web gateway 6.9 build 10927 release notes

McAfee Web Gateway 6.x======================

This file contains the new features, changed features and bugs thathave been fixed for version 6.x of the McAfee Web Gateway product. Foradditional tips and information, see the Webwasher Online Help and/orUser Guide.

6.9.0 build 10927: Part Number 91-0950194-B ------------------------------------------- New and Improved Bugs Fixed o Cannot load legacy AV after upgrade to 6.9 (81647) o Customer Upgraded to 6.9 and Now the Application Terminates with termsignal=11 (81641) o MWG sends 502 could not connect when accessing cached file (81636) o Win7 clients NTLM auth fails through MWG 6.9 (81633) o Incorrect Behavior of "Cache Revalidation Rules" (81597) o Central Management update failing, sites unsubscribed (81572) o License change can lead to disabled AV scanning (81557) 6.9.0 build 10636: Part Number 91-0950194-A-------------------------------------------

New and Improved

o The following procedure must be completed to install MWG 6.9.0:

o - install the repository for MWG 6.9.0:

o - from a system console, log on to the appliance using SSH

o - run the following command:

o yum install yumconf-6.9

o - perform an update on the user interface or from a system console:

o - to update on the user interface:

o - go to Configuration > Appliance > Update

o - click the "Contact" button in section "Check for Updates"

o - from a system console, log on to the appliance using SSH

o - run the following command:

o yum upgrade

o

o Process of delayed login after login failure improved (81461)

o Load AV updates in background (81307, 81351)

o Remove tar files after centralized update (81239)

o Trusted Source Cloud Support (81111)

o Single automatic AV engine restart after "cannot load AV" error (80819, 81252, 81256)

o Prevent AV update being cancelled while it still downloads files (81121)

o Add option to ignore base McAfee AV engine although licensed (81120)

o Input validation for 'content-length greater than' whitelist entry (81109)

o Handle eDirectory synchronization in background (81113)

o AV engine: possibility to re-start AV engine via SSH implemented (81036)

o Add system alert if Mailshell LiveFeed is not activated (81008)

o Memory Defragmentation and MP ICAP servers in maintenance mode cause "Cold Restart" SNMP Trap to be sent (80966)

o Attempt to recover connection to AD taking longer than 3 minutes (80942)

Bugs Fixed

o MWG adding extra line between headers and body (81540)

o Authentication server wwparam causes Ajax site to make bad request (81533)

o Quota issues (81499, 81431)

o Overload handling prints overload message mistakenly (81444)

o Override accounts are not visiable (81491)

o Auto-pushing failed sometimes (81472)

o McAfee Gateway Anti-Malware on Windows does not detect Eicar (81432)

o Central management deleting last ip mapping entry (81416)

o Downloaded exe file saved as zip archive on windows 7 (81413)

o Vulnerability CVE-2010-0405 (81399)

o Overload issue - Enhanced IFP worker & Output threads to be created with custom stack size (81395)

o Inspect certificate not working correctly (81393)

o Respmod Bypass List not working with assignment of a policy to a proxy port (81361)

o Client Certificate handling does not allow sending certificate chain (81282)

o Wrong media type detection with gmail (81330, 81348, 81364)

o High memory under low load caused by big dashboard-database (81312)

o Threads in close_wait cause memory overload (81291)

o McAfee Gateway Anti-Malware Engine fails to load on debian (81287)

o Archive blocked because "content size greater than the defined size limit" (81274)

o ICAP Processes fail to load URL Filter list (81264)

o FTP communication problem - MWG closes connection after entering pasv mode (81269)

o Wrong media typ for embedded images in .ppt file (81258)

o Media type detection for URLs that can result in dynamic content (81240)

o MIB Browser not working on SLES 9 & 10 installation (81230)

o Unpacked archive size grows with defined limit (81221)

o Extended list manager unable to read "&" symbol (81201)

o Upload of jpg to cms fails (81188)

o Hanging actions: Cluster Node Job Queue and Persistent Quota Info Sync (81179)

o Google searches do not work with safesearch enforcer enabled (81171)

o Dashboard data not sticking within IE (6,7,8) (81167)

o WW requests -web.washer- were send to next hop (81150)

o The same CRL download url was added multiple times (81149)

o Centralized Management: after upgrading to 6.8.7, 3 of 8 nodes not subscribed to master (81144)

o Flag in the NTLMSSP_NEGOTIATE message (81143)

o Site UI port changed by Master when joined despite being exempted (81124)

o Blank known certificates authorities showing after upgrade (81103)

o Cache Settings mysteriously change in web interface when switching between tabs using Firefox (81101)

o LDAP authentication: spaces break ldap browser (81100)

o Appliance crashing child process exited (termsignal=7) unable to start due to frequent failures (81099)

o Webwasher-csm.install contains unnecessary check if /usr is writeable (81092)

o MWG blocks a couple of LZH archives (81088)

o DNS Cache usages causes slow web performance (81063)

o Lot of application/ogg traffic (81062)

o Files in /opt/webwasher-csm mysteriously are deleted (81051)

o Less than character (<) breaking JIS encoding (81042)

o MP: IFP block page content not working with multiprocess (81034)

o Overload handling not kicking in, though enabled (81028)

o Welcome page: welcomeack.html only available for default policy (81025)

o Error template: http hard coded in connectnotallowed.html template (81021)

o Newly added CAs are not pushed to site instances properly (80817)

o Media Type Filter blocks .css files as application/x-pn-realmedia (81015)

o Crash during Cab archive processing (81011)

o Media type application/x-www-form-urlencoded could not get whitelisted (80997)

o Media type filter: application/x-msregedit files not detected correctly (80996)

o No Block_res code for embedded Objects filter (80987)

o Safesearch enforcer breaks google preferences (80972)

o Snmp category activity is incorrect (80967)

o Progress Page: Own Host Name -> Use other host or URL not working (80965)

o Memory Overload occurred with minimal load (80958)

o LDAP wizard creating "$attrlist$" and "Error: 0. Error description: " (80947)

o Authentication Server redirect does not work as expected for HTTPS pages on first redirect (80932)

o SQLITE database corrupted: No traffic passing through WebWasher (80931)

o Corrupt timeseries.ww causes non-recoverable termsignal 11 (80930)

o MWG detecting cab file as corrupt, able to extract with WinZIP 80929)

o GUI: Routes not displayed properly (80919)

o Authentication: threads stuck in 'Status=kAuthenticate', MWG eventually hangs (80873)

o FTP-over-HTTP fails with anonymous user if blank password is specified (80864)

o Archive as corrupted blocked (80850)

o MWG crashing with termsignal=11 on Suse9 (80715)

o Safe search breaks google trends (78574)

6.8.7 build 5820: Part Number 91-0950194-A------------------------------------------

New and Improved

Bugs Fixed


New and Improved

o Improved stack size handling for auth server and end user port (80676)

o Change default settings for TrustedSource Web Reputation (80624)

o Home->Support should link to McAfee (80576)

o Improved Welcome Page functionality (80547, 79063)

o Add new certificates and hosts to SSL Scanner lists (80352, 80527)

Bugs Fixed

o SSL Scanner bypass vulnerability on wildcard certificate check (80680)

o Endless loop in Cab archive (80652)

o SNMP traps for URL list updates not working (80648)

o Receiving "Download Cancelled" after clicking download button in IE7 (80647)

o Document Inspector System Alert will not disappear (80646)

o Prevent DOS attack to authentication server (80642)

o WW prints internal messages to errors log (80629)

o Advertising filter destroys JavaScript (80627)

o MP: Inconsistent IP mapping with Multi Process mode (80623)

o Microsoft Project file (.mpp extension) blocked as audio/mpeg (80622)

o WWoB: on master blade feedback scripts (started with "2") shows "lsof" related warnings (80615)

o Memory defrag script (80610)

o Download of gmx eMail attachments failed (80609)

o MPClusterControl unable to update nodes when Web Interface has IP restrictions (80608)

o Native NTLM: Group memberships get mixed up (80607)

o Crash when talking to ePO server (80606)

o "Detect unsolicited POSTs" will break forms (80591)

o Archive blocked as corrupted (80581)

o SSL-Scanner - HSM-Agent: Root CA key cannot be loaded on startup (80571, 80578)

o Must be able to handle multiple 100-Continue messages from web server (80567)

o Update from 6.7.6 to 6.8.5 broke settings.xml (80540)

o Long text causing page display issues (80539)

o Content type "application x-ms-application" is changed to "text/xml" (80530)

o Real-time classifier blocks words containing unicode characters (80508)

o SNMP statistics are not accurate after multi-process is enabled (80479)

o Outdated Dynablocator directory and file is copied to all ICAP processes in MP (80474)

o Redirect via query string parameter on gui login page (80444)

o Potential cross-site scripting vulnerabilities in web UI (80442, 80443)

o Certain Generic Header Filter combination may crash MWG(80430)

o URL Executive Summary (80398)

o Drop downs for dashboards not displayed right in IE (80392)

o WCCP and overload protection not playing nice together (80342)

o Quota reset does not work from secure admin shell (80287)

o SafeSearch enforcer produces false positives (79898)

o Known Root CAs not synchronized in Cluster (79513)

o Download Canceled page always displayed in English (79326)

o eDirectory settings broken by cluster (78709)

o HTTP links in HTTPS blockpages (78634)

o Unwanted red warning for anonymous ldap bind (78612)

o Time and Date in web interface is reset after reboot (78085)

o WebUpload Filter active, even though not enabled (77079)

o Src_ip and auth_user are not working in the security.log (76236)

6.8.5 build 5330: Part Number 91-0949869-E------------------------------------------

Bugs Fixed

o Native NTLM: Group memberships get mixed up (80607)

o SSL-Scanner - HSM-Agent: Root CA key cannot be loaded on startup (80571)

o Various crashes in SSH command line interface (80522, 80524, 80523, 80616, 80621)

6.8.5 build 5141: Part Number 91-0949869-D------------------------------------------

Bugs Fixed

o Memory is getting filled up in 3 minutes (80535)

o Incorrect group mapping using native NTLM-authentication (80528)

o Authentication problem with NTLM-agent (80515)

o Problems related to TCP window scaling occur for some sites after upgrading (80517)

o Problem with centralized A/V updates (80516)

o Role allows reading logs, but Webwasher is forbidding it (80504)

o Auto-pushing fails when using domain\user for the username field in the common push target (80495)

o Escape character for shockwave-flash media type not being treated properly (80490)

o Mpcluster control jumping between stati (80485)

o Files over 4 GB shows wrong size over FTP (80412)

6.8.5 build 5094: Part Number 91-0949869-C------------------------------------------

Bugs Fixed

o Not possible to initialise Generic Body Filter if Anti-Malware is not licensed (80513, 80521)

6.8.5 build 5051: Part Number 91-0949869-B------------------------------------------

New and Improved

o Ability to disable exploit protection against double Content-Length headers (80459)

Bugs Fixed

o FTP over FTP Client is not working after upgrade on 6.8.5 (80476)

o Option to add leading Slash in FTP Retr Command (78400)

o Download fails sporadically using Progress Pages (80041)

o Log pusher attempts to push files that no longer exist (80468)

o Problems with log rotation and merging (80473)

o For clean installations on WW2900E cache cannot be enabled (80480)

o WW500 failed to boot after upgrade (80475)

o Sporadic Authentication Popup with Native NTLM (79684)

o Webwasher crashes in Authenticode Filter (80487)


New and Improved

o Support Anti Malware engine with Proactive NG (79968) (NOTE: Requires an AV and a Proactive update after version upgrade)

o Log Manager: Ability to configure pushed log filename (80360)

o ICAP client: workaround for incompatible DLP servers (79839)

o Incremental update for McAfee AV engine (80333)

o Support WCCP "Weight" functionality (80423)

Bugs Fixed

o Too many 407 responses when using NTLM cache (80251, 79988)

o Central Management: running feedback from GUI froze master and sites (80385)

o Log Manager: Several improvements (80386, 80378, 80374, 80367, 80360, 80370, 80345, 80339, 80361)

o GUI: filter option overwrites routes (80369)

o SSL Scanner: error behavior in case of unicode encoded cn in transparent environment

o ICAP client: Reponse time increased after enabling multi processing (80363)

o TrustedSource: score still applied even though domain is whitelisted for spam filter (8035)

o Proxy: Improved Timeout values (79958)

o Welcome page may incorrectly build the submit action link (80285)

o Overload issues persist with 6.8.4 (80407, 80406, 80393)

o Problem with custom action in Multi Process mode (80405)

o MP Control stopped maintanance after icap server crash (80415)

o Interrupted requests should be logged in proxy's access.log (80422)

o HA cluster is not working as expected (80176, 80075)


New and Improved

o Support McAfee's ePolicy Orchestrator (ePO) (79918)

o Rebranding to McAfee (79924)

o Increase robustness against AV update issues (79920, 79939, 79940, 79975)

o Log file push enhancements (79914)

o Support cache_status and block_res in custom logfiles (78232)

o Parent proxy policy enhancement for URL AND IP subnet (79803)

o NTLM Cache should be a GUI option (79900)

o Show time interval length in Dashboard (78977)

o Default Respmod Whitelist for problematic sites (80293)

Bugs Fixed

o Too many 407 responses when using NTLM cache (80251, 79988)

o SNMP variables do not reset automatically (80026)

o Login page is missing error message when bad credentials are entered (80020)

o Breaking connection to AD on error STATUS_INVALID_WORKSTATION (80023)

o Authentication failing with mutilple NTLM agents (80017)

o File incorrectly identified as audio/mpeg (79961)

o E-Mail attachments(.XLS or .PPT) are blocked by Media Type Filter as mpeg (79938)

o Cannot join WW to domain with trusted credentials (79878)

o RADIUS password limits at 16 characters (79845)

o Web Upload Filter: size limit without effect (79925)

o Web Upload Filter works although Media Type Filter is switched of (79869)

o SNMP: unexpected CPU idle values (79751)

o New timeout for initial request on a connection (80066)

o Obfuscate username/password in authorized override url (80024)

o Usernames with umlauts or rings cannot authenticate via native NTLM (79999)

o FTP-Problem Webwasher loses the credentials (79989)

o WebWasher problems due to hanging action - Mobile Code Filter Update (79907)

o SSLScanner: No timeout when upstream proxy is used (79906)

o Crash in document inspector (79902)

o Old av updates not getting deleted (secure antimalware) (79876)

o Not all 'Certificate Subject Alt Name' entries passed, resulting in certificate prompt in browser (79867)

o AV license bug - update fails when the first AV module runs out of date (79826)

o Crash during multi-threading processing of Rar archive (79814)

o CCacheSocket::ReadPreviewData corrupts content when called more than once (79811)

o webwasher delivering truncated content (79809)

o Crash in Cache::CWebObject::~CWebObject (79793)

o Termsignal 11 crashes related to CLI access under heavy load (79775)

o WW delivers corrupt tar archive even when policy is set to block corrupted archives (79765)

o asctime, ctime, gmtime && localtime not threadsafe (79761)

o AntiVirus update didn't abort in time (79753)

o Termsignal 11 backtrace points to CCabDecoder::GetLzxBitsBuffer (79748)

o Termsignal 7: Bus error during Sophos update (79742)

o crash (termsig=11) in std::_Rb_tree_rotate_right (79706)

o Read-Only User Accounts can't access log files via web access (79701)

o LRU blocks after restart with full cache and constant load (79700)

o Webwasher unable to start another thread, termsignal=6 (79665)

o Cannot load certificate for web interface IP address (79625)

o WW is crashing with termsignal=7 directly after start (79623)

o HTTP Error 401.2 when NTLM Auth on Webwasher and Webserver (79612)

o Content Type ".ods/mimetype" is changed to "." (79609)

o Unwanted Mediatype not blocked when in TAR Archive (79606)

o Secure Administration Shell fails to accept large input files (79544)

o Raw post option doesn't stick (79509)

o Webwasher changed response body (79236)

o XML parsing error because of header modification (78989)

o Web reputation level not always logged correctly (79897)

o Invalid Proxy Request when downloading HTTPS file with enabled volume quota and transparent proxy (80034)

o Office 2007 Excel files blocked by magic bytes (79102)


New and Improved

o Ability to downgrade to HTTP/1.0 on a per url basis (79205)

o SSL Scanner: Different redirect handling for CERTVERIFY requests when transparent authentication has expired (79841)

o Additional RESPMOD bypass options (80001)

Bugs Fixed

o Policymapping: Problem with policy names (79864)

o Proxy/ICAP Server: Hanging threads (79840)

o AV-Update: New updates should not abort old updates too early (79975)

o SSL-Scanner: No timeout when upstream proxy is used (79906)

o Archiver: Crash during multi-threading processing of Rar-Achive (79814)

o Document Inspector: Crash in Document inspector (79902)

o Filter Engine: Wewasher crashed with termsignal 11 (79945)

o ICAP Server: "Send Body in one Frame" not always working (79978)

o ICAP Server: Optimized 204 response messages (79890)


New and Improved

o openssl: Address CVE-2008-5077

Bugs Fixed

o GUI: Problems with check boxes in user based mapping (79822)

o Authentication: In special cases NTLM authentication causes browser loop (79821)


New and Improved

o Authentication: Native NTLM support for Windows Server 2008 AD (79567)

o Authentication: Better handling for wrong NTLM messages based on a Windows problem described in http://support.microsoft.com/kb/312176/en-us (79723)

o Prevent XSS with Progress Pages (79531)

o Proxy: Prevent connect to http://0.0.0.0:xx (79530)

o Close download connection for proxy.pac files right after delivering (79709)

o Feedback Script: New log level for collecting statistical information

Bugs Fixed

o Proxy: Webwasher crashes with Termsignal 11 (79671)

o Proxy: FTP over HTTP can't handle some symbols in file/folder names (79451)

o Proxy: Crash in IFP server for invalid request (79760)

o Proxy: Sporadic problems with early web server connection close (e.g. www.iltalehti.fi) (79417)

o ICAP Server: Communication error when transparent auth session

expired + CERTVERIFY request (79675)

o ICAP Server: Cannot download huge files (79514, 79699)

o ICAP Server: Download via Progress Page results to 0 Byte download (79556)

o Anti Malware: Failover does not work if engine could not be loaded (79677)

o Authentication: WW can't join AD domain if DCs allow only NTLMv2 (79533)

o Authentication: NTLM with Authserver - taking 5 seconds to authenticate (79508)

o Authentication: Selecting RADIUS as "accepted authentication method" causes failed authorization (79101)

o Authentication: Handle failed group lookups better for Native NTLM (79223)

o Authentication: Sporadic Authentication Popup with Native NTLM (79684)

o Document Inspector: Webwasher crashed, Backtrace points to CXMLTypeChecker (79669)

o Document Inspector: Cab file inside of MSI blocked as corrupted (79560,79384)

o Document Inspector: Endless loop in document inspector (77966)

o Document Inspector: Special Powerpoint documents not recognized (78755)

o Document Inspector: Text categorization does not work for pdf files (79744)

o Document Inspector: Webwasher crashed during unload of XML parser (78981)

o Archiver: Archive is claimed to be over allowed size limit (79595)

o Archiver: Crash if zip archive larger than 2GB (79596)

o GUI: Cannot load certificate for web interface IP address (79625)

o Secure Administration Shell: Crash in shutdown under circumstances (79600)

o Mail Gateway: Inbound queue overflowed result in crash (79650)

o Mail Gateway: Deleting parts from email (79319)

o Embedded Objects: ActiveX controls not getting blocked (79648)

o Central Management: Hanging Cluster Node Job Queue action (79641)

o Central Management: Cluster Node Job Queue action hangs (79683)

o Mediatype Filter: Detection of streaming media improved (79594)

o SSL Scanner: Send whole certificate chain for incoming TLS connections (79591)

o SSL Scanner: Timeout for tunneled SSL connections (79603)

o URL Filter: Ignored if policy has spaces in it (79332)

o URL Filter: Safe Search Enforcer does not handle video.google correctly(79487)

o Termsignal 11 on Solaris 10 (79472)

6.8.2 build 3994: Part Number 91-0949324-C

New and Improved

o Feedback Script: New parameter to prevent pausing Webwasher while getting backtrace

Bugs Fixed

o Anti Virus: Crash during update of McAfee engine (79160)

o ICAP Client: Termsignal 11 or 6 while recreating "internal" ICAP service (79559, 79475, 79111)


Bugs Fixed


Bugs Fixed

o Anti Virus: Crash during update of McAfee engine (79160, 79315)

o Proxy: Under circumstances threads will not be ended if the server connection dies (79224)


Bugs Fixed

o SMTP Gateway: TLS email delivery fails (79463)

o Authentication: 6.8 Native ntlm auth fails (79452)

o Authentication: Native NTLM user in too many groups (79412)

o Proxy: HTTP 1.0 without host header does not work for WCCP (79456)

o Archiver: Crash in Microsoft CAB archives under circumstances (79443)

o SMTP Gateway: Mails delivered but mailbody was changed to Cannot Load AV Engine (79232)


New and Improved

o SSL Scanner: Tunnel SSL on expression to enhance transparent deployments

o SSL Scanner: Enhancements for interoparability with Sidewinder

o Authentication: LDAP/V3 support with SLDAP (73779)

o Authentication: Security setting that allows to turn SMB signing off if server doesn't support it (79157, 79235)

o Authentication: Support for NTLM: Local Nested Groups (79087)

o Authentication: Support for NTLM: Trusted Domains

o Authentication: Support for NTLM: Possibility to search Domain Controllers via DNS lookup

o Filter: Enhancement for file size limit (78182)

o Filter: Whitelist by ContentLenght Header (74820)

o Anti Malware: Option to completely fail open when AV cannot load (79272)

o Configuration: Distribution of configuration for Secure Mobile Web Filter

o Reporting: New log file field "auth_group" to print the group name (73656, 75031, 76928)

o Reporting: Write custom parameters as result of Generic Header Filter (79126)

o Reporting: Log FTP Proxy Username in proxy access log (79286)

o Reporting: Optionally add domain as prefix to user name in access log when authenticating via NTLM (79070, 76832)

o Safe Search Enforcer: reduce false positives

Bugs Fixed

o Proxy: Not possible to do a redirect for site http://www.intierra.com/ (79057)

o Proxy: FTP-over-HTTP error message without Slash at the end (79188)

o Filter Engine: Action 'Library Cache' is hanging (79164)

o ICAP Server: URL Filter feedback does not send any URLs (78396)

o ICAP Server: Fetch group name from HTTP header (79127)

o SSL Scanner: Entries disappearing (78718)

o URL FIlter: Sometimes Smartfilter update has to be triggered twice (78951)

o Mediatype Filter: mp3 file handling (79007)

o Mediatype Filter: XHTML Mobile not detected properly (78063)

o Mediatype Filter: Problem with type detection for special gif images (78909)

o Mediatype Filter: Office 2007 Excel files (xlsx)blocked by magic bytes (79102)

o Settings are getting changed on the site without changes on master (79097)

o Central Management: Administrator SSH public keys are not completely synchronized in cluster (79058)

o Configuration: Wrong location of "authorized_keys" file results in losing admin keys (79084)

o Configuration: Wrong file permissions after configuration restore and ww restart (75362)

o Authentication: Add domain name to group name disappears (79248)

o Subject Filter broken (79065)

o Addressing Internet Explorer bug that can lead to ICAP communication problem (79214)

o HTML Filter: in rare cases crashes Webwasher (79189)

o Archiver: multipart archive was detected as corrupted (79159)

o Secure Administration Shell: Action "SSH Idle Connection Cleanup" hangs (79297)

o Generic Header Filter: Illegal HTTP header when custom param creation is intended (79350)

o Engine Update failed if customer set archive size limit to 1 Mb (79317)

o URL Filter: Safe Search Enforcer breaks google-insight (79403)

o Anti Malware: JPEG exploit is not getting blocked anymore (79337, 79360)


Bugs Fixed

o Proxy: ICAP errors with web reputation disabled (79122)

o Native NTLM: SMB connection will fail if DC not support SMB signing (79235)

o ProActive: Crash downloading ISO > 4 GB (79268)

o Proxy: Crash due to hanging threads (79224)

o Webcache: Crash under circumstances (79239)


Bugs Fixed

o Proxy: POST request fails, connection is reseted (79095, 79055, 78819)

o ProActive: Streaming of flash videos vidoe/flv broken (79182)

o Authentication: Username not written to Logfiles if NTLM Cache is activated (79141)


Bugs Fixed

o Anti Spam: Memory leak in Mailshell library (78680)

o SSL Scanner: SSL handshake error (79151, 79185)

o SNMP: Authentication bypass in net-snmp/wwsnmp (79201)

o Webcache: Webwasher crashes under circumstances (79054)


Bugs Fixed

o Document Inspector: False Positive in XML files for McAFee virus scanner (79086)

o Authentication: Encrypted file cannot be loaded if file length is exactly X kb (79153)

o Authentication: Segfault occured if server returned RPC packet of FAULT type (79139)


New and Improved

o SSL Scanner: Preinstalled root CA's updated

o Media Type Detection: Detection of quicktime containers enhanced (78988)

o Proxy.pac file with customizable caching age (78749)

o Authentication: Multi packet response support for Native NTLM (79061)

o Authentication: NTLM machine name field limited to 15 characters for compatibility reasons (79015)

o Authentication: Test page for NTLM configuration in GUI

o SSL Scanner: Problem with new SSL Scanner licensing (78945, 78946)

Bugs Fixed

o ICAP client error (79036)

o Inconsistent progress page interface (78998)

o Trusted Source: Rating under Solaris always 50 (78584)

o Proxy: Proxy.pac file corrupted when delivered to site instance (78681)

o Proxy: HTTP pipelining not working (79010)

o GUI: Correct use of certificate chain for webinterface (77784)

o Document Inspector: PDF file is blocked when "Embedded Script" enabled (78982, 79035)

o Document Inspector: Error with scanning PDFs in certain circumstances (78273, 79032, 78901, 78448, 79046)

o SMTP Gateway: Crash in mail queue handling (78980)

o SMTP Gateway: Queue overview link doesn't contain port (78904)

o URL Filter: SafeSearch Enforcer blocks Google Maps (79033)

o Authentication: LDAP E-mail mapping and attributes with commas (78626)


Bugs Fixed

o Document Inspector: Not Working with MSOOXML (78916, 78866)

o Migration: Some Whitelist entries are deleted after update (79020)

o Authentication: IP-mapping mixed up or lost under load (78793, 78943)

o Authentication: eDirectory only uses first result for

authenticating a User by IP address (78940)

o Authentication: Native NTLM limited to 10 group memberships (79011)

o Authentication: NativeNTLMv2 broken (79031)

o Authentication: Native NTLM Setup fails under circumstances (79009, 79042)

6.7.0 build 3295 : Part Number 91-0948352-A-------------------------------------------

New and Improved

o Available under Red Hat Enterprise Linux 5.0 and Suse Linux Enterprise Server 10

o Native NTLM support

o Enhancements for "Ensured Streaming Media May Bypass AV"

o Proactive: Enhancements to decrease false positives in script code

o Authentication: Support of Radius fallback server

o Authentication: Support of Radius group mapping

o Authentication: Promptless authentication outside Webwasher subnet (78545)

o Reporting: Sort log files alphabetically (76663)

o SMTP Gateway: Different languages for digests depending on domains (78614)

o Authentication: RADIUS fallback enhancement for Admin authentication (78476)

o Archiver: Support for non-standard tar files (78783)

o SmartFilter SDK 4.3.1.06

Bugs Fixed

o SMTP Gateway: "Tab" character inside header field causes address mapping to fail (78516)

o SMTP Gateway: Attachment broken when Mail Footer is added by Webwasher (78729)

o Document Inspector: Thread needs 79% CPU (78649)

o Exceptions for TLS cannot be defined (78659)

o Logging: unix_epoch variables for blockpages display incorrectly (78665)

o GUI: Backup fails because of too many server certs (78677)

o RealAudio streaming not working (78596)

o GUI: Backup includes addressmapping.txt (78720)

o SSL Scanner: Common Name displayed weird when inspecting certificate (78695)

o SSL Scanner: IP address is truncated when inserted in the certificate list (78802)

o Upload Filter: Malformed multipart/form-data upload crashes Webwasher (78722)

o Media Type Detector: HTML file detected as text/xml (78708)

o Media Type Detector: WebWasher does not recognize Powerpoint document (78755)

o Centralized Management: Cluster does not synchronize (78591)

o Proxy: Webwasher closes connection even though it sends "Proxy-Connection: keep-alive" (78889)

o Anti Malware: Settings are active though not licensed (78896)

o Unable to download large .exe file (78856)

o Proxy: Change FTP Command Filter for partial downloads when "REST 0 (78817)

o Proxy: Problem if 2 authentication methods are configured for FTP proxy(78660)

o Anti Spam: Mail Footer modifies Outlook Calendar entries (77238)

o Authentication: LDAP login prompt freezes after entering the credentials (78803)

o URL Filter: Faulting module sfcontrol.dll (78655, 78927, 78652)

o Central Management: Radius "Shared Secret" breaks on site (78824)

o Reporting: Log file structure set back to default for site instances (78883, 78829)


Bugs Fixed

o Linux vulnerability fixed (78837)

o Authentication: LDAP login prompt freezes after entering the credentials (78803)


Bugs Fixed

o Proxy: Illegally closing connection breaks web server NTLM authentication (78742)


New and Improved

o Reporting: Feedback generation without certain logs (78519)

o Reporting: Sort logfiles alphabetically (76663)

o OS sanity check for restore function (78468)

o Ad-aware updates through webwasher fail (78492)

Bugs Fixed

o Generic Body Filter: UI has problems with specific chars(78490)

o SSL Scanner: CN mismatch if CN is in unicode (78534)

o Proxy: Server authentication problem if authentication canceled (78480)

o Proactive: Update is greyed out if AV but not AntiMalware is licensed (78532)

o Problem with parameters in URL redirect custom action (78375)

o Reporting: %BR field not working for syslog action (78565)

o Reporting: Corrupted log file structure definition (76449, 78357, 78538)

o Web Reputation: Whitelist entry for sun.com does not work (78564)

o Whitelist: Not working for office documents and form data (78315)

o Authentication: Issues when admin account uses RADIUS authentication (78645)

o Authentication: Allow Internet access when auth server is down" does not work (78557)

o Document Inspector: Thread needs 79% CPUand webwasher is not responding (78649)

o Document Inspector: Endless loop in corrupted Excel document (78592)

o Anti Malware: Problems with Sophos engine (78550, 78540, 78513)

o Upload Filter: Crash under special circumstances (78606)


Bugs Fixed

o GUI: Not possible to use full stops in administartor names (77331)

o LDAP: Problems with support for "Umlaute" (78537)


Bugs Fixed

o Anti Spam: Memory leak during update (78453, 78357)

o Anti Spam: Webwasher crashes if there are no spamfingerprint*.dat files (78525)

o LDAP: Problems with "Umlaut" (78461)


New and Improved

o Logging: write update log information also to syslog (78351)

o GUI: hit rate displayed in "webwasher" dashboard (78348)

o Transparent IP based authentication with eDirectory

o Secure Admin Shell: Add function to reload policy (78159)

Bugs Fixed

o If custom hostname is used, ports are not added (78399)

o Action for known CAs not executed (78402)

o Content-Length Header not updated upon POST body modification (78344)

o Wrong helpfile for mail footer (78397)

o Broken files cached when bigger download is canceled (78172)

o Java application not working via Webwasher (78366)

o SSL Scanner: problems with time server certificate (78373)

o Cannot add proxy ports in Windows (78361)

o Media Type mismatch on 302 redirect (78320)

o Logging: writing garbage into access log (78289)

o Problem white listing embedded objects (78324)

o Fixed crashing bug (78325)

o "Send to Support" not working when HTTP GUI disabled (76433)

o Malformed executable causes a crash in PEParser (78391)

o Proactive Scanning: Scrambled letters on some multi-byte character set web pages (78129, 78090)

o Deleting email from digest web interface doesn't move it to trash queue (78318)

o Problems with more than one Content-length header (78352)

o Documentinspector: Deadlocks / Crashes on Windows (77995, 78003, 78161, 78274)

o GUI response slow or doesnt work (78425, 78439)

o Anti Spam: wrong Mailshell results if online query fails (78000)


New and Improved

o Possibility to whitelist web reputation filter

o Possibility to whitelist media type adaptation (fixes: 78277, 78257, 78291)

o Dashboard: New tab "Webwasher" (77463)

o Actions: New option to set HTTP status code

o Add settings to adapt to thread/connection usage in a URL Filter only deployment

Bugs Fixed

o Web reputation and enabled cache break streaming (e.g. youtube) (78262)

o Document Inspector: Malformed Word document causes crash (78255)

o Centralized Mmgt: routing rules not sync'd completely (77932)

o Logging: Webwasher looses or forgets log lines (78170)

o Map does not load (78184)

o Anti Spam: TrustedSource ratings too high (78271)

o Anti Spam: Mail Footer modifies Outlook Calendar entries (77238)

o Progress Pages for HTTPS requests: Links to embedded objects are http (78278)

o Dashboard: Corrupt display when lists contain very long URLs (78163)

o Web Cache: problems when setup as transparent proxy (78340, 78296)


New and Improved

o Own "DNS Cache" implementation

o Radius Authentication

o Support for scanning of large files (> 2GB) (only Appliance, Deb4.0 and RHEL 4 )

o Additional SmartFilter options (CGI parameters, categorizing embedded URLs, categorization of a search engine requests by keywords)

o SmartFilter SDK 4.3.1.02

o Generic Body Filter on Raw POST bodies (78034)

o Integrated authentication with vista against UserDB (77981)

Bugs Fixed

o Incremental update of the URL Filter doesn't work (78253)

o Connection to NTLM Agent are closed too often (77926)

o Cluster: Problems in Master/Submaster configuration (77905)

o Archiver: *.ram attachment in email is blocked by "Magic Byte Mismatch" (77965)

o SMTP Gateway: Multiple recipient mail gets released/deleted for all recipients over Digest Interface (77976)

o Progress Page: The Browser save dialog presents wrong name of PDF files (77992)

o SMTP Gateway: eMail crashing Webwasher 6.5.3 (78022)

o Authentication Pop-Up doesn't show up through Webwasher (75951, 76988)

o SSL Scanner: CERTVERIFY error with www.viqtest.com (endless loop) (77889)

o NTLM-Agent: Crash on shutdown (78014)

o NTLM Agent: timeout issue (78087)

o Proxy does not log auth_user when using transparent authentication (78197)

o New media type application/xml (78199)

o NTLM Agent: timeout issue (78087)

o ldap libraries not installed with webwasher debian 4.0 package (78082)

o Problem with libxml2 under solaris (78038)

o Clean up obsolete lib dependencies under solaris 10 (78032)

o Stream not passing webwasher (78115)

6.5.3 build 2760 : Part Number 91-0947174-A--------------------------------------------

New and Improved

o Roles: Support delegated creation of new admin accounts

o Secure Admin Shell: interface to User Database (77817)

o Cluster: possible to make Web / E-Mail mapping private

o GUI: Added "Add Domain Name to Group Name" box on policy mapping rules page (77835)

o Improved performance for download of pages with numerous objects via IE

o GUI function to various Url Filter features added (77788)

o Media Type Filter: Added Media Type application/xhtml+xml to Media Type Catalogue (77743)

o URL Filter: Enhanced mapping of Unicode URL parameters to Basic Access Control Filter list

o Language Packs: Support for error message templates in Korean, Portuguese, Chinese, Spanish, Italian

o Support for Debian 4.0

Bugs Fixed

o Dashboard: Empty Anti Malware Quick Snapshot (77907)

o Roles for manipulating WW UserDB (77844)

o Roles: Second administrator is not able to apply certain settings (77733)

o Roles: Way to bypass read only queue access (77837)

o Document Inspector: Detection of embedded excel files (77823)

o Embedded Object Filter: reason written for mail blocked by embedded scripts filter (77673, 76702)

o HTTP(S) Proxies: RFC compliance for Via header (77867)

o Document Inspector: Endless loop for certain PDF files (77849)

o WW stops parsing HTTP headers when a header starts with "--" (77816)

o Prefix Filter: Webwasher freezes due to hanging threads (77863)

o GUI: Correct handling of list entries with blank fields (77762)

o ProActive Scanning:: allow actions with comma in name (77732)

o Embedded Scripts Filter: Scripts with Language="JavaScript1.1" are not regognized as JavaScript (77740)

o Logging: Invalid category entry in access.log for certain data (77748)

o Logging: Log file push can lead to never ending timed action (77815)

o Logging: Tab not working as delimiter in logfile definition (77834)

o Archiver: Content Type does not match only when file is zipped (77806)

o Policy Mapping: Usermapping applies to Username and Domainname (77808)

o URL Filter updates with Anti Spam only license fail (77783)

o URL Filter: volume quota not counted (77819)

o URL Filter: Block during work hours does not work (77758)

o exiting WW during update of Smartfilter results in hanging WW (77957)

o Rare crash (77683)

o UTF 16 encoded xml file not detected correctly (77795)

o Anti Spam: Own Hostname broken for End user Requests (77821)

o Java Application does not work over WebWasher with authentication (74390)

o Feedback Script: strange problem with feedback.cmd (75662)


New and Improved

o Improve next proxy handling with HTTP 1.0 next-hop proxies (77674)

o SmartFilter SDK 4.3.02

o Logging: Support logging of filter engine information in proxy log file (includes all custom parameters and filter results) (77720)

o Updated Default Settings in clean installations to enhance out-of the box security policy while being compliant to common data

protection requirements

o RBL check for intermediate mail server not working (77193)

Bugs Fixed

o Centralized Mmgt: Reboot in cluster not working (77355)

o Centralized Mmgt: Inconsequent behaviour of centralized update (77678)

o ShellExpression Error (77193)

o URL Filter: Inappropriate Category Scheme notification (77672)

o Dashboard: System alerts are not correct (77707)

o Progress Page: Force Invalid Proxy Request notification (77702)

o FTP Proxy: Multi-line FTP replies through proxy (77679)

o Archiver: AES-encrypted Zip-archive was detected as corrupted (76880)

o Archiver: Incomplete detection of spanned zip archive (77715)

o high values in dashboard - Network Utilization (77603)

o Bypass streaming media does not work for URLs without extension (77716)


New and Improved

o Centralized Mmgt: site can be configured to periodically request full configuration from master (77261 )

Bugs Fixed

o Centralized Mmgt: Cluster out of sync after changing account password (77312)

o Centralized Mmgt: Exception for Ports in Clusterdistribution (74419)

o progresspage only shows 2Gb (77628)

o UUE encoded file handled incorrectly (77532)

o Dashboard: read-only GUI account is allowed to reset "Quicksnapshot" stats and Live Reports (77561, 77564)

o SMTP Gateway will not be started if HTTP and FTP proxy is disabled (77601)

o SSL Scanner: "Inspect Certificate" produces error when next-hop proxy is TSP, Sidewinder or ISA Server (77505)

o Post request results in 407 Proxy Authentication Required (77472)

o Wrong system alert "Progressive Lockout is used in an action but is not activated yet" (77595)

o HEAD response with content lenght header (77615)

o TimeScheme "Non-working hours" (77653)

o Centralized update: Spamequator update broken on sites (77400)

o Mail Gateway: Plain text mails are getting blocked (77625, 77620)

o Mail Gateway: Mails with content type message/delivery-status not recognized (77620)

o Generic Header Filter: Could not be used to detect missing header (77652)


New and Improved

o GUI: Dashboard and Quick Snapshots

o Initial Streaming media support

o URL Reputation System

o Welcome page

o URL Filter: Adoption of the SmartFilter SDK

o New action "Delay"

o New action "Progressive lock-out"

o New action "Authorized Override"

o Proxy: Allow actions on HTTP/FTP commands and methods

o Proxy: Proxy.pac support

o Proxy: Multiple listener ports per protocol

o Proxy: Allow to substitute IP address in FTP Port command

o Authentication: Support nested Active Directory groups

o Add URL Feedback system for uncategorized URL

o Document Inspector: XML Parser

o Document Inspector: Support Open Document Format

o Document Inspector: Support Microsoft Office Open XML

o Document Inspector: Support SOAP

o Logging: more information on actions in audit.log

Bugs Fixed

o Webwasher looses configuration (76494)

o Embedded Scripts: Executable script content was not stripped out of emails and web pages if nested <script> tags were used (77373)

o Crash with termsignal 11 (77159, 77310)

o missing session information in incident manager (77482)

o Crash because of special cab file (77452)

o Setting (Enduser) User Interface Port to 80 does not work (77445)

o Small pdf blocked by Webwasher with error File is Larger Than 2 GB (77410)

o Released mail does not go through release policy (77397)

o Multiple recipient spam emails do not get released properly (77396)

o no values for spam_res+spam_level in smtpfilter.log (77053)

o URI in Service Name List gets truncated when ending in any combination of 0 & 1s (77210)

o Centralized updates seems to avoid spamequator update on sites (77400)

o Policy mapping via IP Mapping based on X-Client-IP (77556)

o Mp3 media type detection false positives (77520)


Bugs Fixed

o Setting (Enduser) User Interface Port to 80 does not work (77445)


Bugs Fixed

o sporadic crashes when SSLScanner not licensed (77129,77134,77243,77270,77273)

o Handling of encapsulated postscripts (77327)


New and Improved

o Detect malformed MIME parts in text attachments


New and Improved

o Next Hop Proxy handling

o GUI improvements

o New ssl libs, fixes CVE-2006-2937 and CVE-2006-2940

o Read-only admin can now change his own pwd (76863)

o Support to bind End User Port to port 443 (77058)

o Progress Pages resize window if a download popup to small

o Enhance Progress Page to work with Internet Explorer 7

Bugs Fixed

o Quotas not synced in cluster (76972)

o Fixed NTLM authentication at a webserver (76988)

o Wrong status code 500 instead of 502/504 if server can't be reached (76976)

o SSL Scanner: Rare crashes with Progress Pages (76931)

o IFP Server implementation more robust (77007)

o SMTP Gateway: A malformed mail contained an attachment of type message/rfc822 that had a sinle section of type message/rfc822 that had a single section of type message/rfc822 4771 times causes a crash (77017)

o GUI: Secure/Unsecure mix of images in internal request and error messages (77040)

o GUI: limited administrator role not correct (77173)

o SSL-Scanner: SSL handshake fails on server with pkcs1 padding error (76057)

o Fixed "Use other host or URL" on Queue View (77051)

o URL Filter: Filter by Expression list looses it's settings (77065)

o Links in Overal Summary Reports lead to empty Policy Reports (77066)

o Smtp Gateway: Digest buttons show sometimes wrong deposited URL's (77063)

o Crash if embedded object is referenced by a large URL > 1023 with whitelisted Mediatype Filter (77064)

o Next Proxy settings not reachable when Next Proxies down (77078)

o Un-justified System Alert on Site when using "Centralized Update" (77080)

o Improved stability under Solaris 10

o

6.0 build 2455 : Part Number 91-0946256-A------------------------------------------

New and Improved

o New product Anti Malware including Secure Anti-Malware engine

o User Database added to support authentication without need of external directory services

o User Database: Allow new users to add themselves if they can authenticate at the LDAP Server

o Support transparent authentication with internal challenge/response method, basic authentication, basic authentication over SSL or login page (76081)

o Support of the Internet Filtering Protocol IFP

o Proactive: Enhanced heuristic for Windows executables

o Proactive: Execution Path Disassembler (PE parser)

o Proactive: Identify client computers that may have Potentially Unwanted Programs (PUP) installed

o Proactive: Enhanced VB and Java Script detection

o Proactive: Split rules set for JavaApplets and Java Application

o Proactive: Special rules for Trusted Sites to avoid false positives (75932)

o Proactive: Script engine for special rules (e.g. jpeg, WMF vulnerability)

o Anti Spam: Fingerprinting of mails to avoid misclassification

o Anti Spam: Automatic whitelisting of sender information (74376)

o Anti Spam: Automatic whitelisting on release from Spam Queue (74780)

o Anti Spam: More MailShell options in GUI

o Anti Spam: On site training of MailShell filter by customer spam and ham messages

o Anti Spam: Support of TrustedSource as new Spam method

o Mail Gateway: Support of TrustedSource in the SMTP dialog to

reject mail directly

o Mail Gateway: Centralized queue management (e.g. replication/fallback)

o Mail Gateway: Centralized queue view in cluster

o Mail Gateway: Resend Digest

o Mail Gateway: TLS Support for SMTP

o Mail Gateway: Address mapping for sender and recipients in incoming and outgoing mails

o Message Filter: Offer filter action "Remove Attachments"

o Message Filter: Enhanced Phishing Filter

o GUI: Redesigned for improved usability

o GUI: Ajax support for realtime values (e.g. Life Reports, update status, statistics)

o GUI: Sessions support with automatic logout (73948)

o GUI: Audit logging to track configuration changes

o GUI: Click history for smarter GUI navigation

o GUI: Import/Export for error templates

o GUI: Alert when leaving a page without "Apply Changes"

o GUI: Improved list views

o GUI: Optional display of Web and/or Mail settings

o Cluster: Synchronization of Quota data (74977)

o Queue based feedback system for Spam and Malware

o Content Security: Improved detection of unknown embedded scripts (75515)

o Own port for end user operations like Digest or password changes in User Database (74782)

o Proxies: Failover and routing rules for all parent proxies

o Proxies: Individual authentication processes for each proxy (76343)

o Secure Administration Shell: Different public key for every admin (76342)

o Archive Handler: Can be switched off (76344)

o Distributed Updates for all subscription based data in cluster (74515,76040)

o Increased granularity in White List for Content Security filters (76396)

Bugs Fixed

o Crashes with termsignal 6 and 11 in CHTTPSConnection (76281)

o Archive Handler: Email attachment is filtered from Archive Handler Web section (76316)

o Archive Handler: Zip Files perilously detected as corrupted Archive (76391)

o Logging: "spam-res" and "spam-level" print mail subject in custom log file (76418)

o Password containing "Umlauts" do not work - No Access (76428)

o Document Inspector: Encrypted PowerPoint documents are treated as simple OLE2 Structured Storage files (76476)

o ProActive: damages PDF file (76567)

o Error message with wrong language (76613)

o smtp helo displays tailing ";" on the helo name (76652)

o Progress Page: download of big files named with blanks (76740)

web gateway 6.9 build 10927 release notes

Documents