Kaspersky Mail Gateway 5.6.28.0 Critical Fix 1 (CF1) RELEASE NOTES ================================================================================ Released on: (2008-07-11) Contents: * Difference between Mail Gateway 5.6 CF1 and Kaspersky Mail Gateway 5.6 * What's new? * Fixed Problems * Difference between Mail Gateway 5.6 and Kaspersky Mail Gateway 5.5 CF2 * What's new? * Changed Features * Product Overview * System Requirements * Product Installation & Upgrade * Known Issues & Workaround * Contact Information Difference between Mail Gateway 5.6 CF1 and Kaspersky Mail Gateway 5.6 What's new? -------------------------------------------------------------------------------- * The work with Kaspersky TotalSpace Security keys has been added. * 3 minutes updates for anti-spam module have been added. Fixed Problems -------------------------------------------------------------------------------- * 39768 Leaks of descriptors in case of connect timeout in send module. * 40595 Mailgwd hangs at startup in case of using not standard modules in nsswitch.conf. * 40603 Incorrect work termination. * 40725 Incorrect header determination in case of usage of special chars inside the header. * 40910 Incorrect values in statistics after resetting. * 40940 Error at startup in case there is a big number of messages in queue. * 41619 Virus names missing in the message statistics file. * 41833 Errors in conversion a configuration file from the previous version. * 41915 Incorrect webmin response is returned on components startup. * 41929 Webmin incorrect displays of IncomingBCC values from configuration file. * 42023 Incorrect return code when mailgwd is started with -d parameter. * 42027 There is incomplete information in log file and queue in cases of message delivery failure. * Memory leaks. Difference between Mail Gateway 5.6 and Kaspersky Mail Gateway 5.5 CF2 What's new? -------------------------------------------------------------------------------- * Collection of configuration data and statistics of application activity via SNMP; the application can be configured to send SNMP traps when certain events occur. * Recode 8 bit mime messages. * Define groups by sender's ip address and hostname. * Define networks for filtering connections and define groups. Changed Features -------------------------------------------------------------------------------- * The application includes anti-spam module from Kaspersky Antispam 3.0, with the following features: - Increased performance and stability. - Low RAM requirements. - Low level of Internet traffic (updates to Kaspersky Mail Gateway databases). * Improved filtration methods are used, namely: - Algorithms for parsing of HTML objects in e-mail messages (increasing the efficiency of protection against various spammer tricks devised to bypass filtration systems). - System for analysis of e-mail message headers. - System for analysis of graphical attachments (GSG). - Sender Policy Framework (SPF) and Spam URL Realtime Block-lists (SURBL) services. - Internal Urgent Detection System (UDS) service, which allows obtaining information about certain types of spam in real time. * Individual settings available for user groups: certain scanning methods can be enabled/disabled separately for every group; you can also define the actions to be performed over e-mail messages. * Redesigned subsystem accepting incoming mail consumes fewer resources and supports more simultaneous incoming connections. Product Overview -------------------------------------------------------------------------------- Kaspersky Mail Gateway 5.6, (henceforth referred to as Kaspersky Mail Gateway or the application), filters SMTP e-mail traffic to protect e-mail system users against viruses and unwanted messages (spam). The application is a full-featured mail relay (compliant with IETF RFC internet standards) that runs under the Linux and FreeBSD operating systems. The application allows the user to: * Scan e-mail messages for viruses, including both attached objects and message bodies. * Detect infected, suspicious, and password-protected attachments and message bodies. * Perform anti-virus processing (including disinfection) of infected objects detected in e-mail messages by scanning. * Filter e-mail traffic by the names and MIME types of attachments, and apply specified processing rules to the filtered objects. Check each message including attached objects for signs typical of spam. * Check during anti-spam analysis the addresses of mail sender and recipient (envelope), message size and various headers (including From and To). * Perform the following checks as a part of the anti-spam mail analysis: - presence of the sender's IP address in a DNS-based real time black hole list (DNSBL); - availability of a DNS record for the sending server (reverse DNS lookup); - a check of the sender's IP address for compliance with the list of addresses allowed for a domain, based on the Sender Policy Framework (SPF); - a check of addresses and links to web sites in the message text using the Spam URL Real-time Blocklists (SURBL) service. * Scan also attached images, comparing them to the signatures of known spam messages, and take the comparison results into account to determine the status of the message. * Maintain archives of all e-mail messages sent and/or received by the application, if required by the internal security policy of the company. * Enable restrictions for SMTP connections, to provide protection against hacking attacks and to prevent the application being used as an open e-mail relay for unsolicited e-mail messages. * Limit the load on your server by configuring the application's settings and SMTP parameters. * Create white and black lists of senders and recipients applied during processing of e-mail traffic. * Notify senders, recipients, and the administrator about disinfected letters, about messages containing infected, suspicious, or protected objects, and also about errors that have occurred during mail scanning. * Quarantine messages identified as spam or probable spam, formal or blacklisted mail as well as messages containing infected and suspicious objects. * Update the anti-virus and anti-spam databases of Kaspersky Mail Gateway. The application retrieves updates from Kaspersky Lab's update servers. You can also configure the application to update the databases from a local directory. The application detects and cures infected objects using the anti-virus database. During scans, the contents of each file are compared to the sample code of known viruses contained in the database. * The anti-spam databases are used during analysis of message contents (including Subject and other headers) and attached files. The application uses linguistic algorithms which compare the analyzed text with sample messages, and search for typical words and word combinations. * Configure and manage Kaspersky Mail Gateway, either from a remote location using the Webmin web-based interface, or locally using standard operating system tools such as using command line options, signals, special command files or by modifying the application's configuration file. * Monitor the antivirus protection, spam filtering status, application statistics and logs both locally and remotely using the Webmin interface. * Obtain configuration data and statistics on application activity via SNMP and configure the application to generate and send SNMP traps upon occurrence of certain events. System Requirements -------------------------------------------------------------------------------- Hardware requirements: * Intel Pentium(C) processor (Pentium III or Pentium IV recommended). * At least 256 MB of available RAM. * At least 100 MB of available space on your hard drive to install the application. * At least 500 MB of available space in the /tmp file system. Software requirements: 1. Supported operating systems 1.1 One of the following operating systems for 32-bit platforms: * Red Hat Enterprise Linux Server 5. * Fedora 7. * SUSE Linux Enterprise Server 10. * OpenSUSE Linux 10.3. * Debian GNU/Linux 4 r1. * Mandriva 2007. * Ubuntu 7.10 Server Edition. * FreeBSD 5.5, 6.2. 1.2 One of the following operating systems for 64-bit platforms: * Red Hat Enterprise Linux Server 5. * Fedora 7. * SUSE Linux Enterprise Server 10. * OpenSUSE Linux 10.3. 2. Required software: * Perl interpreter, version 5.0 or higher; * bzip2 utility; * which utility. 3. Additional software: * Webmin version 1.070 or higher (www.webmin.com) to install the remote administration module (optional).3 Product Installation & Upgrade -------------------------------------------------------------------------------- Installation from scratch: * Installing the application on a server running Linux For servers running the Linux operating system, Kaspersky Mail Gateway is distributed in two different installation packages, depending on the type of your Linux distribution. To install the application under Linux Red Hat, Linux SUSE or Linux Mandriva, use the rpm package. To initiate installation of Kaspersky Mail Gateway from the rpm package, enter the following at the command line: # rpm -i Attention! After installing the application from the rpm package, you must run the postinstall.pl script to perform post-installation configuration. The default location of the postinstall.pl script is in the /opt/kaspersky/mailgw/lib/bin/setup/ directory. In Linux Debian and Linux Ubuntu, the installation is performed from a deb package. To initiate installation of Kaspersky Mail Gateway from the deb package, the following at the command line: # dpkg -i After you enter the command, the application will be installed automatically. * Installing the application on a server running FreeBSD To initiate installation of Kaspersky Mail Gateway from a pkg package, enter one of the following at the command line: # pkg_add After you enter the command, the application will be installed automatically. Upgrade from the previous version: Upgrade Kaspersky Mail-Gateway 5.5.139 CF2 installed on a server to Kaspersky Mail Gateway 5.6. You can use Kaspersky Mail Gateway 5.6 with your existing license key for Kaspersky Mail Gateway 5.5. We recommend the following method for upgrading: 1. Stop Kaspersky Mail Gateway. 2. Uninstall Kaspersky Mail Gateway using the method described in the attached Administrator's Manual. If the Webmin-module has been installed it should be removed using Webmin administration tools. If Kaspersky Mail Gateway is not removed, Kaspersky Mail Gateway 5.6 installation will terminate with an error. 3. For all users allow reading permission of additional configuration files are included in the main application configuration file. 4. Install Kaspersky Mail Gateway 5.6 using the method described in the included Administrator's Manual. During the work of the installation script you will be offered to enter a path to the main application configuration file. During the conversion of the configuration file of the previous version, all the required templates will be copied, and also you will be offered to choose an action that will be performed on e-mail messages stored in the queue and archive (quarantine). No actions will be performed on the additional configuration files included in the mail configuration file. They will be included in the main application configuration file. 5. Check the obtained application configuration file, especially check the session filtering rules. 6. You may remove read for all users permission from additional configuration files are included in the main application configuration file. And set read permission for user kluser. Upgrade Kaspersky Mail-Gateway 5.6.23.1 installed on a server to Kaspersky Mail Gateway 5.6 CF1. * Upgrading the application on a server running Linux For servers running the Linux operating system, Kaspersky Mail Gateway is distributed in two different installation packages, depending on the type of your Linux distribution. To upgrade the application under Linux Red Hat, Linux SUSE or Linux Mandriva, use the rpm package. To initiate upgrade of Kaspersky Mail Gateway from the rpm package, enter the following at the command line: # rpm -U Attention! After upgrading the application from the rpm package, you must run the postinstall.pl script to perform post-installation configuration. The default location of the postinstall.pl script is in the /opt/kaspersky/mailgw/lib/bin/setup/ directory. In Linux Debian and Linux Ubuntu, the upgrade is performed from a deb package. To initiate upgrade of Kaspersky Mail Gateway from the deb package, the following at the command line: # dpkg -i After you enter the command, the application will be upgraded automatically. * Upgrading the application on a server running FreeBSD 1. Stop Kaspersky Mail Gateway. 2. Uninstall Kaspersky Mail Gateway using the method described in the attached Administrator's Manual. If the Webmin-module has been installed it should be removed using Webmin administration tools. If Kaspersky Mail Gateway is not removed, Kaspersky Mail Gateway 5.6 installation will terminate with an error. 3. To initiate installation of Kaspersky Mail Gateway from a pkg package, enter one of the following at the command line: # pkg_add After you enter the command, the application will be installed automatically. Known Issues & Workaround -------------------------------------------------------------------------------- * The mailgw-tlv utility included into the application package and intended for checking of notification templates verifies template syntax only. It does not validate correct names of macro variables in a template. * There may be problems during delivery of messages to a remote mail server that uses Greylisting with too short timeouts. It is recommended to enter lower values for the MinimalBackoffTime and MaximalBackoffTime application settings or add a separate line for a such remote server in the ForwardRoute setting in the application configuration file. * Temporary SMTP errors (421 4.4.1 Communication error) may occur during delivery of messages to a remote mail server, which prematurely terminates connection after a permanent error (5xx) is initiated in defiance of RFC2821. That is not an error. * Webmin - There are problems with installing Webmin modules to systems using Webmin package from oldstable Debian GNU/Linux. It is recommended to install Webmin software from www.webmin.com. * Webmin module - The application does NOT restart automatically after modification of its configuration settings within Webmin. In order to apply the changes, the restart button in the "AV Run" tab should be used. * Some mail clients (such as MS Outlook 2000/2003) do not display inline the contents of the disclaimer text appended to a processed mail message. Please see details, e.g. at: http://support.microsoft.com/default.aspx?scid=kb;en-us;814111 * If the recipient is an MS Exchange 2000/2003 mailbox, messages sometimes may not be shown to recipient. MS Exchange 2000/2003 relies on its store's duplicate detection. For more details, see http://support.microsoft.com/default.aspx?scid=kb;en-us;269408. This behavior may be experienced while sending messages from quarantine, backup storage or archive to their original recipients or when the message is addressed to several recipients that have mailboxes on the same store. * You are advised to use digits and latin letters only in group names in the application configuration file. Other characters may cause problems while using the Webmin plug-in module to configure the application. * When the operation of the scanning module is suspended (e.g., by the check-off command of the application control script) the application also suspends writing of statistics on the operation of the anti-virus module and the Spamtest filter to the file specified as the value of the MessageStatistics parameter in the application configuration file. That is not an error. * 25365 Under Linux Mandriva the application does not start with default security level (msec). You have to change the security settings: # msec 1 and restart operating system. * 32153 It is not recommended to change the default settings for options LicensePath and BasePath in section [path]. In case of changing the default settings, the anti-spam filtration bases compilation is not possible. * 33288 After the package uninstallation the webmin module is not uninstalled automatically from Webmin. Use the Webmin administration tools to uninstall the module. * 34317 It is impossible to upgrade the package with command rpm -U from Kaspersky Mail Gateway 5.5.139 CF2. * 34521 The '|' symbol are incorrect outputted in man files under Mandriva 2007. * 36335 It is not recommended to process restart and reload Kaspersky Mail Gateway while anti-virus and anti-spam filtration bases are being updated. * 36394 The mailgw-licensemanager utility executed with -da option removes only current active license key. * 36513 After sending module are suspended by the send-off command several e-mail messages may stay in SND (sending) state. And sending module are resumed this messages will be sent only after restart or reload command. * 36513 After the sending module is suspended by the send-off command some e-mail messages may stay in SND (sending) state. After resuming the sending module these messages will be sent only after the execution of the reload or restart command. * 41913 Webmin incorrectly displays subtask status. The file is mentioned in StatFilename should be removed or the file owner and group permission should be changed as mentioned in [options] User and Group. Contact Information -------------------------------------------------------------------------------- Technical Support: www.kaspersky.com/helpdesk General Information: info@kaspersky.com (C) Kaspersky Lab 1997-2008