You are on page 1of 27

McAfee® Email and Web Security

Appliance 5.5p2
Release Notes for McAfee® Email and Web Security Appliance
Version 5.5
Patch 5.5p2
Copyright © 2010 McAfee, Inc.
All Rights Reserved

About this release
Thank you for using our software. This file contains important information about this release.
We strongly recommend that you read the entire document.

About this release
Purpose
Rating
Superseded releases
Actions on installation
Resolved issues
Vulnerabilities (total: 5, new: 5)
High severity issues (total: 2, new: 1)
Medium severity issues (total: 48, new: 23)
Low severity issues (total: 57, new: 29)
Issues list
External components installed by this package
Files included with this release
Additional information
Installation
Installation requirements
Installation steps
After installation
Removing this release
Notices
Copyright
Trademark attributions
License information
License Agreement

Purpose

This release addresses the issues shown in the Resolved issues section below.

Rating

This release addresses critical issues. McAfee strongly recommends implementing this release

at your earliest opportunity.

Severity of issues listed below is based on these definitions:

 High
a critical issue which should be addressed as soon as possible, if necessary outside a
planned maintenance schedule.
 Medium
an issue which should be addressed at the earliest opportunity, normally as part of a
planned maintenance schedule.
 Low
a non-critical issue, advisable to address as part of planned maintenance.

Superseded releases

This release incorporates and supersedes the following earlier releases:

 Hotfix 5.5h533027
 Patch 5.5p1
 Hotfix 5.5h541662

Actions on installation

At the end of the installation process the following actions will occur automatically:

 The user interface will log off.
 The appliance will reboot.

Resolved issues

Vulnerabilities (total: 5, new: 5)

Vulnerabilities newly addressed in this release:
f_561506, f_567880, f_567970, f_567972, f_568269

High severity issues (total: 2, new: 1)

High severity issues newly addressed in this release:
f_561506
High severity fixes included from previous releases:
f_537018

Medium severity issues (total: 48, new: 23)

Medium severity issues newly addressed in this release:
f_526662, f_540946, f_546854, f_549755, f_549978, f_552155, f_552640, f_553722,
f_554175, f_555298, f_557035, f_557358, f_557632, f_558083, f_558328, f_558331,
f_559825, f_560814, f_566370, f_566595, f_568276, f_569141, f_571787
Medium severity fixes included from previous releases:
f_541662, f_561204, f_525833, f_530304, f_530306, f_530324, f_530354, f_531993,
f_536024, f_536671, f_537244, f_539754, f_541313, f_541663, f_542190, f_543863,
f_543885, f_545738, f_547237, f_547518, f_547875, f_548167, f_548478, f_549905,
f_536141

Low severity issues (total: 57, new: 29)

f_543875. f_530349. f_548572. RESOLUTION: The openssl package has been updated to address the problem. f_567883. f_551817. f_547487. f_548418. f_552669. It is possible to synchronize the external database onto the appliance.  Previously addressed by 5. f_560334. f_535623. f_530318. There was an issue with the user interface that automatically selected the 'Default Relays' when you edited the settings. f_533027 Issues list  Feature f_561506  Description: ISSUE: Vulnerability CVE-2010-0740 was reported in the openssl used on the appliance. Please refer to KnowledgeBase article KB67824 for more information. f_543865. f_530309. f_546882. f_543881. f_543880. when configured to do so. f_568269. f_543872. f_555615. however occasionally a timing error caused the appliance database to be in an incorrect state and the synchronisation failed with a '-7' error message. f_530347. The management blade was not showing the McAfee Web Gateway component information which is available on the scanning blades. f_543882. RESOLUTION: The LDAP synchronization application has been updated to obtain the correct data. f_560039. f_561508. f_564894.Low severity issues newly addressed in this release: f_532696. Please refer to KnowledgeBase article KB67946 for more information. f_572378 Low severity fixes included from previous releases: f_526067. f_537800. f_567593. f_530339. but did . f_548882. f_557883. f_533470. f_552666. Please refer to KnowledgeBase article KB68695 for more information. because the policy settings were not taking effect. f_564048. f_567972. Please refer to KnowledgeBase article KB67896 for more information. f_572028. f_541363. RESOLUTION: The management blade has been updated to show the McAfee Web Gateway information. f_543873.  Severity: High  Feature f_526662  Description: ISSUE: It is possible to run both McAfee Web Gateway and McAfee Email Gateway in a blade environment.5p1. f_555498.  Severity: Medium  Feature f_546854  Description: ISSUE: The user interface allows you to configure SMTP relays to be used when an email matches a policy.  Severity: Medium  Feature f_540946  Description: ISSUE: Recipient authentication can be enabled against external LDAP databases. f_540332. f_563744.  Severity: High  Feature f_537018  Description: ISSUE: Email that contained encrypted or password-protected attachments was being incorrectly blocked. f_555607. f_548171. f_546468. RESOLUTION: The appliance is now correctly applying the policy settings. f_555091. f_567880. f_567389. f_533804. f_543862. f_548166. f_560370. f_555777. f_530825. f_530345. and allows encrypted and password-protected attachments through. f_567970.

Please refer to KnowledgeBase article KB68332 for more information.Badly formatted address" response. RESOLUTION: The user interface validation logic has been corrected. RESOLUTION: The digest message has been updated to correctly display non- ASCII subject lines. The OSPF settings were incorrectly overwritten on the remote appliance.  Severity: Medium  Feature f_549755  Description: ISSUE: The appliance logs events to an internal database.  Severity: Medium  Feature f_553722  Description: ISSUE: The appliance offers the ability to send Quarantine Digest messages to end users. Please refer to KnowledgeBase article KB68405 for more information. Settings specific to the remote appliance. allowing them to manage their quarantined emails. RESOLUTION: The configuration push functionality has been updated to handle OSPF settings correctly. This could take several hours and cause delays in reporting. Please refer to KnowledgeBase article KB68867 for more information. Please refer to KnowledgeBase article KB68881 for more information. resulting in the number of senders being limited to 50. If the quaratined emails contained non-ASCII characters in their subject lines then these were incorrectly displayed in the digest message. prvs=0249bac0de=a@b.  Severity: Medium  Feature f_549978  Description: ISSUE: The User Interface allows configuration from one appliance to be pushed to one or more remote appliances. Please refer to KnowledgeBase article KB68868 for more information. due to an erroneous regular expression check. should not be pushed. However the sender list was incorrectly validated in the user interface. RESOLUTION: The regular expression check on the sender address causing the issue has now been corrected. The database is automatically maintained based on the number and age of events.  Severity: Medium  Feature f_552640  Description: ISSUE: With Bounce Address Tag Validation enabled on the appliance. This resulted in emails matching the selected policy being incorrectly routed or queued with the error '442 no delivery mechanism available'. like network settings.  Severity: Medium  Feature f_552155  Description: ISSUE: The appliance allows the user to block email senders.c) was incorrectly rejected with a "501 Syntax error . RESOLUTION: The User Interface has been corrected to adhere to the user's selection. now users will be able to add more than 50 senders to the blocked senders list. . Please refer to KnowledgeBase article KB68296 for more information. a tagged SMTP sender address (for example. RESOLUTION: The automatic database maintenance task has been split into optimized sub-tasks. not explicitly change the selected relay from 'None'.

creating an excessive CPU load and preventing further updates until the appliance was rebooted. A symptom of this was high CPU and memory usage.  Severity: Medium  Feature f_557632  Description: ISSUE: It is possible to block spam senders using SPF. This could cause an unscheduled .  Severity: Medium  Feature f_558083  Description: ISSUE: The appliance swap space consumption was not being monitored and some proxies were incorrectly using too much memory.1 and later offers the ability to import these exported Rule Groups into the Dictionary section of the user interface.5 offers the ability to export Rule Groups. When SPF was used with greylisting. Due to incorrect validation certain customer created Rule Groups could not be imported through the user interface. This was due to an error in freeing resources within the process which calls the McAfee Agent. RESOLUTION: The dictionary import validation has been updated to handle the problematic Rule Groups. The HTTP proxy was intermittently logging abort signals in the system logs. the appliance offers a preferred transfer encoding for text in the Advanced section of Content handling in SMTP policies. The option to "do not encode if the text is already 7-bit" checkbox was not being saved correctly. Please refer to KnowledgeBase article KB68539 for more information. EWS 5. RESOLUTION: The option is now correctly saved. RESOLUTION: The process that calls the McAfee Agent has been updated to prevent the error occurring. Please refer to KnowledgeBase article KB68354 for more information. Please refer to KnowledgeBase article KB68616 for more information. RESOLUTION: The underlying SPF library has now been updated to handle all email addresses correctly.  Severity: Medium  Feature f_557358  Description: ISSUE: The appliance offers the ability to coach URL categories. certain sender email addresses could cause a segmentation fault in the GLS proxy. Please refer to KnowledgeBase article KB68248 for more information. RESOLUTION: The HTTP proxy has been updated to handle multi-byte characters without aborting. Please refer to KnowledgeBase article KB68394 for more information.  Severity: Medium  Feature f_554175  Description: ISSUE: In some unusual cases the process which invokes the McAfee Agent to do anti-virus updates could become unresponsive.  Severity: Medium  Feature f_555298  Description: ISSUE: When scanning an Email. This was caused by incorrect handling of multi-byte characters in conjunction with coaching.  Severity: Medium  Feature f_557035  Description: ISSUE: SCM 4.

 Severity: Medium  Feature f_559825  Description: ISSUE: The user interface allows configuration from one appliance to be pushed to one or more remote appliances. it was not possible to use the asterisk wildcard. RESOLUTION: A resiliency monitor now watches the state of the McAfee Agent updater. Due to a validation error. Large lists were taking a long time to process and could cause configuration push failure. reboot.  Severity: Medium  Feature f_566595  Description: ISSUE: The appliance allows the user to scan the content of text within different file types. Certain PDF files were causing the SMTP proxy to segmentation fault in the third party content extraction library. A multi-line disclaimer was incorrectly being added on one line.  Severity: Medium  Feature f_558331  Description: ISSUE: The McAfee Agent is used to update the anti-virus engine and DATs. RESOLUTION: The user interface has been updated to correctly parse the disclaimer text including newlines. Please refer to KnowledgeBase article KB68612 for more information. . RESOLUTION: The configuration push functionality has been updated to handle large lists correctly. Please refer to KnowledgeBase article KB68605 for more information. Please refer to KnowledgeBase article KB68969 for more information. RESOLUTION: The appliance now has the ability to monitor and take action on low swap space by gracefully restarting proxies. RESOLUTION: The kernel modules are now automatically loaded. This was failing due to the kernel modules not being automatically loaded.  Severity: Medium  Feature f_558328  Description: ISSUE: The user interface allows the administrator to add terms to a dictionary. If the updater has failed. with the error "Migration configuration failed" being displayed. Please refer to KnowledgeBase article KB68755 for more information. RESOLUTION: The user interface has been updated to support the asterisk wildcard. the monitor will terminate the process and perform an update directly from the FTP site. It is possible for the McAfee Agent to fail permanently resulting in failed updates until the appliance is rebooted. Please refer to KnowledgeBase article KB68683 for more information. Please refer to KnowledgeBase article KB68840 for more information.  Severity: Medium  Feature f_560814  Description: ISSUE: It is possible to do an ISO install of the appliance software over DRAC4.  Severity: Medium  Feature f_566370  Description: ISSUE: The appliance offers the ability to add a disclaimer to each email passing through it.

an error occurred and the setup wizard could not be completed. Please refer to KnowledgeBase article KB68740 for more information.  Severity: Medium  Feature f_525833  Description: ISSUE: It is possible to update the appliance's anti-virus DATs and engine from an . When setting up a Domino server.  Severity: Medium  Feature f_561204  Description: ISSUE: The appliance setup wizard allows the user to import a previously saved configuration.  Severity: Medium  Feature f_568276  Description: ISSUE: The appliance offers the ability to keep a connection active by sending HTTP keep-alives. Please refer to KnowledgeBase article KB68877 for more information. Please refer to KnowledgeBase article KB68750 for more information. The optional format of virus. due to incorrect validation of the imported configuration.5h541662.  Severity: Medium  Feature f_541662  Description: ISSUE: The standard format for syslog messages the appliance generates does not include all fields consistently in all messages and so is not easily handled by some analysis products. RESOLUTION: The HTTP proxy has been updated to handle keep-alives correctly. In some cases.  Previously addressed by 5. content and status have been made consistent across all protocols and events for syslog.  Severity: Medium  Feature f_571787  Description: ISSUE: The appliance can set policy based on users in Directory Services (for example Active Directory). The HTTP proxy was incorrectly refusing CONNECT requests using an existing connection resulting in download failures. it was not possible to leave the base Domain Name (DN) empty in the wizard. Please refer to KnowledgeBase article KB69024 for more information. RESOLUTION: The underlying content extraction library has now been updated. RESOLUTION: The validation has now been fixed. RESOLUTION: An optional enhanced format has been added for TCP syslog to facilitate integration with 3rd party products.  Previously addressed by 5.  Severity: Medium  Feature f_569141  Description: ISSUE: If the appliance was connected between two networks in proxy mode then it incorrectly sent the server side interface's IP address to the client in response to the FTP PASV command resulting in a data connection failure. RESOLUTION: When configuring a Domino server it is now possible to leave the base DN field blank. spam. RESOLUTION: The appliance has been updated to send the client side interface's IP address in response to the client FTP PASV command.5h541662. Please refer to KnowledgeBase article KB68804 for more information. Please refer to KnowledgeBase article KB69028 for more information.

 Severity: Medium  Feature f_530324  Description: ISSUE: The appliance can report to syslog. RESOLUTION: The mail size is now stored correctly and output to the syslog report.  Severity: Medium  Feature f_530306  Description: ISSUE: The appliance allows users to access FTP URI's.  Previously addressed by 5.5p1.  Previously addressed by 5. Please refer to KnowledgeBase article KB67276 for more information. If the URI contained a special character. the mail size was always logged as '0' in the syslog report. RESOLUTION: The scripts to determine the hardware type have been changed to correctly identify all platform types. then the access would fail. ePO repository.  Severity: Medium  Feature f_530354  Description: ISSUE: The appliance can block emails due to Denied Routing characters in the email addresses. allowing the McAfee Agent on the appliance to successfully update the DATs. RESOLUTION: The URI's are now held using hex encoding for special characters.5p1.  Severity: Medium  Feature f_531993  Description: ISSUE: On the blade systems when default routes were modified.  Severity: Medium  Feature f_530304  Description: ISSUE: The appliance offers the ability to choose a fibre or copper LAN interface via the user interface under Network settings.  Previously addressed by 5. Due to incorrect identification of the hardware. These were not reported in the dashboard or the scheduled reports. Please refer to KnowledgeBase article KB67331 for more information.  Previously addressed by 5.5p1. it caused a full restart.5p1.5p1. Please refer to KnowledgeBase article KB67349 for more information. RESOLUTION: The McAfee Agent on the appliance has been upgraded to update the anti-virus DATs whether or not the ePO repository contains an anti-virus engine. The McAfee Agent that performs the update was unable to update DATs from an ePO repository when the repository did not contain a valid anti-virus engine. RESOLUTION: The configuration scripts have now been updated to handle default . The workaround was to load the latest anti-virus Engine into the ePO repository. In transparent bridge mode.  Previously addressed by 5. Please refer to KnowledgeBase article KB67372 for more information. Please refer to KnowledgeBase article KB67397 for more information. RESOLUTION: The dashboard and scheduled reports have been updated to include the emails blocked by denied routing characters. this user interface property was not displayed.

 Severity: Medium  Feature f_536024  Description: ISSUE: In proxy mode.  Previously addressed by 5. RESOLUTION: This was due to incorrect parsing of the URL.  Previously addressed by 5. routes correctly without a full restart.  Severity: Medium  Feature f_537244  Description: ISSUE: The appliance can be configured to 'coach' the user when accessing certain sites. Please refer to KnowledgeBase article KB67628 for more information.5p1. Please refer to KnowledgeBase article KB67895 for more information. Please refer to KnowledgeBase article KB67945 for more information.  Severity: Medium  Feature f_539754  Description: ISSUE: When processing an HTTP POST using x-www-form-urlencoded data (as when a user submits a web form) the proxy could become unresponsive if the data was malformed (specifically if it had an incomplete % hex encoded character sequence). which has now been updated to correctly obtain the custom port. the body of a HTTP POST request was incorrectly replaced. the appliance incorrectly directed the request to the default port. RESOLUTION: Incorrect % hex sequences in urlencoded data (such as "%3q" and a terminal "%f") are now treated as literal strings and processing continues as usual. consuming memory and reducing throughput. If a configuration push to one of the others failed.5p1. As a result. Please refer to KnowledgeBase article KB67839 for more information.  Severity: Medium  Feature f_541313  Description: ISSUE: One appliance can be used to manage other appliances by pushing its configuration to a list of others.5p1.  Previously addressed by 5. RESOLUTION: The issue is now resolved Please refer to KnowledgeBase article KB67258 for more information. many unresponsive proxy processes could accumulate.5p1. the appliance can redirect and perform URL lookups on HTTPS requests. RESOLUTION: The configuration push has been enhanced to attempt to push to all . When a custom port was specified in the URL. When URL coaching was enabled.  Previously addressed by 5.5p1. the user occasionally saw a Gateway Timeout error page. the failure was logged and the configuration push was stopped for all remaining appliances in the list. RESOLUTION: The HTTP proxy has been updated to correctly handle HTTP POST requests when used with URL coaching.  Previously addressed by 5. If such events were repeated.  Severity: Medium  Feature f_536671  Description: ISSUE: On blade systems after some time many counters on the dashboard could stop updating.

Please refer to KnowledgeBase article KB67924 for more information. Please refer to KnowledgeBase article KB67823 for more information. and any failed appliances will remain selected.  Previously addressed by 5.5p1.  Previously addressed by 5. Please refer to KnowledgeBase article KB67925 for more information.  Previously addressed by 5. RESOLUTION: The user interface has been updated to allow creation of policies . the data supplied by SNMP was intermittent. This was due to an issue in the pegasus driver.  Previously addressed by 5. The SNMP agent has been updated so that it does not query the USB network device status. it is possible to define a policy as either 'Inbound' or 'Outbound'. RESOLUTION: The reporting has now been corrected to report the user defined direction of 'Inbound' or 'Outbound'.5p1. All errors are reported on completion. the syslog message would erroneously report that the file was removed. The user interface incorrectly prevented you from adding a policy set to match all conditions with more than one email group.  Severity: Medium  Feature f_543863  Description: ISSUE: For reporting purposes. the report incorrectly showed all email as 'Inbound' regardless of the policy definition.  Severity: Medium  Feature f_545738  Description: ISSUE: The appliance allows you to create sub policies for email scanning. RESOLUTION: The restart was caused by platform specific network settings. Please refer to KnowledgeBase article KB67646 for more information. appliances in the list.  Severity: Medium  Feature f_542190  Description: ISSUE: For an appliance managed using a USB Out of Band Management (OOB) interface coupled with SNMP monitoring.5p1.  Previously addressed by 5. Whilst creating policies. RESOLUTION: Syslog messages now report the events correctly.  Severity: Medium  Feature f_543885  Description: ISSUE: When a file contained protected or encrypted content that could not be scanned.5p1. If a policy matched on the sender's email address. Please refer to KnowledgeBase article KB67483 for more information.5p1. which have now been removed from the configuration push.  Severity: Medium  Feature f_541663  Description: ISSUE: One appliance can be used to manage other appliances by pushing its configuration to a series of other appliances. you can choose to match one or all of the conditions. Pushing configuration between different hardware platforms would result in the remote appliance doing a full level restart. RESOLUTION: The intermittent data was caused by the SNMP agent hanging when it queried the network status of the USB network device.

 Previously addressed by 5. If TrustedSource checks were enabled in the default policy and disabled in a sub-policy. The workaround was to configure the appliance to have TLS connections set to "when available". the TLS negotiation failed.  Previously addressed by 5. Please refer to KnowledgeBase article KB68253 for more information.  Severity: Medium  Feature f_548167  Description: ISSUE: The policy presets in the appliance can be based on different attributes. An issue with the user interface prevented the requested URL or URL group from being selected as an HTTP preset criterion.5p1.5p1. Please refer to KnowledgeBase article KB68169 for more information. RESOLUTION: The SMTP proxy has been updated to negotiate the TLS connection correctly. If this list was in a protocol preset. the exported file was empty. RESOLUTION: Policy resolution within the SMTP proxy has been updated to ensure that TrustedSource checks are made only if the feature is enabled in the policy that the email matches. matching all conditions with more than one email group.  Severity: Medium  Feature f_547237  Description: ISSUE: The appliance may be configured to perform recipient lookups against remote servers using LDAP. email that matched the sub-policy was occasionally still checked with TrustedSource and blocked incorrectly.  Severity: Medium  Feature f_547875  Description: ISSUE: The appliance allows for TrustedSource checks on email to be controlled by policy.5p1.  Previously addressed by 5.5p1. RESOLUTION: The SMTP proxy has been updated to not perform a recipient lookup if no LDAP servers are configured. Please refer to KnowledgeBase article KB68077 for more information.5p1. RESOLUTION: The exported file has now been updated to contain both the default and protocol preset lists. When an appliance in proxy mode was configured to use TLS "always".  Previously addressed by 5. Please refer to KnowledgeBase article KB68064 for more information. Please refer to KnowledgeBase article KB68137 for more information.  Previously addressed by 5. . RESOLUTION: The user interface has been updated to allow the requested URL and URL group to be used as a selection criteria for HTTP protocol presets. The mail flow was interrupted if the appliance was configured to perform recipient lookups but no LDAP servers were configured.  Severity: Medium  Feature f_548478  Description: ISSUE: It is possible to export the email addresses in the recipient check list to a file.  Severity: Medium  Feature f_547518  Description: ISSUE: The appliance offers the ability to send and receive Email over TLS.

due to a buffer- handling error in the SMTP proxy. Please refer to KnowledgeBase article KB68188 for more information. Please refer to KnowledgeBase article KB68886 for more information.  Severity: Low  Feature f_548882  Description: ISSUE: The appliance supports MQM for off-box quarantine.5p1. RESOLUTION: Each appliance platform now includes all of the necessary kernel modules to mount the primary CD-ROM.  Previously addressed by 5. and email will not be truncated.5p1.  Severity: Medium  Feature f_536141  Description: ISSUE: When Enhanced URL filtering was enabled the /wk disk partition filled up over time because temporary update files were not removed after use. Please refer to KnowledgeBase article KB68155 for more information.5p1.  Severity: Low  Feature f_546468  Description: ISSUE: Trying to mount the CD-ROM from the appliance console returned errors due to the necessary kernel modules not being loaded.  Previously addressed by 5. RESOLUTION: The proxy code has been corrected. RESOLUTION: The health monitor has been updated to allow previous LDAP services to stop before starting the new service. This happened only at an end of line within a message. A workaround was to modify the health monitor settings on the LDAP database.  Severity: Medium  Feature f_532696  Description: ISSUE: Incorrect translation in Japanese for Bounce Address Tag Verification (BATV) Signature Seed RESOLUTION: Translation corrected.  Severity: Low  Feature f_533804  Description: ISSUE: Incorrect translation in Japanese of TrustedSource RESOLUTION: Translation corrected. Please refer to KnowledgeBase article KB67726 for more information. occurring on a multiple of 74 lines and a multiple of 256Kbytes into the email message. 5. The blacklists and whitelists were being triggered intermittently. Please refer to KnowledgeBase article KB68399 for more information. Please refer to KnowledgeBase article KB68050 for more information. Please refer to KnowledgeBase article KB68195 for more information.5h533027.  Severity: Low  Feature f_551817 . RESOLUTION: The temporary files are now correctly managed.  Severity: Medium  Feature f_549905  Description: ISSUE: Occasionally the appliance truncated a legitimate email. Users and administrators can set blacklists and whitelists on MQM for anti-spam scanning.  Previously addressed by 5.

Please refer to KnowledgeBase article KB68968 for more information. This was due to an incorrect database query for multiple recipients. RESOLUTION: The SPF library has been updated to use case insensitive checks. the date control within the filter criteria side pane. RESOLUTION: The database query has now been updated to handle multiple recipients. Please refer to KnowledgeBase article KB68395 for more information. Please refer to KnowledgeBase article KB68257 for more information. Please refer to KnowledgeBase article KB68257 for more information.  Severity: Low  Feature f_555091  Description: ISSUE: In the queued email page it was possible to see a mismatch between the reported count of items and the number of items that were actually displayed. Occasional segmentation faults occured in the SMTP proxy due to TrustedSource.  Severity: Low  Feature f_552669  Description: ISSUE: The appliance offers the ability to configure download status pages for the HTTP and FTP protocols.  Severity: Low  Feature f_555607  Description: ISSUE: The appliance offers a Sender Policy Framework (SPF) check as part of the Sender Authentication functionality. on the right hand side. For FTP over HTTP. The underlying SPF library was incorrectly treating DNS replies in a case sensitive manner. The underlying SPF library was incorrectly treating DNS replies in a case sensitive manner. Please refer to KnowledgeBase article KB68290 for more information. because the control extended outside the page boundary.  Severity: Low  Feature f_552666  Description: ISSUE: The appliance offers a Sender Policy Framework (SPF) check as part of the Sender Authentication functionality. was inoperable. and so makes it accessible. RESOLUTION: The proxy has been updated to provide the download status page regardless of content length.  Severity: Low  Feature f_555615  Description: . RESOLUTION: The width of the side pane has been increased to accommodate the extra space required for German localisation. Please refer to KnowledgeBase article KB68392 for more information. This ensures the date control does not extend beyond the boundary of the page. resulting in validation failures. RESOLUTION: The SPF library has been updated to use case insensitive checks. RESOLUTION: The underlying TrustedSource library has now been updated.  Description: ISSUE: On the Email/Web reporting page when rendered with the German locale.  Severity: Low  Feature f_555498  Description: ISSUE: It is possible to block spam using TrustedSource. the proxy was incorrectly looking for the content length of the file before offering the download status page to the end user. resulting in validation failures.

 Severity: Low  Feature f_561508  Description: ISSUE: Schedule reports contain "Top internal/external recipients/senders of . when editing directory services. RESOLUTION: An encoding error causing the problem has now been rectified. As a result the corresponding event checkboxes in the user interface were not effective. Certain characters caused the user interface to become uneditable. anti-spam. Logging configuration for subgroups like anti-virus. Please refer to KnowledgeBase article KB68896 for more information. Please refer to KnowledgeBase article KB67386 for more information.  Severity: Low  Feature f_560370  Description: ISSUE: The appliance offers the ability to set up directory services. and URL- filtering was parsed incorrectly from the configuration files. Please refer to KnowledgeBase article KB68617 for more information. These changes were not being saved.  Severity: Low  Feature f_560334  Description: ISSUE: The user can add content scanning dictionaries with their own custom terms and regular expressions.  Severity: Low  Feature f_557883  Description: ISSUE: The user interface allows the administrator to change the context that the dictionary applies to. were garbled. Please refer to KnowledgeBase article KB68574 for more information. RESOLUTION: The user interface no longer permits scores to be added to complex terms. The Email Security Appliance was incorrectly displaying a web authentication warning in the status window. RESOLUTION: The user interface has been updated to handle all characters. RESOLUTION: The user interface has been updated and these changes are now correctly saved. like virus name or file name. Please refer to KnowledgeBase article KB68601 for more information. certain fields in the MQM user interface.  Severity: Low  Feature f_555777  Description: ISSUE: The user interface provides checkboxes to control the generation of certain events.  Severity: Low  Feature f_560039  Description: ISSUE: The anti-spam scanner setting in policies allows the user to edit blacklists and whitelists. RESOLUTION: Web authentication checks have been removed from the Email Security Appliance. The user interface was incorrectly permitting scores to be added to complex terms or within dictionaries containing complex terms. for example from 'Everything' to 'Email body'. Please refer to KnowledgeBase article KB68234 for more information. ISSUE: When MQM is used to quarantine items from an EWS appliance with the operational language being Japanese. This caused such dictionaries to be greyed out. RESOLUTION: The logging configuration files are now parsed correctly.

the download occurred successfully. Please refer to KnowledgeBase article KB68643 for more information. the maximum file size for certificate import has been increased. rather than just those blocked or monitored. RESOLUTION: The report generation has been updated to include only blocked or monitored emails.  Severity: Low  Feature f_564048  Description: ISSUE: HTTP offers the ability to display a comfort page to the user to show the status when downloading large files.  Severity: Low  Feature f_563744  Description: ISSUE: Attempting to import multiple self-signed CA certificates in a single file led to errors in the user interface making it appear as though import had failed. Please refer to KnowledgeBase article KB68869 for more information. but an abort would sometimes be logged to the messages file. In addition. the user interface displayed the dictionary numbering incorrectly (for example 6 of 20 instead of 16 of 20). An error occurred when running an email drill down report with a filter set on 'sender' when the filter term contained single quotes or when the user was using the French locale.  Severity: Low  Feature f_564894  Description: ISSUE: Drill down reporting offers the ability to filter based on many criteria. RESOLUTION: The user interface has been updated to show the correct dictionary numbering. This was caused by incorrectly escaped characters being passed to the browser. When viewing dictionaries covering several pages after changing.  Severity: Low  Feature f_567389  Description: ISSUE: Drill down reporting offers the option to show or hide selected columns. When the comfort display was triggered while a file was being scanned.  Severity: Low . Please refer to KnowledgeBase article KB68782 for more information. RESOLUTION: Comfort page downloads starting during the scanning of a file are now handled correctly. Please refer to KnowledgeBase article KB69023 for more information. RESOLUTION: Importing multiple CA certificates in a single file no longer results in errors in the user interface. These incorrectly showed counts for all emails. blocked or monitored emails" activity sections.  Severity: Low  Feature f_567593  Description: ISSUE: The user interface allows the administrator to change the context that the dictionary applies to and the terms within the dictionary. Please refer to KnowledgeBase article KB68549 for more information. Please refer to KnowledgeBase article KB68958 for more information. This was only working for one set of column changes. RESOLUTION: The user interface has been updated to correctly show/hide columns. RESOLUTION: Drill down reporting has been updated to correctly escape all characters.

 Feature f_567880  Description: ISSUE: Vulnerabilities CVE-2009-2414 and CVE-2009-2416 were reported in the XML software used on the appliance.  Severity: Low  Feature f_572028  Description: ISSUE: The appliance offers the ability to monitor SMTP conversations and close connections based on defined timeouts. RESOLUTION: The bzip2 software on the appliance has been updated to address the vulnerability. .  Severity: Low  Feature f_567970  Description: ISSUE: Vulnerability CVE-2008-6218 was reported in the libpng library. These timeouts were incorrectly closing the connection too soon. RESOLUTION: The delivery process has been updated to check delivery modes in the correct order. RESOLUTION: The SMTP proxy code has been updated to use the correct timeouts. Please refer to KnowledgeBase article KB68959 for more information. under certain circumstances it was possible that a subsequent email (which had fallback relay as part of its delivery mechanism) could be delivered to the fallback relay without first checking whether there was a valid DNS delivery mechanism. RESOLUTION: The titles have been updated to identify the correct report. Please refer to KnowledgeBase article KB68956 for more information. Please refer to KnowledgeBase article KB68887 for more information.  Severity: Low  Feature f_567883  Description: ISSUE: In proxy mode the SMTP protocol delivers either by local domains or by DNS and fallback relays. RESOLUTION: The libpng library on the appliance has been updated to address the vulnerability. Please refer to KnowledgeBase article KB68875 for more information. If an email was queued and then delivered using a fallback relay. Please refer to KnowledgeBase article KB69025 for more information. Please refer to KnowledgeBase article KB67786 for more information.  Severity: Low  Feature f_567972  Description: ISSUE: Vulnerability CVE-2008-1372 was reported in bzip2.  Severity: Low  Feature f_568269  Description: ISSUE: Vulnerability CVE-2008-2292 was reported in the net-snmp library.  Severity: Low  Feature f_572378  Description: ISSUE: The drill down reporting section in the user interface had the incorrect title of 'Email Interactive Reporting' for the Web and System reports. RESOLUTION: The net-snmp library on the appliance has been updated to address the vulnerability. RESOLUTION: The XML software has been updated to address the issues.

Please refer to KnowledgeBase article KB67369 for more information.5p1. the alert was shown incorrectly. RESOLUTION: The greylisting has been updated to correctly handle protocol presets.5p1.  Severity: Low  Feature f_530309  Description: ISSUE: The appliance offers HTTP URL filtering.  Previously addressed by 5. legitimate recipients would have been incorrectly blocked if a protocol preset was used and the default preset was disabled.  Previously addressed by 5. Please refer to KnowledgeBase article KB68049 for more information. resulting in the correct MAC address resolution in the user interface.  Severity: Low  Feature f_530318  Description: ISSUE: It is possible to block recipients using SMTP recipient authentication.  Severity: Low  Feature f_530347  Description: . Please refer to KnowledgeBase article KB66250 for more information. If scanning blades were rebooted.  Previously addressed by 5.  Severity: Low  Feature f_530339  Description: ISSUE: If the HTTP response did not contain a header. The administrator can customize the alert pages when a URL filtering detection occurs." RESOLUTION: The appliance now handles HTTP responses without headers.  Severity: Low  Feature f_526067  Description: ISSUE: The management blade shows a summary table of each blade and its status. it was possible to get an 'unknown' MAC address in the summary table caused by blade table entries with duplicate host names.5p1. RESOLUTION: The display name is now stored in a format such that it can be displayed correctly.  Previously addressed by 5. greylisting would have been incorrectly triggering if a protocol preset was used and the default preset was disabled.  Previously addressed by 5. Please refer to KnowledgeBase article KB67438 for more information.5p1. Please refer to KnowledgeBase article KB67348 for more information.5p1. However. RESOLUTION: The SMTP recipient authentication has been updated to correctly handle protocol presets. Please refer to KnowledgeBase article KB68957 for more information. However. If the display name within the alert included non-English characters. RESOLUTION: The summary table has been updated to support multiple identical host names. the appliance dropped the connection with an error message "Failure to parse response header.  Severity: Low  Feature f_530345  Description: ISSUE: It is possible to enable greylisting for SMTP.

RESOLUTION: The notification subject has now been enhanced to support multi- byte characters.  Previously addressed by 5. RESOLUTION: The appliance now uses the HTTP proxy for anti-spam streaming update when proxy configuration is enabled. RESOLUTION: Only enhanced URL categories will be listed under URL filtering. The user saw an error message about file size on the user interface.  Severity: Low  Feature f_535623  Description: ISSUE: The user interface provides listing of the deferred and quarantine databases by recipient. . The lists showed separate entries for the same recipient as email addresses were incorrectly being treated as case-sensitive.  Severity: Low  Feature f_530825  Description: ISSUE: The number of URL filtering categories listed on the web Scanning Policies page could be wrong because other categories like SiteAdvisor and black & whitelist were being included. Please refer to KnowledgeBase article KB67794 for more information. which has now been updated to use the Zip64 extension.5p1.  Previously addressed by 5. Please refer to KnowledgeBase article KB67917 for more information.  Severity: Low  Feature f_537800  Description: ISSUE: It was not possible to generate a Minimum Escalation Report (MER) output that exceeded 4 Gigabytes.  Previously addressed by 5. Please refer to KnowledgeBase article KB67368 for more information. Please refer to KnowledgeBase article KB67387 for more information. supporting zip archives greater than 4 Gigabytes. although they were displayed in the Detail View reports.  Severity: Low  Feature f_533470  Description: ISSUE: Default proxy servers may be defined for updates by FTP and HTTP. Please refer to KnowledgeBase article KB66931 for more information. the appliance was using the FTP proxy instead of the HTTP proxy.  Previously addressed by 5.  Severity: Low  Feature f_530349  Description: ISSUE: It is possible to generate system notification alert emails. so the lists will show only one entry for each recipient.5p1.  Previously addressed by 5. RESOLUTION: Recipient address will now be converted to lower case on reading from the database.5p1.5p1. RESOLUTION: The status view report has been updated to include the permitted recipients. ISSUE: The SMTP Permit Recipient detections were not being displayed in the Email Status view report. For anti-spam streaming update when proxy configuration was enabled. RESOLUTION: This error was caused by the zip utility. The appliance did not support multi-byte characters in the subject line.5p1.

 Severity: Low  Feature f_543865  Description: ISSUE: The appliance reports the status of all email that it processes.  Previously addressed by 5.  Severity: Low  Feature f_541363  Description: ISSUE: The appliance generates an alert if it detects a virus. Please refer to KnowledgeBase article KB67979 for more information. Please refer to KnowledgeBase article KB67974 for more information. However. . Please refer to KnowledgeBase article KB67918 for more information. and can also define aliases for email addresses. Please refer to KnowledgeBase article KB68255 for more information. RESOLUTION: The appliance now performs a single anti-virus scan of the HTML content. A redundant second anti-virus scan was being performed on HTML content which could cause a second anti-virus alert. MQM users and administrators can set black and white lists for anti-spam scanning.5p1.5p1.  Severity: Low  Feature f_543872  Description: ISSUE: The appliance supports MQM for off-box quarantine. RESOLUTION: The appliance has been enhanced to support the email address aliases from MQM.  Previously addressed by 5. if that score was negative.  Previously addressed by 5.5p1.  Severity: Low  Feature f_543862  Description: ISSUE: The appliance dashboard shows the policy names for each protocol. the action did not trigger. resulting in a single notification.5p1. Please refer to KnowledgeBase article KB67943 for more information. RESOLUTION: This combination of scanning was incorrectly handled for reporting. The appliance did not support MQM email address aliases as equivalent for black and whitelist processing. the email was not reported. RESOLUTION: The anti-spam scanner has been updated to take action on all score ranges.5p1. policy names containing multi-byte characters would appear garbled. They are now correctly encoded in UTF-8. Reporting has been corrected for all scanner combinations. When more than one browser accessed the appliance user interface at the same time. If an email scanning policy contained both the action to add a spam score indicator and to add a disclaimer.  Previously addressed by 5.  Previously addressed by 5.  Severity: Low  Feature f_540332  Description: ISSUE: The appliance allows the user to set actions based on the spam score for the anti-spam scanner. Please refer to KnowledgeBase article KB67920 for more information. RESOLUTION: This was due to the policy names being incorrectly encoded in transmission between the browser and the appliance.

 Previously addressed by 5.5p1. RESOLUTION: The %SUBJECT% token is now replaced using the plain text subject line. RESOLUTION: A Configuration event "Finished applying new configuration" with event id 220010 is now available for SNMP and syslog.5p1.  Previously addressed by 5. it is possible to configure a list of Denied Request Headers. the %SUBJECT% token was incorrectly replaced with the encoded version.  Severity: Low  Feature f_543880  Description: ISSUE: It is possible to setup the appliance to generate Email notification alerts. When the subject used an encoded format such as iso-2022-jp.  Severity: Low  Feature f_543875  Description: ISSUE: Vulnerability CVE-2009-3563 was reported in the NTP daemon. The subject line can be modified using the %SUBJECT% token. Please refer to KnowledgeBase article KB67787 for more information.5p1.5p1.  Severity: Low  Feature f_546882 .  Severity: Low  Feature f_543873  Description: ISSUE: For FTP. the 'apply changes' button did not appear. The reporting database view "config_change_view" is available for remote database access. RESOLUTION: The user interface has been updated so that changes in this list are correctly detected. Please refer to KnowledgeBase article KB67788 for more information. administrator name and source IP address fields are provided.  Previously addressed by 5.  Severity: Low  Feature f_543881  Description: ISSUE: In HTTP. Configuration modification date. Please refer to KnowledgeBase article KB68254 for more information.  Previously addressed by 5. Please refer to KnowledgeBase article KB67919 for more information. This setting was not being used by the FTP proxy.  Previously addressed by 5. The logging did not provide enough detail of configuration change events.5p1. Please refer to KnowledgeBase article KB67980 for more information. rather than the plain text subject line.5p1.  Previously addressed by 5. If the user removed one of the items from this list. syslog and SNMP.  Severity: Low  Feature f_543882  Description: ISSUE: The appliance can log events via Email. time. RESOLUTION: The NTP daemon on the appliance has been updated to address the vulnerability. and hence the 'apply changes' button appears. it is possible to define a handoff host. RESOLUTION: The FTP proxy has been updated to use the handoff host.

it is possible to import categorized URLs from an earlier version of the product and URLs categorized as "Blacklisted" or "Whitelisted" will be accepted. Please refer to KnowledgeBase article KB68149 for more information. any URLs marked as "Blacklisted" or "Whitelisted" will be ignored.  Previously addressed by 5.  Previously addressed by 5.5p1. RESOLUTION: The configuration restore scripts have been updated to correctly restore the FTP proxy settings for anti-virus updates.5p1. The import operation will accept enhanced filtering categorized URLs and will add "Blacklisted" and "Whitelisted" URLs to the appropriate lists in primary filtering while ignoring other categories.  Severity: Low  Feature f_548166  Description: ISSUE: Support for the "Blacklisted" and "Whitelisted" categories has been removed from Enhanced URL Filtering because these can interfere with Primary URL Filtering. However. However. A workaround was to manually start the update service. the NDR incorrectly contained the onward MTA address of 0. it will return a Non- Delivery Report (NDR) to the sender.  Severity: Low  Feature f_547487  Description: ISSUE: It is possible to restore a previous configuration through the user interface. It is still not possible to mark other URLs as "Blacklisted" or "Whitelisted".  Previously addressed by 5.  Previously addressed by 5. The FTP proxy settings for anti-virus updates were not restored as part of that process.5p1.0. Please refer to KnowledgeBase article KB68080 for more information.  Severity: Low  Feature f_548418  Description: ISSUE: The appliance can use proxy settings for doing its anti-spam streaming updates. import and export support has been added to Primary URL Filtering. RESOLUTION: The policy resolution for protocol preset now incorporates the destination connection information in transparent mode. . If failure was because the appliance could not connect to the onward Mail Transport Agent (MTA).0. RESOLUTION: When importing categorized URLs into Enhanced URL Filtering. The protocol preset was not being triggered for the null sender option resulting in the Default settings being used.5p1. RESOLUTION: The appliance now generates the correct NDR containing the onward MTA address.  Description: ISSUE: When the appliance is unable to deliver an email. Please refer to KnowledgeBase article KB67810 for more information.  Severity: Low  Feature f_548171  Description: ISSUE: In transparent mode SMTP.0. Please refer to KnowledgeBase article KB68082 for more information. The proxy settings were not being applied on the scanning blades of a blade system because the update service was not automatically restarted. it is possible to create a protocol preset using the destination IP address or hostname.

1 configuration was restored onto a version 5.5p1.  Previously addressed by 5.  Previously addressed by 5.03.5.  Severity: Low  Feature f_548572  Description: ISSUE: It is possible to restore a previous configuration through the user interface.3 release 5199 The MIME++ Library xerces13 version 1.  Severity: Low External components installed by this package open-vm-tools version 2009.1 release 201005270904P3 The Berkeley Internet Name Domain (BIND) DNS (Domain Name System) server bind-libs version 9.12r release 1 Programs for setting up and configuring loopback devices openldap version 2.2 release 5199 McAfee eSCM content scanning framework mcafee-eSCM-urlfilter version 4.5.2 release 5199 McAfee eSCM content scanning framework mimepp version 1.4.10 release 2.2 release 5199 An engine test tool for the McAfee eSCM content scanning framework mcafee-eSCM-spam version 4. a user interface exception sometimes occurred on the Enhanced URL Filtering Settings page because of an empty reference that was not handled properly.10 release 2.5 appliance.1 release 201005270904P3 Utilities for querying DNS name servers mcafee-eSCM version 4.3 release 5199 The run-time libraries for Xerces 1.1 release 201005270904P3 Libraries used by the BIND DNS packages bind-utils version 9. If this configuration contained any sub-policy with a permitted recipient list.1 The configuration files.9.5p1.5. the sub-policy would be imported without the permitted recipient list.5p1. Please refer to KnowledgeBase article KB68258 for more information.  Severity: Low  Feature f_533027  Description: ISSUE: When a version 5. RESOLUTION: The configuration restore scripts have been updated to correctly restore permitted recipient lists in sub-policies.3 losetup version 2.6. Please refer to KnowledgeBase article KB68142 for more information. Please refer to KnowledgeBase article KB67517 for more information.5.4.1 Client programs for OpenLDAP . RESOLUTION: The anti-spam streaming updater is now restarted on the scanning blades when proxy settings are configured. and documentation for OpenLDAP openldap-clients version 2.2 release 5199 The McAfee eSCM content scanning framework mcafee-eSCM-enginetest version 4. RESOLUTION: The empty reference is now handled properly.31x8.5h533027.18 release 154848x2. libraries.27.  Previously addressed by 5.scm VMware tools bind version 9. 5.

5p2-1531.1-201005270904P3.122/ftrs/f_527214/postscript 5.3.122/scm_pull_files 5.1 release 201005270904 Tools and servers for the SNMP protocol net-snmp-utils version 5.1-201005270904P3.7 release 3 A library for getting files from web servers CMA version 4.rpm 5.20 release 150mfe Libxslt Run-time libraries libxslt-python version 1.8n release 1 Secure Sockets Layer and cryptography libraries and tools libxml2 version 2.7 release 3 A utility for getting files from remote servers (FTP.5p2-1531. and others) libcurl version 7. which contains the following files: 5.5p2-1531.5.9.5p2-1531.5. Files included with this release This release consists of a package called EWS-5.5p2-1531.5p2-1531.5 release 201005270904 A file compression utility.5p2-1531.122.20 release 150mfe Libxslt Python Run-time libxslt-staticutils version 1.0.27 release 150mfe Libxml2 Utilities (including xmllint) libxslt version 1.2.122/install 5.0 release 201005270904 An SPF library openssl version 0.0.5p2-1531.122/ftrs/f_527214/blade_prep/5.5.6.122/rpms/bind-libs-9.5p1pre-1531.122/ftrs/f_548879/postscript 5.122/ftrs/f_536671/postscript 5.122/ftrs/f_543872/prescript 5.6.5p2-1531.122/ftrs/f_527214/prescript 5.1.5p2-1531.5p2-1531.27 release 150mfe Python bindings for the libxml2 library libxml2-utils version 2.1 OpenLDAP servers and related files libspf version 1.10 release 2.122/rpms/CMA-4.rpm .27 release 150mfe Libxml2 Run-time Libraries libxml2-python version 2.43 release 1.4p2 release 2ews Synchronizes system time using the Network Time Protocol (NTP).122/ftrs/f_548879/prescript 5.122/rpms/bind-9.0-1316.5p2-1531.5p2-1531. curl version 7.i386.5p2-1531.5. openldap-servers version 2. bzip2-libs version 1.mfe1 A library of functions for manipulating PNG image format files bzip2 version 1.5 release 201005270904 Libraries for applications using bzip2 net-snmp version 5.5p1pre-1531.19.12 release 149mfe Libxslt Static Utilities (including xsltproc) libpng version 1.6.1.122/script 5.2.5p2-1531.rpm 5. HTTP.19.1.i386.5.122/ftrs/f_536141/postscript 5.4.5p2-1531.122/ftrs/f_567880/prescript 5.i386.5p2-1531.122/ftrs/f_541662/postscript 5.rpm 5.122/ftrs/f_527214/blade_prep/5.zip.5p2-1531.122/rpms/bind-utils-9.5p1pre-1531.0 release 1316 The McAfee Agent ntp version 4.0.i386.1 release 201005270904 The tooAutoReqProvls and binaries from the Net-SNMP package.3.1-201005270904P3.0.122/ftrs/f_543872/postscript 5.122/ftrs/f_527214/blade_prep/5.0.

5-201005270904.122/rpms/open-vm-tools-2009.122/rpms/net-snmp-utils-5.1.0.rpm 5.i386.5p2-1531.i386.5p2-1531.5-201005270904.122/rpms/webshield-icap-8.i386.2-5199.rpm 5.5-201005270904.rpm 5.5-201005270904_119.rpm 5.18-154848x2.rpm 5.5p2-1531.20-150mfe.1.5p2-1531.5-201005270904.5.rpm 5.5-201005270904.scm.rpm 5.122/rpms/webshield-UI_backend-8.8n-1.5p2-1531.122/rpms/webshield-smg-8.5-201005270904.1.i386.i586.122/rpms/curl-7.5p2-1531.i386.2.122/rpms/webshield-comp-8.5.122/rpms/losetup-2.5p2-1531.31x8.5p2-1531.122/rpms/webshield-siteadvisor-8.rpm 5.5p2-1531.5p2-1531.rpm 5.122/rpms/webshield-ncore-8.5p2-1531.rpm 5.rpm 5.5-201005270904.122/rpms/webshield-apache-8.27-150mfe.i386.1-201005270904.5-201005270904.5p2-1531.i586.122/rpms/webshield-smtp-retryer-8.2.5p2-1531.rpm 5.i386.5p2-1531.122/rpms/webshield-kernel-8.19.5p2-1531.122/rpms/libxslt-1.5p2-1531.i386.5-201005270904_117.5p2-1531.i386.i386.122/rpms/mcafee-eSCM-urlfilter-4.43-1.5p2-1531.12r-1.i386.5p2-1531.122/rpms/webshield-pop3-8.5p2-1531.5-201005270904.i386.rpm 5.3.i386.rpm 5.10-2.i386.7-3.122/rpms/bzip2-libs-1.i386.122/rpms/mimepp-1.rpm 5.i386.5-201005270904.rpm 5.rpm .rpm 5.7-3.5p2-1531.122/rpms/openldap-2.rpm 5.i386.122/rpms/webshield-dkim-key-mgmt-8.mfe1.122/rpms/webshield-files-8.rpm 5.122/rpms/webshield-tqmd-8.122/rpms/webshield-l10n-8.122/rpms/webshield-help-8.122/rpms/mcafee-eSCM-spam-4.122/rpms/webshield-userbw-8.5-201005270904.122/rpms/webshield-Web_UI-8.6.5p2-1531.5-201005270904.5p2-1531.5p2-1531.5-201005270904.5p2-1531.rpm 5.i386.5-201005270904.rpm 5.5p2-1531.5p2-1531.i386.5-201005270904.i386.122/rpms/webshield-swg-8.122/rpms/webshield-webwasher-mgmt-blade-updater-8.10-2.5p2-1531.i386.122/rpms/webshield-CfgMgr-Converter-UI-8.i386.rpm 5.5-201005270904.i386.5p2-1531.rpm 5.5-201005270904.122/rpms/webshield-variants-8.5-201005270904.3-5199.5p2-1531.5-201005270904.1.i386.i386.5p2-1531.rpm 5.i386.122/rpms/libspf-1.122/rpms/webshield-libconfig-8.5-201005270904.i386.rpm 5.122/rpms/libxml2-2.i386.rpm 5.rpm 5.i386.5p2-1531.i386.rpm 5.i386.5-201005270904.rpm 5.10-2.5p2-1531.12-149mfe.rpm 5.5p2-1531.i386.5p2-1531.122/rpms/libxml2-python-2.i386.i386.5-201005270904.5p2-1531.122/rpms/webshield-CfgMgr-schema-Native-8.rpm 5.rpm 5.rpm 5.rpm 5.5p2-1531.122/rpms/webshield-inv-smtp-8.122/rpms/openssl-0.i386.122/rpms/net-snmp-5.122/rpms/webshield-ftp-8.5-201005270904.5-201005270904.i386.rpm 5.rpm 5.rpm 5.5p2-1531.5p2-1531.5-201005270904.i386.5p2-1531.0.122/rpms/libpng-1.rpm 5.122/rpms/webshield-webwasher-updater-8.5-201005270904.122/rpms/webshield-base-xmlconfig-8.9.5p2-1531.i386.rpm 5.5-201005270904.122/rpms/webshield-snmp-8.5-201005270904.5p2-1531.rpm 5.rpm 5.122/rpms/webshield-ui-8.5-201005270904.3.5.4.122/rpms/webshield-gls-8.rpm 5.122/rpms/webshield-utils-8.rpm 5.i386.i386.5p2-1531.rpm 5.2-5199.i386.4.5p2-1531.i386.i386.rpm 5.122/rpms/webshield-retryer-8.5p2-1531.rpm 5.122/rpms/webshield-autoupdate-8.5p2-1531.27.122/rpms/bzip2-1.122/rpms/webshield-libsyscfg-8.i386.5-201005270904.i586.2-5199.rpm 5.27-150mfe.20-150mfe.5p2-1531.2-5199.i586.122/rpms/webshield-urlfilter-8.i386.122/rpms/ntp-4.5-201005270904.rpm 5.rpm 5.5p2-1531.i386.i386.5p2-1531.5-201005270904_122.i386.i386.5-201005270904_102.0-201005270904.5-201005270904_102.i386.122/rpms/webshield-tqmd-mgmt-8.5p2-1531.rpm 5.27.122/rpms/libxml2-utils-2.27-150mfe.19.5-201005270904.scm.i386.rpm 5.5p2-1531.5-201005270904.5p2-1531.122/rpms/mcafee-eSCM-4.rpm 5.31-8.5-201005270904.i386.rpm 5.1-201005270904.rpm 5.122/rpms/xerces13-1.5p2-1531.4p2-2ews.5p2-1531.5p2-1531.5p2-1531.122/rpms/libcurl-7.i386.i386.9.5-201005270904.rpm 5.1.i386.5p2-1531.5p2-1531.5-201005270904.5p2-1531.6.rpm 5.i586.i386.rpm 5.1.i386.5p2-1531.0.5-201005270904.0.0.122/rpms/webshield-trans-auth-8.5p2-1531.rpm 5.rpm 5.122/rpms/webshield-appliance-kernel-2.122/rpms/openldap-servers-2.3-5199.122/rpms/openldap-clients-2.i386.5-201005270904.rpm 5.5p2-1531.5p2-1531.i586.5p2-1531.i386.122/rpms/mcafee-eSCM-enginetest-4.122/rpms/webshield-ts-8.rpm 5.03.122/rpms/webshield-inv-http-8.122/rpms/libxslt-staticutils-1.4.i386.rpm 5.rpm 5.rpm 5.122/rpms/libxslt-python-1.5-201005270904.rpm 5.rpm 5.122/rpms/webshield-reports-8.5p2-1531.122/rpms/webshield-ePO-8.rpm 5.6.rpm 5.5p2-1531.rpm 5.i386.122/rpms/webshield-management-common-8.6.5p2-1531.i386.5-201005270904_122.i386.5p2-1531.i386.6.rpm 5.i386.5p2-1531.9.5p2-1531.122/rpms/webshield-CfgMgr-Converter-MigrationAid-8.5p2-1531.

5.5p2-1531. find the location of the file "EWS-5. 2. click Update from file. In the Import package window. 5. then the Management appliance. A popup window appears displaying the package description and a notice that the appliance will restart after installation. When prompted. Open your Internet browser.txt validate/version Additional information This release was built on 2010-07-29. and then click OK.zip". Upon completion of the installation the actions noted above will be performed . On the navigation bar. click Open. 3. Under Manual Package Install. Create a temporary directory on your hard disk. and browse to the Email and Web Security appliance. Click OK to install the package. If installing on a Content Security Blade Server. go first to the Failover Management blade to do the following steps.5p2-1531. For information on release dates see the KnowledgeBase article KB66911.122. click Browse. then repeat them on the Management blade (the content scanning blades will be updated automatically).txt validate/md5sum. log on to the appliance by typing your username and password. starting with the Failover Management appliance. To install this release: 1. McAfee strongly recommends that the appliance is always kept up to date with the latest anti- virus components to achieve the highest possible security.122/updata/package. Installation Installation requirements To use this release. This release was tested with anti-virus engine version 5400.txt validate/validate.xml validate/filelist. DATs version 5980 and later. you must have the following Email and Web Security software installed on the appliance you intend to update with this release:  Version 5. If installing on an appliance cluster the steps must be done on all the appliances in the cluster. then the remainder.5 Installation steps In the case of a VMware appliance it may be useful to take a snapshot of the appliance before installing the release. 4. and download the zip file provided by McAfee to a computer on your network that can access the Email and Web Security appliance. select System | Component Management | Package Installer.

All other registered and unregistered trademarks herein are the sole property of their respective owners.5 software. delete the file after successful installation. DO NOT INSTALL THE . or translated into any language in any form or by any means without the written permission of McAfee. PORTALSHIELD.5p2-1531. PLEASE CONSULT THE SALES AND OTHER RELATED LICENSE GRANT OR PURCHASE ORDER DOCUMENTS THAT ACCOMPANY YOUR SOFTWARE PACKAGING OR THAT YOU HAVE RECEIVED SEPARATELY AS PART OF THE PURCHASE (AS A BOOKLET. If the browser cache is not cleared. keep it available on your computer. is to revert to a previous snapshot. A FILE ON THE PRODUCT CD.All Rights Reserved No part of this publication may be reproduced. VIRUSSCAN. After installation. INTRUSHIELD. or its suppliers or affiliate companies. SECURITYALLIANCE. Removing this release To remove this release from your Email and Web Security appliance. License information License Agreement NOTICE TO ALL USERS: CAREFULLY READ THE APPROPRIATE LEGAL AGREEMENT CORRESPONDING TO THE LICENSE YOU PURCHASED. An alternative.122. IF YOU DO NOT AGREE TO ALL OF THE TERMS SET FORTH IN THE AGREEMENT. OR A FILE AVAILABLE ON THE WEBSITE FROM WHICH YOU DOWNLOADED THE SOFTWARE PACKAGE). SITEADVISOR. EPOLICY ORCHESTRATOR. you need to reinstall Email and Web Security Appliance version 5. Otherwise. transmitted. PREVENTSYS. for a VMware appliance. McAfee Red in connection with security is distinctive of McAfee brand products. WHICH SETS FORTH THE GENERAL TERMS AND CONDITIONS FOR THE USE OF THE LICENSED SOFTWARE.5p2-1531. MCAFEE.5. and/or its affiliates in the US and/or other countries. we recommend that you re-install this release. Inc. transcribed.122" is displayed. GROUPSHIELD. Inc. IF YOU DO NOT KNOW WHICH TYPE OF LICENSE YOU HAVE ACQUIRED.zip archive file again. 7. stored in a retrieval system. If you re-install your Email and Web Security version 5. the interface will not behave correctly. EPO. LINUXSHIELD. FOUNDSTONE. Notices Copyright Copyright © 2010 McAfee. 6. Clear the browser cache before logging on to the interface again. TOTAL PROTECTION. log on to the user interface and click About the appliance to check that "5. Inc. MAX (MCAFEE SECURITYALLIANCE EXCHANGE). Trademark attributions AVERT. WEBSHIELD are registered trademarks or trademarks of McAfee. After installation  If you plan to use the EWS-5. automatically. Please note that all other hotfixes or patches installed on the appliance would also be removed in the process.. NETSHIELD.

Copyright © 2010 McAfee. IF APPLICABLE. YOU MAY RETURN THE PRODUCT TO MCAFEE OR THE PLACE OF PURCHASE FOR A FULL REFUND. Inc.All Rights Reserved .SOFTWARE.