Release Notes for McAfee WebShield Version 2.x HotFix 6 (c) 2002 Networks Associates Technology, Inc. All Rights Reserved. =============================================== HotFix Release: 8th January 2002 This HotFix was developed and tested with: - WebShield Appliance V2.x - DAT Version: 4169 - Engine Version: 4140 Make sure you have installed these versions before using this HotFix. =============================================== Thank you for using McAfee WebShield V2.x software. This file contains important information regarding this release. We strongly recommend that you read the entire document. The attached files are provided as is, and with no warranty either expressed or implied as to their suitability for any particular use or purpose. Network Associates, Inc. assumes no liability for damages incurred either directly or indirectly as a result of the use of these files, including but not limited to the loss or damage of data or systems, loss of business or revenue, or incidental damages arising from their use. HotFix files should be applied only on the advice of McAfee Technical Support, and only when you are actually experiencing the issue being addressed by the HotFix. HotFix files should not be proactively applied in order to prevent potential product issues. You are responsible for reading and following all instructions for preparation, configuration, and installation of HotFix files. HotFix files are not a substitute nor replacement for product Service Packs which may be released by Network Associates, Inc. It is a violation of your software license agreement to distribute or share these files with any other person or entity without written permission from Network Associates, Inc. Further, posting of McAfee HotFix files to publicly available Internet sites is prohibited. Network Associates, Inc. reserves the right to refuse distribution of HotFix files to any company or person guilty of unlawful distribution of McAfee software products. Questions or issues with McAfee HotFix files should be directed to McAfee Technical Support. - About This HotFix - Purpose - Resolved Issues - Files Included with This HotFix - Installation - Installation Requirements - Installation Steps - Testing Your Installation - Removing This HotFix - Contacting McAfee and Network Associates - Copyright and Trademark Attributions - Trademarks - License Agreement _______________________________________________ ABOUT THIS HOTFIX PURPOSE This HotFix includes one compressed archive file for use with McAfee WebShield V2.x software. This new file resolves the issues described in the section "RESOLVED ISSUES". RESOLVED ISSUES 1. This HotFix significantly improves the performance of the POP3 Proxy scanner by improving the data buffering within the POP3 Proxy. 2. This HotFix also resolves an issue with the inbound and outbound handoff hosts for the HTTP proxies. Previously the HTTP requests did not get sent to the configured hosts if they were in the form of: address:port 3. This HotFix also resolves an issue that could cause WebShield to misdirect email to additional recipients if an SMTP connection terminated after sender and recipient information had been received, but before any data was sent. If a subsequent connection was then established from a server that did not do a RSET before sending mail, additional recipients may be added to the email recipient list. 4. This HotFix provides additional logging of Sender and Recipient information if Informational Logging is enabled in the Logging and Reporting menu. This information is only available in the CSV formatted reports. 5. This HotFix also resolves an issue in the Japanese version of the software where the value for the HTTP handoff host for outbound traffic was not getting saved. 6. This HotFix also resolves an issue in the Japanese version of the software where the Index and Search tabs were not available in the Japanese online help system. 7. This HotFix also resolves an issue in the Japanese version of the software where the ToolTips for the Help and Cancel buttons were displayed in English. The ToolTips are now displayed in Japanese on the Japanese WebShield V2.x Appliance. 8. This HotFix also resolves a buffer overflow in the CSMAP daemon. It is possible to exploit this buffer overflow vulnerability to execute arbitrary shell commands with the same privileges as the owner of the corresponding daemon. 9. This HotFix also resolves an issue with the HTTP scanner. It modifies a timeout value and changes several other configuration options. This allows more connections to be managed by the HTTP proxy. 10. This HotFix resolves an issue with the V2.x’s network driver. Under extreme load the driver would fail to recover from a lack of system resources. 11. This HotFix resolves an issue with domain names being case sensitive. This specifically relates to the E-mail, Anti- Relay, Local Domains and Permit Domains entries. 12. This HotFix resolves an issue with wild card support. Wild card support has been added to E-mail, Anti-Relay and Anti-Spam fields. 13. This HotFix also resolves an issue in the Japanese version with Shift-JIS encoding when outputting log files in the CSV format. 14. This HotFix resolves an issue with file handles not being released correctly this would result in the V2.x becoming unresponsive to network requests. 15. This HotFix resolves an issue with mail being delivered multiple times due to an internal timeout occurring and a 250 not being sent to the delivering SMTP client. 16. This HotFix resolves an issue with Web Servers reporting incorrect file sizes. This results in an error being reported to the log files for each virus definition in the DAT set. This will ultimately result in the log partition becoming full and the machine becoming unresponsive. 17. This HotFix resolves an issue with large binary downloads not being transferred correctly via POP3 proxy. 18. This HotFix resolves an issue with POP3 proxy becoming unresponsive after periods of heavy load. 19. This HotFix resolves an issue with initial timeout period when the retryer process attempts to deliver mail. 20. This HotFix resolves an issue with the SMTP retryer process and time zone dependencies. 21. This HotFix resolves an issue with HTTP proxy holding open an additional port with secure connections. 22. This HotFix will install a new network interface driver. The new driver resolves an issue with dump_stat_cntrs slowdown under load and adjusts memory allocations for the new driver. 23. This HotFix resolves an issue with the frequency of keep-alive messages generated by FTP and HTTP proxies during FTP downloads. 24. This HotFix adds the scanning of URL strings to allow detection of virus code embedded within them. 25. This HotFix enables the Virus Subject prefix functionality which previously did not link the user interface settings to the SMTP proxy correctly. 26. This HotFix resolves an issue with very long URL strings when the referenced object was large enough to exceed the HTTP memory scanning buffer size. 27. This HotFix resolves the issue of SMTP messages being sent multiple times when several recipients were listed and some were undeliverable. 28. This HotFix improves the performance of SMTP scanning when content filtering and/or disclaimers are in use. 29. This Hotfix enables virus detection in MIME formatted HTTP POST commands when used with the 4160 engine. FILES INCLUDED WITH THIS HOTFIX This HotFix consists of a package called wsv2hf6.tgz (multi-language). This contains the following files: csmap = This is the SMTP Proxy. Csv.xml = This file is a configuration file that is used to configure the information that is written into the log files. e100.o = This is the updated Network Interface driver for the e500. eepro100.o = This is the updated Network Interface driver for the e250. EFMTmimemsg.so = This is the content scanning component for SMTP proxy. http-pdk = This is the updated HTTP proxy component. language.sh = This file is called by the script file and selects which language installation will be performed. mailsend = This is the mail dispatcher for event reports. nicfix_install = This is the network interface driver installer. nicfix_extra = This is the network interface driver naming convention swapper. get-status = Script modified by nicfix_extra intial-xmlconfig = Script modified by nicfix_extra make_ssl_cert = Script modified by nicfix_extra shvars-xmlconf = Script modified by nicfix_extra update-issue = Script modified by nicfix_extra vupdate-xmlsystemconfig = Script modified by nicfix_extra retryer = This is the deferred mail delivery component. pop3-pdk = This is the improved performance version of the POP3 Proxy. ftp-pdk = This is the FTP Proxy. wsv2hf6.txt = Readme file in English. wsv2hf6f.txt = Readme file in French. wsv2hf6g.txt = Readme file in German. wsv2hf6j.txt = Readme file in Japanese. script = This file is used to install the HotFix. shellscript.sh = This is the main installation script. It is responsible for creating the necessary directories and copying the updated files into those directories. It also fixes the handoff host issue for the Japanese version. It also applies the HTTP proxy parameter changes. validate.exe = This executable can be used to validate the HotFix files are not corrupt. validate.txt = This file holds the validation checksums for this HotFix package. version = This is a version mechanism for deployment. webshield_vm = This is the initialization script for WebShield. WebShieldFragment1XML = This file is used to create the status XML file to show the updated HotFix version information. WebShieldFragment2XML = This file is used to create the status XML file to show the updated HotFix version information. WebShieldFragment3XML = This file is used to create the status XML file to show the updated HotFix version information. WebShieldFragment4XML = This file is used to create the status XML file to show the updated HotFix version information. WebShieldFragment5XML = This file is used to create the status XML file to show the updated HotFix version information. WebShieldFragment6XML = This file is used to create the status XML file to show the updated HotFix version information. WebShieldFragmentEndXML = This file is used to create the status XML file to show the updated HotFix version information. WebShieldStatusPostfixXML = This file is used to create the status XML file to show the updated HotFix version information. WebShieldStatusPrefixXML = This file is used to create the status XML file to show the updated HotFix version information. The Japanese version of the HotFix also includes the following files: HTTPConfig.xml = This file resolves the Japanese HTTP configuration error, where the outbound handoff host is not saved. WebShieldUI.xsl = This file contains various translations for the User Interface. /help = The updated Japanese online help files. CSVRecords.class = This is the Java class file for CSV formatting of log files. CSVRecords$CSVInfo.class = This is the Java sub class file for CSV formatting of the log files. LOGParser.class = This is the Java class for log file parsing. _______________________________________________ INSTALLATION INSTALLATION REQUIREMENTS To use this HotFix, the WebShield Appliance must be running WebShield V2.x software correctly. If it is not, use the WebShield Appliance Recovery CD to restore the software before installing this HotFix. INSTALLATION STEPS To install this HotFix, follow these steps: 1. Create a temporary directory on your hard disk, then download the file wsv2hf6.tgz, from the McAfee website to this directory. 2. Copy the file wsv2hf6.tgz to a location on your network that can be accessed from the WebShield appliance. 3. Open your Internet browser and browse to the WebShield appliance. 4. Log in to the configuration applet when prompted by entering your username and password. 5. Select Maintenance from the System menu. 6. Use the Install Service Pack and HotFix 'Browse' button, to find the location of the HotFix file wsv2hf6.tgz and select 'Install now'. 7. Once the HotFix is installed, select Status from the System menu, and ensure that the correct HotFix number is displayed in the Service Packs and HotFixes section. 8. In order to utilize the new values you must either go to the HTTP configuration page and click defaults, or go to the Profiles page and select a profile using constant HTTP (If you had not changed the values from those originally installed they will already have been changed). NOTE: If you plan to use the wse2hf6.tgz archive file again, keep it available on your computer. Otherwise, delete the file once the HotFix has been installed successfully. NOTE: We recommend that you do not remove the HotFix files from your WebShield V2.x installation once you install them. If you reinstall your WebShield V2.x software, we recommend that you also reinstall the HotFix. NOTE: If you apply a configuration saved before Application of HotFix 2 the changes will be lost and you will need to re-apply the latest HotFix. TESTING YOUR INSTALLATION You can test the operation of the software by running the EICAR Standard AntiVirus Test File on any computer where you have installed the software. The EICAR Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to implement one standard by which customers can verify their anti-virus installations. To test your installation: 1. Copy the following line into its own file, then save the file with the name EICAR.COM. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* The file size will be 68 or 70 bytes. 2. Send the EICAR.COM file via the WebShield V2.x appliance. When the appliance scans this file, it will report finding the EICAR test file. 3. Delete the file when you have finished testing your installation to avoid alarming unsuspecting users. IMPORTANT: Please note that this file is NOT A VIRUS. REMOVING THIS HOTFIX To remove this HotFix from your computer, reinstall your original WebShield V2.x software from the original CD supplied with the WebShield appliance. NOTE: We recommend that you do not remove the HotFix files from your WebShield installation once you install them. If you reinstall your WebShield V2.x software, we recommend that you also reinstall the HotFix. _______________________________________________ CONTACTING MCAFEE AND NETWORK ASSOCIATES Technical Support http://knowledge.nai.com McAfee Beta Program Beta Web Site www.mcafeeb2b.com/beta/ E-mail avbeta@nai.com AVERT Anti-Virus Research Site www.mcafeeb2b.com/avert Download Site www.mcafeeb2b.com/naicommon/download/ DAT File Updates www.mcafeeb2b.com/naicommon/download/dats/find.asp Product Upgrades www.mcafeeb2b.com/naicommon/download/upgrade/login.asp Valid grant number required. Contact Network Associates Customer Service On-Site Training Information www.mcafeeb2b.com/services/mcafee-training/default.asp Finding a Reseller www.mcafeeb2b.com/naicommon/partners/tsp-seek/intro.asp Network Associates Customer Service US, Canada, and Latin America toll-free: Phone: +1-888-VIRUS NO or +1-888-847-8766 Monday - Friday, 8 a.m. - 8 p.m., Central Time E-mail: services_corporate_division@nai.com Web: www.nai.com www.mcafeeb2b.com For additional information on contacting Network Associates and McAfee including toll- free numbers for other geographic areas -- see the CONTACT file that accompanied your original product release. _______________________________________________ COPYRIGHT AND TRADEMARK ATTRIBUTIONS (c) 2002 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. To obtain this permission, write to the attention of the Network Associates legal department at: 3965 Freedom Circle, Santa Clara, California 95054, or call +1-972-308-9960. TRADEMARKS Active Security, ActiveHelp, ActiveShield, AntiVirus Anyware and design, Bomb Shelter, Building a World of Trust, Certified Network Expert, Clean-Up, CleanUp Wizard, Cloaking, CNX, CNX Certification Certified Network Expert and design, CyberCop, CyberMedia, CyberMedia UnInstaller, Data Security Letter and design, Design (logo), Design (Rabbit with hat), design (stylized N), Disk Minder, Distributed Sniffer System, Distributed Sniffer System (in Katakana), Dr Solomon’s, Dr Solomon’s label, Enterprise SecureCast, EZ SetUp, First Aid, ForceField, Gauntlet, GMT, GroupShield, Guard Dog, HelpDesk, HomeGuard, Hunter, I C Expert, ISDN TEL/SCOPE, LAN Administration Architecture and design, LANGuru, LANGuru (in Katakana), LANWords, Leading Help Desk Technology, LM1, M and design, Magic Solutions, Magic University, MagicSpy, MagicTree, MagicWord, McAfee Associates, McAfee, McAfee (in Katakana), McAfee and design, NetStalker, MoneyMagic, More Power To You, MultiMedia Cloaking, myCIO.com, myCIO.com design (CIO design), myCIO.com Your Chief Internet Officer & design, NAI & design, Net Tools, Net Tools (in Katakana), NetCrypto, NetOctopus, NetRoom, NetScan, NetShield, NetStalker, Network Associates, Network General, Network Uptime!, NetXray, NotesGuard, Nuts & Bolts, Oil Change, PC Medic, PC Medic 97, PCNotary, PGP, PGP (Pretty Good Privacy), PocketScope, PowerLogin, PowerTelNet, Pretty Good Privacy, PrimeSupport, Recoverkey, Recoverkey – International, Registry Wizard, ReportMagic, RingFence, Router PM, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, SmartDesk, Sniffer, Sniffer (in Hangul), SniffMaster, SniffMaster (in Hangul), SniffMaster (in Katakana), SniffNet, Stalker, Stalker (stylized), Statistical Information Retrieval (SIR), SupportMagic, TeleSniffer, TIS, TMACH, TMEG, TNV, TVD, TNS, TSD, Total Network Security, Total Network Visibility, Total Service Desk, Total Virus Defense, Trusted MACH, Trusted Mail, UnInstaller, Virex, Virus Forum, ViruScan, VirusScan, VShield, WebScan, WebShield, WebSniffer, WebStalker, WebWall, Who’s Watching Your Network, WinGauge, Your E- Business Defender, ZAC 2000, Zip Manager are registered trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. LICENSE AGREEMENT NOTICE TO ALL USERS: FOR THE SPECIFIC TERMS OF YOUR LICENSE TO USE THE SOFTWARE THAT THIS DOCUMENTATION DESCRIBES, CONSULT THE LICENSE.TXT OR OTHER LICENSE DOCUMENT THAT ACCOMPANIES YOUR SOFTWARE, EITHER AS A TEXT FILE OR AS PART OF THE SOFTWARE PACKAGING. IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH THEREIN, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO THE PLACE OF PURCHASE FOR A FULL REFUND.