Symantec Brightmail™

Gateway 8.0.3 Release Notes

20228036
Symantec Brightmail
Gateway 8.0.3
This document includes the following topics:

■ About Symantec Brightmail Gateway 8.0.3

■ Update to version 8.0.3 required for update to later versions

■ Documentation

■ Before you install or update software

■ Actions required for users of VMware ESX Server 3.0.2

■ Resolved issue

■ Known issues

About Symantec Brightmail Gateway 8.0.3

Copyright 1999 - 2009 Symantec Corporation. All rights reserved.
Symantec Brightmail Gateway 8.0.3 is the upgrade to previous versions of
Symantec Brightmail Gateway and Symantec Mail Security Appliance. All
functionality of Symantec Brightmail Gateway 8.0.2 is maintained unless otherwise
noted.
4 Symantec Brightmail Gateway 8.0.3
Update to version 8.0.3 required for update to later versions

Update to version 8.0.3 required for update to later

versions
To update to future releases of Symantec Brightmail Gateway, you must update
the Control Center and all Scanners to version 8.0.3.

Documentation
You can access English documentation at the following Web site:
http://www.symantec.com/business/support/overview.jsp?pid=53991
The site provides best practices, troubleshooting information, and other resources
for Symantec Brightmail Gateway. PDFs for all translated languages are also
available in the Symantec Brightmail Gateway help. After updating, click the "PDF
documentation" link at the bottom of the Contents in the online Help.
Check the following Web site for any issues that are found after these release
notes were finalized:
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2009100807272854
To access the Software Update Description from the Control Center, click
Administration > Hosts > Version. On the Updates tab, click View Description.

Before you install or update software

Before you install or update Symantec Brightmail Gateway:
■ We recommended that you empty your message queues before updating.
■ Review the known issues section of this document.
See “Known issues” on page 6.
■ If you are a new Symantec Brightmail Gateway customer, refer to the Symantec
Brightmail Gateway Installation Guide for detailed installation instructions
before proceeding.
■ If you update your software from a previous release, refer to the Software
Update Description for this version for pre-migration information and
recommendations before proceeding.
See “Documentation” on page 4.

Note: To update to future releases of Symantec Brightmail Gateway, you must

update to this release and include all Scanners in the update.
 Symantec Brightmail Gateway 8.0.3 5
Actions required for users of VMware ESX Server 3.0.2

For instructions about how to update Symantec Brightmail Gateway, go to the

following link:
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2006110911420963
For best practices for software updates, go to the following Web site:
http://service1.symantec.com/SUPPORT/ent-gate.nsf/docid/2007816671907998

Actions required for users of VMware ESX Server 3.0.2

You must modify your environment before updating to Symantec Brightmail
Gateway 8.0.3 if you have deployed Symantec Brightmail Gateway as a virtual
appliance using the following combination:
■ VMware ESX Server Version 3.0.2 or prior, and
■ Using the virtual LSI SCSI controller
If you have that combination and do not take one of the actions specified below,
Symantec Brightmail Gateway will not function after updating to version 8.0.3.
A kernel panic will occur after rebooting the virtual appliance after the update.
The following options are available to prevent this issue.

Option 1: Update to VMware ESX Server Version 3.5

The recommended method is to upgrade to VMware ESX Server Version 3.5.
Upgrading typically requires down time and a reboot for the virtual machine in
which Symantec Brightmail Gateway runs. These steps may also be necessary for
other virtual machines on the same physical computer.
Before upgrading, perform the following tasks on Symantec Brightmail Gateway
Virtual Edition (these steps are similar to preparing for a Symantec Brightmail
Gateway software update):
Preparing to update to VMware ESX Server Version 3.5
1 Back up your existing data.
2 Check for a running LDAP synchronization cycle.
3 Check for a running Scanner replication cycle.
4 Halt incoming messages to drain all message queues.
For more information about upgrading VMware, access the following
documentation:
https://www.vmware.com/pdf/vi3_35/esx_3/r35/vi3_35_25_upgrade_guide.pdf
6 Symantec Brightmail Gateway 8.0.3
Resolved issue

Option 2: Change your virtual machine to use the BusLogic SCSI

controller
If you are unable to upgrade to the latest version of VMware ESX Server, you can
alternately change your virtual machine to use the BusLogic SCSI controller. For
more information about changing the SCSI controller configuration, access the
following documentation:
http://www.vmware.com/support/vc14/doc/c14chgscsicontrol11.html

Resolved issue
In addition to the improvements that are described in the Software Update
Description, the following known issue has been resolved for this version.
Some customers have experienced issues in which their network interface cards
did not properly initialize after the upgrade to version 8.0.2. In some cases the
issue resulted in a complete loss of network connectivity. In other cases, network
connectivity was available, but at a lower than expected rate.
See “Documentation” on page 4.

Known issues
The following sections describe known issues in Symantec Brightmail Gateway
8.0.3.

Hard drive firmware update recommended for some appliances

A hard drive firmware update is recommended for 8200 series appliances
purchased prior to November 15, 2006. This firmware is relevant only to appliances
containing the listed hard drives below. To determine whether this firmware
update applies to your specific appliance, call Symantec Technical Support and
provide the appliance serial number.
■ Maxtor 300 GB, model CD808
■ Maxtor 146 GB, model YC952
■ Maxtor 73 GB, model GD084
■ Seagate 300 GB, model HC492
■ Seagate 146 GB, model GC828
■ Seagate 73 GB, model FC960
 Symantec Brightmail Gateway 8.0.3 7
Known issues

■ Seagate 73 GB, model HC486

This firmware addresses known issues that could result in higher than normal
hard drive failure rates. The normal Symantec Brightmail Gateway software
updates do not automatically update your appliance to this recommended
firmware.
For information about how to apply the firmware update, go to the following Web
site:
http://service1.symantec.com/support/ent-gate.nsf/docid/2009021211184554
Regardless of whether the firmware update is applied or not, Symantec will replace
any hard drive failures that occur if the appliance is still covered by the warranty.
However, Symantec recommends that the firmware update be applied to minimize
any potential downtime. If you have questions about the document or would like
further information about the issue, contact Symantec Technical Support.

Update issues
This section describes known issues regarding updating from previous releases.

Innocuous errors reported upon completion of update from

previous versions
After successfully updating to Symantec Brightmail Gateway 8.0.3 from previous
versions, you may see errors in the Control Center or log files as listed below.
These reported errors can be safely ignored. They do not affect any operations
carried out by Symantec Brightmail Gateway.
You may see the following errors in the Control Center error log after updating
from Symantec Brightmail Gateway 7.7. These errors can occur if the Control
Center and Scanners are running on separate machines. You can ignore these
errors.
fatal: open /data/mta/outbound/etc/main.cf: No such file or directory

fatal: open /data/mta/inbound/etc/main.cf: No such file or directory

You may see the following errors in agent_log after updating from Symantec
Brightmail Gateway 7.7. You can ignore this error.
2008-09-25T16:58:24-07:00 (ERROR:1881.3050924976): [43049]
Incompatible config file: /data/scanner/etc/bmiconfig.xml

2008-09-25T16:59:54-07:00 (ERROR:1881.3050924224): [43049]

Incompatible config file: /data/scanner/etc/ima-config.xml
8 Symantec Brightmail Gateway 8.0.3
Known issues

2008-09-25T17:05:22-07:00 (ERROR:1881.3042532272): [43049]

Incompatible config file: /data/mta/etc/mtaconfig.xml

You may see the following error in BrightmailLog.log after updating from Symantec
Brightmail Gateway 7.7. You can ignore this error.
Sep 25 2008 17:12:35 [BrightmailScheduler_Worker-11] ERROR - An agent
error has occurred in the following code path: java.lang.Exception

You may see the following error in imlinkage_log after updating from Symantec
Mail Security Appliance 7.5. You can ignore this error.
[|] 0xb778f6c0 | 12/12/08 10:52:32 | Warning |
CMSNClientService::ProtocolSpecificInitializeService | Could not
retrieve DisconnectUser from settings.Defaulting to 1[-]

Inconsistent report data when updating from older releases

When updating from releases before Symantec Brightmail Gateway 7.7, the
dashboard values for spam and the Spam Summary report will contain inconsistent
data. The data will become consistent after old report and dashboard data is
deleted by the Expunger, seven days by default.

After updating, TLS may be enabled instead of disabled

If, for versions prior to Symantec Brightmail Gateway 8.0.x you enabled TLS for
some domains without enabling MX lookup, then TLS would not be enabled for
those domains. After updating to this version, those domains will have TLS enabled.
Ensure that the TLS setting after updating is appropriate. In the Control Center,
access Protocols > Domains and verify the TLS Encryption setting for the
configured domains.

audit_bmengine_log* replaces audit_hub_log* but persists for

30 days after updating
In Symantec Brightmail Gateway 8.0.x, audit_bmengine_log* replaces
audit_hub_log* for the mallog command. However, audit_hub_log* files continue
to exist for 30 days by default after updating from version 7.7 or earlier. The value
of Days to store log data before deleting on the Log Settings page determines the
number of days that audit_hub_log* files continue to exist after updating.

Duplicate reports possible if certain scheduled reports exist

before updating
If you have the following two scheduled reports from Symantec Brightmail Gateway
7.7:
 Symantec Brightmail Gateway 8.0.3 9
Known issues

■ IP Connections - Attacks Overview

■ IP Connections - Reputation Summary
After updating, the following two scheduled reports exist:
■ IP Connections - Reputation Summary (Inbound)
■ IP Connections - Reputation Summary (Inbound and Outbound)
These reports are identical. We recommend that you delete Reputation Summary
(Inbound and Outbound), since outbound is not appropriate for this report.

Expired Symantec demo certificate may preempt valid demo

certificate on Firefox 3
If you update from a previous release, an expired Symantec demo certificate can
block a valid Symantec demo certificate on Firefox 3. This can prevent access to
the Control Center. Complete the following steps to address this situation. You
can also obtain and install a CA-signed certificate to address this situation, as
described in the Symantec Brightmail Gateway Administration Guide.
To remove an expired Symantec demo certificate on Firefox 3
1 Start Firefox.
2 In Firefox, click Tools > Options.
3 Click Advanced > Encryption.
4 Click View Certificates.
5 Locate the Symantec Mail Security Demo Certificate and click it.
6 Click Delete.

Issue with compliance policies from previous versions that

contain apostrophes
Content compliance policies from previous versions of Symantec Mail Security
and Symantec Brightmail Gateway that contain apostrophes are not correctly
migrated to Symantec Brightmail Gateway 8.0.3. Although such content compliance
policies appear in the Control Center, they are not in effect.
Use either of the following two methods to address this issue:
■ Before updating, rename the content compliance policy to omit any
apostrophes.
■ After updating, copy the content compliance policy using the Copy button on
the Email Content Compliance Policies page. The new name can include
apostrophes. Delete the original content compliance policy. Move the newly
10 Symantec Brightmail Gateway 8.0.3
Known issues

copied content compliance policy to the position of the original content

compliance policy.

Compliance policies may behave differently after updating

from Symantec Mail Security 5.x or earlier
If you are updating from Symantec Mail Security 5.x or earlier, you may notice
some differences in the way your content compliance policies are processed. For
example, the first content compliance policy to be triggered by a message will
invoke all actions, however, any content compliance policies set to trigger
subsequently on the same message will only invoke notification and incident
actions (including any hold and release action converted into an ordinary incident
action). Refer to the "Configuring email content filtering and compliance" chapter
in the Administration Guide for assistance in configuring content compliance
policies. If you experience particular difficulty with existing content compliance
policies after updating, contact Symantec Technical Support.

Encoding and localization issues

This section describes known issues regarding encoding and localization.

Surrogate characters not supported

Symantec Brightmail Gateway supports Unicode version 3.0. Unicode version 3.0
does not accommodate the 16-bit surrogate pairs that are used for supplemental
characters in extended character sets. Using surrogate characters can result in
improperly saved data and problems logging on to the Control Center.

To avoid file name corruption in reports for Asian-localized

languages using Internet Explorer
After running a report, you can save it as a comma-separated values (CSV) file.
When you click the Save as CSV button in Internet Explorer 6 or 7, Internet
Explorer offers the options to save the file or open it immediately. If you click
open it immediately, the following error is displayed: A DDE error has occurred,
and a description of the error cannot be displayed because it is too
long. Also, when saving a report as CSV, HTML, or PDF in Internet Explorer, the
name of the file or the name of the report within the file may be corrupted. These
issues affect the Japanese, Korean, Simplified Chinese, and Traditional Chinese
localized versions.
If either of these issues occur, configure a shorter subject and filename. In the
Control Center, click Administration > Settings > Reports and then click Apply
 Symantec Brightmail Gateway 8.0.3 11
Known issues

custom subject and filename format. This is a new setting in Symantec Brightmail
Gateway 8.0.x.

Saving a file as CSV or HTML can result in corrupted file or

report name
When saving a report as CSV or HTML, the name of the file or the name of the
report within the file may be corrupted. This affects the Japanese, Korean,
Simplified Chinese, and Traditional Chinese localized versions. This occurs with
Internet Explorer 6 and 7 with all versions of Windows.

Asian language content compliance policies named may be

corrupted in reports after updating
Content compliance policies with double-byte characters in their name may be
corrupted in reports after updating to Symantec Brightmail Gateway 8.0.3. This
issue does not affect the functioning of content compliance policies or reports. It
affects the presentation of content compliance policy names containing
double-byte characters in reports.

Emailed reports require "Message in HTML" setting in Outlook

Express 6
When viewed in Outlook Express 6, emailed reports containing these languages
may appear corrupted: Japanese, Korean, Simplified Chinese, and Traditional
Chinese. To correct the display, click View > Message in HTML.

Strip and Delay may not strip email attachments correctly for
Asian languages
If you configure a "Strip and Delay and Suspect Virus Quarantine" virus policy
for suspicious attachments, some attachments in Asian language email messages
may not be stripped. This affects the Japanese, Korean, Simplified Chinese, and
Traditional Chinese localized versions. Users may receive two versions of the
message. One version of the message will have attachments stripped. The second
version of the message will be consigned to Suspect Virus Quarantine. If released
from Suspect Virus Quarantine, the message will not have any attachments
stripped.

The \b word-boundary syntax is not supported for Asian

languages
You can use \b as part of Perl-compatible regular expressions to search for simple
word boundaries. For example, you can specify \bsecret\b in a regular expression
12 Symantec Brightmail Gateway 8.0.3
Known issues

to match messages containing that word for a content compliance policy. However,
the \b syntax does not match word boundaries for the Japanese, Korean, Simplified
Chinese, and Traditional Chinese localized versions.

General and Control Center issues

This section describes known issues that do not fall into other categories and
Control Center issues.

Running Symantec Brightmail Gateway with vSphere 4.0 server

Symantec Brightmail Gateway 8.0.3 now runs on virtual computers in a VMware
vSphere 4.0 environment. The method for making Symantec Brightmail Gateway
8.0.3 work with vSphere 4.0 depends on whether you have previously installed
Symantec Brightmail Gateway on VMware:

Symantec Brightmail Gateway is already 1 Update to Symantec Brightmail

installed on VMware Gateway 8.0.3

2 Update to vSphere 4.0

The procedure and note below are not

relevant.

Symantec Brightmail Gateway is not already 1 Install vSphere 4.0

installed on VMware
2 Configure a virtual computer on the
vSphere 4.0 server as described below

3 Install Symantec Brightmail Gateway

8.0.3 using OSrestore as described in
Symantec Brightmail Gateway
Installation Guide, document version
8.0.2

Note: You must use OSrestore to install Symantec Brightmail Gateway 8.0.3 for
use with vSphere. You cannot use VMDK to install Symantec Brightmail Gateway
8.0.3 for use with vSphere. Symantec only supports Symantec Brightmail Gateway
8.0.3 to work with vSphere 4.0.

To configure a virtual computer on the vSphere 4.0 server

1 In VMware vSphere Client, on the Getting Started tab, click Create a new
virtual machine.
2 On the Configuration page, select Typical, and click Next.
 Symantec Brightmail Gateway 8.0.3 13
Known issues

3 On the Name and Locationpage, in the Name field, type a descriptive name
for the virtual computer, and click Next.
4 On the Datastore page, select the datastore where you want to store the
virtual machine files, and click Next.
This location is where your virtual computer is located on the physical disk.
Make this selection based on your particular storage configuration. Options
can vary.
5 On the Guest Operating System page, select Linux.
6 In the Version drop-down list, select Other Linux (32-bit), and then click
Next.
7 On the Create a Disk page, in the Virtual Disk Size field, specify the disk
space, and then click Next.
30 GB is the minimum disk space required. More disk space may be required
based on your deployment.
For example, if you run a distributed environment with larger Control Center
requirements, you might want to consider reserving more disk space. See the
Symantec Brightmail Installation Guide for recommendations.
After you reserve disk space and complete deployment, any changes to disk
space require that you repeat the OSrestore process.
8 On the Ready to Complete page, verify the settings that you configured.
Click Back to return to a previous page to modify any of your settings.
9 Check Edit the virtual machine settings before completion, and then click
Continue.
10 On the Hardware tab in the Hardware list, select CPUs (adding).

11 In the Number of virtual processors field, type 2.

vSphere 4.0 is limited to four virtual CPUs per virtual computer. Symantec
recommends allocating a minimum of two virtual processors. You can increase
to four virtual processors later if workload demands.
12 On the Hardware tab in the Hardware list, select Memory (adding).
13 In the Memory Size field, type the memory size.
You must have a minimum of 2 GB to run Symantec Brightmail Gateway
Virtual Edition and the virtual computer. Symantec recommends that you
use at least 4 GB.
14 Click New NIC (adding) to choose your network interface.
15 Under Device Status, check Connect at power on.
14 Symantec Brightmail Gateway 8.0.3
Known issues

16 You may need to add a second NIC if you use your host for inbound and
outbound mail processing and do not specify the use of a virtual IP.

To add a second NIC Proceed to step 17.

If you do not want to add a Proceed to step 21.

second NIC

17 Click Add to select a network interface.

18 On the Device Type page, select Ethernet Adapter, and then click Next.
19 On the Network connection page, check Connect at power on, and then click
Next.
20 On the Ready to Complete page, review your settings, and then click Finish.
Click Back to return to a previous page to modify any of your settings.
21 Click Finish to complete the initial configuration of your virtual machine.
Continue with "Using an OSrestore CD as your bootstrap media" in the
Symantec Brightmail Gateway Installation Guide, document version 8.0.2.
OSrestore is the only installation method that is supported to work with
vSphere 4.0.

Changes to certificates must be applied separately for each

host
If you use individual certificates for each Scanner and want to change to a single
certificate for all Scanners, you must change and apply the certificate setting for
each host separately. The ability to change the configuration for a single host and
then click Apply changes to all hosts does not function.

MTA status is inaccurate

If the MTA pause-mode is not normal and the MTA instance stops, the Status >
SMTP > Message Queues page does not show that the MTA stopped. Only the
pause-mode appears.

Start and stop options on Message Queues page inaccurately

active or inactive
The Status > SMTP > Message Queues page contains the options that let you start
or stop the MTA. Only one of these options is available at a time. Typically, the
option that is available is based on the current status of the MTA. For example,
 Symantec Brightmail Gateway 8.0.3 15
Known issues

if the MTA is stopped, then the Start option is available, but the Stop option is
not.
However, if you stop or start the MTA from the command line, that same action
is the one that is available on the Status > SMTP > Message Queues page. For
example, if you stop the MTA from the command line and then navigate to the
Message Queues page, only the Stop option is available. Since the MTA is already
stopped, the appropriate option that should be available is Start.
To refresh the queue status
◆ On the Status > SMTP > Message Queues page, click Display Filtered, and
then click Refresh.
The appropriate option is now available.

Services stopped using the command line cannot be started

in the Control Center
If you stop a service using the command service servicename stop, you cannot
start the service in the Control Center on the Host Configuration page. If you
attempt to start the service in the Control Center, the Control Center appears to
show the service as being started, but it actually is not. Ensure that you start a
service using the service command if you stop it with that command.

Changing the maximum transmission unit (MTU) requires

Control Center restart
Changing the maximum transmission unit (MTU) of either Ethernet interface
requires that you restart the Control Center. This procedure is not documented
in the Symantec Brightmail Gateway Administration Guide. Use the command
line to restart the Control Center as described below.
To change the maximum transmission unit (MTU)
1 In the Control Center, click Administration > Hosts > Configuration.
2 Check the name of the Scanner host whose Ethernet settings you want to
modify.
3 Click Edit.
4 Click the Ethernet tab.
5 Change the maximum transmission unit (MTU).
You can enter a value from 512 bytes to 1500 bytes.
6 Click Save.
7 Log out of the Control Center.
16 Symantec Brightmail Gateway 8.0.3
Known issues

8 Log into the command line on the appliance on which the Control Center
runs.
9 Type the following command:
service controlcenter restart

Upon successful completion of this command, you can log out of the command
line and resume using the Control Center.

No bounce attack tags in messages that originate from

Symantec Brightmail Gateway
Bounce attack tags are not added to any messages that originate from Symantec
Brightmail Gateway. Any messages of this type will fail bounce attack validation.
Examples of messages that originate from Symantec Brightmail Gateway include:
■ Spam Quarantine notification digests
■ Messages to which BCC recipients have been added because of a policy
■ Archived messages sent because of a policy
■ Notification messages sent because of a policy
■ Forwarded copies of messages sent because of a policy
■ Bounce messages sent because of a policy

Messages with invalid bounce attack prevention tags may get

a Fastpass disposition
If you have a spam policy that accepts bounce attack prevention failures, messages
with invalid bounce attack prevention tags receive a Fastpass disposition. This is
because Fastpass runs before bounce attack prevention evaluation during content
filtering. To prevent this from happening, either disable Fastpass or reject or defer
messages with invalid bounce attack prevention tags.

Bounce messages from null senders fail bounce attack

validation
When bounce attack prevention is enabled for a recipient, Symantec Brightmail
Gateway rejects NDR messages sent to that recipient that have a MAILFROM value
of NULL.
You can create content filtering policies to eliminate or reduce these rejections
by creating a policy to search for something that is known to be part of your
internal helpdesk messages, such as the IP in received headers, the From address,
or the Subject, and exclude those messages from spam scanning.
 Symantec Brightmail Gateway 8.0.3 17
Known issues

For example, you might create a compliance policy to bypass spam scanning for
any message that has text that matches 1 or more occurrences in the message
header, the header name is Received, and where the text to match is the IP address
of known good senders that send mail with a MAILFROM value of NULL.

Disabled bypass mode for Vontu Network Prevent integration

may cause queue issues
If bypass mode has been disabled and Vontu Network Prevent servers are
unreachable, the delivery queue may grow to a large size and consume large
amounts of disk space. Low disk space can cause problems on Symantec Brightmail
Gateway, including the inability to deliver messages. If this occurs, free disk space
such as by deleting report data or logs. See the Symantec Brightmail Gateway
Administration Guide for more information, including additional steps to address
this situation.

About bypass mode for Vontu Network Prevent integration

By default, outbound email bypasses Vontu Network Prevent if all Vontu Network
Prevent servers are unavailable. Bypass is triggered only if a connection cannot
be established with the Vontu Network Prevent servers.
Bypass is not triggered in the following cases:
■ The connection to Vontu Network Prevent server is established but the
connection is deferred.
■ The email results in an SMTP 4xx temporary failure. The Symantec Brightmail
Gateway MTA attempts to redeliver the message later.
■ The email results in an SMTP 5xx permanent failure. The Symantec Brightmail
Gateway MTA sends a bounce message to the sender.
■ The Vontu Network Prevent server is just slow in processing the SMTP
connection. However, if the SMTP connection times out, bypass is triggered
if no other Vontu Network Prevent servers are available.

If you see 4xx SMTP errors or NullPointerException, a Vontu

Network Prevent patch may be required
This issue may apply to you if you integrate Symantec Brightmail Gateway with
Vontu DLP Connect. If you have configured Symantec Brightmail Gateway to
route email to Vontu Network Prevent, a patch for Network Prevent may be
required in the following case. This issue has been fixed in Vontu Network Prevent
9.0.
18 Symantec Brightmail Gateway 8.0.3
Known issues

If consecutive messages on the same SMTP connection trigger policies on Vontu

Network Prevent that modify the message, the second and later messages may
be deferred with a 4xx SMTP error. A NullPointerException occurs on Vontu
Network Prevent. Examples of policies that modify the message include header
addition or modification and rewriting recipients. Deferred messages will
eventually be processed. If many messages are deferred due to this situation,
contact Symantec Technical Support to obtain a patch for Vontu Network Prevent.
The patch is not publically available for direct download.

Missing report graphs with certain browsing history setting

on Internet Explorer
Internet Explorer 7 has settings to determine when to check for updated web
pages. If you set "Every time I visit the webpage" for the "Settings for Browsing
History," bar graphs for reports will be missing. This scenario will also result in
"javachart.servlet.ChartStream: no chart bean found" errors in Brightmaillog.log.
Report graphs display properly with the default browsing history setting of
"Automatically" or "Every time I start Internet Explorer." A similar situation
occurs for Internet Explorer 6.

Issues with reports if using Internet Explorer 6.0.3790.1830

in Windows Server 2003 SP1
If you are using Microsoft Internet Explorer 6.0.3790.1830 in Windows Server
2003 SP1, you may experience problems with reports being cached. This can result
in the same report being displayed no matter which report you choose. To prevent
this issue from occurring, use a different browser. The following browsers do not
exhibit this behavior: Microsoft Internet Explorer 6.0.3790.3959 and later and
Mozilla Firefox.

LDAP issues
This section describes known issues regarding LDAP services.

Manual sync and replication needed after restoring from

backup or factory reset if using LDAP
If you configure an LDAP source and then restore from backup, perform a factory
reset, or both, Control Center and Scanner copies of LDAP data may be out of sync.
When restoring from backup follow these steps.
 Symantec Brightmail Gateway 8.0.3 19
Known issues

To restore from backup if using LDAP

1 Restore from backup using the Control Center or db-restore in the command
line interface.
2 In the Control Center, click Administration > Settings > Control Center.
3 Uncheck the Enable LDAP Replication check box to disable replication.
4 Click Save.
5 Click Status > System > LDAP Synchronization.
6 Click Full Synchronization.
7 Click Administration > Settings > Control Center.
8 Check the Enable LDAP Replication check box to re-enable replication.
9 Click Status > System > LDAP Synchronization.
10 Click CC to Scanners.
11 Click Replicate Now.

LDAP group data containing cyclic relationships may not be

retrieved when synchronizing from multiple LDAP sources
If your LDAP source data contains groups with cyclical relationships (where two
or more groups include each other as members) and those related groups are
retrieved by more than one LDAP source, usually Scanner replication will fail and
the groups involved in the cyclical relationship will be noted in the LDAP
synchronization logs. In some cases, however, LDAP synchronization may fail to
retrieve membership information for one or more of the cyclically related LDAP
groups. In this case, although the next Scanner replication cycle will show a status
of "Success", the membership data is not replicated to Scanners.
The missing membership data can impact Symantec Brightmail Gateway in two
ways:
■ If one of the LDAP groups involved is a distribution list with a deliverable email
address and distribution list expansion is enabled in Symantec Brightmail
Gateway, some members of the LDAP groups may not receive messages to the
distribution list.
■ If one of the LDAP groups involved is used as member of a Symantec Brightmail
Gateway group, policies using those members may not be invoked for some
members of the LDAP groups.
To work around this, you can either remove cyclic relationships in your LDAP
groups (recommended) or disable distribution list expansion and review your
group memberships to avoid using LDAP groups involved in a cyclical relationship.
20 Symantec Brightmail Gateway 8.0.3
Known issues