Software-update: Symantec Messaging Gateway 10.6

Symantec Messaging Gateway is een product voor het beveiligen van in- en uitgaande mailstromen. Het borduurt voort op Brightmail, dat in 2004 werd overgenomen door Symantec. Hoewel dat alweer meer dan elf jaar geleden is gebeurd, wordt de oude naam nog steeds genoemd in het product door de toevoeging 'powered by Brightmail'. Het programma biedt antispam- en antimailwareopties, geavanceerde contentfiltering en data loss prevention, en biedt ook encryptieopties aan door te integreren met Symantec-encryptieproducten. SMG kan op een bijbehorende hardware-appliance worden gedraaid of virtueel in VMware of Hyper-V. Versie 10.6 is onlangs verschenen met de volgende veranderingen:

What's new in Symantec Messaging Gateway 10.6

This release of Symantec Messaging Gateway includes the following new and enhanced features:

• Support for the Symantec SHA-2 transition program. (See http://www.symantec.com/docs/ALERT1868 for more information.)
• Enhanced effectiveness of spam and bulk mail using real-time URL reputation services.
• Support for TLS 1.1 and 1.2 in in SMTP TLS conversations.
• Performance improvements, including increased efficiency when accepting TLS messages.
• Improved auditing by adding Control Center administrative events to the logs that are sent to a remote logging facility.
• Operating System update to maintain a secure platform.
• Transition applications to native 64 bit.
• "Sieve" based custom scripts are no longer supported. If you are currently using sieve scripts contact support to arrange for a transition plan to "Lua" based scripts.

This release also fixes known defects and addresses known vulnerabilities.

Resolved issues:

• Conflicting Bypass Spam and Bypass CF rules are not logged in MAL.
• When you enable Sender ID/SPF, the checking of SPF TXT records returned by DNS is case-sensitive for keywords such as "a", "mx", and "ip".
• Errors are displayed in the MTA Log (maillog).
• SMG may be unable to deliver mail if TLS delivery is attempted and the receiving MTA strictly implements TLSv1.
• Installing a separate certificate created with a pre-existing, already imported private key, overwrites previously installed cert made with the same key.
• Locale settings let you save "DD" instead of "dd" in Long date and Day, Date and Time in Apply custom date and time stamp format.
• Moscow changed its time zone on October 26, 2014. The SMG appliance needed to be updated to correctly reflect this change.
• Prior releases of SMG did not provide a way to refresh Diffie Hellman keys.
• Adding a new probe address using Spam->Probe Addresses->Add fails when a similar address already exists with a period in the same position as an underscore, or an underscore in the position of a period.
• Sender validation would fail when processing sender domain SPF text records comprised of multiple strings.
• Heavy TLS load results in slow MTA response both in mail acceptance and delivery.
• Potential unexpected behavior in Brightmail engine.
• SMG failed to warn users when they added certificates with key lengths that were less than 2048.
• In some cases, "Error from web server 403" occurs in conduit log every minute when attempting to update customer-specific rules.
• Certain messages were erroneously being reported as "unscannable" even when Allow Malformed MIME was enabled.
• When the Enable HTML tag scanning (message body) policy option was enabled, all rules failed to trigger on messages that had no HTML body parts.
• db-backup was missing a "verbose" (-v) option.
• sshd-config status showed Support for CBC ciphers is ENABLED, even when CBC ciphers were disabled by the sshd-config command.
• Under certain conditions, when the file system on one of the scanners was not accessible, the Control Center threw an application error and did not allow an administrator to log in.
• "An unexpected database error has occurred" was seen in BrightmailLog when upgraded from 10.5.4 to 10.6.
• tar archives attached to messages received unscannable verdict.