Software Update: Symantec Messaging Gateway 10.6.4

Symantec Messaging Gateway is a product for securing incoming and outgoing mail flows. It builds on Brightmail, which was acquired by Symantec in 2004. Although that happened more than thirteen years ago, the old name is still mentioned in the product with the addition ‘powered by Brightmail’. The program offers anti-spam and anti-mailware options, advanced content filtering and data loss prevention, and also offers encryption options by integrating with Symantec encryption products. SMG can be run on a companion hardware appliance or virtually in VMware or Hyper-V. Version 10.6.4 has been released with the following changes:

What’s new in SMG 10.6.4

This release fixes known defects and addresses known vulnerabilities.

• Symantec recommends that all customers using the SMG software update at their earliest convenience. This version is required to upgrade to future releases of SMG.
• RC4, DES, and 3DES ciphers are no longer accepted or used within HTTPS and SMTP/TLS conversations. These cipher suites have been deemed insecure and are no longer recommended for use. If you experience HTTPS, SMTP, or TLS conversation failures Symantec recommends that you work with the application vendor or business partner to strengthen their application. Symantec does not recommend reenabling these cipher suites.
• This release includes and supersedes patches 266, 267 and 268.

New features include the following:

• Integration with Email Threat Isolation and Symantec Blue Coat ProxySG.
• New SymDiag utility collects system diagnostics.
  • SymDiag creates a file. When you open the file with SymHelp, you may see the following warning: “This data file was saved by an older version of Symantec Diagnostic Tool “. You can safely ignore this warning.

resolved issues

• The Local Good Sender IPs list was ignored in some messages with more than one IP address in a “Received” header.
• A message with badly formatted ‘From’ header was not accepted in Spam Quarantine.
• Unsaved changes to quarantine settings were lost when you edited the notification template.
• MAL showed status as “Processing Status” for a rejected message.
• In some cases the Subject line showed garbled text.
• Empty-body messages that are signed using the DKIM relaxed algorithm fail verification.
• In rare cases, the administrator receives an alert about a bmserver crash on signal 11 exit code: 0x008B.
• Validation of SMG-generated DKIM signature fails at recipients such as Gmail, when annotation is added to email and the message is routed through a Microsoft mail server.
• Manual and scheduled backups failed when the backup size was too large.
• MAL logs retention time was not propagated to the BMI_MAL (CC-only MAL for Spam Quarantine release).
• In some cases, startup times for the Control Center web interface were very long.
• MAL did not log any connection-time verdicts.
• CAS preferences from CA Connect page were not respected.
• On virtual appliances, the messages log file showed information about ttyS0 respawning every 10 seconds.
• On CA connect page, the drop-down to select a scanner was disabled when the CAS was not configured for the currently selected scanner.
• XML files were incorrectly sent to CAS on a clean install of 10.6.3, but not on the systems that were upgraded to 10.6.3.
• The check box “Allow email addresses to start with a dash” was removed from Protocols -> Setting -> SMTP -> Address Validation.
• Some MAL searches returned an Application Error page, while some returned expected results.
• Connection classification message counts were tallied improperly resulting in a more favorable verdict.
• The “From” filter on Email Quarantine did not return the expected results.
• The commandmta-control all active-routes returned no data.
• In some cases, scheduled reports failed.
• DKIM signatures did not contain the expiration tag and so did not reflect the signature expiration policy that was set in Protocols -> Domains -> Delivery.
• In some cases, backups with very large databases failed.
• Chrome and Firefox did not recognize certificates using only the common name (CN).
• In some cases, Disarm scanning used excessive disk space.
• An Active Directory administrator who clicked on the “Login to End User View” in the Logout menu received the following message: Possible Cross Site Request Forgery.
• When a Control Center logon was idle for an extended period and the user clicked the logout option, the following error appeared: Possible Cross Site Request Forgery.
• Some delete commands issued on the command line failed on Control-Center-only systems.