Professional Documents
Culture Documents
Symantec Messaging
Gateway 10.5.2 Release
Notes
This document includes the following topics:
What's new
Documentation
Support policy
Supported platforms
Unsupported platforms
Resolved issues
Known issues
What's new
This release of Symantec Messaging Gateway fixes known defects and addresses
known vulnerabilities, and also includes the following new and enhanced features:
Fixes to HTTP proxy settings: previous releases did not allow certain special
characters in usernames or passwords. This issue is now resolved.
Longer keys for self-signed certificates: self-signed certificates now use keys
that are 4096 bits in length. You can now generate authority-signed certificate
requests with both 2048-bit and 4096-bit keys.
Local Good and Bad Sender improvements: under certain circumstances, when
Local Good or Bad Sender IP addresses were entered with overlapping ranges,
rules would fail to load. This issue is now resolved.
Documentation
You can access English documentation at the following website:
http://www.symantec.com/business/support/index?page=content&key=53991&channel=
DOCUMENTATION&sort=recent
The site provides best practices, troubleshooting information, and other resources
for Symantec Messaging Gateway.
Check the following website for any issues that are found after these release notes
were finalized:
http://www.symantec.com/docs/TECH215638
To access the software update description from the Control Center, click
Administration > Hosts > Version. On the Updates tab, click View Description.
To view the Symantec support policy for Symantec Messaging Gateway, see the
following links:
http://go.symantec.com/security_appliance_support
http://go.symantec.com/appliance_hw_support
To read the translated 10.5 documentation, copy and paste any of the following
URLs into a web browser, and then click the Documentation link:
Chinese (Simplified)
http://www.symantec.com/business/support/index?page=landing&key=53991&locale=zh_CN
Chinese (Traditional)
http://www.symantec.com/business/support/index?page=landing&key=53991&locale=zh_TW
Japanese
http://www.symantec.com/business/support/index?page=landing&key=53991&locale=ja_JP
Korean
http://www.symantec.com/business/support/index?page=landing&key=53991&locale=ko_KR
You can access English documentation at the following website:
http://www.symantec.com/business/support/index?page=content&key=53991&channel=
DOCUMENTATION&sort=recent
The site provides best practices, troubleshooting information, and other resources
for Symantec Messaging Gateway.
Support policy
Symantec provides standard support for only the most current build of the licensed
software.
For more information about Symantec's support policies, on the Internet, go to the
following URL:
http://go.symantec.com/security_appliance_support
Supported platforms
You can update to Symantec Messaging Gateway 10.5.2 on any of the following
platforms:
All supported hardware versions: 8380, 8360, and 8340 purchased after
November 2008
Microsoft Hyper-V: Windows Server 2008 and Hyper-V Server 2008, Windows
Server 2012 and Hyper-V Server 2012
Unsupported platforms
Unsupported platforms are as follows:
Hardware platforms 8220, 8240, 8260, 8320, and 8340 (PowerEdge 860 version)
purchased on or before November 2008 are unsupported, as are hardware
platforms 8360 (PowerEdge 1950 version) and 8380 (PowerEdge 2950 version)
purchased on or before March 2009.
For more information about Symantec Messaging Gateway hardware testing
support, on the Internet, go to the following URL:
http://www.symantec.com/docs/TECH186269
To determine what hardware version you have, at the command line type the
following:
show --info
Firefox 26 or later
Chrome 23 or later
To install on VMware
There are two methods for installing on supported VMware platforms:
ISO file
You can load the ISO file into a preconfigured virtual machine.
You can use the ISO file on VMware ESXi/vSphere 5.0/5.1/5.5.
OVF template
You can also load the OVF, which includes the virtual machine
configuration.
You can use the OVF for VMware ESXi/vSphere 5.0/5.1/5.5.
To install on Hyper-V
There is one method for installing on supported Hyper-V platforms:
ISO file
You can load the ISO file into a preconfigured virtual machine.
You can use the ISO file on Windows Server 2008 and Hyper-V Server
2008, Windows Server 2012 and Hyper-V Server 2012.
See the Symantec Messaging Gateway 10.5 Installation Guide for instructions and
system requirements.
Note: To update to Symantec Messaging Gateway 10.5 in a virtual environment,
you must verify that your virtual environment can support 64-bit virtualization. When
Intel Virtualization Technology (also known as Intel-VT) is enabled in the BIOS, it
allows the CPU to support multiple operating systems, including 64-bit architecture.
On many Intel processors this setting may be disabled in the BIOS and must be
enabled prior to installing Symantec Messaging Gateway 10.5. AMD processors
that support 64-bit architecture usually have this setting enabled by default. See
KB 1003945 from VMware for more information:
http://kb.vmware.com/selfservice/microsites/search.do?language=en_US
&cmd=displayKC&externalId=1003945
Item
Description
Perform a backup.
Symantec strongly recommends that you take a full system backup before you run the
software update and store it off-box.
Table 1-1
Item
Description
Do not restart.
The software update process may take several hours to complete. If you restart before
the process is complete, data corruption is likely to occur. If data corruption occurs, the
appliance must be reinstalled with a factory image.
If your site policies let you, delete all Scanner and DDS log messages.
Symantec strongly recommends that you update your Control Center before you update
your Scanners. If you do not update the Control Center first, Symantec recommends
that you use the command line interface to update remote Scanners. It is crucial that
the time frame in which you update your Scanners to 10.5 is kept as short as possible:
the Control Center is unable to propagate configuration changes to Scanners that are
on different versions. Configurations in which the Control Center and Scanners run
different versions for an extended period are unsupported.
When you update the Control Center, the Control Center appliance is offline and
unusable. Scanners cannot deliver messages to quarantine on the Control Center
during the software update, so messages build up in a queue. Running software update
on a Control Center appliance can take quite some time. Plan to update the Control
Center appliance during off-peak hours.
When you migrate a Scanner, it goes offline. Scanner resources are unavailable during
the migration process. Software update of a Scanner takes less time than the software
update of the Control Center.
Resolved issues
This section describes the issues that are resolved in 10.5.2.
Table 1-2
Resolved issues
Issue
Fastpass was being granted for a Bad Fastpass was being granted for a Bad Sender IP (if
Sender IP.
that IP is sending non-spam emails and Action for
Local Bad Sender IP was to Modify the subject
line).
See the associated knowledge base article for
details:
http://www.symantec.com/docs/TECH208717
Under some circumstances, queries
submitted from the Submission Detail
page returned the following errors:
The service is not available
since there was a server
error to process the
request. Please contact your
system administrator. ERROR
- The UI and/or log errors
should indicate that the
server returned an HTTP 500
Internal Server Error (which
is not common) and that the
admin should correct the
search string and retry or
try another search string.
Message Audit Log text read Bypass See the associated knowledge base article for
details:
all content filtering
policies even if only specific
http://www.symantec.com/docs/TECH216368
policies were being bypassed.
Control Center Message Audit Logs Rejected SMTP AUTH events are now displayed as
did not display rejected SMTP AUTH expected in the Control Center. See the associated
events.
knowledge base article for details:
http://www.symantec.com/docs/TECH208749
Error returned while enabling HTTP:
-ne: unary operator
expected.
Table 1-2
Issue
Some Subject entries were improperly Message Audit Log records now display as expected.
displayed in the Message Audit Log See the associated knowledge base article for
when they contained DBCS or
details:
HI-ASCII characters.
http://www.symantec.com/docs/TECH216370
Three lines reading Configuration
file /etc/yum/pluginconf.
d/filename not found appear
near the top of the output for many
command line update commands, as
well as in the update.log file.
10
Table 1-2
Issue
Some default Content Filtering policies This issue has been resolved. See the associated
were not displayed in Content Filtering knowledge base article for details:
reports.
http://www.symantec.com/docs/TECH211465
Javascript error observed during
update in Internet Explorer 8.
Customer-specific Spam Submissions This issue has been resolved. See the associated
registration failed with some proxy
knowledge base article for details:
servers.
http://www.symantec.com/docs/TECH210784
On the Control Center's Status >
This issue has been resolved. See the associated
Hosts > Hardware Status >
knowledge base article for details:
Localhost page, drop-down menus
http://www.symantec.com/docs/TECH216373
for Administrator logout and Online
Help were not displayed.
11
Table 1-2
Issue
http://www.symantec.com/docs/TECH211529
http://www.symantec.com/docs/TECH216376
12
Table 1-2
Issue
Potential Distributed Reflection Denial See the associated knowledge base article for
of Service vulnerability in NTP on IPv6 details:
interface as described in
http://www.symantec.com/docs/TECH215006
CVE-2013-5211.
Mail Transfer Agent crashed while
trying to deliver to a domain with
hundreds of MX records pointing to
non-operational hosts.
The error Validation of stats This issue has been resolved. See the associated
knowledge base article for details:
file engine_stats.*.xml
failed appeared in the conduit log
http://www.symantec.com/docs/TECH214951
when language blocking was enabled.
The file domains.db accumulated
errors over time and could not be
reset. This caused the following errors
to appear when restarting the MTA:
Datasource: failed to
prepare. Datasource query
failed for domain.com.
13
Table 1-2
Issue
Customer-Specific Spam Rules: input Submit Message page does not provide validation
validation not present on Submit
on some types of files, which can result in invalid
Message page.
submissions.
See the associated knowledge base article for
details:
http://www.symantec.com/docs/TECH208719
When large numbers of emails are
This was a result of using Internet Explorer 8, which
released from spam quarantine, the is no longer supported. See the associated
Control Center sometimes logs users knowledge base article for details:
out.
http://www.symantec.com/docs/TECH211469
Submission detail report doesn't
provide an annotation when a
duplicate signature is found for a
message.
Known issues
This section describes the known issues in version 10.5.2.
14
Table 1-3
Known issues
Issue
Description
Given a ZIP file split into several parts and sent one
part per message, Symantec Messaging Gateway
does not detect all ZIP file parts in a consistent
manner, though it does so for other compressed files
(such as RAR files) that are similarly divided. Not all
such messages are considered unscannable, as
would be expected.
http://www.symantec.com/docs/TECH176884
The online Help regarding the status See the associated knowledge base article for
of the Scanners in the Host
details:
Attributes section on the Host Status
http://www.symantec.com/docs/TECH205694
page does not match the Symantec
Messaging Gateway user interface.
15
Table 1-3
Issue
Description
The Symantec Messaging Gateway See the associated knowledge base article for
details:
Installation Guide incorrectly states
that inbound local delivery is limited
http://www.symantec.com/docs/TECH193367
to three servers, while the Symantec
Messaging Gateway Administration
Guide states (correctly) that local
delivery is unlimited.
16
Table 1-3
Issue
Description
17
Table 1-3
Issue
Description
http://www.symantec.com/docs/TECH211466
http://www.symantec.com/docs/TECH211470
18
Table 1-3
Issue
Description
If both inbound and outbound mail is If inbound and outbound mail is received on different
received on the same IP address and interfaces or ports, this problem will not occur.
port, mail from an IP address with a
See the associated knowledge base article for
broken PTR record will be deferred.
details:
http://www.symantec.com/docs/TECH211480
Unchecking "Enable scanning of
See the associated knowledge base article for
non-plain text attachments for words details:
in dictionaries" also prevents scanning
http://www.symantec.com/docs/TECH216384
of plain text attachments.
Documentation incorrectly states that The uncompressed size of attachments is always
file attachment size limits considers used when testing file size.
only the compressed size of
See the associated knowledge base article for
compressed attachments.
details:
http://www.symantec.com/docs/TECH216385
A Microsoft Office 2007-formatted
document may unexpectedly trigger
a Content policy based on the
attachment size.
http://www.symantec.com/docs/TECH216386
http://www.symantec.com/docs/TECH215003
Symantec Messaging Gateway may See the associated knowledge base article for
fail to process certain messages with details:
badly formatted MIME attachment
http://www.symantec.com/docs/TECH216389
headers.
Selecting the timezone "(GMT-04:00) See the associated knowledge base article for
Atlantic Time (Canada)" results in
details:
timezone being set to "(GMT-05:00)
http://www.symantec.com/docs/TECH215942
Eastern Time (US & Canada)".
Microsoft Office 2007 documents with See the associated knowledge base article for
files embedded using the 'Link to file' details:
option are considered unscannable
http://www.symantec.com/docs/TECH216390
due to limits exceeded.
19