Updating File Reputation Databases

Before updating the file reputation signature database, do as follows:

• Checking the License Status

  Before updating the file reputation signature database, check the license status based on the sandbox type.

  • Cloud sandbox: depends on the cloud sandbox detection license, ensure that the license for the update service has been purchased and activated.
  • Local sandbox: does not depend on the license.

  To check the license status, perform the following operation:

  1. Run the display license command to check whether the required license has been activated or has expired.

     • If the status of the signature database to be updated is Disabled, activate the license. For details on how to activate the license, see License Management.

     • If the status of the signature database to be updated is Enabled, check whether the license has expired. If yes, purchase the license.

• Checking the Free Space of the CF Card and Memory

  Before updating the file reputation signature database, check whether the free space in the device CF card and memory is sufficient. The following table lists the CF card and memory space required for updating the file reputation signature database.

  Signature Database	CF Card Space	Memory Space
  File reputation signature database	USG6530E: 10 MB or higher Other models: 190 MB or higher	USG6510E/6510E-POE: 30 MB or higher USG6530E: 50 MB or higher USG6515E: 80 MB or higher USG6525E: 80 MB or higher USG6550E/6560E/6580E: 120 MB or higher USG6555E/6565E/6575E-B/6585E/6605E-B: 120 MB or higher USG6615E/6625E: 140 MB or higher USG6610E/6620E: 140 MB or higher USG6635E/6655E: 160 MB or higher USG6630E: 340 MB or higher USG6650E: 340 MB or higher USG6680E: 340 MB or higher USG6712E/6716E: 540 MB or higher

  To check the free space of the root directory, perform the following operations:

  1. In the user view, run the dir command to check the free space of the CF card on the MPU.

     <sysname> dir
     Directory of hda1:/                                                             
                                                                                     
       Idx  Attr     Size(Byte)  Date        Time       FileName                     
         0  -rw-            754  Feb 06 2015 15:35:33   private-data.txt             
         1  -rw-          5,805  Feb 06 2015 15:35:51   cfgfile.zip                  
         2  drw-              -  Feb 06 2015 09:07:58   default-sdb                  
         3  drw-              -  Jul 08 2014 17:02:48   conf                         
                                    ........                                         
        48  -rw-             36  Jan 30 2015 10:28:44   $_patchstate_reboot          
        49  -rw-          1,063  Feb 06 2015 09:13:26   nlog.log                     
        50  -rw-    173,569,921  Feb 04 2015 20:31:10   sup_c30.bin                  
                                                                                     
     1,200,576 KB total (379,168 KB free)                              

  2. In the user view, run the delete command to delete unwanted files from the CF card if the free space is insufficient.

     

     Files are deleted and cannot be restored after the delete command with the /unreserved parameter is executed.

• Checking the Current Update Status

  Signature databases cannot be updated simultaneously. You can update a signature database only after the current update status is idle.

  To check the current update status, perform the following operation:

  1. Run the display update status command to check the update status of the signature database.

     <sysname> display update status
       Current Update Status: Idle.
     

     If Current Update Status is Idle, you can update the desired signature database. Otherwise, repeat the display update status command until Current Update Status changes to Idle, and then update the desired signature database.

• Checking the Signature Database Version

  Check the signature database version to determine whether the signature database needs to be updated.

  To check the signature database version, perform the following operation:

  1. Run the display version file-reputation command to check the signature database version.

     <sysname> display version file-reputation                                           
     FILE Reputation Update Information List:                                        
     ----------------------------------------------------------------                
       Current Version:                                                              
         Signature Database Version    : 2018033000                                  
         Signature Database Size(byte) : 8278653                                     
         Update Time                   : 21:30:38 2017/07/13                         
         Issue Time of the Update File : 05:30:21 2018/03/30                         
                                                                                     
       Backup Version:                                                               
         Signature Database Version    : 2017062202                                  
         Signature Database Size(byte) : 8182143                                     
         Update Time                   : 17:59:39 2017/04/10                         
         Issue Time of the Update File : 16:18:07 2017/06/22                         
     ----------------------------------------------------------------   

The file reputation signature database can be updated in either of the following modes:

• Online update

  If the FW can communicate with the update center (sec.huawei.com) directly over the Internet or through a proxy server, you can update the file reputation signature database in online mode.

  Online update has two ways:

  • Scheduled update

    The FW accesses the update center on a scheduled basis to search for the latest file reputation signature databases. If the new versions of file reputation signature databases are found, the FW downloads the latest file reputation signature database to update the local file reputation signature database at scheduled time. For details about scheduled updating, see Scheduled Update.

  • Immediate update

    After the online file reputation signature database is updated, you can immediately update the local database instead of waiting for the scheduled update.

    The download address and process for manually updating the file reputation signature database is the same as that for the scheduled update. You can manually update the file reputation signature database at any time. For details, see Immediate Update.

• Local update

  When the FW is physically isolated from the Internet and no proxy server is deployed on the intranet, you can update the file reputation signature database locally. For details, see Local Update.

If an exception occurs after a signature database is updated, you can roll back the signature database to the source version. For details, see Version Rollback.

You can roll back to only one version. If you perform version rollbacks repeatedly, the version rollback is implemented between the current version and the rollback version.

The file reputation hotspot database is released by the sec.huawei.com. After the update function of the file reputation hotspot database is enabled, the file reputation information in the cloud can be quickly obtained to block the latest threat files.