Release Notes for McAfee WebShield Version 2.5 HotFix 3 (c) 2001-2002 Networks Associates Technology, Inc. All Rights Reserved. =============================================== HotFix Release: 19th August 2002 This HotFix was developed and tested with: - WebShield Appliance V2.5 - DAT Version: 4208 - Engine Version: 4160 This HotFix will not install without the 4160 Engine being installed. =============================================== Thank you for using McAfee WebShield V2.5 software. This file contains important information regarding this release. We strongly recommend that you read the entire document. The attached files are provided as is, and with no warranty either expressed or implied as to their suitability for any particular use or purpose. Network Associates, Inc. assumes no liability for damages incurred either directly or indirectly as a result of the use of these files, including but not limited to the loss or damage of data or systems, loss of business or revenue, or incidental damages arising from their use. HotFix files should be applied only on the advice of McAfee Technical Support, and only when you are actually experiencing the issue being addressed by the HotFix. HotFix files should not be proactively applied in order to prevent potential product issues. You are responsible for reading and following all instructions for preparation, configuration, and installation of HotFix files. HotFix files are not a substitute nor replacement for product Service Packs which may be released by Network Associates, Inc. It is a violation of your software license agreement to distribute or share these files with any other person or entity without written permission from Network Associates, Inc. Further, posting of McAfee HotFix files to publicly available Internet sites is prohibited. Network Associates, Inc. reserves the right to refuse distribution of HotFix files to any company or person guilty of unlawful distribution of McAfee software products. Questions or issues with McAfee HotFix files should be directed to McAfee Technical Support. - About This HotFix - Purpose - Resolved Issues - Files Included with This HotFix - Installation - Installation Requirements - Installation Steps - Testing Your Installation - Removing This HotFix - Contacting McAfee and Network Associates - Copyright and Trademark Attributions - Trademarks - License Agreement _______________________________________________ ABOUT THIS HOTFIX PURPOSE This HotFix includes one compressed archive file for use with McAfee WebShield V2.5 software. This new file resolves the issues described in the section "RESOLVED ISSUES". New issues resolved in this HotFix are issues 14-20. RESOLVED ISSUES 1. This HotFix adds new functionality that allows the appliance to deliver non-RFC compliant emails that contain an underscore in the FQDN of the recipient address. See the accompanying nonrfcdomain.rtf for details on implementing this new functionality. 2. This HotFix resolves an issue with archive files. If the archive file contains a file that reports as locked when scanned, the archive was treated as a suspicious file and the archive was blocked. This is typically because the file is 0 bytes in size. 3. This HotFix resolves an issue with the POP3 proxy, where cleaning infected files could cause them to become corrupt. 4. This HotFix reinstates new functionality that gives the option to add a subject prefix for mails that have been cleaned. See accompanying subjectprefix.rtf for details on implementing this functionality. 5. This HotFix resolves issues with the SMTP proxy recognizing a variety of incorrectly formatted MIME messages. 6. This HotFix has made a change to the SMTP proxy to ensure that Content-Transfer-Encoding headers always contain legal attributes. 7. This HotFix resolves an issue with the FTP proxy that caused keepalive on wu-ftp to function incorrectly. 8. This HotFix resolves an issue with the automatic update not handling username/password correctly via a proxy over http. 9. This HotFix resolves an issue where the POP3 proxy could try to repair files incorrectly. 10. This HotFix resolves an issue with nested MIME boundaries where there is a leading match with the external boundary within the internal boundary. Previously this could result in the truncation of the message. 11. This HotFix resolves an issue with establishing HTTP, POP3 or FTP connections where the connection could not be fully established and the partial connection was waiting on a timeout provided by the operating system. 12. This HotFix resolves an issue where valid uuencoded messages could be mistaken for a malformed MIME exploit. 13. This HotFix rectifies a condition where messages configured to be returned to sender following a content scan detection get incorrectly delivered to the intended recipient. 14. This HotFix fixes an issue where a specially crafted DNS MX record could cause the appliance to attempt to deliver to itself via the loopback address or any other appliance address. 15. This HotFix fixes an issue where inability to contact a server configured in local domains for SMTP delivery could cause DNS routed delivery to be attempted instead. 16. This HotFix fixes an issue where an attempt was made to deliver messages to the empty return path. 17. This HotFix fixes an issue where certain infected documents could be cleaned in such a way that parts of the infection remained visible to subsequent scanners. 18. This HotFix fixes an issue where certain messages could be mistaken for certain types of uuencoded data, resulting in incorrect decoding of the message. 19. This HotFix fixes an issue with NULL and Escape characters in messages resulting in incorrect quarantining of the message. 20. This HotFix fixes an issue where attempts to log very long items could cause the logging process to stop recording all items. FILES INCLUDED WITH THIS HOTFIX This HotFix consists of a package called Wse25HF3.tgz (multi-language). This contains the following files: README/version validate/md5sum.txt validate/validate.txt validate/version WSeV25hf3/av-update WSeV25hf3/ContentScanning.dtd WSeV25hf3/ContentScanningRes.jar WSeV25hf3/ContentScanningUI.jar WSeV25hf3/de/WebShieldStatusFragment01XML WSeV25hf3/de/WebShieldStatusFragment02XML WSeV25hf3/de/WebShieldStatusFragment03XML WSeV25hf3/de/WebShieldStatusFragmentEndXML WSeV25hf3/de/WebShieldStatusPostfixXML WSeV25hf3/de/WebShieldStatusPrefixXML WSeV25hf3/e250/csmap WSeV25hf3/e250/ftp-pdk WSeV25hf3/e250/http-pdk WSeV25hf3/e250/mailsend WSeV25hf3/e250/pop3-pdk WSeV25hf3/e250/retryer WSeV25hf3/e500/csmap WSeV25hf3/e500/ftp-pdk WSeV25hf3/e500/http-pdk WSeV25hf3/e500.jar WSeV25hf3/e500/mailsend WSeV25hf3/e500/pop3-pdk WSeV25hf3/e500/retryer WSeV25hf3/EFMTdefaultformatplugin.so WSeV25hf3/EFMTmimemsg.so WSeV25hf3/EFMTtnefmsg.so WSeV25hf3/en/WebShieldStatusFragment01XML WSeV25hf3/en/WebShieldStatusFragment02XML WSeV25hf3/en/WebShieldStatusFragment03XML WSeV25hf3/en/WebShieldStatusFragmentEndXML WSeV25hf3/en/WebShieldStatusPostfixXML WSeV25hf3/en/WebShieldStatusPrefixXML WSeV25hf3/ESCANwordengine.so WSeV25hf3/fr/WebShieldStatusFragment01XML WSeV25hf3/fr/WebShieldStatusFragment02XML WSeV25hf3/fr/WebShieldStatusFragment03XML WSeV25hf3/fr/WebShieldStatusFragmentEndXML WSeV25hf3/fr/WebShieldStatusPostfixXML WSeV25hf3/fr/WebShieldStatusPrefixXML WSeV25hf3/html/de/RestoreConfigurationChange.html WSeV25hf3/ja/WebShieldStatusFragment01XML WSeV25hf3/ja/WebShieldStatusFragment02XML WSeV25hf3/ja/WebShieldStatusFragment03XML WSeV25hf3/ja/WebShieldStatusFragmentEndXML WSeV25hf3/ja/WebShieldStatusPostfixXML WSeV25hf3/ja/WebShieldStatusPrefixXML WSeV25hf3/ko/WebShieldStatusFragment01XML WSeV25hf3/ko/WebShieldStatusFragment02XML WSeV25hf3/ko/WebShieldStatusFragment03XML WSeV25hf3/ko/WebShieldStatusFragmentEndXML WSeV25hf3/ko/WebShieldStatusPostfixXML WSeV25hf3/ko/WebShieldStatusPrefixXML WSeV25hf3/libwidedecodeencode.so WSeV25hf3/mimemsg_eng.xml WSeV25hf3/mimemsg_fra.xml WSeV25hf3/mimemsg_ger.xml WSeV25hf3/mimemsg_jpn.xml WSeV25hf3/Policies.dtd WSeV25hf3/policyloader_eng.xml WSeV25hf3/policyloader_fra.xml WSeV25hf3/policyloader_ger.xml WSeV25hf3/policyloader_jpn.xml WSeV25hf3/policyloader.so WSeV25hf3/script WSeV25hf3/shellscript.sh WSeV25hf3/tnef_eng.xml WSeV25hf3/tnef_fra.xml WSeV25hf3/tnef_ger.xml WSeV25hf3/tnef_jpn.xml WSeV25hf3/version WSeV25hf3/wordengine_eng.xml WSeV25hf3/wordengine_fra.xml WSeV25hf3/wordengine_ger.xml WSeV25hf3/wordengine_jpn.xml WSeV25hf3/xml/de/TopTenVirus.xml WSeV25hf3/xml/de/VirusBarGraph.xml WSeV25hf3/xml/en/TopTenVirus.xml WSeV25hf3/xml/en/VirusBarGraph.xml WSeV25hf3/xml/fr/TopTenVirus.xml WSeV25hf3/xml/fr/VirusBarGraph.xml WSeV25hf3/xml/ja/TopTenVirus.xml WSeV25hf3/xml/ja/VirusBarGraph.xml WSeV25hf3/xml/ko/TopTenVirus.xml WSeV25hf3/xml/ko/VirusBarGraph.xml WSeV25hf3/xml/zh/TopTenVirus.xml WSeV25hf3/xml/zh_TW/TopTenVirus.xml WSeV25hf3/xml/zh_TW/VirusBarGraph.xml WSeV25hf3/xml/zh/VirusBarGraph.xml WSeV25hf3/zh_TW/WebShieldStatusFragment01XML WSeV25hf3/zh_TW/WebShieldStatusFragment02XML WSeV25hf3/zh_TW/WebShieldStatusFragment03XML WSeV25hf3/zh_TW/WebShieldStatusFragmentEndXML WSeV25hf3/zh_TW/WebShieldStatusPostfixXML WSeV25hf3/zh_TW/WebShieldStatusPrefixXML WSeV25hf3/zh/WebShieldStatusFragment01XML WSeV25hf3/zh/WebShieldStatusFragment02XML WSeV25hf3/zh/WebShieldStatusFragment03XML WSeV25hf3/zh/WebShieldStatusFragmentEndXML WSeV25hf3/zh/WebShieldStatusPostfixXML WSeV25hf3/zh/WebShieldStatusPrefixXML _______________________________________________ INSTALLATION INSTALLATION REQUIREMENTS To use this HotFix, the WebShield Appliance must be running WebShield V2.5 software correctly. If it is not, use the WebShield Appliance Recovery CD to restore the software before installing this HotFix. NOTE: To install this HotFix, the appliance must be running engine version 4.1.60 or above. NOTE: Please clear your Java cache before applying this HotFix. To clear the JAR cache go to: Control Panel / Java plug-in 1.3.x.x / Cache and click on the "Clear Jar Cache" button. INSTALLATION STEPS To install this HotFix, follow these steps: 1. Create a temporary directory on your hard disk and download the file WSE25HF3.zip from the McAfee website. 2. Extract the file WSe25HF3.tgz from the zip package (you may need a password from McAfee support) to a location on your network that can be accessed from the WebShield appliance. 3. Open your Internet browser and browse to the WebShield appliance. 4. Log in to the configuration applet when prompted by entering your username and password. 5. Select Maintenance from the System menu. 6. Use the Install Service Pack and HotFix 'Browse' button, to find the location of the HotFix file WSe25HF3.tgz and select 'Install now'. 7. Installing the HotFix will restart the Tomcat Daemon requiring the user to login again. If the package will not install, verify the appliance is running engine version 4.1.60 or later and also ensure that there is sufficient space on the client’s machine – up to 65 M/B free space may be needed. 8. Once the HotFix is installed, select Status from the System menu, and ensure that the correct HotFix number is displayed in the Service Packs and HotFixes section. 9. In order to utilize the new values you must either go to the HTTP configuration page and click defaults, or go to the Profiles page and select a profile using "constant HTTP" (If you had not changed the values from those originally installed they will already have been changed). NOTE: If you plan to use the WSe25HF3.tgz archive file again, keep it available on your computer. Otherwise, delete the file once the HotFix has been installed successfully. NOTE: We recommend that you do not remove the HotFix files from your WebShield V2.5 installation once you install them. If you reinstall your WebShield V2.5 software, we recommend that you also reinstall the HotFix. TESTING YOUR INSTALLATION You can test the operation of the software by running the EICAR Standard AntiVirus Test File on any computer where you have installed the software. The EICAR Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to implement one standard by which customers can verify their anti-virus installations. To test your installation: 1. Copy the following line into its own file, then save the file with the name EICAR.COM. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* The file size will be 68 or 70 bytes. 2. Send the EICAR.COM file via the WebShield V2.x appliance. When the appliance scans this file, it will report finding the EICAR test file. 3. Delete the file when you have finished testing your installation to avoid alarming unsuspecting users. IMPORTANT: Please note that this file is NOT A VIRUS. REMOVING THIS HOTFIX To remove this HotFix from your computer, reinstall your original WebShield V2.5 software from the original CD supplied with the WebShield appliance. NOTE: We recommend that you do not remove the HotFix files from your WebShield installation once you install them. If you reinstall your WebShield V2.5 software, we recommend that you also reinstall the HotFix. _______________________________________________ CONTACTING MCAFEE AND NETWORK ASSOCIATES Technical Support http://knowledge.nai.com McAfee Beta Program Beta Web Site www.mcafeeb2b.com/beta/ E-mail avbeta@nai.com AVERT Anti-Virus Research Site www.mcafeeb2b.com/avert Download Site www.mcafeeb2b.com/naicommon/download/ DAT File Updates www.mcafeeb2b.com/naicommon/download/dats/find.asp Product Upgrades www.mcafeeb2b.com/naicommon/download/upgrade/login.asp Valid grant number required. Contact Network Associates Customer Service On-Site Training Information www.mcafeeb2b.com/services/mcafee-training/default.asp Network Associates Customer Service US, Canada, and Latin America toll-free: Phone: +1-888-VIRUS NO or +1-888-847-8766 Monday - Friday, 8 a.m. - 8 p.m., Central Time E-mail: services_corporate_division@nai.com Web: www.nai.com www.mcafeeb2b.com For additional information on contacting Network Associates and McAfee including toll free numbers for other geographic areas see the CONTACT.TXT file that accompanied your original product release. _______________________________________________ COPYRIGHT AND TRADEMARK ATTRIBUTIONS (c) 2002 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. To obtain this permission, write to the attention of the Network Associates legal department at: 3965 Freedom Circle, Santa Clara, California 95054, or call +1-972-308-9960. TRADEMARKS Active Security, Active Security (in Katakana), ActiveHelp, ActiveShield, AntiVirus Anyware and design, Bomb Shelter, Certified Network Expert, Clean-Up, CleanUp Wizard, CNX, CNX Certification Certified Network Expert and design, CyberCop, CyberCop (in Katakana), CyberMedia, CyberMedia UnInstaller, Design (stylized N), Disk Minder, Distributed Sniffer System, Distributed Sniffer System (in Katakana), Dr Solomon’s, Dr Solomon’s label, Enterprise SecureCast, Enterprise SecureCast (in Katakana), EZ SetUp, First Aid, ForceField, GMT, GroupShield, GroupShield (in Katakana), Guard Dog, HelpDesk, HomeGuard, Hunter, ISDN TEL/SCOPE, LANGuru, LANGuru (in Katakana), M and design, Magic Solutions, Magic Solutions (in Katakana), Magic University, MagicSpy, MagicTree, McAfee, McAfee (in Katakana), McAfee and design, MultiMedia Cloaking, Net Tools, Net Tools (in Katakana), NetCrypto, NetOctupus, NetScan, NetShield, NetStalker, Network Associates, NetXray, NotesGuard, Nuts & Bolts, Oil Change, PC Medic, PC Medic 97, PCNotary, PGP, PGP (Pretty Good Privacy), Pretty Good Privacy, PrimeSupport, Recoverkey, Recoverkey – International, Registry Wizard, ReportMagic, RingFence, Router PM, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, SmartDesk, Sniffer, Sniffer (in Hangul), SniffMaster, SniffMaster (in Hangul), SniffMaster (in Katakana), SniffNet, Stalker, SupportMagic, TIS, TMEG, TNV, TVD, TNS, Total Network Security, Total Network Visibility, Total Network Visibility (in Katakana), Total Service Desk, Total Virus Defense, Trusted Mail, UnInstaller, Virex, Virus Forum, ViruScan, VirusScan, WebScan, WebShield, WebShield (in Katakana), WebSniffer, WebStalker, WebWall, Who’s Watching Your Network, WinGauge, Your E-Business Defender, ZAC 2000, Zip Manager are registered trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. LICENSE AGREEMENT NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO NETWORK ASSOCIATES, INC. OR THE PLACE OF PURCHASE FOR A FULL REFUND.