Unable to update ProxyAV virus definitions through ProxySG after upgrading to AVOS 3.3

Solutions ID:    KB4358
Version:    3.0
Status:    Published
Published date:    03/31/2011
Updated:    10/17/2013

Problem Description

You may not be able to update your ProxyAV virus definitions through ProxySG after upgrading to AVOS 3.3. This happens when you have protocol detection enabled on your ProxySG running SGOS 5.4.4, 5.5.3 or an earlier version.

This is due to the fix for CVE-2009-3555 - TLS/SSLv3 renegotiation. More information at


1. Upgrade to the latest SGOS 5.4 and 5.5 GA. At the time of writing, they are SGOS and SGOS respectively. If you are using BCAAA, it should be upgraded along to the version that comes with the new SGOS.

2. As a workaround, disable SSL protocol detection with the Content Policy Language (CPL) below :

<Proxy> http.method=CONNECT detect_protocol.ssl(no)

Rate this Page

Please take a moment to complete this form to help us better serve you.

Did this document help answer your question?
If you are finished providing feedback, please click the RATE CONTENT button. Otherwise, please add more detail in the following text box and then click RATE CONTENT.

Your response will be used to improve our document content.

Ask a Question