Hash: SHA1

                         AUSCERT Security Bulletin

  End of life announced for AV engines in Microsoft Forefront and Antigen
                             19 November 2009


        AusCERT Security Bulletin Summary

Product:              Microsoft Forefront
                      Microsoft Antigen
Operating System:     Windows Server 2003
                      Windows Server 2008
Impact/Access:        Reduced Security -- Remote/Unauthenticated
Resolution:           Patch/Upgrade
Member content until: Saturday, December 19 2009


        Microsoft has announced the end of life for the AV engines used by
        its Forefront and Antigen products to occur on December 1st 2009. [1]


        Microsoft has provided the following details regarding Antimalware 
        "The AhnLab, CA, and Sophos engines will be retired on Dec. 1, 2009.  
        After December 1st, customers will not receive any updates for these 
        retired engines. In order to make sure your Antigen and Forefront 
        products continue to scan efficiently and effectively for malware, any 
        customers running the AhnLab, CA, or Sophos engines must DISABLE these 
        engines before Dec. 1, 2009 and select from the new set of five engines  
        Authentium, Kaspersky, Microsoft, Norman, and VirusBuster." [1]
        "SPECIAL NOTE:  Antigen for SharePoint 8.0 and Antigen for Instant 
        Messaging 8.0 customers  In order to gain access to the new engine set 
        and provide optimal protection for your messaging and collaboration 
        environments, please download the Service Pack 1 releases of these 
        products on the MVLS or VLSC site prior to Dec. 1, 2009.  The updates 
        for the new engine set will use a new update infrastructure as of Dec. 
        31, 2009  the Service Pack 1 releases will allow you to continue to 
        receive updates correctly from their new location." [1]
        Microsoft has provided the following information regarding Antispam 
        "The Mail-Filters SpamCure antispam engine will be retired on Dec. 1, 
        2009. Customers using Antigen products for antispam protection must 
        upgrade to the latest service pack releases listed below BEFORE DEC. 
        1, 2009 to maintain their antispam defenses.  This is the only way to 
        gain access to the new Cloudmark engine." [1]


        The vendor has recommended that these retired engines be disabled, and
        that customers select from the new set of five engines for Antigen
        and Forefront. Additionally Antigen users should upgrade to the 
        latest Service Pack releases. [1]


        [1] Microsoft Forefront Server Protection Blog

AusCERT has made every effort to ensure that the information contained
in this document is accurate.  However, the decision to use the information
described is the responsibility of each user or organisation. The decision to
follow or act on information or advice contained in this security bulletin is
the responsibility of each user or organisation, and should be considered in
accordance with your organisation's site policies and procedures. AusCERT
takes no responsibility for consequences which may arise from following or
acting on information or advice contained in this security bulletin.

If you believe that your computer system has been compromised or attacked in 
any way, we encourage you to let us know by completing the secure National IT 
Incident Reporting Form at:


Australian Computer Emergency Response Team
The University of Queensland
Qld 4072

Internet Email: auscert@auscert.org.au
Facsimile:      (07) 3365 7031
Telephone:      (07) 3365 4417 (International: +61 7 3365 4417)
                AusCERT personnel answer during Queensland business hours 
                which are GMT+10:00 (AEST).
                On call after hours for member emergencies only.
Comment: http://www.auscert.org.au/render.html?it=1967