size Buffer Overflow http://idp.cyberoam.com/signatures/1071123041.html FLAC Project libFLAC Picture Metadata Picture Description Size Buffer Overflow http://idp.cyberoam.com/signatures/1071123042.html FLAC Project libFLAC Picture Metadata Picture Description Size Buffer Overflow http://idp.cyberoam.com/signatures/1071123043.html FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow http://idp.cyberoam.com/signatures/1071120044.html FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow http://idp.cyberoam.com/signatures/1071120045.html FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow http://idp.cyberoam.com/signatures/1071120042.html FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow http://idp.cyberoam.com/signatures/1071120043.html FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow http://idp.cyberoam.com/signatures/1071120040.html FLAC Project libFLAC VORBIS Comment String Size Buffer Overflow http://idp.cyberoam.com/signatures/1071120041.html Macrovision InstallShield Update Service isusweb.dll Remote Buffer Overflow http://idp.cyberoam.com/signatures/1080104042.html Macrovision InstallShield Update Service isusweb.dll Remote Buffer Overflow http://idp.cyberoam.com/signatures/1080104040.html Macrovision InstallShield Update Service isusweb.dll Remote Buffer Overflow http://idp.cyberoam.com/signatures/1080104041.html Macrovision InstallShield Update Service isusweb.dll Remote Buffer Overflow http://idp.cyberoam.com/signatures/1080104043.html Citrix Systems Multiple Products IMA Service Buffer Overflow http://idp.cyberoam.com/signatures/1080117040.html Microsoft Excel rtWindow1 Record Handling Code Execution http://idp.cyberoam.com/signatures/1070710140.html Apple QuickTime Image Descriptor Atom Parsing Memory Corruption http://idp.cyberoam.com/signatures/1080115251.html Apple QuickTime PICT Image Poly Structure Memory Corruption http://idp.cyberoam.com/signatures/1071105192.html Apple QuickTime PICT Image Poly Structure Memory Corruption misc exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit imap misc misc misc docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 385/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1071105193.html Corruption Apple QuickTime PICT Image Poly Structure Memory http://idp.cyberoam.com/signatures/1071105194.html Apple QuickTime PICT Image Poly Structure Memory Corruption http://idp.cyberoam.com/signatures/1071105195.html Apple QuickTime PICT Image Poly Structure Memory Corruption http://idp.cyberoam.com/signatures/1071105196.html ClamAV libclamav MEW PE File Handling Integer Overflow http://idp.cyberoam.com/signatures/1071218100.html ClamAV libclamav MEW PE File Handling Integer Overflow http://idp.cyberoam.com/signatures/1071218101.html HP Software Update Tool ActiveX Control File Overwrite http://idp.cyberoam.com/signatures/1071219270.html HP Software Update Tool ActiveX Control File Overwrite http://idp.cyberoam.com/signatures/1071219271.html Microsoft DirectX SAMI File Parsing Code Execution http://idp.cyberoam.com/signatures/1071211097.html Microsoft DirectX SAMI File Parsing Code Execution http://idp.cyberoam.com/signatures/1071211098.html Microsoft DirectX SAMI File Parsing Code Execution http://idp.cyberoam.com/signatures/1071211099.html Microsoft Excel File Handling Code Execution Vulnerability http://idp.cyberoam.com/signatures/1080116021.html Microsoft Excel File Handling Code Execution Vulnerability http://idp.cyberoam.com/signatures/1080116022.html Microsoft Excel File Handling Code Execution Vulnerability http://idp.cyberoam.com/signatures/1080116023.html Microsoft Excel File Importing Code Execution http://idp.cyberoam.com/signatures/1080311152.html Microsoft Excel Malformed Formula Parsing Code Execution http://idp.cyberoam.com/signatures/1080311180.html Microsoft Excel Malformed Formula Parsing Code Execution http://idp.cyberoam.com/signatures/1080311182.html Microsoft Excel Malformed Formula Parsing Code Execution http://idp.cyberoam.com/signatures/1080311181.html Microsoft Excel Rich Text Handling Code Execution http://idp.cyberoam.com/signatures/1080311190.html Microsoft Excel Rich Text Handling Code Execution http://idp.cyberoam.com/signatures/1080311193.html Microsoft Excel Rich Text Handling Code Execution http://idp.cyberoam.com/signatures/1080311192.html Microsoft Excel Rich Text Handling Code Execution http://idp.cyberoam.com/signatures/1080311194.html Microsoft Excel Rich Text Handling Code Execution http://idp.cyberoam.com/signatures/1080311191.html Microsoft Excel Workbook Workspace Designation Handling Code Execution http://idp.cyberoam.com/signatures/1070710160.html Microsoft Excel Workspace Index Value Memory Corruption http://idp.cyberoam.com/signatures/1070814052.html Microsoft Excel Workspace Index Value Memory Corruption http://idp.cyberoam.com/signatures/1070814053.html Microsoft Excel Workspace Index Value Memory Corruption http://idp.cyberoam.com/signatures/1070814054.html Microsoft Excel Workspace Index Value Memory Corruption http://idp.cyberoam.com/signatures/1070814055.html Microsoft Excel Workspace Index Value Memory Corruption http://idp.cyberoam.com/signatures/1070814056.html MySQL yaSSL SSL Hello Message Buffer Overflow misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc misc dbms docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 386/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1080104151.html MySQL yaSSL SSL Hello Message Buffer Overflow http://idp.cyberoam.com/signatures/1080104150.html Novell Client nwspool.dll EnumPrinters Function Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080211180.html Novell Client nwspool.dll EnumPrinters Function Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080211182.html Novell Client nwspool.dll EnumPrinters Function Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080211181.html Novell Client Print Provider RPC Stack Buffer Overflow http://idp.cyberoam.com/signatures/1070727040.html Novell Client Print Provider RPC Stack Buffer Overflow http://idp.cyberoam.com/signatures/1070727042.html Novell Client Print Provider RPC Stack Buffer Overflow http://idp.cyberoam.com/signatures/1070727041.html Ipswitch IMail SMTP Server Content-Type Header Buffer Overflow (Published Exploit) http://idp.cyberoam.com/signatures/1070921131.html Mercury Mail Transport System SMTP AUTH CRAM-MD5 Buffer Overflow http://idp.cyberoam.com/signatures/1070820020.html Mercury Mail Transport System SMTP AUTH CRAM-MD5 Buffer Overflow http://idp.cyberoam.com/signatures/1070820021.html Mercury Mail Transport System SMTP AUTH CRAM-MD5 Buffer Overflow http://idp.cyberoam.com/signatures/1070820022.html Microsoft Internet Explorer ANIMATEMOTION Properties Assignment Memory Corruption http://idp.cyberoam.com/signatures/1080212130.html Microsoft Internet Explorer ANIMATEMOTION Properties Assignment Memory Corruption http://idp.cyberoam.com/signatures/1080212132.html Microsoft Internet Explorer ANIMATEMOTION Properties Assignment Memory Corruption http://idp.cyberoam.com/signatures/1080212131.html Microsoft Internet Explorer HTML Rendering Memory Corruption http://idp.cyberoam.com/signatures/1080212080.html Microsoft Internet Explorer Image Processing Argument Handling Memory Corruption http://idp.cyberoam.com/signatures/1080212160.html Microsoft Internet Explorer Image Processing Argument Handling Memory Corruption http://idp.cyberoam.com/signatures/1080212161.html Microsoft Internet Explorer Image Processing Argument Handling Memory Corruption http://idp.cyberoam.com/signatures/1080212162.html Microsoft Internet Explorer Image Processing Argument Handling Memory Corruption http://idp.cyberoam.com/signatures/1080212164.html Apache mod_imap and mod_imagemap Module Cross-Site Scripting http://idp.cyberoam.com/signatures/1071212080.html Facebook Photo Uploader ActiveX Control FileMask Method Buffer Overflow http://idp.cyberoam.com/signatures/1080212310.html Facebook Photo Uploader ActiveX Control FileMask Method Buffer Overflow http://idp.cyberoam.com/signatures/1080212311.html Webmail Chat Attempt - Gmail (HTTPS) http://idp.cyberoam.com/signatures/1100738.html smtp dbms netbios netbios netbios netbios netbios netbios smtp smtp smtp web-client web-client web-client web-client web-client web-client web-client web-client web-misc web-misc web-misc cyberoamsignatures 1.3.1.6.67. V 2.4.32 docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 387/409 ١١٢١٠٢/٤/ Release Information Upgrade Applicable on: IPS Signature Database V 2.4.31 Upgrade Information Cyberoam Docs Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure Log on to Web Admin console and go to IPS>Manage IPS page and click “Update” button against IPS Signatures. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.32. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Protection System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 51 Risk level: High Name Category exploit Microsoft Windows Kernel IGMPv3 and MLDv2 Request Processing Code Execution http://idp.cyberoam.com/signatures/1080108060.html IBM Tivoli Storage Manager Express CAD Service Buffer Overflow http://idp.cyberoam.com/signatures/1070920070.html CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows http://idp.cyberoam.com/signatures/1070921176.html CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows http://idp.cyberoam.com/signatures/1070921175.html CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows http://idp.cyberoam.com/signatures/1070921174.html CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows http://idp.cyberoam.com/signatures/1070921173.html CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows http://idp.cyberoam.com/signatures/1070921170.html CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows http://idp.cyberoam.com/signatures/1070921177.html CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows http://idp.cyberoam.com/signatures/1070921178.html CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows http://idp.cyberoam.com/signatures/1070921179.html CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows http://idp.cyberoam.com/signatures/2070921171.html CA ARCserve Backup for Laptops and Desktops LGServer Multiple Buffer Overflows http://idp.cyberoam.com/signatures/2070921170.html CA BrightStor ARCServe Backup LGServer Arbitrary File Upload exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 388/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1070921200.html CA BrightStor ARCServe Backup LGServer Authentication Password Buffer Overflow http://idp.cyberoam.com/signatures/1070921181.html CA BrightStor ARCServe Backup LGServer Authentication Password Buffer Overflow http://idp.cyberoam.com/signatures/1070921180.html CA BrightStor ARCServe Backup LGServer Authentication Username Overflow http://idp.cyberoam.com/signatures/1070921190.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/1071211160.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/1071211165.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/1071211168.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/1071211166.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/1071211169.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/1071211167.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/1071211163.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/1071211161.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/1071211164.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/1071211162.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/2071211160.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/2071211165.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/2071211168.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/2071211166.html Microsoft Windows Message Queuing Service String Buffer Overflow http://idp.cyberoam.com/signatures/2071211169.html Microsoft Windows Kernel ICMP Fragmented Packet Processing Denial of Service http://idp.cyberoam.com/signatures/1080108080.html IBM Lotus Domino IMAP Server Buffer Overflow http://idp.cyberoam.com/signatures/1071023161.html IBM Lotus Domino IMAP Server Buffer Overflow http://idp.cyberoam.com/signatures/1071023160.html IBM Lotus Domino IMAP Server Buffer Overflow http://idp.cyberoam.com/signatures/1071023162.html Ipswitch IMail Server IMAP SEARCH Command Date String Stack Overflow http://idp.cyberoam.com/signatures/1070726150.html Ipswitch IMail Server IMAP SUBSCRIBE Command Stack Buffer Overflow http://idp.cyberoam.com/signatures/1070720060.html Novell Client nwspool.dll EnumPrinters Function Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080211183.html Novell Client nwspool.dll EnumPrinters Function Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080211185.html Novell Client nwspool.dll EnumPrinters Function Stack Buffer Overflow http://idp.cyberoam.com/signatures/1080211184.html exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit exploit network attacks and anomaly imap imap imap imap imap netbios netbios netbios docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 389/409 ١١٢١٠٢/٤/ Cyberoam Docs Novell Client Print Provider RPC Stack Buffer Overflow http://idp.cyberoam.com/signatures/1070727043.html Novell Client Print Provider RPC Stack Buffer Overflow http://idp.cyberoam.com/signatures/1070727045.html Novell Client Print Provider RPC Stack Buffer Overflow http://idp.cyberoam.com/signatures/1070727044.html Oracle Database Server XDB PITRIG TRUNCATE and DROP Procedures SQL Injection http://idp.cyberoam.com/signatures/1080131071.html Oracle Database Server XDB PITRIG TRUNCATE and DROP Procedures SQL Injection http://idp.cyberoam.com/signatures/1080131070.html Oracle Database Server XDB PITRIG_TRUNCATE Procedure Buffer Overflow http://idp.cyberoam.com/signatures/1080129080.html Oracle Database SYS.LT.FINDRICSET SQL Injection http://idp.cyberoam.com/signatures/1071029030.html Oracle Database Server XDB PITRIG_DROPMETADATA Procedure Buffer Overflow http://idp.cyberoam.com/signatures/1071107160.html Ipswitch IMail Server Imailsec.dll Heap Buffer Overflow http://idp.cyberoam.com/signatures/1070720040.html Apple QuickTime RTSP Response Crafted Content-Type Header Buffer Overflow http://idp.cyberoam.com/signatures/1071123130.html Yahoo Messenger 9 File Transfer Attempt http://idp.cyberoam.com/signatures/1100737.html netbios netbios netbios oracle oracle oracle oracle oracle smtp web-misc cyberoamsignatures 1.3.1.6.68. V 2.4.31 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.30 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure Log on to Web Admin console and go to IPS>Manage IPS page and click “Update” button against IPS Signatures. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.31. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Protection System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 11 Risk level: High Name Category Web-misc Microsoft Word Section Table Array Buffer Overflow for Published Exploit http://idp.cyberoam.com/signatures/1070131030.html Microsoft Word mso.dll LsCreateLine Memory Corruption (Published Exploit) Web-misc docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 390/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1060707141.html PNG File Header http://idp.cyberoam.com/signatures/1060613161.html Searching MP4 stream http://idp.cyberoam.com/signatures/1060912120.html WinZip FileView ActiveX Control Request http://idp.cyberoam.com/signatures/1061114181.html WinZip FileView ActiveX Control Unsafe Method Exposure http://idp.cyberoam.com/signatures/1061114182.html WinZip FileView ActiveX Control Unsafe Method Exposure http://idp.cyberoam.com/signatures/1061114180.html Yahoo! Widgets YDP ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1070727010.html Yahoo! Widgets YDP ActiveX Control Buffer Overflow http://idp.cyberoam.com/signatures/1070727011.html LogMeIn Login Attempt http://idp.cyberoam.com/signatures/1100736.html Skype Connection Establish Attempt http://idp.cyberoam.com/signatures/1100735.html Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Cyberoamsignatures Skypesignatures 1.3.1.6.69. V 2.4.30 Release Information Upgrade Applicable on: IPS Signature Database V 2.4.29 Upgrade Information Upgrade type: Autoupgrade for Cyberoam Appliances currently on V 9.5.3 build 22 or above Manual upgrade for Cyberoam Appliances currently on V 9.5.3 build 14 or earlier Manual Upgrade procedure Log on to Web Admin console and go to IPS>Manage IPS page and click “Update” button against IPS Signatures. Compatibility issues: None Introduction This document contains the release notes for IPS Signature Database version 2.4.29. Release includes support for new signatures. The following sections describe the release in details. New Signatures The Cyberoam Intrusion Protection System matches network traffic against patterns contained in attack signatures. Attack signatures reliably protect your network from known attacks. Signatures are developed to significantly increase detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New signatures are added for the following vulnerabilities: Total signatures added: 33 Risk level: High Name Microsoft Excel BIFF5+ Download http://idp.cyberoam.com/signatures/1060706060.html Microsoft Excel BIFF5+ Download http://idp.cyberoam.com/signatures/1060711171.html Microsoft Excel COLINFO Record Buffer Overflow http://idp.cyberoam.com/signatures/1061010112.html Microsoft Excel Embedded Shockwave Flash Object CodeExecution http://idp.cyberoam.com/signatures/1060620092.html Microsoft Excel File Download http://idp.cyberoam.com/signatures/1061010110.html Microsoft Excel File Download Category Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 391/409 ١١٢١٠٢/٤/ Cyberoam Docs http://idp.cyberoam.com/signatures/1061010111.html Microsoft Excel Malformed FNGROUPCOUNT Value Code Execution http://idp.cyberoam.com/signatures/1060711172.html Microsoft Excel Malformed OBJECT Record Code Execution http://idp.cyberoam.com/signatures/1060711162.html Microsoft Office Drawing Record msofbtOPT Code Execution http://idp.cyberoam.com/signatures/1070205010.html Microsoft Office Drawing Record msofbtOPT Code Execution http://idp.cyberoam.com/signatures/1070205011.html Microsoft PowerPoint PPT Document Parsing Code Execution http://idp.cyberoam.com/signatures/1061012050.html Microsoft PowerPoint PPT Document Parsing Code Execution http://idp.cyberoam.com/signatures/1061012051.html Microsoft PowerPoint PPT Document Parsing Code Execution http://idp.cyberoam.com/signatures/1061012052.html Microsoft Visual Studio Crystal Reports RPT File Handling Code Execution http://idp.cyberoam.com/signatures/1070911100.html Microsoft Visual Studio Crystal Reports RPT File Handling Code Execution http://idp.cyberoam.com/signatures/1070911101.html Microsoft Visual Studio WMI Object Broker ActiveX Control Code Execution for Published Exploits http://idp.cyberoam.com/signatures/1061101010.html Microsoft Visual Studio WMI Object Broker ActiveX Control Code Execution for Published Exploits http://idp.cyberoam.com/signatures/1061101011.html Microsoft Windows ActiveX Control hxvz.dll Memory Corruption http://idp.cyberoam.com/signatures/1080408100.html Microsoft Windows ActiveX Control hxvz.dll Memory Corruption http://idp.cyberoam.com/signatures/1080408101.html Microsoft Windows Crafted Animated Cursor Handling Buffer Overflow http://idp.cyberoam.com/signatures/1070329020.html Microsoft Windows Explorer Invalid URL File Parsing Stack Overflow http://idp.cyberoam.com/signatures/1060705081.html Microsoft Windows GDI EMF Image File Handling Stack Overflow http://idp.cyberoam.com/signatures/1080408150.html Microsoft Windows Scripting Engines Script Encoding Code Execution http://idp.cyberoam.com/signatures/1080408131.html Microsoft Windows Scripting Engines Script Encoding Code Execution http://idp.cyberoam.com/signatures/1080408130.html Microsoft Windows Universal Plug and Play Service Remote Code Execution http://idp.cyberoam.com/signatures/1070410111.html Microsoft Windows Universal Plug and Play Service Remote Code Execution http://idp.cyberoam.com/signatures/1070410110.html Microsoft Word Document Stream Handling Code Execution http://idp.cyberoam.com/signatures/1070214180.html Microsoft Word Formatted Disk Pages Table Memory Corruption http://idp.cyberoam.com/signatures/1061212200.html Microsoft Word Formatted Disk Pages Table Memory Corruption http://idp.cyberoam.com/signatures/1061212201.html Microsoft Word Formatted Disk Pages Table Memory Corruption http://idp.cyberoam.com/signatures/1061212202.html Webmail Chat Attempt – Yahoo http://idp.cyberoam.com/signatures/1100733.html TeamViewer Authentication Attempt http://idp.cyberoam.com/signatures/1100734.html Multi Threaded Download Using HTTP http://idp.cyberoam.com/signatures/1100732.html Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc Web-misc cyberoamsignatures cyberoamsignatures cyberoamsignatures docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 392/409 ١١٢١٠٢/٤/ Cyberoam Docs Renamed Signature Signature ID – 1100681 Old name – Download Accelerator Application_HTTP New name – Multi Threaded Download Using HTTP 1.4. Application Filter Application Database version release summary Version V 4.0.50 V 4.0.49 V 4.0.48 V 4.0.47 Release date 23rd March, 2012 15th March, 2012 02nd March, 2012 28th February, 2012 Upgrade type Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Applicable on version V 4.0.49 V 4.0.48 V 4.0.47 V 4.0.46 For all past Application Filter Release Notes, click here. 1.4.1. Release Note 1.4.1.1. V 4.0.50 Release Information Upgrade Applicable on: Application Filter Database V 4.0.49 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility Annotations: None Introduction This document contains the release notes for Application Filter Database version 4.0.50. The Release includes support for new applications. The following sections describe the release in details. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of one (1) Application Traffic Filters are added for one (1) Application Category mentioned below: Application Traffic Filter Call of Duty Application Category Gaming Changes made in Application Upgrade 4.0.50 A total of three (3) Application Traffic Filters are modified or updated for two (2) Application Category mentioned below: Application Traffic Filter Freegate Geemail Application Category Proxy General Internet docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 393/409 ١١٢١٠٢/٤/ Ultrasurf Cyberoam Docs Proxy 1.4.1.2. V 4.0.49 Release Information Upgrade Applicable on: Application Filter Database V 4.0.48 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility Annotations: None Introduction This document contains the release notes for Application Filter Database version 4.0.49. The Release includes support for new applications. The following sections describe the release in details. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of three (3) Application Traffic Filters are added for two (2) Application Category mentioned below: Application Traffic Filter Join.Me SugarSync UbuntuOne Changes made in Application Upgrade 4.0.49 A total of ten (10) Application Traffic Filters are modified or updated for three (3) Application Category mentioned below: Application Traffic Filter Chikka Web IM Circumventor Connection Attempt Freegate Garena Web Login IM Plus Website JAP MSN2GO Psiphon Proxy Torrent Clients Ultrasurf Application Category IM Proxy Proxy IM IM Proxy IM Proxy P2P Proxy Application Category Remote Access File Transfer File Transfer 1.4.1.3. V 4.0.48 Release Information Upgrade Applicable on: Application Filter Database V 4.0.47 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 394/409 ١١٢١٠٢/٤/ Cyberoam Docs This document contains the release notes for Application Filter Database version 4.0.48. The Release includes support for new applications. The following sections describe the release in details. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of one (1) Application Traffic Filters are added for one (1) Application Category mentioned below: Application Traffic Filter QQ Remote Assistance Changes made in Application Upgrade 4.0.48 A total of seven (7) Application Traffic Filters are modified or updated for five (5) Application Category mentioned below: Application Traffic Filter Fastviewer GaduGadu IM ISL Desktop App NetFlix Psiphon Proxy QQ File Transfer Request QQ Remote Assistance Application Category Remote Access IM Remote Access Streaming Media Proxy File Transfer Remote Access Application Category Remote Access 1.4.1.4. V 4.0.47 Release Information Upgrade Applicable on: Application Filter Database V 4.0.46 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for Application Filter Database version 4.0.47. The Release includes support for new applications. The following sections describe the release in details. The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of one (1) Application Traffic Filters are added for one (1) Application Category mentioned below: Application Traffic Filter Ace2Three Application Category Gaming Changes made in Application Upgrade 4.0.47 A total of seven (7) Application Traffic Filters are modified or updated for three (3) Application Category mentioned below: Application Traffic Filter AIM Messenger Login Attempt Freegate GaduGadu IM Hotspotshied Psiphon Proxy Skype Torrent Clients Application Category IM Proxy IM Proxy Proxy IM P2P docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 395/409 ١١٢١٠٢/٤/ New Application Filter Cyberoam Docs 1.4.1.5. V 4.0.46 Release Information Upgrade Applicable on: Application Filter Database V 4.0.45 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for Application Filter Database version 4.0.46. The Release includes support for new applications. The following sections describe the release in details. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of three (3) Application Traffic Filters are added for three (3) Application Category mentioned below: Application Traffic Filter BBC Video Winny World of Warcraft Application Category Streaming Media P2P Gaming Changes made in Application Upgrade 4.0.46 A total of two (2) Application Traffic Filters are modified or updated for two (2) Application Category mentioned below: Application Traffic Filter Multithread HTTP Download WiFree Application Category File Transfer Proxy 1.4.1.6. Archive Version V 4.0.46 V 4.0.45 V 4.0.44 V 4.0.43 V 4.0.42 V 4.0.41 V 4.0.40 V 4.0.39 V 4.0.38 V 4.0.37 V 4.0.36 V 4.0.35 Release date 25th February, 2012 17th February, 2012 14th February, 2012 01st February, 2012 23rd January, 2012 10th January, 2012 04th January, 2012 23rd December, 2011 14th December, 2011 07th December, 2011 28th November, 2011 23rd November, 2011 Upgrade type Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Applicable on version V 4.0.44 V 4.0.44 V 4.0.43 V 4.0.42 V 4.0.41 V 4.0.40 V 4.0.39 V 4.0.38 V 4.0.37 V 4.0.36 V 4.0.35 V 3.0.36 ( IPS Release Note) docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 396/409 ١١٢١٠٢/٤/ 1.4.1.6.1. V 4.0.45 Cyberoam Docs Release Information Upgrade Applicable on: Application Filter Database V 4.0.44 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for Application Filter Database version 4.0.45. The Release includes support for new applications. The following sections describe the release in details. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of zero (0) Application Traffic Filters are added for zero (0) Application Category mentioned below: Application Traffic Filter Application Category - Changes made in Application Upgrade 4.0.45 A total of eleven (11) Application Traffic Filters are modified or updated for five (5) Application Category mentioned below: Application Traffic Filter Direct Connect Multithread HTTP Download Octoshape Streaming Realmedia Skype Sopcast TeamViewer File Transfer Twitter Message Twitter Pic and Video Upload Twitter Status Update Twitter Website Application Category P2P File Transfer Streaming Media Streaming Media IM Streaming Media File Transfer General Internet General Internet General Internet General Internet 1.4.1.6.2. V 4.0.44 Release Information Upgrade Applicable on: Application Filter Database V 4.0.43 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for Application Filter Database version 4.0.44. The Release includes support for new applications. The following docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 397/409 ١١٢١٠٢/٤/ sections describe the release in details. Cyberoam Docs New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of one (1) Application Traffic Filters are added for one (1) Application Category mentioned below: Application Traffic Filter Web-QQ Application Category General Internet Changes made in Application Upgrade 4.0.44 A total of twenty seven (27) Application Traffic Filters are modified or updated for eight (8) Application Category mentioned below: Application Traffic Filter AIM Messenger Login Attempt Camfrog IM Eyejot Video IM Garena IM Half-Life2 Hyves Mail ICQ2GO imesh Login Attempt IPP Jumblo Mail-ru IM Login Meebo File Transfer Meebo Website NBNS Palringo Login Attempt POP3 QQ Messenger Login Attempt QQ Website Quick Player Realmedia Skype SSH TeamViewer File Transfer WeBuzz Web IM WLM Webchat Yahoo IM Chat Attempt Zoho Login Application Category IM IM IM IM Gaming General Internet IM P2P Internet Protocol VOIP IM File Transfer IM Internet Protocol IM Internet Protocol IM General Internet Streaming Media Streaming Media IM Internet Protocol File Transfer IM IM IM General Internet 1.4.1.6.3. V 4.0.43 Release Information Upgrade Applicable on: Application Filter Database V 4.0.42 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 398/409 ١١٢١٠٢/٤/ Cyberoam Docs This document contains the release notes for Application Filter Database version 4.0.43. The Release includes support for new applications. The following sections describe the release in detail. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of four (4) Application Traffic Filters are added for three (3) Application Category mentioned below: Application Traffic Filter COCSTREAM DOWNLOAD Orange Dialer Storage.To Website Way2SMS MSN Inbox Application Category File Transfer VOIP File Transfer General Internet Changes made in Application Upgrade 4.0.43 A total of nineteen (19) Application Traffic Filters are modified or updated for five (5) Application Category mentioned below: Application Traffic Filter Air Video DNS Digsby ERoom Freegate Friendster Login GMX Login Google Safebrowsing Meebo Website Picasa QQ Messenger Login Attempt Skype Storage.To File Transfer Twitter Limited Access Twitter Message Twitter Status Update Way2SMS Gmail Inbox Way2SMS Yahoo Inbox WiFree Application Category General Internet Internet Protocol IM General Internet Proxy General Internet General Internet General Internet IM General Internet IM IM File Transfer General Internet General Internet General Internet General Internet General Internet Proxy 1.4.1.6.4. V 4.0.42 Release Information Upgrade Applicable on: Application Filter Database V 4.0.41 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for Application Filter Database version 4.0.42. The Release includes support for new applications. The following sections describe the release in detail. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 399/409 ١١٢١٠٢/٤/ Cyberoam Docs New detection parameters are added for the following Applications: A total of one hundred forty seven (147) Application Traffic Filters are added for three (3) Application Category mentioned below: Application Traffic Filter Facebook Messenger Hotmail File Attachment – HTTP Yahoo-Mail File Attachment 3COM-Tsmux ANSA Notify ANSA Trader Arcisdms Ariel1 Ariel2 Ariel3 ASA Aurora-cmgr BH611 Bhevent Bhfhs Bhmds BL-IDM Bnet Cableport-ax CDC Cfdptkt Cisco-FNA Cisco-Sys Cisco-TNA Cloanto-net-1 Corerjd Csi-Sgwp Datex-asn DCP decap DecAuth DECLadebug Direct DIXIE Dpsi dsETOS DSP3270 DTK EMBL-NDT EMFIS-Cntl EMFIS-Data EntrustTime ERPC FATServ FLN-Spx FXP GIST GPPiTNp Gss-Xlicen Hassle HDAP HP Collector HP Managed node Hyper-g IBM-App Application Category IM File Transfer File Transfer Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 400/409 ١١٢١٠٢/٤/ ICAD-el IMSP InBusiness infoseek Ingres-Net IS99c IS99s ISO-tp0 ISO-Tsap-c2 UDP K-Block Kryptolan Legent-1 Legent-2 Link Locus-Con Locus-Map Magenta-Logic MANET McIDAS meta5 MFTP MIT-DOV MortgageWare MPTN nced ncld NDSAUTH NetCP Netware-IP NIP NPP NSIIOPs NSRMP NXEdit ObjCall Onmux Opalis-Robot OPC-job-Start OPC-job-track OpenPort OSB-sd PAWServ PDAP Personal-Link PIP Prm-nm Prm-sm Profile PwdGen QbikGDP RAP Rescap RMT RSH-spx RSVP-tunnel RtspS Scoi2odialog semantix SET Cyberoam Docs Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 401/409 ١١٢١٠٢/٤/ Shrinkwrap Silverplatter SmakyNet Smartsdp smpte SMSP srssend SST StatSrv Subntbcst-TFTP SU-MIT-TG SUPDUP Sur-Meas Swift-rvf Synoptics-Trap Synotics-Broker Synotics-Relay TacNews TD-Replica TD-Service Texar Timbuktu tnETOS UAAC UARPs uis UlistProc UMA Unidata-ldm Vslmp X-bone-ctl Zannet Zserv Cyberoam Docs Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Network Services Changes made in Application Upgrade 4.0.42 A total of twenty eight (28) Application Traffic Filters are modified or updated for seven (7) Application Category mentioned below: Application Traffic Filter Attach Large Files File Transfer Attix5 Dropbox File Sharing e-Snips Facebook Applications Facebook Chat Facebook Games Facebook Games – Bejeweled Facebook Games – CafeWorld Facebook Games – FirmVille Facebook Games – FrontierVille Facebook Games - Mafia Wars Facebook Games - MillionaireCity Facebook Games – MindJolt Facebook Games – PetSociety Facebook Games – Poker Facebook Games – TreasureIsle Facebook Message Facebook Pics Download Facebook Pics Upload Application Category File Transfer File Transfer File Transfer File Transfer General Internet IM Gaming Gaming Gaming Gaming Gaming Gaming Gaming Gaming Gaming Gaming Gaming General Internet General Internet General Internet docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 402/409 ١١٢١٠٢/٤/ Facebook Plugin Facebook Status Update Facebook Video Chat Facebook Video Upload Jumblo Surfing External Proxy Telnet Twitpic Cyberoam Docs General Internet General Internet General Internet General Internet VOIP Proxy Internet Protocol General Internet 1.4.1.6.5. V 4.0.41 Release Information Upgrade Applicable on: Application Filter Database V 4.0.40 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for Application Filter Database version 4.0.41. The Release includes support for new applications. The following sections describe the release in detail. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of six (6) Application Traffic Filters are added for four (4) Application Category mentioned below: Application Traffic Filter AdnstreamTV DeskShare Client Facebook - iPhone Google Chrome Installer Twitter – iPhone yum - Yellowdog Updater Modified Application Category Streaming Media Remote Access IPhone Applications File Transfer IPhone Applications File Transfer Changes made in Application Upgrade 4.0.41 A total of seven (7) Application Traffic Filters are modified or updated for two (2) Application Category mentioned below: Application Traffic Filter Asproxy Proxy Server Psiphon Proxy Simurgh Proxy Skype Surfing External Proxy TOR Ultrasurf Application Category Proxy Proxy Proxy IM Proxy Proxy Proxy 1.4.1.6.6. V 4.0.40 Release Information Upgrade Applicable on: Application Filter Database V 4.0.39 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 403/409 ١١٢١٠٢/٤/ Cyberoam Docs Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for Application Filter Database version 4.0.40. The Release includes support for new applications. The following sections describe the release in detail. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of eight (8) Application Traffic Filters are added for two (2) Application Category mentioned below: Application Traffic Filter 8tracks - iPhone Amazon - iPhone Maps - iPhone Meebo - iPhone Mint - iPhone Psiphon Proxy Saavn - iPhone Simurgh Proxy Application Category IPhone Applications IPhone Applications IPhone Applications IPhone Applications IPhone Applications Proxy IPhone Applications Proxy Changes made in Application Upgrade 4.0.40 A total of fifty nine (59) Application Traffic Filters are modified or updated for ten (10) Application Category mentioned below: Application Traffic Filter AIM App – Android Air Video Android Free Movies Android Market Bypass Register eBay Ebuddy Engadget Eroom ESPN Score Center Freenet Fring Genesys Google Location Google Safebrowsing Google Wave Gtalk Android HOS Proxy HTTPort Proxy ICQ IMDB IP Messenger File Transfer Kproxy Connection Attempt Linkedin LinkedIN Mail Compose Live Meeting Live Meeting Voip Application Category Android Applications General Internet Android Applications Android Applications Internet Protocol Android Applications Android Applications Android Applications General Internet Android Applications P2P Android Applications General Internet General Internet General Internet General Internet Android Applications Proxy Proxy Android Applications Android Applications File Transfer Proxy Android Applications General Internet Remote Access VOIP docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 404/409 ١١٢١٠٢/٤/ Livedoor Login Mail Ru WebAgent Mail Ru Website MSN Toolbar NateMail Website Nateon Proxy Netease Mail Website NetOP Ondemand Never Mail Website OpenWebmail Login Optimum Mail Website Plugoo Widget Propel Internet Accelerator RenRen IM Sina UC IM TeamViewer File Transfer Techinline Timbuktu Chat Timbuktu Exchange Timbuktu File Transfer Timbuktu Remote Tru Phone Ustream.TV Streaming Vimeo Vtunnel Vyew WinMX P2P Youtube Videos Yugma Zedge Zelune Proxy Zoho Meeting Cyberoam Docs General Internet General Internet General Internet General Internet General Internet Proxy General Internet Proxy General Internet General Internet General Internet General Internet General Internet IM IM File Transfer Remote Access IM General Internet File Transfer Remote Access Android Applications Streaming Media Streaming Media Proxy Remote Access P2P Streaming Media Remote Access Android Applications Proxy Remote Access 1.4.1.6.7. V 4.0.39 Release Information Upgrade Applicable on: Application Filter Database V 4.0.38 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for Application Filter Database version 4.0.39. The Release includes support for new applications. The following sections describe the release in details. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of one (1) Application Traffic Filters are added for one (1) Application Category mentioned below: Application Traffic Filter Application Category docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 405/409 ١١٢١٠٢/٤/ CyberGhost VPN Cyberoam Docs Proxy Changes made in Application Upgrade 4.0.38 A total of nineteen (19) Application Traffic Filters are modified or updated for five (5) Application Category mentioned below: Application Traffic Filter Freegate Google Plus Chat Gtalk File Transfer JAP TOR Torrent Clients Ultrasurf Webmail Chat Gmail Facebook Games Facebook Games - Mafia Wars Facebook Games - FirmVille Facebook Games - Poker Facebook Games - FrontierVille Facebook Games - CafeWorld Facebook Games - TreasureIsle Facebook Games - PetSociety Facebook Games - MillionaireCity Facebook Games - Bejeweled Facebook Games - MindJolt Application Category Proxy IM File Transfer Proxy Proxy P2P Proxy IM Gaming Gaming Gaming Gaming Gaming Gaming Gaming Gaming Gaming Gaming Gaming 1.4.1.6.8. V 4.0.38 Release Information Upgrade Applicable on: Application Filter Database V 4.0.37 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for Application Filter Database version 4.0.38. The Release includes support for new applications. The following sections describe the release in details. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of four (4) Application Traffic Filters are added for three (3) Application Category mentioned below: Application Traffic Filter Google App Engine TeamViewer File Transfer Google Plus Chat OSCP Application Category General Internet File Transfer IM General Internet Changes made in Application Upgrade 4.0.38 A total of eight (8) Application Traffic Filters are modified or updated for three (3) Application Category mentioned below: docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 406/409 ١١٢١٠٢/٤/ Application Traffic Filter Ultrasurf Freegate Skype Middle Surf Proxy SecurityKiss Hotspotshied TOR Torrent Clients Cyberoam Docs Application Category Proxy Proxy IM Proxy Proxy Proxy Proxy P2P 1.4.1.6.9. V 4.0.37 Release Information Upgrade Applicable on: Application Filter Database V 4.0.36 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for Application Filter Database version 4.0.37. The Release includes support for new applications. The following sections describe the release in details. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of zero (0) Application Traffic Filters are added for no Application Category mentioned below: Application Traffic Filter Application Category - Changes made in Application Upgrade 4.0.36 A total of eleven (11) Application Traffic Filters are modified or updated for two (2) Application Category mentioned below: Application Traffic Filter TorrentClients FaceBookGamesBejeweled FaceBook GamesCafeWorld FaceBook GamesFirmVille FaceBook GamesFrontierVille FaceBook GamesMafiaWars FaceBook GamesMillionaireCity FaceBook GamesMindJolt FaceBook GamesPetSociety FaceBook GamesPoker FaceBook GamesTreasureIsle Application Category P2P GeneralInternet GeneralInternet GeneralInternet GeneralInternet GeneralInternet GeneralInternet GeneralInternet GeneralInternet GeneralInternet GeneralInternet 1.4.1.6.10. V 4.0.36 Release Information Upgrade Applicable on: Application Filter Database V 4.0.35 & Appliance Firmware V 10.01.1023 or above. Upgrade Information docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 407/409 ١١٢١٠٢/٤/ Cyberoam Docs Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for Application Filter Database version 4.0.36. The Release includes support for new applications. The following sections describe the release in details. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of two (2) Application Traffic Filters are added for one (1) Application Category mentioned below: Application Traffic Filter Call2Home Jumblo Application Category VOIP VOIP Changes made in Application Upgrade 4.0.36 A total of one (1) Application Traffic Filter are modified or updated for one (1) Application Category mentioned below: Application Traffic Filter Google Plus Website - HTTP Application Category General Internet 1.4.1.6.11. V 4.0.35 Release Information Upgrade Applicable on: IPS Signature Database V 3.0.36 & Appliance Firmware V 10.01.1023 or above. Upgrade Information Upgrade type: Auto upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Manual upgrade for Cyberoam Appliances currently on V 10.01.1023 or above Compatibility issues: None Introduction This document contains the release notes for Application Filter Database version 4.0.35. The Release includes support for new applications. The following sections describe the release in details. New Application Filter The Cyberoam Application Filter matches the Application Traffic with the filtering parameters. Depending on the policy configured for an application, it will be allowed or denied. Application filtering parameters will optimize detection performance and reduce the false alarms. Report false positives at
[email protected] along with the application used. New detection parameters are added for the following Applications: A total of zero (0) Application Traffic Filters are added for zero (0) Application Categories mentioned below: Application Traffic Filter Application Category - Changes made in Application Upgrade 4.0.35 A total of three (3) Application Traffic Filters are modified or updated for one (1) Application Category mentioned below: Application Traffic Filter Freegate Ultrasurf Your-Freedom Application Category Proxy Proxy Proxy docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 408/409 ١١٢١٠٢/٤/ Cyberoam Docs docs.cyberoam.com/print.asp?id=49&Lang=1&SID= 409/409