Release Notes for McAfee WebShield Version 2.5 HotFix 4 (c) 2001-2002 Networks Associates Technology, Inc. All Rights Reserved. =============================================== HotFix Release: 9th December 2002 This HotFix was developed and tested with: - WebShield Appliance V2.5 - DAT Version: 4229 - Engine Version: 4160 This HotFix will not install without the 4160 Engine being installed. =============================================== Thank you for using McAfee WebShield V2.5 software. This file contains important information regarding this release. We strongly recommend that you read the entire document. The attached files are provided as is, and with no warranty either expressed or implied as to their suitability for any particular use or purpose. Network Associates, Inc. assumes no liability for damages incurred either directly or indirectly as a result of the use of these files, including but not limited to the loss or damage of data or systems, loss of business or revenue, or incidental damages arising from their use. HotFix files should be applied only on the advice of McAfee Technical Support, and only when you are actually experiencing the issue being addressed by the HotFix. HotFix files should not be proactively applied in order to prevent potential product issues. You are responsible for reading and following all instructions for preparation, configuration, and installation of HotFix files. HotFix files are not a substitute nor replacement for product Service Packs which may be released by Network Associates, Inc. It is a violation of your software license agreement to distribute or share these files with any other person or entity without written permission from Network Associates, Inc. Further, posting of McAfee HotFix files to publicly available Internet sites is prohibited. Network Associates, Inc. reserves the right to refuse distribution of HotFix files to any company or person guilty of unlawful distribution of McAfee software products. Questions or issues with McAfee HotFix files should be directed to McAfee Technical Support. - About This HotFix - Purpose - Resolved Issues - Files Included with This HotFix - Installation - Installation Requirements - Installation Steps - Testing Your Installation - Removing This HotFix - Contacting McAfee and Network Associates - Copyright and Trademark Attributions - Trademarks - License Agreement _______________________________________________ ABOUT THIS HOTFIX PURPOSE This HotFix includes one compressed archive file for use with McAfee WebShield V2.5 software. This new file resolves the issues described in the section "RESOLVED ISSUES". New issues resolved in this HotFix are issues 21-52. RESOLVED ISSUES 1. This HotFix adds new functionality that allows the appliance to deliver non-RFC compliant emails that contain an underscore in the FQDN of the recipient address. See the accompanying nonrfcdomain.rtf for details on implementing this new functionality. 2. This HotFix resolves an issue with archive files. If the archive file contains a file that reports as locked when scanned, the archive was treated as a suspicious file and the archive was blocked. This is typically because the file is 0 bytes in size. 3. This HotFix resolves an issue with the POP3 proxy, where cleaning infected files could cause them to become corrupt. 4. This HotFix reinstates new functionality that gives the option to add a subject prefix for mails that have been cleaned. See accompanying subjectprefix.rtf for details on implementing this functionality. 5. This HotFix resolves issues with the SMTP proxy recognizing a variety of incorrectly formatted MIME messages. 6. This HotFix has made a change to the SMTP proxy to ensure that Content-Transfer-Encoding headers always contain legal attributes. 7. This HotFix resolves an issue with the FTP proxy that caused keepalive on wu-ftp to function incorrectly. 8. This HotFix resolves an issue with the automatic update not handling username/password correctly via a proxy over http. 9. This HotFix resolves an issue where the POP3 proxy could try to repair files incorrectly. 10. This HotFix resolves an issue with nested MIME boundaries where there is a leading match with the external boundary within the internal boundary. Previously this could result in the truncation of the message. 11. This HotFix resolves an issue with establishing HTTP, POP3 or FTP connections where the connection could not be fully established and the partial connection was waiting on a timeout provided by the operating system. 12. This HotFix resolves an issue where valid uuencoded messages could be mistaken for a malformed MIME exploit. 13. This HotFix rectifies a condition where messages configured to be returned to sender following a content scan detection get incorrectly delivered to the intended recipient. 14. This HotFix fixes an issue where a specially crafted DNS MX record could cause the appliance to attempt to deliver to itself via the loopback address or any other appliance address. 15. This HotFix fixes an issue where inability to contact a server configured in local domains for SMTP delivery could cause DNS routed delivery to be attempted instead. 16. This HotFix fixes an issue where an attempt was made to deliver messages to the empty return path. 17. This HotFix fixes an issue where certain infected documents could be cleaned in such a way that parts of the infection remained visible to subsequent scanners. 18. This HotFix fixes an issue where certain messages could be mistaken for certain types of uuencoded data, resulting in incorrect decoding of the message. 19. This HotFix fixes an issue with NULL and Escape characters in messages resulting in incorrect quarantining of the message. 20. This HotFix fixes an issue where attempts to log very long items could cause the logging process to stop recording all items. 21. This HotFix fixes an issue using passive ftp over http. 22. This HotFix fixes a possible SMTP Denial of Service issue. 23. This HotFix enhances the ability to handle non-rfc compliant date formats. 24. This HotFix fixes a 100% utilization issue with the tomcat server. 25. This HotFix fixes issues handling UTF7 encoded mails. 26. This HotFix enables the appliance to handle NTLM exchanges. See accompanying supportpersistentconnections.rtf for details on implementing this functionality. 27. This HotFix fixes an issue where the appliance was returning an incorrect http response code. 28. This HotFix fixes an issue with Quoted Printable linefeeds handling. 29. This HotFix fixes an issue where the time was incorrectly displayed in a CSV log file. 30. This HotFix fixes an issue where event 1507 appeared in the logging instead of a string detailing what the event pertained to. 31. This HotFix addresses a requirement to allow for a content-scanning exclusion list. 32. This HotFix fixes an issue where content scanning was failing on a message with the charset field set to an unrecognized type. 33. This HotFix fixes an issue where the HTTP proxy crashed while handling an incorrectly formatted error message. 34. This HotFix fixes issues in handling non-rfc compliant mailers sending excessively long lines. See accompanying longlines.rtf for details on implementing this functionality. 35. This HotFix fixes an issue with the Anti-Spam comparison logic. 36. This HotFix fixes an issue where the disclaimer handling was not working correctly with foreign character sets. 37. This HotFix fixes an issue with the FTP proxy download of large files. 38. This HotFix fixes an issue with FTP blocking of 8 bit ASCII data. 39. This HotFix fixes an issue with the maximum mime parts allowed in a mail. 40. This HotFix enhances the appliance’s ability to handle mail which has non-rfc compliant boundaries. 41. This HotFix fixes a memory leak in on-disk scanning. 42. This HotFix fixes issues relating to the parsing of the XML log files. 43. This HotFix fixes the issue with the FTP proxy incorrectly handling the FTP continuation messages. 44. This HotFix fixes timing issues using the FTP proxy. 45. This HotFix fixes an issue where mail was being incorrectly directed. 46. This HotFix has improved handling of defunct processes. 47. This HotFix enhances handling of rfc822 encoded mail messages. 48. This HotFix allows configuration of the interval between keepalive messages sent to the client by the http proxy. See accompanying httpkeepaliveinterval.rtf for details on implementing this functionality. 49. This HotFix adds additional clean up tasks. 50. This HotFix fixes segmentation faults with the Mlr Activator Patch. 51. This HotFix resolves an issue in the Japanese version of the software where the additional logging of Sender and Recipient information if Informational Logging is enabled in the Logging and Reporting menu was not being made available. This information is only available in the CSV formatted reports. 52. This HotFix fixes an issue with the handling of mime messages which have an unknown Content Type. FILES INCLUDED WITH THIS HOTFIX This HotFix consists of a package called Wse25HF4.tgz (multi-language). This contains the following files: README/version validate/md5sum.txt validate/validate.txt validate/version WSeV25hf4/av-update WSeV25hf4/chart.jar WSeV25hf4/cleanactive WSeV25hf4/ContentScanning.dtd WSeV25hf4/ContentScanningRes.jar WSeV25hf4/ContentScanningUI.jar WSeV25hf4/de/WebShieldStatusFragment01XML WSeV25hf4/de/WebShieldStatusFragment02XML WSeV25hf4/de/WebShieldStatusFragment03XML WSeV25hf4/de/WebShieldStatusFragment04XML WSeV25hf4/de/WebShieldStatusFragmentEndXML WSeV25hf4/de/WebShieldStatusPostfixXML WSeV25hf4/de/WebShieldStatusPrefixXML WSeV25hf4/e250/ChannelEmail.so WSeV25hf4/e250/ChannelEPO.so WSeV25hf4/e250/ChannelSnmp.so WSeV25hf4/e250/ChannelXML.so WSeV25hf4/e250/csmap WSeV25hf4/e250/CSVRecords.class WSeV25hf4/e250/CSVRecords$CSVInfo.class WSeV25hf4/e250/e500.jar WSeV25hf4/e250/eventDispatcher WSeV25hf4/e250/evrep WSeV25hf4/e250/ftp-pdk WSeV25hf4/e250/http-pdk WSeV25hf4/e250/libeventreport.so WSeV25hf4/e250/mailsend WSeV25hf4/e250/pop3-pdk WSeV25hf4/e250/proxymgr WSeV25hf4/e250/restartAgent WSeV25hf4/e250/retryer WSeV25hf4/e250/stdlogd WSeV25hf4/e250/stdlogger WSeV25hf4/e250/StringTables.xml WSeV25hf4/e250/substitute WSeV25hf4/e250/trans WSeV25hf4/e250/WSDIRlet.class WSeV25hf4/e500/ChannelEmail.so WSeV25hf4/e500/ChannelEPO.so WSeV25hf4/e500/ChannelSnmp.so WSeV25hf4/e500/ChannelXML.so WSeV25hf4/e500/csmap WSeV25hf4/e500/CSVRecords.class WSeV25hf4/e500/CSVRecords$CSVInfo.class WSeV25hf4/e500/e500.jar WSeV25hf4/e500/eventDispatcher WSeV25hf4/e500/evrep WSeV25hf4/e500/ftp-pdk WSeV25hf4/e500/http-pdk WSeV25hf4/e500.jar WSeV25hf4/e500/libeventreport.so WSeV25hf4/e500/mailsend WSeV25hf4/e500/pop3-pdk WSeV25hf4/e500/proxymgr WSeV25hf4/e500/restartAgent WSeV25hf4/e500/retryer WSeV25hf4/e500/stdlogd WSeV25hf4/e500/stdlogger WSeV25hf4/e500/StringTables.xml WSeV25hf4/e500/substitute WSeV25hf4/e500/trans WSeV25hf4/e500/WSDIRlet.class WSeV25hf4/EFMTdefaultformatplugin.so WSeV25hf4/EFMTmimemsg.so WSeV25hf4/EFMTtnefmsg.so WSeV25hf4/en/WebShieldStatusFragment01XML WSeV25hf4/en/WebShieldStatusFragment02XML WSeV25hf4/en/WebShieldStatusFragment03XML WSeV25hf4/en/WebShieldStatusFragment04XML WSeV25hf4/en/WebShieldStatusFragmentEndXML WSeV25hf4/en/WebShieldStatusPostfixXML WSeV25hf4/en/WebShieldStatusPrefixXML WSeV25hf4/ESCANwordengine.so WSeV25hf4/fr/WebShieldStatusFragment01XML WSeV25hf4/fr/WebShieldStatusFragment02XML WSeV25hf4/fr/WebShieldStatusFragment03XML WSeV25hf4/fr/WebShieldStatusFragment04XML WSeV25hf4/fr/WebShieldStatusFragmentEndXML WSeV25hf4/fr/WebShieldStatusPostfixXML WSeV25hf4/fr/WebShieldStatusPrefixXML WSeV25hf4/FTPConfig.js WSeV25hf4/FTPConfig.xsl WSeV25hf4/html/de/RestoreConfigurationChange.html WSeV25hf4/ja/WebShieldStatusFragment01XML WSeV25hf4/ja/WebShieldStatusFragment02XML WSeV25hf4/ja/WebShieldStatusFragment03XML WSeV25hf4/ja/WebShieldStatusFragment04XML WSeV25hf4/ja/WebShieldStatusFragmentEndXML WSeV25hf4/ja/WebShieldStatusPostfixXML WSeV25hf4/ja/WebShieldStatusPrefixXML WSeV25hf4/ko/WebShieldStatusFragment01XML WSeV25hf4/ko/WebShieldStatusFragment02XML WSeV25hf4/ko/WebShieldStatusFragment03XML WSeV25hf4/ko/WebShieldStatusFragment04XML WSeV25hf4/ko/WebShieldStatusFragmentEndXML WSeV25hf4/ko/WebShieldStatusPostfixXML WSeV25hf4/ko/WebShieldStatusPrefixXML WSeV25hf4/libwidedecodeencode.so WSeV25hf4/mimemsg_eng.xml WSeV25hf4/mimemsg_fra.xml WSeV25hf4/mimemsg_ger.xml WSeV25hf4/mimemsg_jpn.xml WSeV25hf4/Policies.dtd WSeV25hf4/policyloader_eng.xml WSeV25hf4/policyloader_fra.xml WSeV25hf4/policyloader_ger.xml WSeV25hf4/policyloader_jpn.xml WSeV25hf4/policyloader.so WSeV25hf4/script WSeV25hf4/shellscript.sh WSeV25hf4/tnef_eng.xml WSeV25hf4/tnef_fra.xml WSeV25hf4/tnef_ger.xml WSeV25hf4/tnef_jpn.xml WSeV25hf4/tomcat-mod-3.3-rc1.1.i386.rpm WSeV25hf4/version WSeV25hf4/webshield WSeV25hf4/wordengine_eng.xml WSeV25hf4/wordengine_fra.xml WSeV25hf4/wordengine_ger.xml WSeV25hf4/wordengine_jpn.xml WSeV25hf4/xml/de/FTPConfig.xml WSeV25hf4/xml/de/TopTenVirus.xml WSeV25hf4/xml/de/VirusBarGraph.xml WSeV25hf4/xml/en/FTPConfig.xml WSeV25hf4/xml/en/TopTenVirus.xml WSeV25hf4/xml/en/VirusBarGraph.xml WSeV25hf4/xml/fr/FTPConfig.xml WSeV25hf4/xml/fr/TopTenVirus.xml WSeV25hf4/xml/fr/VirusBarGraph.xml WSeV25hf4/xml/ja/FTPConfig.xml WSeV25hf4/xml/ja/TopTenVirus.xml WSeV25hf4/xml/ja/VirusBarGraph.xml WSeV25hf4/xml/ja/CSV.xml WSeV25hf4/xml/ko/FTPConfig.xml WSeV25hf4/xml/ko/TopTenVirus.xml WSeV25hf4/xml/ko/VirusBarGraph.xml WSeV25hf4/xml/zh/FTPConfig.xml WSeV25hf4/xml/zh/TopTenVirus.xml WSeV25hf4/xml/zh_TW/FTPConfig.xml WSeV25hf4/xml/zh_TW/TopTenVirus.xml WSeV25hf4/xml/zh_TW/VirusBarGraph.xml WSeV25hf4/xml/zh/VirusBarGraph.xml WSeV25hf4/zh_TW/WebShieldStatusFragment01XML WSeV25hf4/zh_TW/WebShieldStatusFragment02XML WSeV25hf4/zh_TW/WebShieldStatusFragment03XML WSeV25hf4/zh_TW/WebShieldStatusFragment04XML WSeV25hf4/zh_TW/WebShieldStatusFragmentEndXML WSeV25hf4/zh_TW/WebShieldStatusPostfixXML WSeV25hf4/zh_TW/WebShieldStatusPrefixXML WSeV25hf4/zh/WebShieldStatusFragment01XML WSeV25hf4/zh/WebShieldStatusFragment02XML WSeV25hf4/zh/WebShieldStatusFragment03XML WSeV25hf4/zh/WebShieldStatusFragment04XML WSeV25hf4/zh/WebShieldStatusFragmentEndXML WSeV25hf4/zh/WebShieldStatusPostfixXML WSeV25hf4/zh/WebShieldStatusPrefixXML _______________________________________________ INSTALLATION INSTALLATION REQUIREMENTS To use this HotFix, the WebShield Appliance must be running WebShield V2.5 software correctly. If it is not, use the WebShield Appliance Recovery CD to restore the software before installing this HotFix. NOTE: To install this HotFix, the appliance must be running engine version 4.1.60 or above. NOTE: Please clear your Java cache before applying this HotFix. To clear the JAR cache go to: Control Panel / Java plug-in 1.3.x.x / Cache and click on the "Clear Jar Cache" button. INSTALLATION STEPS To install this HotFix, follow these steps: 1. Create a temporary directory on your hard disk and download the file WSe25HF4.zip from the McAfee website. 2. Extract the file WSe25HF4.tgz from the zip package (you may need a password from McAfee support) to a location on your network that can be accessed from the WebShield appliance. 3. Open your Internet browser and browse to the WebShield appliance. 4. Log in to the configuration applet when prompted by entering your username and password. 5. Select Maintenance from the System menu. 6. Use the Install Service Pack and HotFix 'Browse' button, to find the location of the HotFix file Wse25HF4.tgz and select 'Install now'. 7. Installing the HotFix will restart the Tomcat Daemon requiring the user to login again. If the package will not install, verify the appliance is running engine version 4.1.60 or later and also ensure that there is sufficient space on the client’s machine – up to 65 M/B free space may be needed. 8. Once the HotFix is installed, select Status from the System menu, and ensure that the correct HotFix number is displayed in the Service Packs and HotFixes section. 9. In order to utilize the new values you must either go to the HTTP configuration page and click defaults, or go to the Profiles page and select a profile using "constant HTTP" (If you had not changed the values from those originally installed they will already have been changed). NOTE: If you plan to use the Wse25HF4.tgz archive file again, keep it available on your computer. Otherwise, delete the file once the HotFix has been installed successfully. NOTE: We recommend that you do not remove the HotFix files from your WebShield V2.5 installation once you install them. If you reinstall your WebShield V2.5 software, we recommend that you also reinstall the HotFix. TESTING YOUR INSTALLATION You can test the operation of the software by running the EICAR Standard AntiVirus Test File on any computer where you have installed the software. The EICAR Standard AntiVirus Test File is a combined effort by anti-virus vendors throughout the world to implement one standard by which customers can verify their anti-virus installations. To test your installation: 1. Copy the following line into its own file, then save the file with the name EICAR.COM. X5O!P%@AP[4\PZX54(P^)7CC)7}$EICAR-STANDARD-ANTIVIRUS-TEST-FILE!$H+H* The file size will be 68 or 70 bytes. 2. Send the EICAR.COM file via the WebShield V2.x appliance. When the appliance scans this file, it will report finding the EICAR test file. 3. Delete the file when you have finished testing your installation to avoid alarming unsuspecting users. IMPORTANT: Please note that this file is NOT A VIRUS. REMOVING THIS HOTFIX To remove this HotFix from your computer, reinstall your original WebShield V2.5 software from the original CD supplied with the WebShield appliance. NOTE: We recommend that you do not remove the HotFix files from your WebShield installation once you install them. If you reinstall your WebShield V2.5 software, we recommend that you also reinstall the HotFix. _______________________________________________ CONTACTING MCAFEE AND NETWORK ASSOCIATES Technical Support http://knowledge.nai.com McAfee Beta Program Beta Web Site www.mcafeeb2b.com/beta/ E-mail avbeta@nai.com AVERT Anti-Virus Research Site www.mcafeeb2b.com/avert Download Site www.mcafeeb2b.com/naicommon/download/ DAT File Updates www.mcafeeb2b.com/naicommon/download/dats/find.asp Product Upgrades www.mcafeeb2b.com/naicommon/download/upgrade/login.asp Valid grant number required. Contact Network Associates Customer Service On-Site Training Information www.mcafeeb2b.com/services/mcafee-training/default.asp Network Associates Customer Service US, Canada, and Latin America toll-free: Phone: +1-888-VIRUS NO or +1-888-847-8766 Monday - Friday, 8 a.m. - 8 p.m., Central Time E-mail: services_corporate_division@nai.com Web: www.nai.com www.mcafeeb2b.com For additional information on contacting Network Associates and McAfee including toll free numbers for other geographic areas see the CONTACT.TXT file that accompanied your original product release. _______________________________________________ COPYRIGHT AND TRADEMARK ATTRIBUTIONS (c) 2002 Networks Associates Technology, Inc. All Rights Reserved. No part of this publication may be reproduced, transmitted, transcribed, stored in a retrieval system, or translated into any language in any form or by any means without the written permission of Networks Associates Technology, Inc., or its suppliers or affiliate companies. To obtain this permission, write to the attention of the Network Associates legal department at: 3965 Freedom Circle, Santa Clara, California 95054, or call +1-972-308-9960. TRADEMARKS Active Security, Active Security (in Katakana), ActiveHelp, ActiveShield, AntiVirus Anyware and design, Bomb Shelter, Certified Network Expert, Clean-Up, CleanUp Wizard, CNX, CNX Certification Certified Network Expert and design, CyberCop, CyberCop (in Katakana), CyberMedia, CyberMedia UnInstaller, Design (stylized N), Disk Minder, Distributed Sniffer System, Distributed Sniffer System (in Katakana), Dr Solomon’s, Dr Solomon’s label, Enterprise SecureCast, Enterprise SecureCast (in Katakana), EZ SetUp, First Aid, ForceField, GMT, GroupShield, GroupShield (in Katakana), Guard Dog, HelpDesk, HomeGuard, Hunter, ISDN TEL/SCOPE, LANGuru, LANGuru (in Katakana), M and design, Magic Solutions, Magic Solutions (in Katakana), Magic University, MagicSpy, MagicTree, McAfee, McAfee (in Katakana), McAfee and design, MultiMedia Cloaking, Net Tools, Net Tools (in Katakana), NetCrypto, NetOctupus, NetScan, NetShield, NetStalker, Network Associates, NetXray, NotesGuard, Nuts & Bolts, Oil Change, PC Medic, PC Medic 97, PCNotary, PGP, PGP (Pretty Good Privacy), Pretty Good Privacy, PrimeSupport, Recoverkey, Recoverkey – International, Registry Wizard, ReportMagic, RingFence, Router PM, SalesMagic, SecureCast, Service Level Manager, ServiceMagic, SmartDesk, Sniffer, Sniffer (in Hangul), SniffMaster, SniffMaster (in Hangul), SniffMaster (in Katakana), SniffNet, Stalker, SupportMagic, TIS, TMEG, TNV, TVD, TNS, Total Network Security, Total Network Visibility, Total Network Visibility (in Katakana), Total Service Desk, Total Virus Defense, Trusted Mail, UnInstaller, Virex, Virus Forum, ViruScan, VirusScan, WebScan, WebShield, WebShield (in Katakana), WebSniffer, WebStalker, WebWall, Who’s Watching Your Network, WinGauge, Your E-Business Defender, ZAC 2000, Zip Manager are registered trademarks of Network Associates, Inc. and/or its affiliates in the US and/or other countries. All other registered and unregistered trademarks in this document are the sole property of their respective owners. LICENSE AGREEMENT NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED, WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED, PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANIES YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET, A FILE ON THE PRODUCT CD, OR A FILE AVAILABLE ON THE WEB SITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT, DO NOT INSTALL THE SOFTWARE. IF APPLICABLE, YOU MAY RETURN THE PRODUCT TO NETWORK ASSOCIATES, INC. OR THE PLACE OF PURCHASE FOR A FULL REFUND.