EWS-5 5p2-1531 122 Readme-En - US

McAfee® Email and Web Security
Appliance 5.5p2
Release Notes for McAfee® Email and Web Security Appliance
Version 5.5
Patch 5.5p2
Copyright © 2010 McAfee, Inc.
All Rights Reserved
About this release

Thank you for using our software. This file contains important information about this release.
We strongly recommend that you read the entire document.
About this release

Purpose
Rating
Superseded releases
Actions on installation
Resolved issues
Vulnerabilities (total: 5, new: 5)
High severity issues (total: 2, new: 1)
Medium severity issues (total: 48, new: 23)
Low severity issues (total: 57, new: 29)
Issues list
External components installed by this package
Files included with this release
Additional information
Installation
Installation requirements
Installation steps
After installation
Removing this release
Notices
Copyright
Trademark attributions
License information
License Agreement
Purpose
This release addresses the issues shown in the Resolved issues section below.
Rating
This release addresses critical issues. McAfee strongly recommends implementing this release
at your earliest opportunity.
Severity of issues listed below is based on these definitions:
 High
a critical issue which should be addressed as soon as possible, if necessary outside a
planned maintenance schedule.
 Medium
an issue which should be addressed at the earliest opportunity, normally as part of a
planned maintenance schedule.
 Low
a non-critical issue, advisable to address as part of planned maintenance.
Superseded releases
This release incorporates and supersedes the following earlier releases:
 Hotfix 5.5h533027
 Patch 5.5p1
 Hotfix 5.5h541662
Actions on installation
At the end of the installation process the following actions will occur automatically:
 The user interface will log off.

 The appliance will reboot.
Resolved issues
Vulnerabilities (total: 5, new: 5)
Vulnerabilities newly addressed in this release:

f_561506, f_567880, f_567970, f_567972, f_568269
High severity issues (total: 2, new: 1)
High severity issues newly addressed in this release:

f_561506
High severity fixes included from previous releases:
f_537018
Medium severity issues (total: 48, new: 23)
Medium severity issues newly addressed in this release:

f_526662, f_540946, f_546854, f_549755, f_549978, f_552155, f_552640, f_553722,
f_554175, f_555298, f_557035, f_557358, f_557632, f_558083, f_558328, f_558331,
f_559825, f_560814, f_566370, f_566595, f_568276, f_569141, f_571787
Medium severity fixes included from previous releases:
f_541662, f_561204, f_525833, f_530304, f_530306, f_530324, f_530354, f_531993,
f_536024, f_536671, f_537244, f_539754, f_541313, f_541663, f_542190, f_543863,
f_543885, f_545738, f_547237, f_547518, f_547875, f_548167, f_548478, f_549905,
f_536141
Low severity issues (total: 57, new: 29)

Low severity issues newly addressed in this release:
f_532696, f_533804, f_546468, f_548882, f_551817, f_552666, f_552669, f_555091,
f_555498, f_555607, f_555615, f_555777, f_557883, f_560039, f_560334, f_560370,
f_561508, f_563744, f_564048, f_564894, f_567389, f_567593, f_567880, f_567883,
f_567970, f_567972, f_568269, f_572028, f_572378
Low severity fixes included from previous releases:
f_526067, f_530309, f_530318, f_530339, f_530345, f_530347, f_530349, f_530825,
f_533470, f_535623, f_537800, f_540332, f_541363, f_543862, f_543865, f_543872,
f_543873, f_543875, f_543880, f_543881, f_543882, f_546882, f_547487, f_548166,
f_548171, f_548418, f_548572, f_533027
Issues list
 Feature f_561506
 Description:
ISSUE: Vulnerability CVE-2010-0740 was reported in the openssl used on the

appliance.
RESOLUTION: The openssl package has been updated to address the problem.
Please refer to KnowledgeBase article KB68695 for more information.
 Severity: High
 Description:
ISSUE: Email that contained encrypted or password-protected attachments was

being incorrectly blocked, because the policy settings were not taking effect.
RESOLUTION: The appliance is now correctly applying the policy settings, and
allows encrypted and password-protected attachments through, when configured
to do so.
 Previously addressed by 5.5p1.
 Severity: High
 Description:
ISSUE: It is possible to run both McAfee Web Gateway and McAfee Email Gateway
in a blade environment. The management blade was not showing the McAfee Web
Gateway component information which is available on the scanning blades.
RESOLUTION: The management blade has been updated to show the McAfee Web
Gateway information.
 Severity: Medium
 Description:
ISSUE: Recipient authentication can be enabled against external LDAP databases.

It is possible to synchronize the external database onto the appliance, however
occasionally a timing error caused the appliance database to be in an incorrect
state and the synchronisation failed with a '-7' error message.
RESOLUTION: The LDAP synchronization application has been updated to obtain
the correct data.
 Description:
ISSUE: The user interface allows you to configure SMTP relays to be used when an
email matches a policy. There was an issue with the user interface that
automatically selected the 'Default Relays' when you edited the settings, but did
not explicitly change the selected relay from 'None'. This resulted in emails
matching the selected policy being incorrectly routed or queued with the error '442
no delivery mechanism available'.
RESOLUTION: The User Interface has been corrected to adhere to the user's
selection.
 Description:
ISSUE: The appliance logs events to an internal database. The database is

automatically maintained based on the number and age of events. This could take
several hours and cause delays in reporting.
RESOLUTION: The automatic database maintenance task has been split into
optimized sub-tasks.
 Description:
ISSUE: The User Interface allows configuration from one appliance to be pushed to
one or more remote appliances. Settings specific to the remote appliance, like
network settings, should not be pushed. The OSPF settings were incorrectly
overwritten on the remote appliance.
RESOLUTION: The configuration push functionality has been updated to handle
OSPF settings correctly.
 Description:
ISSUE: The appliance allows the user to block email senders. However the sender
list was incorrectly validated in the user interface, resulting in the number of
senders being limited to 50.
RESOLUTION: The user interface validation logic has been corrected, now users
will be able to add more than 50 senders to the blocked senders list.
 Description:
ISSUE: With Bounce Address Tag Validation enabled on the appliance, a tagged
SMTP sender address (for example, prvs=0249bac0de=a@b.c) was incorrectly
rejected with a "501 Syntax error - Badly formatted address" response, due to an
erroneous regular expression check.
RESOLUTION: The regular expression check on the sender address causing the
issue has now been corrected.
 Description:
ISSUE: The appliance offers the ability to send Quarantine Digest messages to end
users, allowing them to manage their quarantined emails. If the quaratined emails
contained non-ASCII characters in their subject lines then these were incorrectly
displayed in the digest message.
RESOLUTION: The digest message has been updated to correctly display non-
ASCII subject lines.
 Description:
ISSUE: In some unusual cases the process which invokes the McAfee Agent to do
anti-virus updates could become unresponsive, creating an excessive CPU load and
preventing further updates until the appliance was rebooted. This was due to an
error in freeing resources within the process which calls the McAfee Agent.
RESOLUTION: The process that calls the McAfee Agent has been updated to
prevent the error occurring.
 Description:
ISSUE: When scanning an Email, the appliance offers a preferred transfer encoding
for text in the Advanced section of Content handling in SMTP policies. The option
to "do not encode if the text is already 7-bit" checkbox was not being saved
correctly.
RESOLUTION: The option is now correctly saved.
 Description:
ISSUE: SCM 4.5 offers the ability to export Rule Groups. EWS 5.1 and later offers
the ability to import these exported Rule Groups into the Dictionary section of the
user interface. Due to incorrect validation certain customer created Rule Groups
could not be imported through the user interface.
RESOLUTION: The dictionary import validation has been updated to handle the
problematic Rule Groups.
 Description:
ISSUE: The appliance offers the ability to coach URL categories. The HTTP proxy
was intermittently logging abort signals in the system logs. This was caused by
incorrect handling of multi-byte characters in conjunction with coaching. A
symptom of this was high CPU and memory usage.
RESOLUTION: The HTTP proxy has been updated to handle multi-byte characters
without aborting.
 Description:
ISSUE: It is possible to block spam senders using SPF. When SPF was used with
greylisting, certain sender email addresses could cause a segmentation fault in the
GLS proxy.
RESOLUTION: The underlying SPF library has now been updated to handle all
email addresses correctly.
 Description:
ISSUE: The appliance swap space consumption was not being monitored and some
proxies were incorrectly using too much memory. This could cause an unscheduled
reboot.
RESOLUTION: The appliance now has the ability to monitor and take action on low
swap space by gracefully restarting proxies.
 Description:
ISSUE: The user interface allows the administrator to add terms to a dictionary.
Due to a validation error, it was not possible to use the asterisk wildcard.
RESOLUTION: The user interface has been updated to support the asterisk
wildcard.
 Description:
ISSUE: The McAfee Agent is used to update the anti-virus engine and DATs. It is
possible for the McAfee Agent to fail permanently resulting in failed updates until
the appliance is rebooted.
RESOLUTION: A resiliency monitor now watches the state of the McAfee Agent
updater. If the updater has failed, the monitor will terminate the process and
perform an update directly from the FTP site.
 Description:
ISSUE: The user interface allows configuration from one appliance to be pushed to
one or more remote appliances. Large lists were taking a long time to process and
could cause configuration push failure, with the error "Migration configuration
failed" being displayed.
RESOLUTION: The configuration push functionality has been updated to handle
large lists correctly.
 Description:
ISSUE: It is possible to do an ISO install of the appliance software over DRAC4.

This was failing due to the kernel modules not being automatically loaded.
RESOLUTION: The kernel modules are now automatically loaded.
 Description:
ISSUE: The appliance offers the ability to add a disclaimer to each email passing
through it. A multi-line disclaimer was incorrectly being added on one line.
RESOLUTION: The user interface has been updated to correctly parse the
disclaimer text including newlines.
 Description:
ISSUE: The appliance allows the user to scan the content of text within different
file types. Certain PDF files were causing the SMTP proxy to segmentation fault in
the third party content extraction library.
RESOLUTION: The underlying content extraction library has now been updated.
 Description:
ISSUE: The appliance offers the ability to keep a connection active by sending
HTTP keep-alives. The HTTP proxy was incorrectly refusing CONNECT requests
using an existing connection resulting in download failures.
RESOLUTION: The HTTP proxy has been updated to handle keep-alives correctly.
 Description:
ISSUE: If the appliance was connected between two networks in proxy mode then
it incorrectly sent the server side interface's IP address to the client in response to
the FTP PASV command resulting in a data connection failure.
RESOLUTION: The appliance has been updated to send the client side interface's
IP address in response to the client FTP PASV command.
 Description:
ISSUE: The appliance can set policy based on users in Directory Services (for
example Active Directory). When setting up a Domino server, it was not possible to
leave the base Domain Name (DN) empty in the wizard.
RESOLUTION: When configuring a Domino server it is now possible to leave the
base DN field blank.
 Description:
ISSUE: The standard format for syslog messages the appliance generates does not
include all fields consistently in all messages and so is not easily handled by some
analysis products.
RESOLUTION: An optional enhanced format has been added for TCP syslog to
facilitate integration with 3rd party products. The optional format of virus, spam,
content and status have been made consistent across all protocols and events for
syslog.
 Previously addressed by 5.5h541662.
 Description:
ISSUE: The appliance setup wizard allows the user to import a previously saved
configuration. In some cases, due to incorrect validation of the imported
configuration, an error occurred and the setup wizard could not be completed.
RESOLUTION: The validation has now been fixed.
 Previously addressed by 5.5h541662.
 Description:
ISSUE: It is possible to update the appliance's anti-virus DATs and engine from an
ePO repository. The McAfee Agent that performs the update was unable to update
DATs from an ePO repository when the repository did not contain a valid anti-virus
engine. The workaround was to load the latest anti-virus Engine into the ePO
repository, allowing the McAfee Agent on the appliance to successfully update the
DATs.
RESOLUTION: The McAfee Agent on the appliance has been upgraded to update
the anti-virus DATs whether or not the ePO repository contains an anti-virus
engine.
 Description:
ISSUE: The appliance offers the ability to choose a fibre or copper LAN interface
via the user interface under Network settings. Due to incorrect identification of the
hardware, this user interface property was not displayed.
RESOLUTION: The scripts to determine the hardware type have been changed to
correctly identify all platform types.
 Description:
ISSUE: The appliance allows users to access FTP URI's. If the URI contained a
special character, then the access would fail.
RESOLUTION: The URI's are now held using hex encoding for special characters.
 Description:
ISSUE: The appliance can report to syslog. In transparent bridge mode, the mail
size was always logged as '0' in the syslog report.
RESOLUTION: The mail size is now stored correctly and output to the syslog
report.
 Description:
ISSUE: The appliance can block emails due to Denied Routing characters in the
email addresses. These were not reported in the dashboard or the scheduled
reports.
RESOLUTION: The dashboard and scheduled reports have been updated to include
the emails blocked by denied routing characters.
 Description:
ISSUE: On the blade systems when default routes were modified, it caused a full
restart.
RESOLUTION: The configuration scripts have now been updated to handle default
routes correctly without a full restart.
 Description:
ISSUE: In proxy mode, the appliance can redirect and perform URL lookups on
HTTPS requests. When a custom port was specified in the URL, the appliance
incorrectly directed the request to the default port.
RESOLUTION: This was due to incorrect parsing of the URL, which has now been
updated to correctly obtain the custom port.
 Description:
ISSUE: On blade systems after some time many counters on the dashboard could
stop updating.
RESOLUTION: The issue is now resolved
 Description:
ISSUE: The appliance can be configured to 'coach' the user when accessing certain
sites. When URL coaching was enabled, the body of a HTTP POST request was
incorrectly replaced. As a result, the user occasionally saw a Gateway Timeout
error page.
RESOLUTION: The HTTP proxy has been updated to correctly handle HTTP POST
requests when used with URL coaching.
 Description:
ISSUE: When processing an HTTP POST using x-www-form-urlencoded data (as

when a user submits a web form) the proxy could become unresponsive if the data
was malformed (specifically if it had an incomplete % hex encoded character
sequence). If such events were repeated, many unresponsive proxy processes
could accumulate, consuming memory and reducing throughput.
RESOLUTION: Incorrect % hex sequences in urlencoded data (such as "%3q" and
a terminal "%f") are now treated as literal strings and processing continues as
usual.
 Description:
ISSUE: One appliance can be used to manage other appliances by pushing its
configuration to a list of others. If a configuration push to one of the others failed,
the failure was logged and the configuration push was stopped for all remaining
appliances in the list.
RESOLUTION: The configuration push has been enhanced to attempt to push to all
appliances in the list. All errors are reported on completion, and any failed
appliances will remain selected.
 Description:
ISSUE: One appliance can be used to manage other appliances by pushing its
configuration to a series of other appliances. Pushing configuration between
different hardware platforms would result in the remote appliance doing a full level
restart.
RESOLUTION: The restart was caused by platform specific network settings, which
have now been removed from the configuration push.
 Description:
ISSUE: For an appliance managed using a USB Out of Band Management (OOB)
interface coupled with SNMP monitoring, the data supplied by SNMP was
intermittent.
RESOLUTION: The intermittent data was caused by the SNMP agent hanging when
it queried the network status of the USB network device. This was due to an issue
in the pegasus driver. The SNMP agent has been updated so that it does not query
the USB network device status.
 Description:
ISSUE: For reporting purposes, it is possible to define a policy as either 'Inbound'

or 'Outbound'. If a policy matched on the sender's email address, the report
incorrectly showed all email as 'Inbound' regardless of the policy definition.
RESOLUTION: The reporting has now been corrected to report the user defined
direction of 'Inbound' or 'Outbound'.
 Description:
ISSUE: When a file contained protected or encrypted content that could not be
scanned, the syslog message would erroneously report that the file was removed.
RESOLUTION: Syslog messages now report the events correctly.
 Description:
ISSUE: The appliance allows you to create sub policies for email scanning. Whilst
creating policies, you can choose to match one or all of the conditions. The user
interface incorrectly prevented you from adding a policy set to match all conditions
with more than one email group.
RESOLUTION: The user interface has been updated to allow creation of policies
matching all conditions with more than one email group.
 Description:
ISSUE: The appliance may be configured to perform recipient lookups against

remote servers using LDAP. The mail flow was interrupted if the appliance was
configured to perform recipient lookups but no LDAP servers were configured.
RESOLUTION: The SMTP proxy has been updated to not perform a recipient lookup
if no LDAP servers are configured.
 Description:
ISSUE: The appliance offers the ability to send and receive Email over TLS. When
an appliance in proxy mode was configured to use TLS "always", the TLS
negotiation failed. The workaround was to configure the appliance to have TLS
connections set to "when available".
RESOLUTION: The SMTP proxy has been updated to negotiate the TLS connection
correctly.
 Description:
ISSUE: The appliance allows for TrustedSource checks on email to be controlled by

policy. If TrustedSource checks were enabled in the default policy and disabled in a
sub-policy, email that matched the sub-policy was occasionally still checked with
TrustedSource and blocked incorrectly.
RESOLUTION: Policy resolution within the SMTP proxy has been updated to ensure
that TrustedSource checks are made only if the feature is enabled in the policy that
the email matches.
 Description:
ISSUE: The policy presets in the appliance can be based on different attributes. An
issue with the user interface prevented the requested URL or URL group from
being selected as an HTTP preset criterion.
RESOLUTION: The user interface has been updated to allow the requested URL
and URL group to be used as a selection criteria for HTTP protocol presets.
 Description:
ISSUE: It is possible to export the email addresses in the recipient check list to a
file. If this list was in a protocol preset, the exported file was empty.
RESOLUTION: The exported file has now been updated to contain both the default
and protocol preset lists.
 Description:
ISSUE: Occasionally the appliance truncated a legitimate email, due to a buffer-

handling error in the SMTP proxy. This happened only at an end of line within a
message, occurring on a multiple of 74 lines and a multiple of 256Kbytes into the
email message.
RESOLUTION: The proxy code has been corrected, and email will not be truncated.
 Description:
ISSUE: When Enhanced URL filtering was enabled the /wk disk partition filled up
over time because temporary update files were not removed after use.
RESOLUTION: The temporary files are now correctly managed.
 Previously addressed by 5.5h533027, 5.5p1.
 Description:
ISSUE: Incorrect translation in Japanese for Bounce Address Tag Verification

(BATV) Signature Seed
RESOLUTION: Translation corrected.
 Severity: Low
 Description:
ISSUE: Incorrect translation in Japanese of TrustedSource

RESOLUTION: Translation corrected.
 Severity: Low
 Description:
ISSUE: Trying to mount the CD-ROM from the appliance console returned errors
due to the necessary kernel modules not being loaded.
RESOLUTION: Each appliance platform now includes all of the necessary kernel
modules to mount the primary CD-ROM.
 Severity: Low
 Description:
ISSUE: The appliance supports MQM for off-box quarantine. Users and
administrators can set blacklists and whitelists on MQM for anti-spam scanning.
The blacklists and whitelists were being triggered intermittently. A workaround was
to modify the health monitor settings on the LDAP database.
RESOLUTION: The health monitor has been updated to allow previous LDAP
services to stop before starting the new service.
 Severity: Low
 Description:
ISSUE: On the Email/Web reporting page when rendered with the German locale,
the date control within the filter criteria side pane, on the right hand side, was
inoperable; because the control extended outside the page boundary.
RESOLUTION: The width of the side pane has been increased to accommodate the
extra space required for German localisation. This ensures the date control does
not extend beyond the boundary of the page, and so makes it accessible.
 Severity: Low
 Description:
ISSUE: The appliance offers a Sender Policy Framework (SPF) check as part of the
Sender Authentication functionality. The underlying SPF library was incorrectly
treating DNS replies in a case sensitive manner, resulting in validation failures.
RESOLUTION: The SPF library has been updated to use case insensitive checks.
 Severity: Low
 Description:
ISSUE: The appliance offers the ability to configure download status pages for the
HTTP and FTP protocols. For FTP over HTTP, the proxy was incorrectly looking for
the content length of the file before offering the download status page to the end
user.
RESOLUTION: The proxy has been updated to provide the download status page
regardless of content length.
 Severity: Low
 Description:
ISSUE: In the queued email page it was possible to see a mismatch between the
reported count of items and the number of items that were actually displayed. This
was due to an incorrect database query for multiple recipients.
RESOLUTION: The database query has now been updated to handle multiple
recipients.
 Severity: Low
 Description:
ISSUE: It is possible to block spam using TrustedSource. Occasional segmentation

faults occured in the SMTP proxy due to TrustedSource.
RESOLUTION: The underlying TrustedSource library has now been updated.
 Severity: Low
 Description:
ISSUE: The appliance offers a Sender Policy Framework (SPF) check as part of the
Sender Authentication functionality. The underlying SPF library was incorrectly
treating DNS replies in a case sensitive manner, resulting in validation failures.
RESOLUTION: The SPF library has been updated to use case insensitive checks.
 Severity: Low
 Description:
ISSUE: When MQM is used to quarantine items from an EWS appliance with the
operational language being Japanese, certain fields in the MQM user interface, like
virus name or file name, were garbled.
RESOLUTION: An encoding error causing the problem has now been rectified.
 Severity: Low
 Description:
ISSUE: The user interface provides checkboxes to control the generation of certain
events. Logging configuration for subgroups like anti-virus, anti-spam, and URL-
filtering was parsed incorrectly from the configuration files. As a result the
corresponding event checkboxes in the user interface were not effective.
RESOLUTION: The logging configuration files are now parsed correctly.
 Severity: Low
 Description:
ISSUE: The user interface allows the administrator to change the context that the
dictionary applies to, for example from 'Everything' to 'Email body'. These changes
were not being saved.
RESOLUTION: The user interface has been updated and these changes are now
correctly saved.
 Severity: Low
 Description:
ISSUE: The anti-spam scanner setting in policies allows the user to edit blacklists
and whitelists. Certain characters caused the user interface to become uneditable.
RESOLUTION: The user interface has been updated to handle all characters.
 Severity: Low
 Description:
ISSUE: The user can add content scanning dictionaries with their own custom
terms and regular expressions. The user interface was incorrectly permitting scores
to be added to complex terms or within dictionaries containing complex terms. This
caused such dictionaries to be greyed out.
RESOLUTION: The user interface no longer permits scores to be added to complex
terms.
 Severity: Low
 Description:
ISSUE: The appliance offers the ability to set up directory services. The Email
Security Appliance was incorrectly displaying a web authentication warning in the
status window, when editing directory services.
RESOLUTION: Web authentication checks have been removed from the Email
Security Appliance.
 Severity: Low
 Description:
ISSUE: Schedule reports contain "Top internal/external recipients/senders of

blocked or monitored emails" activity sections. These incorrectly showed counts for
all emails, rather than just those blocked or monitored.
RESOLUTION: The report generation has been updated to include only blocked or
monitored emails.
 Severity: Low
 Description:
ISSUE: Attempting to import multiple self-signed CA certificates in a single file led

to errors in the user interface making it appear as though import had failed.
RESOLUTION: Importing multiple CA certificates in a single file no longer results in
errors in the user interface. In addition, the maximum file size for certificate import
has been increased.
 Severity: Low
 Description:
ISSUE: HTTP offers the ability to display a comfort page to the user to show the
status when downloading large files. When the comfort display was triggered while
a file was being scanned, the download occurred successfully, but an abort would
sometimes be logged to the messages file.
RESOLUTION: Comfort page downloads starting during the scanning of a file are
now handled correctly.
 Severity: Low
 Description:
ISSUE: Drill down reporting offers the ability to filter based on many criteria. An
error occurred when running an email drill down report with a filter set on 'sender'
when the filter term contained single quotes or when the user was using the
French locale. This was caused by incorrectly escaped characters being passed to
the browser.
RESOLUTION: Drill down reporting has been updated to correctly escape all
characters.
 Severity: Low
 Description:
ISSUE: Drill down reporting offers the option to show or hide selected columns.
This was only working for one set of column changes.
RESOLUTION: The user interface has been updated to correctly show/hide
columns.
 Severity: Low
 Description:
ISSUE: The user interface allows the administrator to change the context that the
dictionary applies to and the terms within the dictionary. When viewing dictionaries
covering several pages after changing, the user interface displayed the dictionary
numbering incorrectly (for example 6 of 20 instead of 16 of 20).
RESOLUTION: The user interface has been updated to show the correct dictionary
numbering.
 Severity: Low
 Description:
ISSUE: Vulnerabilities CVE-2009-2414 and CVE-2009-2416 were reported in the

XML software used on the appliance.
RESOLUTION: The XML software has been updated to address the issues.
 Severity: Low
 Description:
ISSUE: In proxy mode the SMTP protocol delivers either by local domains or by
DNS and fallback relays. If an email was queued and then delivered using a
fallback relay, under certain circumstances it was possible that a subsequent email
(which had fallback relay as part of its delivery mechanism) could be delivered to
the fallback relay without first checking whether there was a valid DNS delivery
mechanism.
RESOLUTION: The delivery process has been updated to check delivery modes in
the correct order.
 Severity: Low
 Description:
ISSUE: Vulnerability CVE-2008-6218 was reported in the libpng library.

RESOLUTION: The libpng library on the appliance has been updated to address the
vulnerability.
 Severity: Low
 Description:
ISSUE: Vulnerability CVE-2008-1372 was reported in bzip2.

RESOLUTION: The bzip2 software on the appliance has been updated to address
the vulnerability.
 Severity: Low
 Description:
ISSUE: Vulnerability CVE-2008-2292 was reported in the net-snmp library.

RESOLUTION: The net-snmp library on the appliance has been updated to address
the vulnerability.
 Severity: Low
 Description:
ISSUE: The appliance offers the ability to monitor SMTP conversations and close
connections based on defined timeouts. These timeouts were incorrectly closing
the connection too soon.
RESOLUTION: The SMTP proxy code has been updated to use the correct timeouts.
 Severity: Low
 Description:
ISSUE: The drill down reporting section in the user interface had the incorrect title
of 'Email Interactive Reporting' for the Web and System reports.
RESOLUTION: The titles have been updated to identify the correct report.
 Severity: Low
 Description:
ISSUE: The management blade shows a summary table of each blade and its
status. If scanning blades were rebooted, it was possible to get an 'unknown' MAC
address in the summary table caused by blade table entries with duplicate host
names.
RESOLUTION: The summary table has been updated to support multiple identical
host names, resulting in the correct MAC address resolution in the user interface.
 Severity: Low
 Description:
ISSUE: The appliance offers HTTP URL filtering. The administrator can customize
the alert pages when a URL filtering detection occurs. If the display name within
the alert included non-English characters, the alert was shown incorrectly.
RESOLUTION: The display name is now stored in a format such that it can be
displayed correctly.
 Severity: Low
 Description:
ISSUE: It is possible to block recipients using SMTP recipient authentication.

However, legitimate recipients would have been incorrectly blocked if a protocol
preset was used and the default preset was disabled.
RESOLUTION: The SMTP recipient authentication has been updated to correctly
handle protocol presets.
 Severity: Low
 Description:
ISSUE: If the HTTP response did not contain a header, the appliance dropped the
connection with an error message "Failure to parse response header."
RESOLUTION: The appliance now handles HTTP responses without headers.
 Severity: Low
 Description:
ISSUE: It is possible to enable greylisting for SMTP. However, greylisting would

have been incorrectly triggering if a protocol preset was used and the default
preset was disabled.
RESOLUTION: The greylisting has been updated to correctly handle protocol
presets.
 Severity: Low
 Description:
ISSUE: The SMTP Permit Recipient detections were not being displayed in the
Email Status view report, although they were displayed in the Detail View reports.
RESOLUTION: The status view report has been updated to include the permitted
recipients.
 Severity: Low
 Description:
ISSUE: It is possible to generate system notification alert emails. The appliance did
not support multi-byte characters in the subject line.
RESOLUTION: The notification subject has now been enhanced to support multi-
byte characters.
 Severity: Low
 Description:
ISSUE: The number of URL filtering categories listed on the web Scanning Policies
page could be wrong because other categories like SiteAdvisor and black &
whitelist were being included.
RESOLUTION: Only enhanced URL categories will be listed under URL filtering.
 Severity: Low
 Description:
ISSUE: Default proxy servers may be defined for updates by FTP and HTTP. For
anti-spam streaming update when proxy configuration was enabled, the appliance
was using the FTP proxy instead of the HTTP proxy.
RESOLUTION: The appliance now uses the HTTP proxy for anti-spam streaming
update when proxy configuration is enabled.
 Severity: Low
 Description:
ISSUE: The user interface provides listing of the deferred and quarantine databases
by recipient. The lists showed separate entries for the same recipient as email
addresses were incorrectly being treated as case-sensitive.
RESOLUTION: Recipient address will now be converted to lower case on reading
from the database, so the lists will show only one entry for each recipient.
 Severity: Low
 Description:
ISSUE: It was not possible to generate a Minimum Escalation Report (MER) output
that exceeded 4 Gigabytes. The user saw an error message about file size on the
user interface.
RESOLUTION: This error was caused by the zip utility, which has now been
updated to use the Zip64 extension, supporting zip archives greater than 4
Gigabytes.
 Severity: Low
 Description:
ISSUE: The appliance allows the user to set actions based on the spam score for
the anti-spam scanner. However, if that score was negative, the action did not
trigger.
RESOLUTION: The anti-spam scanner has been updated to take action on all score
ranges.
 Severity: Low
 Description:
ISSUE: The appliance generates an alert if it detects a virus. A redundant second

anti-virus scan was being performed on HTML content which could cause a second
anti-virus alert.
RESOLUTION: The appliance now performs a single anti-virus scan of the HTML
content, resulting in a single notification.
 Severity: Low
 Description:
ISSUE: The appliance dashboard shows the policy names for each protocol. When
more than one browser accessed the appliance user interface at the same time,
policy names containing multi-byte characters would appear garbled.
RESOLUTION: This was due to the policy names being incorrectly encoded in
transmission between the browser and the appliance. They are now correctly
encoded in UTF-8.
 Severity: Low
 Description:
ISSUE: The appliance reports the status of all email that it processes. If an email
scanning policy contained both the action to add a spam score indicator and to add
a disclaimer, the email was not reported.
RESOLUTION: This combination of scanning was incorrectly handled for reporting.
Reporting has been corrected for all scanner combinations.
 Severity: Low
 Description:
ISSUE: The appliance supports MQM for off-box quarantine. MQM users and
administrators can set black and white lists for anti-spam scanning, and can also
define aliases for email addresses. The appliance did not support MQM email
address aliases as equivalent for black and whitelist processing.
RESOLUTION: The appliance has been enhanced to support the email address
aliases from MQM.
 Severity: Low
 Description:
ISSUE: For FTP, it is possible to define a handoff host. This setting was not being
used by the FTP proxy.
RESOLUTION: The FTP proxy has been updated to use the handoff host.
 Severity: Low
 Description:
ISSUE: Vulnerability CVE-2009-3563 was reported in the NTP daemon.

RESOLUTION: The NTP daemon on the appliance has been updated to address the
vulnerability.
 Severity: Low
 Description:
ISSUE: It is possible to setup the appliance to generate Email notification alerts.

The subject line can be modified using the %SUBJECT% token. When the subject
used an encoded format such as iso-2022-jp, the %SUBJECT% token was
incorrectly replaced with the encoded version, rather than the plain text subject
line.
RESOLUTION: The %SUBJECT% token is now replaced using the plain text subject
line.
 Severity: Low
 Description:
ISSUE: In HTTP, it is possible to configure a list of Denied Request Headers. If the

user removed one of the items from this list, the 'apply changes' button did not
appear.
RESOLUTION: The user interface has been updated so that changes in this list are
correctly detected, and hence the 'apply changes' button appears.
 Severity: Low
 Description:
ISSUE: The appliance can log events via Email, syslog and SNMP. The logging did
not provide enough detail of configuration change events.
RESOLUTION: A Configuration event "Finished applying new configuration" with
event id 220010 is now available for SNMP and syslog. The reporting database
view "config_change_view" is available for remote database access. Configuration
modification date, time, administrator name and source IP address fields are
provided.
 Severity: Low
 Description:
ISSUE: When the appliance is unable to deliver an email, it will return a Non-
Delivery Report (NDR) to the sender. If failure was because the appliance could not
connect to the onward Mail Transport Agent (MTA), the NDR incorrectly contained
the onward MTA address of 0.0.0.0.
RESOLUTION: The appliance now generates the correct NDR containing the
onward MTA address.
 Severity: Low
 Description:
ISSUE: It is possible to restore a previous configuration through the user interface.

The FTP proxy settings for anti-virus updates were not restored as part of that
process.
RESOLUTION: The configuration restore scripts have been updated to correctly
restore the FTP proxy settings for anti-virus updates.
 Severity: Low
 Description:
ISSUE: Support for the "Blacklisted" and "Whitelisted" categories has been
removed from Enhanced URL Filtering because these can interfere with Primary
URL Filtering. However, it is possible to import categorized URLs from an earlier
version of the product and URLs categorized as "Blacklisted" or "Whitelisted" will be
accepted. It is still not possible to mark other URLs as "Blacklisted" or
"Whitelisted".
RESOLUTION: When importing categorized URLs into Enhanced URL Filtering, any
URLs marked as "Blacklisted" or "Whitelisted" will be ignored. However, import and
export support has been added to Primary URL Filtering. The import operation will
accept enhanced filtering categorized URLs and will add "Blacklisted" and
"Whitelisted" URLs to the appropriate lists in primary filtering while ignoring other
categories.
 Severity: Low
 Description:
ISSUE: In transparent mode SMTP, it is possible to create a protocol preset using

the destination IP address or hostname. The protocol preset was not being
triggered for the null sender option resulting in the Default settings being used.
RESOLUTION: The policy resolution for protocol preset now incorporates the
destination connection information in transparent mode.
 Severity: Low
 Description:
ISSUE: The appliance can use proxy settings for doing its anti-spam streaming
updates. The proxy settings were not being applied on the scanning blades of a
blade system because the update service was not automatically restarted. A
workaround was to manually start the update service.
RESOLUTION: The anti-spam streaming updater is now restarted on the scanning
blades when proxy settings are configured.
 Severity: Low
 Description:
ISSUE: It is possible to restore a previous configuration through the user interface.

If this configuration contained any sub-policy with a permitted recipient list, the
sub-policy would be imported without the permitted recipient list.
RESOLUTION: The configuration restore scripts have been updated to correctly
restore permitted recipient lists in sub-policies.
 Severity: Low
 Description:
ISSUE: When a version 5.1 configuration was restored onto a version 5.5
appliance, a user interface exception sometimes occurred on the Enhanced URL
Filtering Settings page because of an empty reference that was not handled
properly.
RESOLUTION: The empty reference is now handled properly.
 Previously addressed by 5.5h533027, 5.5p1.
 Severity: Low
External components installed by this package
open-vm-tools version 2009.03.18 release 154848x2.6.27.31x8.5.9.scm

VMware tools
bind version 9.5.1 release 201005270904P3
The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server
bind-libs version 9.5.1 release 201005270904P3
Libraries used by the BIND DNS packages
bind-utils version 9.5.1 release 201005270904P3
Utilities for querying DNS name servers
mcafee-eSCM version 4.2 release 5199
The McAfee eSCM content scanning framework
mcafee-eSCM-enginetest version 4.2 release 5199
An engine test tool for the McAfee eSCM content scanning framework
mcafee-eSCM-spam version 4.2 release 5199
McAfee eSCM content scanning framework
mcafee-eSCM-urlfilter version 4.2 release 5199
McAfee eSCM content scanning framework
mimepp version 1.3 release 5199
The MIME++ Library
xerces13 version 1.3 release 5199
The run-time libraries for Xerces 1.3
losetup version 2.12r release 1
Programs for setting up and configuring loopback devices
openldap version 2.4.10 release 2.1
The configuration files, libraries, and documentation for OpenLDAP
openldap-clients version 2.4.10 release 2.1
Client programs for OpenLDAP
openldap-servers version 2.4.10 release 2.1
OpenLDAP servers and related files
libspf version 1.0.0 release 201005270904
An SPF library
openssl version 0.9.8n release 1
Secure Sockets Layer and cryptography libraries and tools
libxml2 version 2.6.27 release 150mfe
Libxml2 Run-time Libraries
libxml2-python version 2.6.27 release 150mfe
Python bindings for the libxml2 library
libxml2-utils version 2.6.27 release 150mfe
Libxml2 Utilities (including xmllint)
libxslt version 1.1.20 release 150mfe
Libxslt Run-time libraries
libxslt-python version 1.1.20 release 150mfe
Libxslt Python Run-time
libxslt-staticutils version 1.1.12 release 149mfe
Libxslt Static Utilities (including xsltproc)
libpng version 1.2.43 release 1.mfe1
A library of functions for manipulating PNG image format files
bzip2 version 1.0.5 release 201005270904
A file compression utility.
bzip2-libs version 1.0.5 release 201005270904
Libraries for applications using bzip2
net-snmp version 5.3.0.1 release 201005270904
Tools and servers for the SNMP protocol
net-snmp-utils version 5.3.0.1 release 201005270904
The tooAutoReqProvls and binaries from the Net-SNMP package.
curl version 7.19.7 release 3
A utility for getting files from remote servers (FTP, HTTP, and others)
libcurl version 7.19.7 release 3
A library for getting files from web servers
CMA version 4.5.0 release 1316
The McAfee Agent
ntp version 4.2.4p2 release 2ews
Synchronizes system time using the Network Time Protocol (NTP).
Files included with this release
This release consists of a package called EWS-5.5p2-1531.122.zip, which contains the

following files:
5.5p2-1531.122/ftrs/f_527214/blade_prep/5.5p1pre-1531.122/install
5.5p2-1531.122/ftrs/f_527214/blade_prep/5.5p1pre-1531.122/scm_pull_files
5.5p2-1531.122/ftrs/f_527214/blade_prep/5.5p1pre-1531.122/script
5.5p2-1531.122/ftrs/f_527214/postscript
5.5p2-1531.122/ftrs/f_527214/prescript
5.5p2-1531.122/rpms/CMA-4.5.0-1316.i386.rpm
5.5p2-1531.122/rpms/bind-9.5.1-201005270904P3.i386.rpm
5.5p2-1531.122/rpms/bind-libs-9.5.1-201005270904P3.i386.rpm
5.5p2-1531.122/rpms/bind-utils-9.5.1-201005270904P3.i386.rpm
5.5p2-1531.122/rpms/bzip2-1.0.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/bzip2-libs-1.0.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/curl-7.19.7-3.i386.rpm
5.5p2-1531.122/rpms/libcurl-7.19.7-3.i386.rpm
5.5p2-1531.122/rpms/libpng-1.2.43-1.mfe1.i386.rpm
5.5p2-1531.122/rpms/libspf-1.0.0-201005270904.i386.rpm
5.5p2-1531.122/rpms/libxml2-2.6.27-150mfe.i586.rpm
5.5p2-1531.122/rpms/libxml2-python-2.6.27-150mfe.i586.rpm
5.5p2-1531.122/rpms/libxml2-utils-2.6.27-150mfe.i586.rpm
5.5p2-1531.122/rpms/libxslt-1.1.20-150mfe.i586.rpm
5.5p2-1531.122/rpms/libxslt-python-1.1.20-150mfe.i586.rpm
5.5p2-1531.122/rpms/libxslt-staticutils-1.1.12-149mfe.i586.rpm
5.5p2-1531.122/rpms/losetup-2.12r-1.i386.rpm
5.5p2-1531.122/rpms/mcafee-eSCM-4.2-5199.i386.rpm
5.5p2-1531.122/rpms/mcafee-eSCM-enginetest-4.2-5199.i386.rpm
5.5p2-1531.122/rpms/mcafee-eSCM-spam-4.2-5199.i386.rpm
5.5p2-1531.122/rpms/mcafee-eSCM-urlfilter-4.2-5199.i386.rpm
5.5p2-1531.122/rpms/mimepp-1.3-5199.i386.rpm
5.5p2-1531.122/rpms/net-snmp-5.3.0.1-201005270904.i386.rpm
5.5p2-1531.122/rpms/net-snmp-utils-5.3.0.1-201005270904.i386.rpm
5.5p2-1531.122/rpms/ntp-4.2.4p2-2ews.i386.rpm
5.5p2-1531.122/rpms/open-vm-tools-2009.03.18-154848x2.6.27.31x8.5.9.scm.i386.rpm
5.5p2-1531.122/rpms/openldap-2.4.10-2.1.i386.rpm
5.5p2-1531.122/rpms/openldap-clients-2.4.10-2.1.i386.rpm
5.5p2-1531.122/rpms/openldap-servers-2.4.10-2.1.i386.rpm
5.5p2-1531.122/rpms/openssl-0.9.8n-1.i386.rpm
5.5p2-1531.122/rpms/webshield-CfgMgr-Converter-MigrationAid-8.5-201005270904_119.i386.rpm
5.5p2-1531.122/rpms/webshield-CfgMgr-Converter-UI-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-CfgMgr-schema-Native-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-UI_backend-8.5-201005270904_102.i386.rpm
5.5p2-1531.122/rpms/webshield-Web_UI-8.5-201005270904_102.i386.rpm
5.5p2-1531.122/rpms/webshield-apache-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-appliance-kernel-2.6.27.31-8.5.9.scm.i386.rpm
5.5p2-1531.122/rpms/webshield-autoupdate-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-base-xmlconfig-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-comp-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-dkim-key-mgmt-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-ePO-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-files-8.5-201005270904_117.i386.rpm
5.5p2-1531.122/rpms/webshield-ftp-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-gls-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-help-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-icap-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-inv-http-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-inv-smtp-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-kernel-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-l10n-8.5-201005270904_122.i386.rpm
5.5p2-1531.122/rpms/webshield-libconfig-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-libsyscfg-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-management-common-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-ncore-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-pop3-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-reports-8.5-201005270904_122.i386.rpm
5.5p2-1531.122/rpms/webshield-retryer-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-siteadvisor-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-smg-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-smtp-retryer-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-snmp-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-swg-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-tqmd-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-tqmd-mgmt-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-trans-auth-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-ts-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-ui-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-urlfilter-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-userbw-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-utils-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-variants-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-webwasher-mgmt-blade-updater-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/webshield-webwasher-updater-8.5-201005270904.i386.rpm
5.5p2-1531.122/rpms/xerces13-1.3-5199.i386.rpm
5.5p2-1531.122/updata/package.xml
validate/filelist.txt
validate/md5sum.txt
validate/validate.txt
validate/version
Additional information
This release was built on 2010-07-29. For information on release dates see the
KnowledgeBase article KB66911.
This release was tested with anti-virus engine version 5400, DATs version 5980 and later.
McAfee strongly recommends that the appliance is always kept up to date with the latest anti-
virus components to achieve the highest possible security.
Installation
Installation requirements
To use this release, you must have the following Email and Web Security software installed on
the appliance you intend to update with this release:
 Version 5.5
Installation steps
In the case of a VMware appliance it may be useful to take a snapshot of the appliance before
installing the release.
To install this release:
1. Create a temporary directory on your hard disk, and download the zip file provided by
McAfee to a computer on your network that can access the Email and Web Security
appliance.
2. Open your Internet browser, and browse to the Email and Web Security appliance.
If installing on a Content Security Blade Server, go first to the Failover Management

blade to do the following steps, then repeat them on the Management blade (the
content scanning blades will be updated automatically).
If installing on an appliance cluster the steps must be done on all the appliances in the
cluster, starting with the Failover Management appliance, then the Management
appliance, then the remainder.
3. When prompted, log on to the appliance by typing your username and password.
4. On the navigation bar, select System | Component Management | Package
Installer.
5. Under Manual Package Install, click Update from file. In the Import package
window, click Browse, find the location of the file "EWS-5.5p2-1531.122.zip", click
Open, and then click OK.
A popup window appears displaying the package description and a notice that the
appliance will restart after installation. Click OK to install the package.
Upon completion of the installation the actions noted above will be performed
automatically.
6. Clear the browser cache before logging on to the interface again. If the browser cache is
not cleared, the interface will not behave correctly.
7. After installation, log on to the user interface and click About the appliance to check
that "5.5p2-1531.122" is displayed.
After installation
 If you plan to use the EWS-5.5p2-1531.122.zip archive file again, keep it available on
your computer. Otherwise, delete the file after successful installation. If you re-install
your Email and Web Security version 5.5 software, we recommend that you re-install this
release.
Removing this release
To remove this release from your Email and Web Security appliance, you need to reinstall
Email and Web Security Appliance version 5.5. An alternative, for a VMware appliance, is to
revert to a previous snapshot. Please note that all other hotfixes or patches installed on the
appliance would also be removed in the process.
Notices
Copyright
Copyright © 2010 McAfee, Inc.All Rights Reserved
No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

system, or translated into any language in any form or by any means without the written
permission of McAfee, Inc., or its suppliers or affiliate companies.
Trademark attributions
AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD,

LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD,
PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION,
VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its
affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive
of McAfee brand products. All other registered and unregistered trademarks herein are the
sole property of their respective owners.
License information
License Agreement
NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT

CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL
TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT
KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND
OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY
YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE
PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE
WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT
AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE
SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF
PURCHASE FOR A FULL REFUND.
Copyright © 2010 McAfee, Inc.All Rights Reserved

EWS-5 5p2-1531 122 Readme-En - US

Încărcat de

Informații document

Descriere originală:

Titlu original

Drepturi de autor

Formate disponibile

Partajați acest document

Partajați sau inserați document

Opțiuni de partajare

Vi se pare util acest document?

Este necorespunzător acest conținut?

Drepturi de autor:

Formate disponibile

EWS-5 5p2-1531 122 Readme-En - US

Încărcat de

Drepturi de autor:

Formate disponibile

McAfee® Email and Web Security

About this release

About this release

Severity of issues listed below is based on these definitions:

This release incorporates and supersedes the following earlier releases:

 The user interface will log off.

Vulnerabilities (total: 5, new: 5)

Vulnerabilities newly addressed in this release:

High severity issues (total: 2, new: 1)

High severity issues newly addressed in this release:

Medium severity issues (total: 48, new: 23)

Medium severity issues newly addressed in this release:

Low severity issues (total: 57, new: 29)

ISSUE: Vulnerability CVE-2010-0740 was reported in the openssl used on the

ISSUE: Email that contained encrypted or password-protected attachments was

ISSUE: Recipient authentication can be enabled against external LDAP databases.

ISSUE: The appliance logs events to an internal database. The database is

ISSUE: It is possible to do an ISO install of the appliance software over DRAC4.

ISSUE: When processing an HTTP POST using x-www-form-urlencoded data (as

ISSUE: For reporting purposes, it is possible to define a policy as either 'Inbound'

ISSUE: The appliance may be configured to perform recipient lookups against

ISSUE: The appliance allows for TrustedSource checks on email to be controlled by

ISSUE: Occasionally the appliance truncated a legitimate email, due to a buffer-

ISSUE: Incorrect translation in Japanese for Bounce Address Tag Verification

ISSUE: Incorrect translation in Japanese of TrustedSource

ISSUE: It is possible to block spam using TrustedSource. Occasional segmentation

ISSUE: Schedule reports contain "Top internal/external recipients/senders of

ISSUE: Attempting to import multiple self-signed CA certificates in a single file led

ISSUE: Vulnerabilities CVE-2009-2414 and CVE-2009-2416 were reported in the

ISSUE: Vulnerability CVE-2008-6218 was reported in the libpng library.

ISSUE: Vulnerability CVE-2008-1372 was reported in bzip2.

ISSUE: Vulnerability CVE-2008-2292 was reported in the net-snmp library.

ISSUE: It is possible to block recipients using SMTP recipient authentication.

ISSUE: It is possible to enable greylisting for SMTP. However, greylisting would

ISSUE: The appliance generates an alert if it detects a virus. A redundant second

ISSUE: Vulnerability CVE-2009-3563 was reported in the NTP daemon.

ISSUE: It is possible to setup the appliance to generate Email notification alerts.

ISSUE: In HTTP, it is possible to configure a list of Denied Request Headers. If the

ISSUE: It is possible to restore a previous configuration through the user interface.

ISSUE: In transparent mode SMTP, it is possible to create a protocol preset using

ISSUE: It is possible to restore a previous configuration through the user interface.

External components installed by this package

open-vm-tools version 2009.03.18 release 154848x2.6.27.31x8.5.9.scm

Files included with this release

This release consists of a package called EWS-5.5p2-1531.122.zip, which contains the

To install this release:

If installing on a Content Security Blade Server, go first to the Failover Management

Removing this release

Copyright © 2010 McAfee, Inc.All Rights Reserved

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval

AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD,

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT

Copyright © 2010 McAfee, Inc.All Rights Reserved

S-ar putea să vă placă și