Documente Academic
Documente Profesional
Documente Cultură
Appliance 5.5p2
Release Notes for McAfee® Email and Web Security Appliance
Version 5.5
Patch 5.5p2
Copyright © 2010 McAfee, Inc.
All Rights Reserved
Purpose
This release addresses the issues shown in the Resolved issues section below.
Rating
This release addresses critical issues. McAfee strongly recommends implementing this release
at your earliest opportunity.
High
a critical issue which should be addressed as soon as possible, if necessary outside a
planned maintenance schedule.
Medium
an issue which should be addressed at the earliest opportunity, normally as part of a
planned maintenance schedule.
Low
a non-critical issue, advisable to address as part of planned maintenance.
Superseded releases
Hotfix 5.5h533027
Patch 5.5p1
Hotfix 5.5h541662
Actions on installation
At the end of the installation process the following actions will occur automatically:
Resolved issues
Issues list
Feature f_561506
Description:
Feature f_537018
Description:
Severity: High
Feature f_526662
Description:
ISSUE: It is possible to run both McAfee Web Gateway and McAfee Email Gateway
in a blade environment. The management blade was not showing the McAfee Web
Gateway component information which is available on the scanning blades.
RESOLUTION: The management blade has been updated to show the McAfee Web
Gateway information.
Please refer to KnowledgeBase article KB67946 for more information.
Severity: Medium
Feature f_540946
Description:
Feature f_546854
Description:
ISSUE: The user interface allows you to configure SMTP relays to be used when an
email matches a policy. There was an issue with the user interface that
automatically selected the 'Default Relays' when you edited the settings, but did
not explicitly change the selected relay from 'None'. This resulted in emails
matching the selected policy being incorrectly routed or queued with the error '442
no delivery mechanism available'.
RESOLUTION: The User Interface has been corrected to adhere to the user's
selection.
Please refer to KnowledgeBase article KB68868 for more information.
Severity: Medium
Feature f_549755
Description:
Feature f_549978
Description:
ISSUE: The User Interface allows configuration from one appliance to be pushed to
one or more remote appliances. Settings specific to the remote appliance, like
network settings, should not be pushed. The OSPF settings were incorrectly
overwritten on the remote appliance.
RESOLUTION: The configuration push functionality has been updated to handle
OSPF settings correctly.
Please refer to KnowledgeBase article KB68296 for more information.
Severity: Medium
Feature f_552155
Description:
ISSUE: The appliance allows the user to block email senders. However the sender
list was incorrectly validated in the user interface, resulting in the number of
senders being limited to 50.
RESOLUTION: The user interface validation logic has been corrected, now users
will be able to add more than 50 senders to the blocked senders list.
Please refer to KnowledgeBase article KB68867 for more information.
Severity: Medium
Feature f_552640
Description:
ISSUE: With Bounce Address Tag Validation enabled on the appliance, a tagged
SMTP sender address (for example, prvs=0249bac0de=a@b.c) was incorrectly
rejected with a "501 Syntax error - Badly formatted address" response, due to an
erroneous regular expression check.
RESOLUTION: The regular expression check on the sender address causing the
issue has now been corrected.
Please refer to KnowledgeBase article KB68332 for more information.
Severity: Medium
Feature f_553722
Description:
ISSUE: The appliance offers the ability to send Quarantine Digest messages to end
users, allowing them to manage their quarantined emails. If the quaratined emails
contained non-ASCII characters in their subject lines then these were incorrectly
displayed in the digest message.
RESOLUTION: The digest message has been updated to correctly display non-
ASCII subject lines.
Please refer to KnowledgeBase article KB68405 for more information.
Severity: Medium
Feature f_554175
Description:
ISSUE: In some unusual cases the process which invokes the McAfee Agent to do
anti-virus updates could become unresponsive, creating an excessive CPU load and
preventing further updates until the appliance was rebooted. This was due to an
error in freeing resources within the process which calls the McAfee Agent.
RESOLUTION: The process that calls the McAfee Agent has been updated to
prevent the error occurring.
Please refer to KnowledgeBase article KB68354 for more information.
Severity: Medium
Feature f_555298
Description:
ISSUE: When scanning an Email, the appliance offers a preferred transfer encoding
for text in the Advanced section of Content handling in SMTP policies. The option
to "do not encode if the text is already 7-bit" checkbox was not being saved
correctly.
RESOLUTION: The option is now correctly saved.
Please refer to KnowledgeBase article KB68394 for more information.
Severity: Medium
Feature f_557035
Description:
ISSUE: SCM 4.5 offers the ability to export Rule Groups. EWS 5.1 and later offers
the ability to import these exported Rule Groups into the Dictionary section of the
user interface. Due to incorrect validation certain customer created Rule Groups
could not be imported through the user interface.
RESOLUTION: The dictionary import validation has been updated to handle the
problematic Rule Groups.
Please refer to KnowledgeBase article KB68539 for more information.
Severity: Medium
Feature f_557358
Description:
ISSUE: The appliance offers the ability to coach URL categories. The HTTP proxy
was intermittently logging abort signals in the system logs. This was caused by
incorrect handling of multi-byte characters in conjunction with coaching. A
symptom of this was high CPU and memory usage.
RESOLUTION: The HTTP proxy has been updated to handle multi-byte characters
without aborting.
Please refer to KnowledgeBase article KB68248 for more information.
Severity: Medium
Feature f_557632
Description:
ISSUE: It is possible to block spam senders using SPF. When SPF was used with
greylisting, certain sender email addresses could cause a segmentation fault in the
GLS proxy.
RESOLUTION: The underlying SPF library has now been updated to handle all
email addresses correctly.
Please refer to KnowledgeBase article KB68616 for more information.
Severity: Medium
Feature f_558083
Description:
ISSUE: The appliance swap space consumption was not being monitored and some
proxies were incorrectly using too much memory. This could cause an unscheduled
reboot.
RESOLUTION: The appliance now has the ability to monitor and take action on low
swap space by gracefully restarting proxies.
Please refer to KnowledgeBase article KB68683 for more information.
Severity: Medium
Feature f_558328
Description:
ISSUE: The user interface allows the administrator to add terms to a dictionary.
Due to a validation error, it was not possible to use the asterisk wildcard.
RESOLUTION: The user interface has been updated to support the asterisk
wildcard.
Please refer to KnowledgeBase article KB68612 for more information.
Severity: Medium
Feature f_558331
Description:
ISSUE: The McAfee Agent is used to update the anti-virus engine and DATs. It is
possible for the McAfee Agent to fail permanently resulting in failed updates until
the appliance is rebooted.
RESOLUTION: A resiliency monitor now watches the state of the McAfee Agent
updater. If the updater has failed, the monitor will terminate the process and
perform an update directly from the FTP site.
Please refer to KnowledgeBase article KB68605 for more information.
Severity: Medium
Feature f_559825
Description:
ISSUE: The user interface allows configuration from one appliance to be pushed to
one or more remote appliances. Large lists were taking a long time to process and
could cause configuration push failure, with the error "Migration configuration
failed" being displayed.
RESOLUTION: The configuration push functionality has been updated to handle
large lists correctly.
Please refer to KnowledgeBase article KB68755 for more information.
Severity: Medium
Feature f_560814
Description:
Feature f_566370
Description:
ISSUE: The appliance offers the ability to add a disclaimer to each email passing
through it. A multi-line disclaimer was incorrectly being added on one line.
RESOLUTION: The user interface has been updated to correctly parse the
disclaimer text including newlines.
Please refer to KnowledgeBase article KB68969 for more information.
Severity: Medium
Feature f_566595
Description:
ISSUE: The appliance allows the user to scan the content of text within different
file types. Certain PDF files were causing the SMTP proxy to segmentation fault in
the third party content extraction library.
RESOLUTION: The underlying content extraction library has now been updated.
Please refer to KnowledgeBase article KB68750 for more information.
Severity: Medium
Feature f_568276
Description:
ISSUE: The appliance offers the ability to keep a connection active by sending
HTTP keep-alives. The HTTP proxy was incorrectly refusing CONNECT requests
using an existing connection resulting in download failures.
RESOLUTION: The HTTP proxy has been updated to handle keep-alives correctly.
Please refer to KnowledgeBase article KB68804 for more information.
Severity: Medium
Feature f_569141
Description:
ISSUE: If the appliance was connected between two networks in proxy mode then
it incorrectly sent the server side interface's IP address to the client in response to
the FTP PASV command resulting in a data connection failure.
RESOLUTION: The appliance has been updated to send the client side interface's
IP address in response to the client FTP PASV command.
Please refer to KnowledgeBase article KB68877 for more information.
Severity: Medium
Feature f_571787
Description:
ISSUE: The appliance can set policy based on users in Directory Services (for
example Active Directory). When setting up a Domino server, it was not possible to
leave the base Domain Name (DN) empty in the wizard.
RESOLUTION: When configuring a Domino server it is now possible to leave the
base DN field blank.
Please refer to KnowledgeBase article KB69028 for more information.
Severity: Medium
Feature f_541662
Description:
ISSUE: The standard format for syslog messages the appliance generates does not
include all fields consistently in all messages and so is not easily handled by some
analysis products.
RESOLUTION: An optional enhanced format has been added for TCP syslog to
facilitate integration with 3rd party products. The optional format of virus, spam,
content and status have been made consistent across all protocols and events for
syslog.
Please refer to KnowledgeBase article KB69024 for more information.
Previously addressed by 5.5h541662.
Severity: Medium
Feature f_561204
Description:
ISSUE: The appliance setup wizard allows the user to import a previously saved
configuration. In some cases, due to incorrect validation of the imported
configuration, an error occurred and the setup wizard could not be completed.
RESOLUTION: The validation has now been fixed.
Please refer to KnowledgeBase article KB68740 for more information.
Previously addressed by 5.5h541662.
Severity: Medium
Feature f_525833
Description:
ISSUE: It is possible to update the appliance's anti-virus DATs and engine from an
ePO repository. The McAfee Agent that performs the update was unable to update
DATs from an ePO repository when the repository did not contain a valid anti-virus
engine. The workaround was to load the latest anti-virus Engine into the ePO
repository, allowing the McAfee Agent on the appliance to successfully update the
DATs.
RESOLUTION: The McAfee Agent on the appliance has been upgraded to update
the anti-virus DATs whether or not the ePO repository contains an anti-virus
engine.
Please refer to KnowledgeBase article KB67372 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_530304
Description:
ISSUE: The appliance offers the ability to choose a fibre or copper LAN interface
via the user interface under Network settings. Due to incorrect identification of the
hardware, this user interface property was not displayed.
RESOLUTION: The scripts to determine the hardware type have been changed to
correctly identify all platform types.
Please refer to KnowledgeBase article KB67349 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_530306
Description:
ISSUE: The appliance allows users to access FTP URI's. If the URI contained a
special character, then the access would fail.
RESOLUTION: The URI's are now held using hex encoding for special characters.
Please refer to KnowledgeBase article KB67276 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_530324
Description:
ISSUE: The appliance can report to syslog. In transparent bridge mode, the mail
size was always logged as '0' in the syslog report.
RESOLUTION: The mail size is now stored correctly and output to the syslog
report.
Please refer to KnowledgeBase article KB67331 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_530354
Description:
ISSUE: The appliance can block emails due to Denied Routing characters in the
email addresses. These were not reported in the dashboard or the scheduled
reports.
RESOLUTION: The dashboard and scheduled reports have been updated to include
the emails blocked by denied routing characters.
Please refer to KnowledgeBase article KB67397 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_531993
Description:
ISSUE: On the blade systems when default routes were modified, it caused a full
restart.
RESOLUTION: The configuration scripts have now been updated to handle default
routes correctly without a full restart.
Please refer to KnowledgeBase article KB67839 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_536024
Description:
ISSUE: In proxy mode, the appliance can redirect and perform URL lookups on
HTTPS requests. When a custom port was specified in the URL, the appliance
incorrectly directed the request to the default port.
RESOLUTION: This was due to incorrect parsing of the URL, which has now been
updated to correctly obtain the custom port.
Please refer to KnowledgeBase article KB67628 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_536671
Description:
ISSUE: On blade systems after some time many counters on the dashboard could
stop updating.
RESOLUTION: The issue is now resolved
Please refer to KnowledgeBase article KB67258 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_537244
Description:
ISSUE: The appliance can be configured to 'coach' the user when accessing certain
sites. When URL coaching was enabled, the body of a HTTP POST request was
incorrectly replaced. As a result, the user occasionally saw a Gateway Timeout
error page.
RESOLUTION: The HTTP proxy has been updated to correctly handle HTTP POST
requests when used with URL coaching.
Please refer to KnowledgeBase article KB67945 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_539754
Description:
Severity: Medium
Feature f_541313
Description:
ISSUE: One appliance can be used to manage other appliances by pushing its
configuration to a list of others. If a configuration push to one of the others failed,
the failure was logged and the configuration push was stopped for all remaining
appliances in the list.
RESOLUTION: The configuration push has been enhanced to attempt to push to all
appliances in the list. All errors are reported on completion, and any failed
appliances will remain selected.
Please refer to KnowledgeBase article KB67925 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_541663
Description:
ISSUE: One appliance can be used to manage other appliances by pushing its
configuration to a series of other appliances. Pushing configuration between
different hardware platforms would result in the remote appliance doing a full level
restart.
RESOLUTION: The restart was caused by platform specific network settings, which
have now been removed from the configuration push.
Please refer to KnowledgeBase article KB67924 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_542190
Description:
ISSUE: For an appliance managed using a USB Out of Band Management (OOB)
interface coupled with SNMP monitoring, the data supplied by SNMP was
intermittent.
RESOLUTION: The intermittent data was caused by the SNMP agent hanging when
it queried the network status of the USB network device. This was due to an issue
in the pegasus driver. The SNMP agent has been updated so that it does not query
the USB network device status.
Please refer to KnowledgeBase article KB67646 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_543863
Description:
Severity: Medium
Feature f_543885
Description:
ISSUE: When a file contained protected or encrypted content that could not be
scanned, the syslog message would erroneously report that the file was removed.
RESOLUTION: Syslog messages now report the events correctly.
Please refer to KnowledgeBase article KB67823 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_545738
Description:
ISSUE: The appliance allows you to create sub policies for email scanning. Whilst
creating policies, you can choose to match one or all of the conditions. The user
interface incorrectly prevented you from adding a policy set to match all conditions
with more than one email group.
RESOLUTION: The user interface has been updated to allow creation of policies
matching all conditions with more than one email group.
Please refer to KnowledgeBase article KB68064 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_547237
Description:
Severity: Medium
Feature f_547518
Description:
ISSUE: The appliance offers the ability to send and receive Email over TLS. When
an appliance in proxy mode was configured to use TLS "always", the TLS
negotiation failed. The workaround was to configure the appliance to have TLS
connections set to "when available".
RESOLUTION: The SMTP proxy has been updated to negotiate the TLS connection
correctly.
Please refer to KnowledgeBase article KB68077 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_547875
Description:
Severity: Medium
Feature f_548167
Description:
ISSUE: The policy presets in the appliance can be based on different attributes. An
issue with the user interface prevented the requested URL or URL group from
being selected as an HTTP preset criterion.
RESOLUTION: The user interface has been updated to allow the requested URL
and URL group to be used as a selection criteria for HTTP protocol presets.
Please refer to KnowledgeBase article KB68169 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_548478
Description:
ISSUE: It is possible to export the email addresses in the recipient check list to a
file. If this list was in a protocol preset, the exported file was empty.
RESOLUTION: The exported file has now been updated to contain both the default
and protocol preset lists.
Please refer to KnowledgeBase article KB68155 for more information.
Previously addressed by 5.5p1.
Severity: Medium
Feature f_549905
Description:
Severity: Medium
Feature f_536141
Description:
ISSUE: When Enhanced URL filtering was enabled the /wk disk partition filled up
over time because temporary update files were not removed after use.
RESOLUTION: The temporary files are now correctly managed.
Please refer to KnowledgeBase article KB67726 for more information.
Previously addressed by 5.5h533027, 5.5p1.
Severity: Medium
Feature f_532696
Description:
Feature f_533804
Description:
Feature f_546468
Description:
ISSUE: Trying to mount the CD-ROM from the appliance console returned errors
due to the necessary kernel modules not being loaded.
RESOLUTION: Each appliance platform now includes all of the necessary kernel
modules to mount the primary CD-ROM.
Please refer to KnowledgeBase article KB68050 for more information.
Severity: Low
Feature f_548882
Description:
ISSUE: The appliance supports MQM for off-box quarantine. Users and
administrators can set blacklists and whitelists on MQM for anti-spam scanning.
The blacklists and whitelists were being triggered intermittently. A workaround was
to modify the health monitor settings on the LDAP database.
RESOLUTION: The health monitor has been updated to allow previous LDAP
services to stop before starting the new service.
Please refer to KnowledgeBase article KB68195 for more information.
Severity: Low
Feature f_551817
Description:
ISSUE: On the Email/Web reporting page when rendered with the German locale,
the date control within the filter criteria side pane, on the right hand side, was
inoperable; because the control extended outside the page boundary.
RESOLUTION: The width of the side pane has been increased to accommodate the
extra space required for German localisation. This ensures the date control does
not extend beyond the boundary of the page, and so makes it accessible.
Please refer to KnowledgeBase article KB68395 for more information.
Severity: Low
Feature f_552666
Description:
ISSUE: The appliance offers a Sender Policy Framework (SPF) check as part of the
Sender Authentication functionality. The underlying SPF library was incorrectly
treating DNS replies in a case sensitive manner, resulting in validation failures.
RESOLUTION: The SPF library has been updated to use case insensitive checks.
Please refer to KnowledgeBase article KB68257 for more information.
Severity: Low
Feature f_552669
Description:
ISSUE: The appliance offers the ability to configure download status pages for the
HTTP and FTP protocols. For FTP over HTTP, the proxy was incorrectly looking for
the content length of the file before offering the download status page to the end
user.
RESOLUTION: The proxy has been updated to provide the download status page
regardless of content length.
Please refer to KnowledgeBase article KB68290 for more information.
Severity: Low
Feature f_555091
Description:
ISSUE: In the queued email page it was possible to see a mismatch between the
reported count of items and the number of items that were actually displayed. This
was due to an incorrect database query for multiple recipients.
RESOLUTION: The database query has now been updated to handle multiple
recipients.
Please refer to KnowledgeBase article KB68392 for more information.
Severity: Low
Feature f_555498
Description:
Feature f_555607
Description:
ISSUE: The appliance offers a Sender Policy Framework (SPF) check as part of the
Sender Authentication functionality. The underlying SPF library was incorrectly
treating DNS replies in a case sensitive manner, resulting in validation failures.
RESOLUTION: The SPF library has been updated to use case insensitive checks.
Please refer to KnowledgeBase article KB68257 for more information.
Severity: Low
Feature f_555615
Description:
ISSUE: When MQM is used to quarantine items from an EWS appliance with the
operational language being Japanese, certain fields in the MQM user interface, like
virus name or file name, were garbled.
RESOLUTION: An encoding error causing the problem has now been rectified.
Please refer to KnowledgeBase article KB67386 for more information.
Severity: Low
Feature f_555777
Description:
ISSUE: The user interface provides checkboxes to control the generation of certain
events. Logging configuration for subgroups like anti-virus, anti-spam, and URL-
filtering was parsed incorrectly from the configuration files. As a result the
corresponding event checkboxes in the user interface were not effective.
RESOLUTION: The logging configuration files are now parsed correctly.
Please refer to KnowledgeBase article KB68234 for more information.
Severity: Low
Feature f_557883
Description:
ISSUE: The user interface allows the administrator to change the context that the
dictionary applies to, for example from 'Everything' to 'Email body'. These changes
were not being saved.
RESOLUTION: The user interface has been updated and these changes are now
correctly saved.
Please refer to KnowledgeBase article KB68574 for more information.
Severity: Low
Feature f_560039
Description:
ISSUE: The anti-spam scanner setting in policies allows the user to edit blacklists
and whitelists. Certain characters caused the user interface to become uneditable.
RESOLUTION: The user interface has been updated to handle all characters.
Please refer to KnowledgeBase article KB68617 for more information.
Severity: Low
Feature f_560334
Description:
ISSUE: The user can add content scanning dictionaries with their own custom
terms and regular expressions. The user interface was incorrectly permitting scores
to be added to complex terms or within dictionaries containing complex terms. This
caused such dictionaries to be greyed out.
RESOLUTION: The user interface no longer permits scores to be added to complex
terms.
Please refer to KnowledgeBase article KB68601 for more information.
Severity: Low
Feature f_560370
Description:
ISSUE: The appliance offers the ability to set up directory services. The Email
Security Appliance was incorrectly displaying a web authentication warning in the
status window, when editing directory services.
RESOLUTION: Web authentication checks have been removed from the Email
Security Appliance.
Please refer to KnowledgeBase article KB68896 for more information.
Severity: Low
Feature f_561508
Description:
Feature f_563744
Description:
Feature f_564048
Description:
ISSUE: HTTP offers the ability to display a comfort page to the user to show the
status when downloading large files. When the comfort display was triggered while
a file was being scanned, the download occurred successfully, but an abort would
sometimes be logged to the messages file.
RESOLUTION: Comfort page downloads starting during the scanning of a file are
now handled correctly.
Please refer to KnowledgeBase article KB68643 for more information.
Severity: Low
Feature f_564894
Description:
ISSUE: Drill down reporting offers the ability to filter based on many criteria. An
error occurred when running an email drill down report with a filter set on 'sender'
when the filter term contained single quotes or when the user was using the
French locale. This was caused by incorrectly escaped characters being passed to
the browser.
RESOLUTION: Drill down reporting has been updated to correctly escape all
characters.
Please refer to KnowledgeBase article KB69023 for more information.
Severity: Low
Feature f_567389
Description:
ISSUE: Drill down reporting offers the option to show or hide selected columns.
This was only working for one set of column changes.
RESOLUTION: The user interface has been updated to correctly show/hide
columns.
Please refer to KnowledgeBase article KB68958 for more information.
Severity: Low
Feature f_567593
Description:
ISSUE: The user interface allows the administrator to change the context that the
dictionary applies to and the terms within the dictionary. When viewing dictionaries
covering several pages after changing, the user interface displayed the dictionary
numbering incorrectly (for example 6 of 20 instead of 16 of 20).
RESOLUTION: The user interface has been updated to show the correct dictionary
numbering.
Please refer to KnowledgeBase article KB68782 for more information.
Severity: Low
Feature f_567880
Description:
Feature f_567883
Description:
ISSUE: In proxy mode the SMTP protocol delivers either by local domains or by
DNS and fallback relays. If an email was queued and then delivered using a
fallback relay, under certain circumstances it was possible that a subsequent email
(which had fallback relay as part of its delivery mechanism) could be delivered to
the fallback relay without first checking whether there was a valid DNS delivery
mechanism.
RESOLUTION: The delivery process has been updated to check delivery modes in
the correct order.
Please refer to KnowledgeBase article KB67786 for more information.
Severity: Low
Feature f_567970
Description:
Feature f_567972
Description:
Feature f_568269
Description:
Feature f_572028
Description:
ISSUE: The appliance offers the ability to monitor SMTP conversations and close
connections based on defined timeouts. These timeouts were incorrectly closing
the connection too soon.
RESOLUTION: The SMTP proxy code has been updated to use the correct timeouts.
Please refer to KnowledgeBase article KB68959 for more information.
Severity: Low
Feature f_572378
Description:
ISSUE: The drill down reporting section in the user interface had the incorrect title
of 'Email Interactive Reporting' for the Web and System reports.
RESOLUTION: The titles have been updated to identify the correct report.
Please refer to KnowledgeBase article KB68957 for more information.
Severity: Low
Feature f_526067
Description:
ISSUE: The management blade shows a summary table of each blade and its
status. If scanning blades were rebooted, it was possible to get an 'unknown' MAC
address in the summary table caused by blade table entries with duplicate host
names.
RESOLUTION: The summary table has been updated to support multiple identical
host names, resulting in the correct MAC address resolution in the user interface.
Please refer to KnowledgeBase article KB68049 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_530309
Description:
ISSUE: The appliance offers HTTP URL filtering. The administrator can customize
the alert pages when a URL filtering detection occurs. If the display name within
the alert included non-English characters, the alert was shown incorrectly.
RESOLUTION: The display name is now stored in a format such that it can be
displayed correctly.
Please refer to KnowledgeBase article KB67369 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_530318
Description:
Severity: Low
Feature f_530339
Description:
ISSUE: If the HTTP response did not contain a header, the appliance dropped the
connection with an error message "Failure to parse response header."
RESOLUTION: The appliance now handles HTTP responses without headers.
Please refer to KnowledgeBase article KB66250 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_530345
Description:
Severity: Low
Feature f_530347
Description:
ISSUE: The SMTP Permit Recipient detections were not being displayed in the
Email Status view report, although they were displayed in the Detail View reports.
RESOLUTION: The status view report has been updated to include the permitted
recipients.
Please refer to KnowledgeBase article KB67387 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_530349
Description:
ISSUE: It is possible to generate system notification alert emails. The appliance did
not support multi-byte characters in the subject line.
RESOLUTION: The notification subject has now been enhanced to support multi-
byte characters.
Please refer to KnowledgeBase article KB67368 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_530825
Description:
ISSUE: The number of URL filtering categories listed on the web Scanning Policies
page could be wrong because other categories like SiteAdvisor and black &
whitelist were being included.
RESOLUTION: Only enhanced URL categories will be listed under URL filtering.
Please refer to KnowledgeBase article KB66931 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_533470
Description:
ISSUE: Default proxy servers may be defined for updates by FTP and HTTP. For
anti-spam streaming update when proxy configuration was enabled, the appliance
was using the FTP proxy instead of the HTTP proxy.
RESOLUTION: The appliance now uses the HTTP proxy for anti-spam streaming
update when proxy configuration is enabled.
Please refer to KnowledgeBase article KB67917 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_535623
Description:
ISSUE: The user interface provides listing of the deferred and quarantine databases
by recipient. The lists showed separate entries for the same recipient as email
addresses were incorrectly being treated as case-sensitive.
RESOLUTION: Recipient address will now be converted to lower case on reading
from the database, so the lists will show only one entry for each recipient.
Please refer to KnowledgeBase article KB67794 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_537800
Description:
ISSUE: It was not possible to generate a Minimum Escalation Report (MER) output
that exceeded 4 Gigabytes. The user saw an error message about file size on the
user interface.
RESOLUTION: This error was caused by the zip utility, which has now been
updated to use the Zip64 extension, supporting zip archives greater than 4
Gigabytes.
Please refer to KnowledgeBase article KB67974 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_540332
Description:
ISSUE: The appliance allows the user to set actions based on the spam score for
the anti-spam scanner. However, if that score was negative, the action did not
trigger.
RESOLUTION: The anti-spam scanner has been updated to take action on all score
ranges.
Please refer to KnowledgeBase article KB67918 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_541363
Description:
Severity: Low
Feature f_543862
Description:
ISSUE: The appliance dashboard shows the policy names for each protocol. When
more than one browser accessed the appliance user interface at the same time,
policy names containing multi-byte characters would appear garbled.
RESOLUTION: This was due to the policy names being incorrectly encoded in
transmission between the browser and the appliance. They are now correctly
encoded in UTF-8.
Please refer to KnowledgeBase article KB67979 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_543865
Description:
ISSUE: The appliance reports the status of all email that it processes. If an email
scanning policy contained both the action to add a spam score indicator and to add
a disclaimer, the email was not reported.
RESOLUTION: This combination of scanning was incorrectly handled for reporting.
Reporting has been corrected for all scanner combinations.
Please refer to KnowledgeBase article KB67943 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_543872
Description:
ISSUE: The appliance supports MQM for off-box quarantine. MQM users and
administrators can set black and white lists for anti-spam scanning, and can also
define aliases for email addresses. The appliance did not support MQM email
address aliases as equivalent for black and whitelist processing.
RESOLUTION: The appliance has been enhanced to support the email address
aliases from MQM.
Please refer to KnowledgeBase article KB68255 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_543873
Description:
ISSUE: For FTP, it is possible to define a handoff host. This setting was not being
used by the FTP proxy.
RESOLUTION: The FTP proxy has been updated to use the handoff host.
Please refer to KnowledgeBase article KB67787 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_543875
Description:
Severity: Low
Feature f_543880
Description:
Severity: Low
Feature f_543881
Description:
Severity: Low
Feature f_543882
Description:
ISSUE: The appliance can log events via Email, syslog and SNMP. The logging did
not provide enough detail of configuration change events.
RESOLUTION: A Configuration event "Finished applying new configuration" with
event id 220010 is now available for SNMP and syslog. The reporting database
view "config_change_view" is available for remote database access. Configuration
modification date, time, administrator name and source IP address fields are
provided.
Please refer to KnowledgeBase article KB68254 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_546882
Description:
ISSUE: When the appliance is unable to deliver an email, it will return a Non-
Delivery Report (NDR) to the sender. If failure was because the appliance could not
connect to the onward Mail Transport Agent (MTA), the NDR incorrectly contained
the onward MTA address of 0.0.0.0.
RESOLUTION: The appliance now generates the correct NDR containing the
onward MTA address.
Please refer to KnowledgeBase article KB68080 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_547487
Description:
Severity: Low
Feature f_548166
Description:
ISSUE: Support for the "Blacklisted" and "Whitelisted" categories has been
removed from Enhanced URL Filtering because these can interfere with Primary
URL Filtering. However, it is possible to import categorized URLs from an earlier
version of the product and URLs categorized as "Blacklisted" or "Whitelisted" will be
accepted. It is still not possible to mark other URLs as "Blacklisted" or
"Whitelisted".
RESOLUTION: When importing categorized URLs into Enhanced URL Filtering, any
URLs marked as "Blacklisted" or "Whitelisted" will be ignored. However, import and
export support has been added to Primary URL Filtering. The import operation will
accept enhanced filtering categorized URLs and will add "Blacklisted" and
"Whitelisted" URLs to the appropriate lists in primary filtering while ignoring other
categories.
Please refer to KnowledgeBase article KB67810 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_548171
Description:
Severity: Low
Feature f_548418
Description:
ISSUE: The appliance can use proxy settings for doing its anti-spam streaming
updates. The proxy settings were not being applied on the scanning blades of a
blade system because the update service was not automatically restarted. A
workaround was to manually start the update service.
RESOLUTION: The anti-spam streaming updater is now restarted on the scanning
blades when proxy settings are configured.
Please refer to KnowledgeBase article KB68142 for more information.
Previously addressed by 5.5p1.
Severity: Low
Feature f_548572
Description:
Severity: Low
Feature f_533027
Description:
ISSUE: When a version 5.1 configuration was restored onto a version 5.5
appliance, a user interface exception sometimes occurred on the Enhanced URL
Filtering Settings page because of an empty reference that was not handled
properly.
RESOLUTION: The empty reference is now handled properly.
Please refer to KnowledgeBase article KB67517 for more information.
Previously addressed by 5.5h533027, 5.5p1.
Severity: Low
5.5p2-1531.122/ftrs/f_527214/blade_prep/5.5p1pre-1531.122/install
5.5p2-1531.122/ftrs/f_527214/blade_prep/5.5p1pre-1531.122/scm_pull_files
5.5p2-1531.122/ftrs/f_527214/blade_prep/5.5p1pre-1531.122/script
5.5p2-1531.122/ftrs/f_527214/postscript
5.5p2-1531.122/ftrs/f_527214/prescript
5.5p2-1531.122/ftrs/f_536141/postscript
5.5p2-1531.122/ftrs/f_536671/postscript
5.5p2-1531.122/ftrs/f_541662/postscript
5.5p2-1531.122/ftrs/f_543872/postscript
5.5p2-1531.122/ftrs/f_543872/prescript
5.5p2-1531.122/ftrs/f_548879/postscript
5.5p2-1531.122/ftrs/f_548879/prescript
5.5p2-1531.122/ftrs/f_567880/prescript
5.5p2-1531.122/rpms/CMA-4.5.0-1316.i386.rpm
5.5p2-1531.122/rpms/bind-9.5.1-201005270904P3.i386.rpm
5.5p2-1531.122/rpms/bind-libs-9.5.1-201005270904P3.i386.rpm
5.5p2-1531.122/rpms/bind-utils-9.5.1-201005270904P3.i386.rpm
5.5p2-1531.122/rpms/bzip2-1.0.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/bzip2-libs-1.0.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/curl-7.19.7-3.i386.rpm
5.5p2-1531.122/rpms/libcurl-7.19.7-3.i386.rpm
5.5p2-1531.122/rpms/libpng-1.2.43-1.mfe1.i386.rpm
5.5p2-1531.122/rpms/libspf-1.0.0-201005270904.i386.rpm
5.5p2-1531.122/rpms/libxml2-2.6.27-150mfe.i586.rpm
5.5p2-1531.122/rpms/libxml2-python-2.6.27-150mfe.i586.rpm
5.5p2-1531.122/rpms/libxml2-utils-2.6.27-150mfe.i586.rpm
5.5p2-1531.122/rpms/libxslt-1.1.20-150mfe.i586.rpm
5.5p2-1531.122/rpms/libxslt-python-1.1.20-150mfe.i586.rpm
5.5p2-1531.122/rpms/libxslt-staticutils-1.1.12-149mfe.i586.rpm
5.5p2-1531.122/rpms/losetup-2.12r-1.i386.rpm
5.5p2-1531.122/rpms/mcafee-eSCM-4.2-5199.i386.rpm
5.5p2-1531.122/rpms/mcafee-eSCM-enginetest-4.2-5199.i386.rpm
5.5p2-1531.122/rpms/mcafee-eSCM-spam-4.2-5199.i386.rpm
5.5p2-1531.122/rpms/mcafee-eSCM-urlfilter-4.2-5199.i386.rpm
5.5p2-1531.122/rpms/mimepp-1.3-5199.i386.rpm
5.5p2-1531.122/rpms/net-snmp-5.3.0.1-201005270904.i386.rpm
5.5p2-1531.122/rpms/net-snmp-utils-5.3.0.1-201005270904.i386.rpm
5.5p2-1531.122/rpms/ntp-4.2.4p2-2ews.i386.rpm
5.5p2-1531.122/rpms/open-vm-tools-2009.03.18-154848x2.6.27.31x8.5.9.scm.i386.rpm
5.5p2-1531.122/rpms/openldap-2.4.10-2.1.i386.rpm
5.5p2-1531.122/rpms/openldap-clients-2.4.10-2.1.i386.rpm
5.5p2-1531.122/rpms/openldap-servers-2.4.10-2.1.i386.rpm
5.5p2-1531.122/rpms/openssl-0.9.8n-1.i386.rpm
5.5p2-1531.122/rpms/webshield-CfgMgr-Converter-MigrationAid-8.5-201005270904_119.i386.rpm
5.5p2-1531.122/rpms/webshield-CfgMgr-Converter-UI-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-CfgMgr-schema-Native-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-UI_backend-8.5-201005270904_102.i386.rpm
5.5p2-1531.122/rpms/webshield-Web_UI-8.5-201005270904_102.i386.rpm
5.5p2-1531.122/rpms/webshield-apache-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-appliance-kernel-2.6.27.31-8.5.9.scm.i386.rpm
5.5p2-1531.122/rpms/webshield-autoupdate-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-base-xmlconfig-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-comp-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-dkim-key-mgmt-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-ePO-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-files-8.5-201005270904_117.i386.rpm
5.5p2-1531.122/rpms/webshield-ftp-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-gls-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-help-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-icap-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-inv-http-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-inv-smtp-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-kernel-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-l10n-8.5-201005270904_122.i386.rpm
5.5p2-1531.122/rpms/webshield-libconfig-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-libsyscfg-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-management-common-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-ncore-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-pop3-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-reports-8.5-201005270904_122.i386.rpm
5.5p2-1531.122/rpms/webshield-retryer-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-siteadvisor-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-smg-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-smtp-retryer-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-snmp-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-swg-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-tqmd-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-tqmd-mgmt-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-trans-auth-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-ts-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-ui-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-urlfilter-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-userbw-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-utils-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-variants-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-webwasher-mgmt-blade-updater-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-webwasher-updater-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/xerces13-1.3-5199.i386.rpm
5.5p2-1531.122/updata/package.xml
validate/filelist.txt
validate/md5sum.txt
validate/validate.txt
validate/version
Additional information
This release was built on 2010-07-29. For information on release dates see the
KnowledgeBase article KB66911.
This release was tested with anti-virus engine version 5400, DATs version 5980 and later.
McAfee strongly recommends that the appliance is always kept up to date with the latest anti-
virus components to achieve the highest possible security.
Installation
Installation requirements
To use this release, you must have the following Email and Web Security software installed on
the appliance you intend to update with this release:
Version 5.5
Installation steps
In the case of a VMware appliance it may be useful to take a snapshot of the appliance before
installing the release.
1. Create a temporary directory on your hard disk, and download the zip file provided by
McAfee to a computer on your network that can access the Email and Web Security
appliance.
2. Open your Internet browser, and browse to the Email and Web Security appliance.
If installing on an appliance cluster the steps must be done on all the appliances in the
cluster, starting with the Failover Management appliance, then the Management
appliance, then the remainder.
3. When prompted, log on to the appliance by typing your username and password.
4. On the navigation bar, select System | Component Management | Package
Installer.
5. Under Manual Package Install, click Update from file. In the Import package
window, click Browse, find the location of the file "EWS-5.5p2-1531.122.zip", click
Open, and then click OK.
A popup window appears displaying the package description and a notice that the
appliance will restart after installation. Click OK to install the package.
Upon completion of the installation the actions noted above will be performed
automatically.
6. Clear the browser cache before logging on to the interface again. If the browser cache is
not cleared, the interface will not behave correctly.
7. After installation, log on to the user interface and click About the appliance to check
that "5.5p2-1531.122" is displayed.
After installation
If you plan to use the EWS-5.5p2-1531.122.zip archive file again, keep it available on
your computer. Otherwise, delete the file after successful installation. If you re-install
your Email and Web Security version 5.5 software, we recommend that you re-install this
release.
To remove this release from your Email and Web Security appliance, you need to reinstall
Email and Web Security Appliance version 5.5. An alternative, for a VMware appliance, is to
revert to a previous snapshot. Please note that all other hotfixes or patches installed on the
appliance would also be removed in the process.
Notices
Copyright
Trademark attributions
License information
License Agreement