Vous êtes sur la page 1sur 27

McAfee ® Email and Web Security Appliance 5.5p2

Release Notes for McAfee ® Email and Web Security Appliance Version 5.5 Patch 5.5p2 Copyright © 2010 McAfee, Inc. All Rights Reserved

About this release

Thank you for using our software. This file contains important information about this release. We strongly recommend that you read the entire document.

About this release Purpose Rating Superseded releases Actions on installation Resolved issues Vulnerabilities (total: 5, new: 5) High severity issues (total: 2, new: 1) Medium severity issues (total: 48, new: 23) Low severity issues (total: 57, new: 29) Issues list External components installed by this package Files included with this release Additional information Installation Installation requirements Installation steps After installation Removing this release Notices Copyright Trademark attributions License information License Agreement

Purpose

This release addresses the issues shown in the Resolved issues section below.

Rating

This release addresses critical issues. McAfee strongly recommends implementing this release

at your earliest opportunity.

Severity of issues listed below is based on these definitions:

High

a critical issue which should be addressed as soon as possible, if necessary outside a

planned maintenance schedule.

Medium an issue which should be addressed at the earliest opportunity, normally as part of a planned maintenance schedule.

Low

a non-critical issue, advisable to address as part of planned maintenance.

Superseded releases

This release incorporates and supersedes the following earlier releases:

Hotfix 5.5h533027

Patch 5.5p1

Hotfix 5.5h541662

Actions on installation

At the end of the installation process the following actions will occur automatically:

The user interface will log off.

The appliance will reboot.

Resolved issues

Vulnerabilities (total: 5, new: 5)

Vulnerabilities newly addressed in this release:

f_561506, f_567880, f_567970, f_567972, f_568269

High severity issues (total: 2, new: 1)

High severity issues newly addressed in this release:

f_561506

High severity fixes included from previous releases:

f_537018

Medium severity issues (total: 48, new: 23)

Medium severity issues newly addressed in this release:

f_526662, f_540946, f_546854, f_549755, f_549978, f_552155, f_552640, f_553722, f_554175, f_555298, f_557035, f_557358, f_557632, f_558083, f_558328, f_558331, f_559825, f_560814, f_566370, f_566595, f_568276, f_569141, f_571787 Medium severity fixes included from previous releases:

f_541662, f_561204, f_525833, f_530304, f_530306, f_530324, f_530354, f_531993, f_536024, f_536671, f_537244, f_539754, f_541313, f_541663, f_542190, f_543863, f_543885, f_545738, f_547237, f_547518, f_547875, f_548167, f_548478, f_549905,

f_536141

Low severity issues (total: 57, new: 29)

Low severity issues newly addressed in this release:

f_532696, f_533804, f_546468, f_548882, f_551817, f_552666, f_552669, f_555091, f_555498, f_555607, f_555615, f_555777, f_557883, f_560039, f_560334, f_560370, f_561508, f_563744, f_564048, f_564894, f_567389, f_567593, f_567880, f_567883, f_567970, f_567972, f_568269, f_572028, f_572378 Low severity fixes included from previous releases:

f_526067, f_530309, f_530318, f_530339, f_530345, f_530347, f_530349, f_530825, f_533470, f_535623, f_537800, f_540332, f_541363, f_543862, f_543865, f_543872, f_543873, f_543875, f_543880, f_543881, f_543882, f_546882, f_547487, f_548166, f_548171, f_548418, f_548572, f_533027

Issues list

Feature f_561506

Description:

ISSUE: Vulnerability CVE-2010-0740 was reported in the openssl used on the appliance. RESOLUTION: The openssl package has been updated to address the problem. Please refer to KnowledgeBase article KB68695 for more information.

Severity: High

Feature f_537018

Description:

ISSUE: Email that contained encrypted or password-protected attachments was being incorrectly blocked, because the policy settings were not taking effect. RESOLUTION: The appliance is now correctly applying the policy settings, and allows encrypted and password-protected attachments through, when configured to do so. Please refer to KnowledgeBase article KB67824 for more information.

Previously addressed by 5.5p1.

Severity: High

Feature f_526662

Description:

ISSUE: It is possible to run both McAfee Web Gateway and McAfee Email Gateway in a blade environment. The management blade was not showing the McAfee Web Gateway component information which is available on the scanning blades. RESOLUTION: The management blade has been updated to show the McAfee Web Gateway information. Please refer to KnowledgeBase article KB67946 for more information.

Severity: Medium

Feature f_540946

Description:

ISSUE: Recipient authentication can be enabled against external LDAP databases. It is possible to synchronize the external database onto the appliance, however occasionally a timing error caused the appliance database to be in an incorrect state and the synchronisation failed with a '-7' error message. RESOLUTION: The LDAP synchronization application has been updated to obtain the correct data. Please refer to KnowledgeBase article KB67896 for more information.

Severity: Medium

Feature f_546854

Description:

ISSUE: The user interface allows you to configure SMTP relays to be used when an email matches a policy. There was an issue with the user interface that automatically selected the 'Default Relays' when you edited the settings, but did

not explicitly change the selected relay from 'None'. This resulted in emails matching the selected policy being incorrectly routed or queued with the error '442 no delivery mechanism available'. RESOLUTION: The User Interface has been corrected to adhere to the user's selection. Please refer to KnowledgeBase article KB68868 for more information.

Severity: Medium

Feature f_549755

Description:

ISSUE: The appliance logs events to an internal database. The database is automatically maintained based on the number and age of events. This could take several hours and cause delays in reporting. RESOLUTION: The automatic database maintenance task has been split into optimized sub-tasks. Please refer to KnowledgeBase article KB68881 for more information.

Severity: Medium

Feature f_549978

Description:

ISSUE: The User Interface allows configuration from one appliance to be pushed to one or more remote appliances. Settings specific to the remote appliance, like network settings, should not be pushed. The OSPF settings were incorrectly overwritten on the remote appliance. RESOLUTION: The configuration push functionality has been updated to handle OSPF settings correctly. Please refer to KnowledgeBase article KB68296 for more information.

Severity: Medium

Feature f_552155

Description:

ISSUE: The appliance allows the user to block email senders. However the sender list was incorrectly validated in the user interface, resulting in the number of senders being limited to 50. RESOLUTION: The user interface validation logic has been corrected, now users will be able to add more than 50 senders to the blocked senders list. Please refer to KnowledgeBase article KB68867 for more information.

Severity: Medium

Feature f_552640

Description:

ISSUE: With Bounce Address Tag Validation enabled on the appliance, a tagged SMTP sender address (for example, prvs=0249bac0de=a@b.c) was incorrectly rejected with a "501 Syntax error - Badly formatted address" response, due to an erroneous regular expression check. RESOLUTION: The regular expression check on the sender address causing the issue has now been corrected. Please refer to KnowledgeBase article KB68332 for more information.

Severity: Medium

Feature f_553722

Description:

ISSUE: The appliance offers the ability to send Quarantine Digest messages to end users, allowing them to manage their quarantined emails. If the quaratined emails contained non-ASCII characters in their subject lines then these were incorrectly displayed in the digest message. RESOLUTION: The digest message has been updated to correctly display non- ASCII subject lines. Please refer to KnowledgeBase article KB68405 for more information.

Severity: Medium

Feature f_554175

Description:

ISSUE: In some unusual cases the process which invokes the McAfee Agent to do anti-virus updates could become unresponsive, creating an excessive CPU load and preventing further updates until the appliance was rebooted. This was due to an error in freeing resources within the process which calls the McAfee Agent. RESOLUTION: The process that calls the McAfee Agent has been updated to prevent the error occurring. Please refer to KnowledgeBase article KB68354 for more information.

Severity: Medium

Feature f_555298

Description:

ISSUE: When scanning an Email, the appliance offers a preferred transfer encoding for text in the Advanced section of Content handling in SMTP policies. The option to "do not encode if the text is already 7-bit" checkbox was not being saved correctly. RESOLUTION: The option is now correctly saved. Please refer to KnowledgeBase article KB68394 for more information.

Severity: Medium

Feature f_557035

Description:

ISSUE: SCM 4.5 offers the ability to export Rule Groups. EWS 5.1 and later offers the ability to import these exported Rule Groups into the Dictionary section of the user interface. Due to incorrect validation certain customer created Rule Groups could not be imported through the user interface. RESOLUTION: The dictionary import validation has been updated to handle the problematic Rule Groups. Please refer to KnowledgeBase article KB68539 for more information.

Severity: Medium

Feature f_557358

Description:

ISSUE: The appliance offers the ability to coach URL categories. The HTTP proxy was intermittently logging abort signals in the system logs. This was caused by incorrect handling of multi-byte characters in conjunction with coaching. A symptom of this was high CPU and memory usage. RESOLUTION: The HTTP proxy has been updated to handle multi-byte characters without aborting. Please refer to KnowledgeBase article KB68248 for more information.

Severity: Medium

Feature f_557632

Description:

ISSUE: It is possible to block spam senders using SPF. When SPF was used with greylisting, certain sender email addresses could cause a segmentation fault in the GLS proxy. RESOLUTION: The underlying SPF library has now been updated to handle all email addresses correctly. Please refer to KnowledgeBase article KB68616 for more information.

Severity: Medium

Feature f_558083

Description:

ISSUE: The appliance swap space consumption was not being monitored and some proxies were incorrectly using too much memory. This could cause an unscheduled

reboot. RESOLUTION: The appliance now has the ability to monitor and take action on low swap space by gracefully restarting proxies. Please refer to KnowledgeBase article KB68683 for more information.

Severity: Medium

Feature f_558328

Description:

ISSUE: The user interface allows the administrator to add terms to a dictionary. Due to a validation error, it was not possible to use the asterisk wildcard. RESOLUTION: The user interface has been updated to support the asterisk wildcard. Please refer to KnowledgeBase article KB68612 for more information.

Severity: Medium

Feature f_558331

Description:

ISSUE: The McAfee Agent is used to update the anti-virus engine and DATs. It is possible for the McAfee Agent to fail permanently resulting in failed updates until the appliance is rebooted. RESOLUTION: A resiliency monitor now watches the state of the McAfee Agent updater. If the updater has failed, the monitor will terminate the process and perform an update directly from the FTP site. Please refer to KnowledgeBase article KB68605 for more information.

Severity: Medium

Feature f_559825

Description:

ISSUE: The user interface allows configuration from one appliance to be pushed to one or more remote appliances. Large lists were taking a long time to process and could cause configuration push failure, with the error "Migration configuration failed" being displayed. RESOLUTION: The configuration push functionality has been updated to handle large lists correctly. Please refer to KnowledgeBase article KB68755 for more information.

Severity: Medium

Feature f_560814

Description:

ISSUE: It is possible to do an ISO install of the appliance software over DRAC4. This was failing due to the kernel modules not being automatically loaded. RESOLUTION: The kernel modules are now automatically loaded. Please refer to KnowledgeBase article KB68840 for more information.

Severity: Medium

Feature f_566370

Description:

ISSUE: The appliance offers the ability to add a disclaimer to each email passing through it. A multi-line disclaimer was incorrectly being added on one line. RESOLUTION: The user interface has been updated to correctly parse the disclaimer text including newlines. Please refer to KnowledgeBase article KB68969 for more information.

Severity: Medium

Feature f_566595

Description:

ISSUE: The appliance allows the user to scan the content of text within different file types. Certain PDF files were causing the SMTP proxy to segmentation fault in the third party content extraction library.

RESOLUTION: The underlying content extraction library has now been updated. Please refer to KnowledgeBase article KB68750 for more information.

Severity: Medium

Feature f_568276

Description:

ISSUE: The appliance offers the ability to keep a connection active by sending HTTP keep-alives. The HTTP proxy was incorrectly refusing CONNECT requests using an existing connection resulting in download failures. RESOLUTION: The HTTP proxy has been updated to handle keep-alives correctly. Please refer to KnowledgeBase article KB68804 for more information.

Severity: Medium

Feature f_569141

Description:

ISSUE: If the appliance was connected between two networks in proxy mode then it incorrectly sent the server side interface's IP address to the client in response to the FTP PASV command resulting in a data connection failure. RESOLUTION: The appliance has been updated to send the client side interface's IP address in response to the client FTP PASV command. Please refer to KnowledgeBase article KB68877 for more information.

Severity: Medium

Feature f_571787

Description:

ISSUE: The appliance can set policy based on users in Directory Services (for example Active Directory). When setting up a Domino server, it was not possible to leave the base Domain Name (DN) empty in the wizard. RESOLUTION: When configuring a Domino server it is now possible to leave the base DN field blank. Please refer to KnowledgeBase article KB69028 for more information.

Severity: Medium

Feature f_541662

Description:

ISSUE: The standard format for syslog messages the appliance generates does not include all fields consistently in all messages and so is not easily handled by some analysis products. RESOLUTION: An optional enhanced format has been added for TCP syslog to facilitate integration with 3rd party products. The optional format of virus, spam, content and status have been made consistent across all protocols and events for syslog. Please refer to KnowledgeBase article KB69024 for more information.

Previously addressed by 5.5h541662.

Severity: Medium

Feature f_561204

Description:

ISSUE: The appliance setup wizard allows the user to import a previously saved configuration. In some cases, due to incorrect validation of the imported configuration, an error occurred and the setup wizard could not be completed. RESOLUTION: The validation has now been fixed. Please refer to KnowledgeBase article KB68740 for more information.

Previously addressed by 5.5h541662.

Severity: Medium

Feature f_525833

Description:

ISSUE: It is possible to update the appliance's anti-virus DATs and engine from an

ePO repository. The McAfee Agent that performs the update was unable to update DATs from an ePO repository when the repository did not contain a valid anti-virus engine. The workaround was to load the latest anti-virus Engine into the ePO repository, allowing the McAfee Agent on the appliance to successfully update the DATs. RESOLUTION: The McAfee Agent on the appliance has been upgraded to update the anti-virus DATs whether or not the ePO repository contains an anti-virus engine. Please refer to KnowledgeBase article KB67372 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_530304

Description:

ISSUE: The appliance offers the ability to choose a fibre or copper LAN interface via the user interface under Network settings. Due to incorrect identification of the hardware, this user interface property was not displayed. RESOLUTION: The scripts to determine the hardware type have been changed to correctly identify all platform types. Please refer to KnowledgeBase article KB67349 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_530306

Description:

ISSUE: The appliance allows users to access FTP URI's. If the URI contained a special character, then the access would fail. RESOLUTION: The URI's are now held using hex encoding for special characters. Please refer to KnowledgeBase article KB67276 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_530324

Description:

ISSUE: The appliance can report to syslog. In transparent bridge mode, the mail size was always logged as '0' in the syslog report. RESOLUTION: The mail size is now stored correctly and output to the syslog report. Please refer to KnowledgeBase article KB67331 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_530354

Description:

ISSUE: The appliance can block emails due to Denied Routing characters in the email addresses. These were not reported in the dashboard or the scheduled reports. RESOLUTION: The dashboard and scheduled reports have been updated to include the emails blocked by denied routing characters. Please refer to KnowledgeBase article KB67397 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_531993

Description:

ISSUE: On the blade systems when default routes were modified, it caused a full restart. RESOLUTION: The configuration scripts have now been updated to handle default

routes correctly without a full restart. Please refer to KnowledgeBase article KB67839 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_536024

Description:

ISSUE: In proxy mode, the appliance can redirect and perform URL lookups on HTTPS requests. When a custom port was specified in the URL, the appliance incorrectly directed the request to the default port. RESOLUTION: This was due to incorrect parsing of the URL, which has now been updated to correctly obtain the custom port. Please refer to KnowledgeBase article KB67628 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_536671

Description:

ISSUE: On blade systems after some time many counters on the dashboard could stop updating. RESOLUTION: The issue is now resolved Please refer to KnowledgeBase article KB67258 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_537244

Description:

ISSUE: The appliance can be configured to 'coach' the user when accessing certain sites. When URL coaching was enabled, the body of a HTTP POST request was incorrectly replaced. As a result, the user occasionally saw a Gateway Timeout error page. RESOLUTION: The HTTP proxy has been updated to correctly handle HTTP POST requests when used with URL coaching. Please refer to KnowledgeBase article KB67945 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_539754

Description:

ISSUE: When processing an HTTP POST using x-www-form-urlencoded data (as when a user submits a web form) the proxy could become unresponsive if the data was malformed (specifically if it had an incomplete % hex encoded character sequence). If such events were repeated, many unresponsive proxy processes could accumulate, consuming memory and reducing throughput. RESOLUTION: Incorrect % hex sequences in urlencoded data (such as "%3q" and a terminal "%f") are now treated as literal strings and processing continues as usual. Please refer to KnowledgeBase article KB67895 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_541313

Description:

ISSUE: One appliance can be used to manage other appliances by pushing its configuration to a list of others. If a configuration push to one of the others failed, the failure was logged and the configuration push was stopped for all remaining appliances in the list. RESOLUTION: The configuration push has been enhanced to attempt to push to all

appliances in the list. All errors are reported on completion, and any failed appliances will remain selected. Please refer to KnowledgeBase article KB67925 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_541663

Description:

ISSUE: One appliance can be used to manage other appliances by pushing its configuration to a series of other appliances. Pushing configuration between different hardware platforms would result in the remote appliance doing a full level restart. RESOLUTION: The restart was caused by platform specific network settings, which have now been removed from the configuration push. Please refer to KnowledgeBase article KB67924 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_542190

Description:

ISSUE: For an appliance managed using a USB Out of Band Management (OOB) interface coupled with SNMP monitoring, the data supplied by SNMP was intermittent. RESOLUTION: The intermittent data was caused by the SNMP agent hanging when it queried the network status of the USB network device. This was due to an issue in the pegasus driver. The SNMP agent has been updated so that it does not query the USB network device status. Please refer to KnowledgeBase article KB67646 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_543863

Description:

ISSUE: For reporting purposes, it is possible to define a policy as either 'Inbound' or 'Outbound'. If a policy matched on the sender's email address, the report incorrectly showed all email as 'Inbound' regardless of the policy definition. RESOLUTION: The reporting has now been corrected to report the user defined direction of 'Inbound' or 'Outbound'. Please refer to KnowledgeBase article KB67483 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_543885

Description:

ISSUE: When a file contained protected or encrypted content that could not be scanned, the syslog message would erroneously report that the file was removed. RESOLUTION: Syslog messages now report the events correctly. Please refer to KnowledgeBase article KB67823 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_545738

Description:

ISSUE: The appliance allows you to create sub policies for email scanning. Whilst creating policies, you can choose to match one or all of the conditions. The user interface incorrectly prevented you from adding a policy set to match all conditions with more than one email group. RESOLUTION: The user interface has been updated to allow creation of policies

matching all conditions with more than one email group. Please refer to KnowledgeBase article KB68064 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_547237

Description:

ISSUE: The appliance may be configured to perform recipient lookups against remote servers using LDAP. The mail flow was interrupted if the appliance was configured to perform recipient lookups but no LDAP servers were configured. RESOLUTION: The SMTP proxy has been updated to not perform a recipient lookup if no LDAP servers are configured. Please refer to KnowledgeBase article KB68253 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_547518

Description:

ISSUE: The appliance offers the ability to send and receive Email over TLS. When an appliance in proxy mode was configured to use TLS "always", the TLS negotiation failed. The workaround was to configure the appliance to have TLS connections set to "when available". RESOLUTION: The SMTP proxy has been updated to negotiate the TLS connection correctly. Please refer to KnowledgeBase article KB68077 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_547875

Description:

ISSUE: The appliance allows for TrustedSource checks on email to be controlled by policy. If TrustedSource checks were enabled in the default policy and disabled in a sub-policy, email that matched the sub-policy was occasionally still checked with TrustedSource and blocked incorrectly. RESOLUTION: Policy resolution within the SMTP proxy has been updated to ensure that TrustedSource checks are made only if the feature is enabled in the policy that the email matches. Please refer to KnowledgeBase article KB68137 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_548167

Description:

ISSUE: The policy presets in the appliance can be based on different attributes. An issue with the user interface prevented the requested URL or URL group from being selected as an HTTP preset criterion. RESOLUTION: The user interface has been updated to allow the requested URL and URL group to be used as a selection criteria for HTTP protocol presets. Please refer to KnowledgeBase article KB68169 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_548478

Description:

ISSUE: It is possible to export the email addresses in the recipient check list to a file. If this list was in a protocol preset, the exported file was empty. RESOLUTION: The exported file has now been updated to contain both the default and protocol preset lists.

Please refer to KnowledgeBase article KB68155 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_549905

Description:

ISSUE: Occasionally the appliance truncated a legitimate email, due to a buffer- handling error in the SMTP proxy. This happened only at an end of line within a message, occurring on a multiple of 74 lines and a multiple of 256Kbytes into the email message. RESOLUTION: The proxy code has been corrected, and email will not be truncated. Please refer to KnowledgeBase article KB68188 for more information.

Previously addressed by 5.5p1.

Severity: Medium

Feature f_536141

Description:

ISSUE: When Enhanced URL filtering was enabled the /wk disk partition filled up over time because temporary update files were not removed after use. RESOLUTION: The temporary files are now correctly managed. Please refer to KnowledgeBase article KB67726 for more information.

Previously addressed by 5.5h533027, 5.5p1.

Severity: Medium

Feature f_532696

Description:

ISSUE: Incorrect translation in Japanese for Bounce Address Tag Verification (BATV) Signature Seed RESOLUTION: Translation corrected. Please refer to KnowledgeBase article KB68399 for more information.

Severity: Low

Feature f_533804

Description:

ISSUE: Incorrect translation in Japanese of TrustedSource RESOLUTION: Translation corrected. Please refer to KnowledgeBase article KB68886 for more information.

Severity: Low

Feature f_546468

Description:

ISSUE: Trying to mount the CD-ROM from the appliance console returned errors due to the necessary kernel modules not being loaded. RESOLUTION: Each appliance platform now includes all of the necessary kernel modules to mount the primary CD-ROM. Please refer to KnowledgeBase article KB68050 for more information.

Severity: Low

Feature f_548882

Description:

ISSUE: The appliance supports MQM for off-box quarantine. Users and administrators can set blacklists and whitelists on MQM for anti-spam scanning. The blacklists and whitelists were being triggered intermittently. A workaround was to modify the health monitor settings on the LDAP database. RESOLUTION: The health monitor has been updated to allow previous LDAP services to stop before starting the new service. Please refer to KnowledgeBase article KB68195 for more information.

Severity: Low

Feature f_551817

Description:

ISSUE: On the Email/Web reporting page when rendered with the German locale, the date control within the filter criteria side pane, on the right hand side, was inoperable; because the control extended outside the page boundary. RESOLUTION: The width of the side pane has been increased to accommodate the extra space required for German localisation. This ensures the date control does not extend beyond the boundary of the page, and so makes it accessible. Please refer to KnowledgeBase article KB68395 for more information.

Severity: Low

Feature f_552666

Description:

ISSUE: The appliance offers a Sender Policy Framework (SPF) check as part of the Sender Authentication functionality. The underlying SPF library was incorrectly treating DNS replies in a case sensitive manner, resulting in validation failures. RESOLUTION: The SPF library has been updated to use case insensitive checks. Please refer to KnowledgeBase article KB68257 for more information.

Severity: Low

Feature f_552669

Description:

ISSUE: The appliance offers the ability to configure download status pages for the HTTP and FTP protocols. For FTP over HTTP, the proxy was incorrectly looking for the content length of the file before offering the download status page to the end user. RESOLUTION: The proxy has been updated to provide the download status page regardless of content length. Please refer to KnowledgeBase article KB68290 for more information.

Severity: Low

Feature f_555091

Description:

ISSUE: In the queued email page it was possible to see a mismatch between the reported count of items and the number of items that were actually displayed. This was due to an incorrect database query for multiple recipients. RESOLUTION: The database query has now been updated to handle multiple recipients. Please refer to KnowledgeBase article KB68392 for more information.

Severity: Low

Feature f_555498

Description:

ISSUE: It is possible to block spam using TrustedSource. Occasional segmentation faults occured in the SMTP proxy due to TrustedSource. RESOLUTION: The underlying TrustedSource library has now been updated. Please refer to KnowledgeBase article KB68968 for more information.

Severity: Low

Feature f_555607

Description:

ISSUE: The appliance offers a Sender Policy Framework (SPF) check as part of the Sender Authentication functionality. The underlying SPF library was incorrectly treating DNS replies in a case sensitive manner, resulting in validation failures. RESOLUTION: The SPF library has been updated to use case insensitive checks. Please refer to KnowledgeBase article KB68257 for more information.

Severity: Low

Feature f_555615

Description:

ISSUE: When MQM is used to quarantine items from an EWS appliance with the operational language being Japanese, certain fields in the MQM user interface, like virus name or file name, were garbled. RESOLUTION: An encoding error causing the problem has now been rectified. Please refer to KnowledgeBase article KB67386 for more information.

Severity: Low

Feature f_555777

Description:

ISSUE: The user interface provides checkboxes to control the generation of certain events. Logging configuration for subgroups like anti-virus, anti-spam, and URL- filtering was parsed incorrectly from the configuration files. As a result the corresponding event checkboxes in the user interface were not effective. RESOLUTION: The logging configuration files are now parsed correctly. Please refer to KnowledgeBase article KB68234 for more information.

Severity: Low

Feature f_557883

Description:

ISSUE: The user interface allows the administrator to change the context that the dictionary applies to, for example from 'Everything' to 'Email body'. These changes were not being saved. RESOLUTION: The user interface has been updated and these changes are now correctly saved. Please refer to KnowledgeBase article KB68574 for more information.

Severity: Low

Feature f_560039

Description:

ISSUE: The anti-spam scanner setting in policies allows the user to edit blacklists and whitelists. Certain characters caused the user interface to become uneditable. RESOLUTION: The user interface has been updated to handle all characters. Please refer to KnowledgeBase article KB68617 for more information.

Severity: Low

Feature f_560334

Description:

ISSUE: The user can add content scanning dictionaries with their own custom terms and regular expressions. The user interface was incorrectly permitting scores to be added to complex terms or within dictionaries containing complex terms. This caused such dictionaries to be greyed out. RESOLUTION: The user interface no longer permits scores to be added to complex terms. Please refer to KnowledgeBase article KB68601 for more information.

Severity: Low

Feature f_560370

Description:

ISSUE: The appliance offers the ability to set up directory services. The Email Security Appliance was incorrectly displaying a web authentication warning in the status window, when editing directory services. RESOLUTION: Web authentication checks have been removed from the Email Security Appliance. Please refer to KnowledgeBase article KB68896 for more information.

Severity: Low

Feature f_561508

Description:

ISSUE: Schedule reports contain "Top internal/external recipients/senders of

blocked or monitored emails" activity sections. These incorrectly showed counts for all emails, rather than just those blocked or monitored. RESOLUTION: The report generation has been updated to include only blocked or monitored emails. Please refer to KnowledgeBase article KB68549 for more information.

Severity: Low

Feature f_563744

Description:

ISSUE: Attempting to import multiple self-signed CA certificates in a single file led to errors in the user interface making it appear as though import had failed. RESOLUTION: Importing multiple CA certificates in a single file no longer results in errors in the user interface. In addition, the maximum file size for certificate import has been increased. Please refer to KnowledgeBase article KB68869 for more information.

Severity: Low

Feature f_564048

Description:

ISSUE: HTTP offers the ability to display a comfort page to the user to show the status when downloading large files. When the comfort display was triggered while a file was being scanned, the download occurred successfully, but an abort would sometimes be logged to the messages file. RESOLUTION: Comfort page downloads starting during the scanning of a file are now handled correctly. Please refer to KnowledgeBase article KB68643 for more information.

Severity: Low

Feature f_564894

Description:

ISSUE: Drill down reporting offers the ability to filter based on many criteria. An error occurred when running an email drill down report with a filter set on 'sender' when the filter term contained single quotes or when the user was using the French locale. This was caused by incorrectly escaped characters being passed to the browser. RESOLUTION: Drill down reporting has been updated to correctly escape all characters. Please refer to KnowledgeBase article KB69023 for more information.

Severity: Low

Feature f_567389

Description:

ISSUE: Drill down reporting offers the option to show or hide selected columns. This was only working for one set of column changes. RESOLUTION: The user interface has been updated to correctly show/hide columns. Please refer to KnowledgeBase article KB68958 for more information.

Severity: Low

Feature f_567593

Description:

ISSUE: The user interface allows the administrator to change the context that the dictionary applies to and the terms within the dictionary. When viewing dictionaries covering several pages after changing, the user interface displayed the dictionary numbering incorrectly (for example 6 of 20 instead of 16 of 20). RESOLUTION: The user interface has been updated to show the correct dictionary numbering. Please refer to KnowledgeBase article KB68782 for more information.

Severity: Low

Feature f_567880

Description:

ISSUE: Vulnerabilities CVE-2009-2414 and CVE-2009-2416 were reported in the XML software used on the appliance. RESOLUTION: The XML software has been updated to address the issues. Please refer to KnowledgeBase article KB68875 for more information.

Severity: Low

Feature f_567883

Description:

ISSUE: In proxy mode the SMTP protocol delivers either by local domains or by DNS and fallback relays. If an email was queued and then delivered using a fallback relay, under certain circumstances it was possible that a subsequent email (which had fallback relay as part of its delivery mechanism) could be delivered to the fallback relay without first checking whether there was a valid DNS delivery mechanism. RESOLUTION: The delivery process has been updated to check delivery modes in the correct order. Please refer to KnowledgeBase article KB67786 for more information.

Severity: Low

Feature f_567970

Description:

ISSUE: Vulnerability CVE-2008-6218 was reported in the libpng library. RESOLUTION: The libpng library on the appliance has been updated to address the vulnerability. Please refer to KnowledgeBase article KB69025 for more information.

Severity: Low

Feature f_567972

Description:

ISSUE: Vulnerability CVE-2008-1372 was reported in bzip2. RESOLUTION: The bzip2 software on the appliance has been updated to address the vulnerability. Please refer to KnowledgeBase article KB68887 for more information.

Severity: Low

Feature f_568269

Description:

ISSUE: Vulnerability CVE-2008-2292 was reported in the net-snmp library. RESOLUTION: The net-snmp library on the appliance has been updated to address the vulnerability. Please refer to KnowledgeBase article KB68956 for more information.

Severity: Low

Feature f_572028

Description:

ISSUE: The appliance offers the ability to monitor SMTP conversations and close connections based on defined timeouts. These timeouts were incorrectly closing the connection too soon. RESOLUTION: The SMTP proxy code has been updated to use the correct timeouts. Please refer to KnowledgeBase article KB68959 for more information.

Severity: Low

Feature f_572378

Description:

ISSUE: The drill down reporting section in the user interface had the incorrect title of 'Email Interactive Reporting' for the Web and System reports. RESOLUTION: The titles have been updated to identify the correct report.

Please refer to KnowledgeBase article KB68957 for more information.

Severity: Low

Feature f_526067

Description:

ISSUE: The management blade shows a summary table of each blade and its status. If scanning blades were rebooted, it was possible to get an 'unknown' MAC address in the summary table caused by blade table entries with duplicate host names. RESOLUTION: The summary table has been updated to support multiple identical host names, resulting in the correct MAC address resolution in the user interface. Please refer to KnowledgeBase article KB68049 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_530309

Description:

ISSUE: The appliance offers HTTP URL filtering. The administrator can customize the alert pages when a URL filtering detection occurs. If the display name within the alert included non-English characters, the alert was shown incorrectly. RESOLUTION: The display name is now stored in a format such that it can be displayed correctly. Please refer to KnowledgeBase article KB67369 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_530318

Description:

ISSUE: It is possible to block recipients using SMTP recipient authentication. However, legitimate recipients would have been incorrectly blocked if a protocol preset was used and the default preset was disabled. RESOLUTION: The SMTP recipient authentication has been updated to correctly handle protocol presets. Please refer to KnowledgeBase article KB67348 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_530339

Description:

ISSUE: If the HTTP response did not contain a header, the appliance dropped the connection with an error message "Failure to parse response header." RESOLUTION: The appliance now handles HTTP responses without headers. Please refer to KnowledgeBase article KB66250 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_530345

Description:

ISSUE: It is possible to enable greylisting for SMTP. However, greylisting would have been incorrectly triggering if a protocol preset was used and the default preset was disabled. RESOLUTION: The greylisting has been updated to correctly handle protocol presets. Please refer to KnowledgeBase article KB67438 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_530347

Description:

ISSUE: The SMTP Permit Recipient detections were not being displayed in the Email Status view report, although they were displayed in the Detail View reports. RESOLUTION: The status view report has been updated to include the permitted recipients. Please refer to KnowledgeBase article KB67387 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_530349

Description:

ISSUE: It is possible to generate system notification alert emails. The appliance did not support multi-byte characters in the subject line. RESOLUTION: The notification subject has now been enhanced to support multi- byte characters. Please refer to KnowledgeBase article KB67368 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_530825

Description:

ISSUE: The number of URL filtering categories listed on the web Scanning Policies page could be wrong because other categories like SiteAdvisor and black & whitelist were being included. RESOLUTION: Only enhanced URL categories will be listed under URL filtering. Please refer to KnowledgeBase article KB66931 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_533470

Description:

ISSUE: Default proxy servers may be defined for updates by FTP and HTTP. For anti-spam streaming update when proxy configuration was enabled, the appliance was using the FTP proxy instead of the HTTP proxy. RESOLUTION: The appliance now uses the HTTP proxy for anti-spam streaming update when proxy configuration is enabled. Please refer to KnowledgeBase article KB67917 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_535623

Description:

ISSUE: The user interface provides listing of the deferred and quarantine databases by recipient. The lists showed separate entries for the same recipient as email addresses were incorrectly being treated as case-sensitive. RESOLUTION: Recipient address will now be converted to lower case on reading from the database, so the lists will show only one entry for each recipient. Please refer to KnowledgeBase article KB67794 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_537800

Description:

ISSUE: It was not possible to generate a Minimum Escalation Report (MER) output that exceeded 4 Gigabytes. The user saw an error message about file size on the user interface. RESOLUTION: This error was caused by the zip utility, which has now been updated to use the Zip64 extension, supporting zip archives greater than 4 Gigabytes.

Please refer to KnowledgeBase article KB67974 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_540332

Description:

ISSUE: The appliance allows the user to set actions based on the spam score for the anti-spam scanner. However, if that score was negative, the action did not trigger. RESOLUTION: The anti-spam scanner has been updated to take action on all score ranges. Please refer to KnowledgeBase article KB67918 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_541363

Description:

ISSUE: The appliance generates an alert if it detects a virus. A redundant second anti-virus scan was being performed on HTML content which could cause a second anti-virus alert. RESOLUTION: The appliance now performs a single anti-virus scan of the HTML content, resulting in a single notification. Please refer to KnowledgeBase article KB67920 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_543862

Description:

ISSUE: The appliance dashboard shows the policy names for each protocol. When more than one browser accessed the appliance user interface at the same time, policy names containing multi-byte characters would appear garbled. RESOLUTION: This was due to the policy names being incorrectly encoded in transmission between the browser and the appliance. They are now correctly encoded in UTF-8. Please refer to KnowledgeBase article KB67979 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_543865

Description:

ISSUE: The appliance reports the status of all email that it processes. If an email scanning policy contained both the action to add a spam score indicator and to add a disclaimer, the email was not reported. RESOLUTION: This combination of scanning was incorrectly handled for reporting. Reporting has been corrected for all scanner combinations. Please refer to KnowledgeBase article KB67943 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_543872

Description:

ISSUE: The appliance supports MQM for off-box quarantine. MQM users and administrators can set black and white lists for anti-spam scanning, and can also define aliases for email addresses. The appliance did not support MQM email address aliases as equivalent for black and whitelist processing. RESOLUTION: The appliance has been enhanced to support the email address aliases from MQM. Please refer to KnowledgeBase article KB68255 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_543873

Description:

ISSUE: For FTP, it is possible to define a handoff host. This setting was not being used by the FTP proxy. RESOLUTION: The FTP proxy has been updated to use the handoff host. Please refer to KnowledgeBase article KB67787 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_543875

Description:

ISSUE: Vulnerability CVE-2009-3563 was reported in the NTP daemon. RESOLUTION: The NTP daemon on the appliance has been updated to address the vulnerability. Please refer to KnowledgeBase article KB67919 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_543880

Description:

ISSUE: It is possible to setup the appliance to generate Email notification alerts. The subject line can be modified using the %SUBJECT% token. When the subject used an encoded format such as iso-2022-jp, the %SUBJECT% token was incorrectly replaced with the encoded version, rather than the plain text subject line. RESOLUTION: The %SUBJECT% token is now replaced using the plain text subject line. Please refer to KnowledgeBase article KB67788 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_543881

Description:

ISSUE: In HTTP, it is possible to configure a list of Denied Request Headers. If the user removed one of the items from this list, the 'apply changes' button did not appear. RESOLUTION: The user interface has been updated so that changes in this list are correctly detected, and hence the 'apply changes' button appears. Please refer to KnowledgeBase article KB67980 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_543882

Description:

ISSUE: The appliance can log events via Email, syslog and SNMP. The logging did not provide enough detail of configuration change events. RESOLUTION: A Configuration event "Finished applying new configuration" with event id 220010 is now available for SNMP and syslog. The reporting database view "config_change_view" is available for remote database access. Configuration modification date, time, administrator name and source IP address fields are provided. Please refer to KnowledgeBase article KB68254 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_546882

Description:

ISSUE: When the appliance is unable to deliver an email, it will return a Non- Delivery Report (NDR) to the sender. If failure was because the appliance could not connect to the onward Mail Transport Agent (MTA), the NDR incorrectly contained the onward MTA address of 0.0.0.0. RESOLUTION: The appliance now generates the correct NDR containing the onward MTA address. Please refer to KnowledgeBase article KB68080 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_547487

Description:

ISSUE: It is possible to restore a previous configuration through the user interface. The FTP proxy settings for anti-virus updates were not restored as part of that process. RESOLUTION: The configuration restore scripts have been updated to correctly restore the FTP proxy settings for anti-virus updates. Please refer to KnowledgeBase article KB68082 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_548166

Description:

ISSUE: Support for the "Blacklisted" and "Whitelisted" categories has been removed from Enhanced URL Filtering because these can interfere with Primary URL Filtering. However, it is possible to import categorized URLs from an earlier version of the product and URLs categorized as "Blacklisted" or "Whitelisted" will be accepted. It is still not possible to mark other URLs as "Blacklisted" or "Whitelisted". RESOLUTION: When importing categorized URLs into Enhanced URL Filtering, any URLs marked as "Blacklisted" or "Whitelisted" will be ignored. However, import and export support has been added to Primary URL Filtering. The import operation will accept enhanced filtering categorized URLs and will add "Blacklisted" and "Whitelisted" URLs to the appropriate lists in primary filtering while ignoring other categories. Please refer to KnowledgeBase article KB67810 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_548171

Description:

ISSUE: In transparent mode SMTP, it is possible to create a protocol preset using the destination IP address or hostname. The protocol preset was not being triggered for the null sender option resulting in the Default settings being used. RESOLUTION: The policy resolution for protocol preset now incorporates the destination connection information in transparent mode. Please refer to KnowledgeBase article KB68149 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_548418

Description:

ISSUE: The appliance can use proxy settings for doing its anti-spam streaming updates. The proxy settings were not being applied on the scanning blades of a blade system because the update service was not automatically restarted. A workaround was to manually start the update service.

RESOLUTION: The anti-spam streaming updater is now restarted on the scanning blades when proxy settings are configured. Please refer to KnowledgeBase article KB68142 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_548572

Description:

ISSUE: It is possible to restore a previous configuration through the user interface. If this configuration contained any sub-policy with a permitted recipient list, the sub-policy would be imported without the permitted recipient list. RESOLUTION: The configuration restore scripts have been updated to correctly restore permitted recipient lists in sub-policies. Please refer to KnowledgeBase article KB68258 for more information.

Previously addressed by 5.5p1.

Severity: Low

Feature f_533027

Description:

ISSUE: When a version 5.1 configuration was restored onto a version 5.5 appliance, a user interface exception sometimes occurred on the Enhanced URL Filtering Settings page because of an empty reference that was not handled properly. RESOLUTION: The empty reference is now handled properly. Please refer to KnowledgeBase article KB67517 for more information.

Previously addressed by 5.5h533027, 5.5p1.

Severity: Low

External components installed by this package

open-vm-tools version 2009.03.18 release 154848x2.6.27.31x8.5.9.scm VMware tools bind version 9.5.1 release 201005270904P3 The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server bind-libs version 9.5.1 release 201005270904P3 Libraries used by the BIND DNS packages bind-utils version 9.5.1 release 201005270904P3 Utilities for querying DNS name servers mcafee-eSCM version 4.2 release 5199 The McAfee eSCM content scanning framework mcafee-eSCM-enginetest version 4.2 release 5199 An engine test tool for the McAfee eSCM content scanning framework mcafee-eSCM-spam version 4.2 release 5199 McAfee eSCM content scanning framework mcafee-eSCM-urlfilter version 4.2 release 5199 McAfee eSCM content scanning framework mimepp version 1.3 release 5199 The MIME++ Library xerces13 version 1.3 release 5199 The run-time libraries for Xerces 1.3 losetup version 2.12r release 1 Programs for setting up and configuring loopback devices openldap version 2.4.10 release 2.1 The configuration files, libraries, and documentation for OpenLDAP openldap-clients version 2.4.10 release 2.1 Client programs for OpenLDAP

openldap-servers version 2.4.10 release 2.1 OpenLDAP servers and related files libspf version 1.0.0 release 201005270904 An SPF library

openssl version 0.9.8n release 1 Secure Sockets Layer and cryptography libraries and tools libxml2 version 2.6.27 release 150mfe Libxml2 Run-time Libraries libxml2-python version 2.6.27 release 150mfe Python bindings for the libxml2 library libxml2-utils version 2.6.27 release 150mfe Libxml2 Utilities (including xmllint) libxslt version 1.1.20 release 150mfe Libxslt Run-time libraries libxslt-python version 1.1.20 release 150mfe Libxslt Python Run-time libxslt-staticutils version 1.1.12 release 149mfe Libxslt Static Utilities (including xsltproc) libpng version 1.2.43 release 1.mfe1

A library of functions for manipulating PNG image format files

bzip2 version 1.0.5 release 201005270904

A file compression utility.

bzip2-libs version 1.0.5 release 201005270904 Libraries for applications using bzip2 net-snmp version 5.3.0.1 release 201005270904

Tools and servers for the SNMP protocol net-snmp-utils version 5.3.0.1 release 201005270904 The tooAutoReqProvls and binaries from the Net-SNMP package. curl version 7.19.7 release 3

A utility for getting files from remote servers (FTP, HTTP, and others)

libcurl version 7.19.7 release 3

A library for getting files from web servers

CMA version 4.5.0 release 1316 The McAfee Agent ntp version 4.2.4p2 release 2ews Synchronizes system time using the Network Time Protocol (NTP).

Files included with this release

This release consists of a package called EWS-5.5p2-1531.122.zip, which contains the following files:

5.5p2-1531.122/ftrs/f_527214/blade_prep/5.5p1pre-1531.122/install

5.5p2-1531.122/ftrs/f_527214/blade_prep/5.5p1pre-1531.122/scm_pull_files

5.5p2-1531.122/ftrs/f_527214/blade_prep/5.5p1pre-1531.122/script

5.5p2-1531.122/ftrs/f_527214/postscript

5.5p2-1531.122/ftrs/f_527214/prescript

5.5p2-1531.122/ftrs/f_536141/postscript

5.5p2-1531.122/ftrs/f_536671/postscript

5.5p2-1531.122/ftrs/f_541662/postscript

5.5p2-1531.122/ftrs/f_543872/postscript

5.5p2-1531.122/ftrs/f_543872/prescript

5.5p2-1531.122/ftrs/f_548879/postscript

5.5p2-1531.122/ftrs/f_548879/prescript

5.5p2-1531.122/ftrs/f_567880/prescript

5.5p2-1531.122/rpms/CMA-4.5.0-1316.i386.rpm

5.5p2-1531.122/rpms/bind-9.5.1-201005270904P3.i386.rpm

5.5p2-1531.122/rpms/bind-libs-9.5.1-201005270904P3.i386.rpm

5.5p2-1531.122/rpms/bzip2-1.0.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/bzip2-libs-1.0.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/curl-7.19.7-3.i386.rpm

5.5p2-1531.122/rpms/libcurl-7.19.7-3.i386.rpm

5.5p2-1531.122/rpms/libpng-1.2.43-1.mfe1.i386.rpm

5.5p2-1531.122/rpms/libspf-1.0.0-201005270904.i386.rpm

5.5p2-1531.122/rpms/libxml2-2.6.27-150mfe.i586.rpm

5.5p2-1531.122/rpms/libxml2-python-2.6.27-150mfe.i586.rpm

5.5p2-1531.122/rpms/libxml2-utils-2.6.27-150mfe.i586.rpm

5.5p2-1531.122/rpms/libxslt-1.1.20-150mfe.i586.rpm

5.5p2-1531.122/rpms/libxslt-python-1.1.20-150mfe.i586.rpm

5.5p2-1531.122/rpms/libxslt-staticutils-1.1.12-149mfe.i586.rpm

5.5p2-1531.122/rpms/losetup-2.12r-1.i386.rpm

5.5p2-1531.122/rpms/mcafee-eSCM-4.2-5199.i386.rpm

5.5p2-1531.122/rpms/mcafee-eSCM-enginetest-4.2-5199.i386.rpm

5.5p2-1531.122/rpms/mcafee-eSCM-spam-4.2-5199.i386.rpm

5.5p2-1531.122/rpms/mcafee-eSCM-urlfilter-4.2-5199.i386.rpm

5.5p2-1531.122/rpms/mimepp-1.3-5199.i386.rpm

5.5p2-1531.122/rpms/net-snmp-5.3.0.1-201005270904.i386.rpm

5.5p2-1531.122/rpms/net-snmp-utils-5.3.0.1-201005270904.i386.rpm

5.5p2-1531.122/rpms/ntp-4.2.4p2-2ews.i386.rpm

5.5p2-1531.122/rpms/open-vm-tools-2009.03.18-154848x2.6.27.31x8.5.9.scm.i386.rpm

5.5p2-1531.122/rpms/openldap-2.4.10-2.1.i386.rpm

5.5p2-1531.122/rpms/openldap-clients-2.4.10-2.1.i386.rpm

5.5p2-1531.122/rpms/openldap-servers-2.4.10-2.1.i386.rpm

5.5p2-1531.122/rpms/openssl-0.9.8n-1.i386.rpm

5.5p2-1531.122/rpms/webshield-CfgMgr-Converter-MigrationAid-8.5-201005270904_119.i386.rpm

5.5p2-1531.122/rpms/webshield-CfgMgr-Converter-UI-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-CfgMgr-schema-Native-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-UI_backend-8.5-201005270904_102.i386.rpm

5.5p2-1531.122/rpms/webshield-Web_UI-8.5-201005270904_102.i386.rpm

5.5p2-1531.122/rpms/webshield-apache-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-appliance-kernel-2.6.27.31-8.5.9.scm.i386.rpm

5.5p2-1531.122/rpms/webshield-autoupdate-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-base-xmlconfig-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-comp-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-dkim-key-mgmt-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-ePO-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-files-8.5-201005270904_117.i386.rpm

5.5p2-1531.122/rpms/webshield-ftp-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-gls-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-help-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-icap-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-inv-http-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-inv-smtp-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-kernel-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-l10n-8.5-201005270904_122.i386.rpm

5.5p2-1531.122/rpms/webshield-libconfig-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-libsyscfg-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-management-common-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-ncore-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-pop3-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-reports-8.5-201005270904_122.i386.rpm

5.5p2-1531.122/rpms/webshield-retryer-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-siteadvisor-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-smg-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-smtp-retryer-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-snmp-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-swg-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-tqmd-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-tqmd-mgmt-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-trans-auth-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-ts-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-ui-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-urlfilter-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-userbw-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-utils-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-variants-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-webwasher-mgmt-blade-updater-8.5-201005270904.i386.rpm

5.5p2-1531.122/rpms/webshield-webwasher-updater-8.5-201005270904.i386.rpm

5.5p2-1531.122/updata/package.xml

validate/filelist.txt

validate/md5sum.txt

validate/validate.txt

validate/version

Additional information

This release was built on 2010-07-29. For information on release dates see the KnowledgeBase article KB66911.

This release was tested with anti-virus engine version 5400, DATs version 5980 and later. McAfee strongly recommends that the appliance is always kept up to date with the latest anti- virus components to achieve the highest possible security.

Installation

Installation requirements

To use this release, you must have the following Email and Web Security software installed on the appliance you intend to update with this release:

Version 5.5

Installation steps

In the case of a VMware appliance it may be useful to take a snapshot of the appliance before installing the release.

To install this release:

1. Create a temporary directory on your hard disk, and download the zip file provided by McAfee to a computer on your network that can access the Email and Web Security appliance.

2. Open your Internet browser, and browse to the Email and Web Security appliance.

If installing on a Content Security Blade Server, go first to the Failover Management

blade to do the following steps, then repeat them on the Management blade (the

content scanning blades will be updated automatically).

If installing on an appliance cluster the steps must be done on all the appliances in the

cluster, starting with the Failover Management appliance, then the Management

appliance, then the remainder.

3. When prompted, log on to the appliance by typing your username and password.

4. On the navigation bar, select System | Component Management | Package Installer.

5. Under Manual Package Install, click Update from file. In the Import package window, click Browse, find the location of the file "EWS-5.5p2-1531.122.zip", click Open, and then click OK.

A popup window appears displaying the package description and a notice that the

appliance will restart after installation. Click OK to install the package.

Upon completion of the installation the actions noted above will be performed

automatically.

6. Clear the browser cache before logging on to the interface again. If the browser cache is not cleared, the interface will not behave correctly.

7. After installation, log on to the user interface and click About the appliance to check that "5.5p2-1531.122" is displayed.

After installation

If you plan to use the EWS-5.5p2-1531.122.zip archive file again, keep it available on your computer. Otherwise, delete the file after successful installation. If you re-install your Email and Web Security version 5.5 software, we recommend that you re-install this release.

Removing this release

To remove this release from your Email and Web Security appliance, you need to reinstall Email and Web Security Appliance version 5.5. An alternative, for a VMware appliance, is to revert to a previous snapshot. Please note that all other hotfixes or patches installed on the appliance would also be removed in the process.

Notices

Copyright

Copyright © 2010 McAfee, Inc.All Rights Reserved

No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of McAfee, Inc., or its suppliers or affiliate companies.

Trademark attributions

AVERT, EPO, EPOLICY ORCHESTRATOR, FOUNDSTONE, GROUPSHIELD, INTRUSHIELD, LINUXSHIELD, MAX (MCAFEE SECURITYALLIANCE EXCHANGE), MCAFEE, NETSHIELD, PORTALSHIELD, PREVENTSYS, SECURITYALLIANCE, SITEADVISOR, TOTAL PROTECTION, VIRUSSCAN, WEBSHIELD are registered trademarks or trademarks of McAfee, Inc. and/or its affiliates in the US and/or other countries. McAfee Red in connection with security is distinctive of McAfee brand products. All other registered and unregistered trademarks herein are the sole property of their respective owners.

License information

License Agreement

NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE

SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND.

Copyright © 2010 McAfee, Inc.All Rights Reserved