Symantec Messaging Gateway is een product voor het beveiligen van in- en uitgaande mailstromen. Het borduurt voort op Brightmail, dat in 2004 werd overgenomen door Symantec. Hoewel dat alweer meer dan dertien jaar geleden is gebeurd, wordt de oude naam nog steeds genoemd in het product door de toevoeging 'powered by Brightmail'. Het programma biedt antispam- en antimailwareopties, geavanceerde contentfiltering en data loss prevention, en biedt ook encryptieopties aan door te integreren met Symantec-encryptieproducten. SMG kan op een bijbehorende hardware-appliance worden gedraaid of virtueel in VMware of Hyper-V. Versie 10.6.4 is verschenen met de volgende veranderingen:
What's new in SMG 10.6.4
This release fixes known defects and addresses known vulnerabilities.
New features include the following:
- Symantec recommends that all customers using the SMG software update at their earliest convenience. This version is required to upgrade to future releases of SMG.
- RC4, DES, and 3DES ciphers are no longer accepted or used within HTTPS and SMTP/TLS conversations. These cipher suites have been deemed insecure and are no longer recommended for use. If you experience HTTPS, SMTP, or TLS conversation failures Symantec recommends that you work with the application vendor or business partner to strengthen their application. Symantec does not recommend reenabling these cipher suites.
- This release includes and supersedes patches 266, 267 and 268.
- Integration with Email Threat Isolation and Symantec Blue Coat ProxySG.
- New SymDiag utility collects system diagnostics.
- SymDiag creates a file. When you open the file with SymHelp, you may see the following warning: "This data file was saved by an older version of Symantec Diagnostic Tool <version number>". You can safely ignore this warning.
- The Local Good Sender IPs list was ignored in some messages with more than one IP address in a "Received" header.
- A message with badly formatted 'From' header was not accepted in Spam Quarantine.
- Unsaved changes to quarantine settings were lost when you edited the notification template.
- MAL showed status as "Processing Status" for a rejected message.
- In some cases the Subject line showed garbled text.
- Empty-body messages that are signed using the DKIM relaxed algorithm fail verification.
- In rare cases, the administrator receives an alert about a bmserver crash on signal 11 exit code: 0x008B.
- Validation of SMG-generated DKIM signature fails at recipients such as Gmail, when annotation is added to email and the message is routed through a Microsoft mail server.
- Manual and scheduled backups failed when the backup size was too large.
- MAL logs retention time was not propagated to the BMI_MAL (CC-only MAL for Spam Quarantine release).
- In some cases, startup times for the Control Center web interface were very long.
- MAL did not log any connection-time verdicts.
- CAS preferences from CA Connect page were not respected.
- On virtual appliances, the messages log file showed information about ttyS0 respawning every 10 seconds.
- On CA connect page, the drop-down to select a scanner was disabled when the CAS was not configured for the currently selected scanner.
- XML files were incorrectly sent to CAS on a clean install of 10.6.3, but not on the systems that were upgraded to 10.6.3.
- The check box "Allow email addresses to start with a dash" was removed from Protocols -> Setting -> SMTP -> Address Validation.
- Some MAL searches returned an Application Error page, while some returned expected results.
- Connection classification message counts were tallied improperly resulting in a more favorable verdict.
- The "From" filter on Email Quarantine did not return the expected results.
- The commandmta-control all active-routes returned no data.
- In some cases, scheduled reports failed.
- DKIM signatures did not contain the expiration tag and so did not reflect the signature expiration policy that was set in Protocols -> Domains -> Delivery.
- In some cases, backups with very large databases failed.
- Chrome and Firefox did not recognize certificates using only the common name (CN).
- In some cases, Disarm scanning used excessive disk space.
- An Active Directory administrator who clicked on the "Login to End User View" in the Logout menu received the following message: Possible Cross Site Request Forgery.
- When a Control Center logon was idle for an extended period and the user clicked the logout option, the following error appeared: Possible Cross Site Request Forgery.
- Some delete commands issued on the command line failed on Control-Center-only systems.