MailMarshal SMTP

Version: 6.9, Last Revision: January 09, 2012

These notes are additional to the MailMarshal User Guide and supersede information supplied in that Guide.

The information in this document is current as of the date of publication. To check for any later information, please see M86 Security Knowledge Base article Q14004.

What's New
Upgrading MailMarshal
Uninstalling
Hardware and Software Requirements
Change History

What's New

For more information about additional minor features and bug fixes, see the change history.

Features New in 6.9

Rules structure: Email Policy is divided into Connection Policy, Content Analysis Policy, and Dead Letter Policy. Rules formerly known as "receiver rules" are now found in Connection Policy; "standard rules" are now found in Content Analysis Policy. Filtering order and behavior is not changed.
Dead Letter Rules: A new type of rule allows messages that cannot be processed to be passed through based on user matching and the text of the Dead Letter reason code.
PDF unpacking improvements: Images, attachments, and annotations are now unpacked from PDF documents. Supported images types are JPG, JPG 2000, TIF, and RAW. The PDF unpacker can be updated automatically through the MailMarshal Automatic Updates (SpamCensor updater). This improvement addresses numerous other issues with PDF unpacking. See change history for details.
Changes in upgrade prerequisites: Direct upgrade is supported from MailMarshal SMTP 6.5.1 and above.
Reports change: Marshal Reporting Console is the supported reporting interface. The MailMarshal Reports application (based on MMC and Crystal Reports) is no longer included.
Message Logs Change: Text log information for messages is now stored in each message (MML) file. Logs for delivered messages are stored in a special folder named Sent History. You can use the Configurator to change the permissions and retention period for this folder. You cannot rename it, delete it, or view it in the Console.
Database Software Support: SQL Server 2008 R2 and 2008 Express R2 are supported.

Features New in 6.8

Changes in database and upgrade prerequisites: SQL 2000 is no longer supported. Direct upgrade is supported from MailMarshal SMTP 6.4.5 and above.
Support for additional operating systems: Windows Server 2008 R2 and Windows 7 are supported for all components.
Improved database security options: Database connections can be made using Windows accounts. MailMarshal can grant limited permissions to an "operational user" for daily use (database owner permission is required for upgrades).
Dashboard (Today Page) improvements: The Console dashboard now allows you to select a time period for the statistics display. Note that the historical data is only available for times after this version is installed (earlier versions did not save the data).
Spam Management enhancements: The administrator can allow users to subscribe and unsubscribe from digests, and to add entries to Safe Senders lists when releasing a message from digests.

Features New in 6.7

SpamBotCensor: A new layer of spam filtering that efficiently identifies messages originating from spambot networks.
Blended Threats Module: A new option to identify email containing malicious URLs, using a database with zero day updates. To use the BTM you may need to run the Engine service under a domain account. See M86 Security Knowledge Base article Q12931.
Marshal IP Reputation Service: A new DNS based block list, provided by M86 Security using proprietary data.
Report Spam/Not Spam: New options in the Console allow you to report false positive and negative spam identification of messages with one click.
User Group pruning: MailMarshal can remove unused email addresses from user groups to maintain server performance.
Outbound SMTP Authentication: MailMarshal can now send SMTP credentials when making outbound connections.
Enhanced Inbound SMTP authentication: MailMarshal now supports CRAM-MD5 as well as plain text authentication.
Upgrade Tasks listing: A new page in the Configurator shows tasks that the MailMarshal administrator should complete after upgrading.

Features New in 6.5

Enhanced SQM performance: Spam Quarantine Management website loading and message retrieval performance has been improved significantly.
Enhanced Message Release options: You can now specify for each rule how processing should resume if a message quarantined by that rule is released. This change affects messages quarantined at the time of upgrade. See the "Notes on upgrading" section below.
SpamProfiler as a Rule Condition: You can now use SpamProfiler results in a standard rule combined with any other conditions available.
Updated Image Analyzer: A new version of Image Analyzer offers significantly improved throughput and detection.
Supports installation on Windows Server 2008 and Windows Vista (32 and 64 bit versions).
Supports SQL Server 2008 as database server.
Updated prerequisites for OS and SQL Server versions and service packs. See the Hardware and Software Requirements section below.

Features New in 6.4.5

Enhanced Dead Letter Templates: Separate Dead Letter templates are available for incoming and outgoing messages.
Secure Email Server integration: MailMarshal SMTP can now integrate seamlessly with MailMarshal Secure Email Server for S/MIME encryption and signing. To learn more, see MailMarshal Secure Email Server documentation.

Features New in 6.4

Enhanced Routing: Routing tables with multiple load balancing, fallback hosts, and special cases can be created. Local delivery can be set by server name.
Enhanced Anti-Relaying: Multiple Anti-Relaying tables can be created and selected separately for each node in an array.
Updated Spam Quarantine Management website: The site has been redeveloped in ASP.NET 2.0. The Administrator has GUI access to view and change user whitelists, blacklists, and additional addresses. Skins and language packs are supported.
Marshal Notifications: The Console provides a RSS based alert and news service.
SpamProfiler: A new layer of Spam filtering that allows denial of spam messages at the Receiver.
Automatic Adaptive Whitelisting: Allows Reputation checks (DNS Blacklists) to be skipped for trusted servers.
Enhanced SpamCensor: SpamCensor can now base action on attachment contents.
7zip files support: Unpacking of 7zip files files is supported.
Enhanced low disk space handling: includes a warning and stop threshold, with periodic email notifications
Event Log viewer: Console provides a view of event logs on all servers in the MailMarshal installation.
Centralized Upgrades: Upgrades can be delivered to all servers in an array using the Configurator interface (after the initial 6.4 upgrade has been applied to all servers).
Sophos for Marshal is supported by trial keys.

MailMarshal SMTP version 6.9 supports a direct upgrade from MailMarshal SMTP 6.5.1 and later versions. This is a change from earlier versions. To upgrade from a version prior to 6.5.1, first upgrade to version 6.7.

Please review the MailMarshal User Guide before upgrading.

For general information about upgrading issues see the remainder of this section.

Full details about upgrading from specific versions can be found in the following M86 Security Knowledge Base articles:

Q11025 Upgrading from MailMarshal 5.5 to MailMarshal SMTP 6.X
Q11026 Upgrading from MailMarshal 6.0 to MailMarshal SMTP 6.X
Q11027 Upgrading from MailMarshal 6.1.3 to MailMarshal SMTP 6.X

To upgrade from a version prior to 5.5 (not recommended), first upgrade to version 5.5, then see the above articles.

Changes in Database Structure and Prerequisites

MailMarshal no longer supports SQL 2000 or MSDE 2000.

See the Hardware and Software Requirements section for the latest list of supported SQL Server versions.
MailMarshal supports Windows Authentication as well as SQL Authentication. Mixed Mode is no longer required.

You can access a supported SQL Express version from the Prerequisites tab of the MailMarshal installation package. The "With SQL Express" version of the package also allows you to install SQL Express during the main MailMarshal installation. Note: You may need to first install .NET 3.5 SP1.

Upgrading a Single Server

To upgrade a single MailMarshal SMTP server from version 6.5.1 or above, install the new version over your existing version. You do not need to uninstall your existing version. The database will be upgraded in place, if necessary.

Upgrading an Array of Servers

After upgrading the Array Manager you can upgrade the processing servers through the Configurator, with no need to log on to the processing servers. For more information, see the Upgrading section in the User Guide.

Notes on Upgrading

Note: The information in this document is current as of the date of publication. To check for any later information, please see M86 Security Knowledge Base article Q14004.

6.9 TLS Configuration: You can now select a minimum cipher strength to be used for TLS connections. Upgrade sets the minimum to "low" for compatibility with earlier versions. To enhance security, M86 recommends you set the value to at least "medium." Be aware that changing this setting could cause some connections to be rejected.
6.9 Deadletter Folder Retention: Upgrade resets the retention period for deadletter folders to 7 days. Any changes that you previously made using the method described in Knowledge Base article Q10260 will be lost. After upgrading, use the Configurator to set the desired values.
6.9 Policy changes: On upgrade, existing Receiver rules are moved to the Connection Policy container. Standard rules are moved to the Content Analysis Policy container. Policy groups are created as necessary. Filtering order and behavior is not changed.
6.9 File Type Identification: Version 6.9 identifies the following as executable files:
- Plain text files with extension .CMD or .BAT
- Binary unknown files with extension .COM or .EXE
- Previous versions identified these files as "text" or "binary unknown". You may wish to review and adjust your rules.
6.9 Sent History folder: Version 6.9 uses a special folder named Sent History to preserve processing logs for messages that have been successfully delivered. If you have a folder named Sent History, the installer will prompt you to rename it before you can proceed with the upgrade.
6.9 Message Logs: If you have selected the "copy message log file" feature for quarantined or archived messages, you should consider unselecting this option. The Sent History feature provides the same information automatically.
6.9 .NET version requirement: The Web Components now require .NET 4.0.
6.9 database upgrade: To resolve an issue with reporting of IP addresses, the upgrade rewrites some existing data. This process can take significant time to complete for large databases. The upgrade installer provides an estimate of the time required.
6.8 Digest setup: To allow users to subscribe or unsubscribe from digests, use the Configurator to edit the properties of each digest and make the selection. To allow user selection of digests from the SQM website, see the Administrator tab of SQM. To provide an unsubscribe link in digest emails, use the variable {UnsubscribeUrl}. For more information see the User Guide and Help.
6.8 Sophos for Marshal upgrade: If you are using Sophos for Marshal, upgrade Sophos for Marshal to version 1.0.3 before upgrading MailMarshal. This step is required due to the change in the MailMarshal registry key location.
6.8 database change: If you are using SQL 2000 or MSDE with an earlier version of MailMarshal, you must move the database to SQL 2005 before upgrading MailMarshal. For assistance see Knowledge Base article Q11646.
6.7 Reputation Service: The Marshal IP Reputation Service is licensed with a customer number and activation code that you must enter when enabling this service. For more information, please see M86 Security Knowledge Base article Q12878.
6.7 Reputation Service Upgrade: If you enabled the Marshal IP Reputation Service in an earlier version of MailMarshal, the file MarshalRBL.xml will be overwritten during the upgrade. The upgrade process saves the customer number and activation code to the Registry, and makes a copy of the file in the Config folder on the Array Manager server as MarshalRBL.xml.bak.
- If you added any custom attributes such as SkipFirstIPs, after upgrading you must copy this information from the file MarshalRBL.xml.bak to MarshalRBL.xml on the Array Manager server, and then commit configuration to update the processing node servers.
6.7 Blended Threats licensing: The Blended Threats Module is licensed using a flag in the product key. To try this module, obtain a special time-limited key from M86 Security.
6.7 Blended Threats proxy access: To use the BTM where a proxy is required you may need to run the Engine service under a domain account. See M86 Security Knowledge Base article Q12931.
6.7 User Group Pruning: After upgrading, for best results do not enable User Group Pruning immediately. At the time of upgrade, no existing items in user groups will be marked as "seen." Enable pruning after a month, or whatever time you determine as the pruning cycle for each group. For more information about pruning, see the User Guide and Help.
6.5 Service Pack requirement: MailMarshal servers now require Windows Server 2003 Service Pack 2. For the full list of supported operating systems, see Hardware and Software Requirements.
6.5 .NET version requirement: The Web Components now require .NET 3.5 SP1.
6.5 database upgrade: The MessageName index on the MailMarshal database is changed during upgrade (issue MM-1957). On large databases this change could take an hour or more. Reports and Console actions may not be available while this process is occurring. The installer estimates the execution time and allows you to stop installation if required.
6.5 file type recognition updates: A number of new file types have been added to the file type recognition facility, including Open Office documents and a new PDF subtype. See the "MC" entries in Change History. You should review file type rules to ensure that new types are allowed or blocked as appropriate.
6.5 folder message release: The default action when a message is released from any folder is now "continue processing." This change affects all messages currently in folders, even if the folder was previously configured with a release action of pass through or reprocess. To set up other actions, after upgrading, edit each rule that moves or copies messages to a folder.
6.5 Image Analyzer: The new Image Analyzer has fewer advanced settings. Earlier advanced settings are not preserved on upgrade. The new Engine Sensitivity setting is set to the default 65.
The upgrade installation (6.5 and above) does not install any new rules. After upgrading, you must create rules to use any new features available in the specific release. For more information, see M86 Security Knowledge Base article Q10337.
6.4 Operating System Support: As of version 6.4, MailMarshal is no longer supported on Windows 2000. You cannot install MailMarshal 6.4 on Windows 2000. If your existing MailMarshal installation is on a computer running Windows 2000, you will not be able to upgrade.
6.4: SpamProfiler: Version 6.4 introduces the SpamProfiler service. This service allows MailMarshal to pre-filter spam at the Receiver. SpamProfiler is enabled by default on new installations. As part of the upgrade process you can choose to enable SpamProfiler (strongly recommended).
- SpamProfiler requires internet access from each processing server. To configure usage and proxy options, see the Spam and Internet Access tabs of Server and Array Properties. For additional information see the User Guide and M86 Security Knowledge Base article Q11927.
6.4: Disk space requirements: Version 6.4 introduces significantly higher default requirements for free disk space (1GB free space preferred). On upgrade of a single server installation, you will be warned if less than 1.5GB of free space remains. In an array installation, you should check free space on each server manually. For more details on the disk space settings, see M86 Security Knowledge Base article Q11669.
6.4: POP3 aliases: Version 6.4 and above does not support POP3 aliases for domains that are outside your local domains list. If you have previously defined such aliases, after you upgrade email will no longer be delivered to them.
During the upgrade from version 6.1.8, the MailMarshal Controller may stop with an error. In most cases the Controller will restart automatically. This behavior is related to issue MM-429, first fixed in version 6.2.0.
In version 6.2 and above, the internet access proxy setting 'Preset' option is no longer available. During upgrade the 'Preset' option will be changed to 'Direct Access'.
When upgrading from a version below 6.1.6, if you have configured a range of return values for External Commands, the interpretation of the range entry has changed. Starting and ending numbers are now included (1-5 now matches 1, 2, 3, 4 and 5).
When upgrading from MailMarshal SMTP 6.0 to MailMarshal SMTP 6.X, the database upgrade will require approximately 5 minutes per GB of data. You should schedule your upgrade with this time requirement in mind.
By default the MailMarshal SMTP 6.X installation places the Unpacking or Explode folder within the MailMarshal SMTP installation folder. If your Unpacking or Explode folder is configured in another location, you can select that location on the Choose Destination Location window of the installation wizard.
Message Release codes generated by MailMarshal SMTP 5.5 will not be accepted by the Message Release external command under MailMarshal SMTP 6.X.

Uninstalling

MailMarshal can be installed in a variety of scenarios. For full information on uninstalling MailMarshal from a production environment, see the MailMarshal SMTP User Guide.

To uninstall a trial installation on a single computer:

Close all instances of the MailMarshal Configurator, MailMarshal Console, and MailMarshal Reports.
Use Add/Remove Programs from the Windows Control Panel to remove MailMarshal SMTP.
Use Add/Remove Programs from the Windows Control Panel to remove additional components you may have installed, such as Web components or Reports.
If you have installed any components (such as the Configurator, Console, Web components, or Reports) on other computers, uninstall them.
If you have installed SQL Express specifically to support MailMarshal and no other applications are using it, uninstall SQL Express.

Hardware and Software Requirements

The following system requirements are the minimum levels required for a typical installation of the MailMarshal SMTP Array Manager and selected database.

A full discussion of requirements for all supported configurations is available in the MailMarshal SMTP User Guide. See also M86 Security Knowledge Base article Q11358.


Category	Requirements
Processor	Pentium 4
Disk Space	10GB (NTFS), and additional space to support email archiving
Memory	1GB (plus an additional 1GB if SQL Express is installed locally)
Supported Operating System	Windows 7 Windows Vista with Service Pack 1 or above Windows Server 2008 including Server 2008 R2 Windows Server Standard or Enterprise 2003 with Service Pack 2 or above Windows XP Professional with Service Pack 3 or above Microsoft Small Business Server (SBS) 2003 or 2008 Notes: MailMarshal SMTP Server does not run on Windows XP Professional if the computer is not a domain member. Be aware of this restriction if you need to install a MailMarshal SMTP Server in a DMZ and it will not be a domain member. To install Web Components on SBS 2008, you must complete additional configuration steps. See M86 Security Knowledge Base article Q12671.
Network Access	TCP/IP protocol Domain structure External DNS name resolution - DNS MX record to allow MailMarshal SMTP Server to receive inbound email
Software	Database server: SQL Server 2008 R2, SQL Server 2008 (SP1), SQL Server 2005 (SP2) Database server (free versions): SQL 2008 R2 Express, SQL 2008 Express (SP1), SQL 2005 Express (SP2) (Service packs listed are the minimum required for compatibility with all supported operating systems)
Port Access	Port 53 - for DNS external email server name resolution Port 80 (HTTP) and Port 443 (HTTPS) - for SpamCensor updates Port 1433 - for connection to SQL Server database and Reports console computers Port 19001 - between Array Manager and Processing Nodes Note: Additional ports are required by the Nodes for email and updates.

Change History

The following additional items have been changed or updated in the specific build versions of MailMarshal SMTP listed.

Note: The information in this document is current as of the date of publication. To check for any later information, please see M86 Security Knowledge Base article Q14004.

6.9.9 (January 09, 2012)

MM-3904	DOC files with poor formatting in the User Summary Info area can cause MailMarshal services to stop. If you encounter this issue, please contact M86 Security Support for details of a setting to skip processing of this part of documents.
MM-3907	Sent History retention cannot be set to less than one month. If Sent History items are consuming excessive disk resource, please contact M86 Security Support for details of additional options.
MM-3909	In earlier 6.9 versions, messages with invalid envelope information were not properly deadlettered. Fixed.
MM-3911	Unpacking of certain poorly formatted PDF files can fail. If you encounter this issue, please contact M86 Security Support for details of additional options.
MM-3912	Word documents with null fields in Document Summary Info could cause the Engine to stop. Fixed.
MM-3913	Certain Word documents with invalid document summary information were incorrectly deadlettered. Fixed.
MM-3918	It is now possible to specify that message delay notifications should be sent externally. See M86 Security Knowledge Base article Q14383.

6.9.8.3800 (November 3, 2011)

MM-3755	Messages with attached Office 2003 documents that contained embedded Office 2007/2010 documents were deadlettered. Fixed.
MM-3855	In 6.9.7, specific formatting in OLE document summary information could cause messages to be incorrectly deadlettered. Viewing these messages in the Console could cause additional problems. Fixed.
MM-3864	In previous 6.9 releases, the BTM database could be incorrectly reported as out of date. Fixed.

6.9.7.3719 (October 18, 2011)

MM-3770	Upgrade now provides more user friendly information about status during database upgrade.
MM-3771	Upgrade now provides more user friendly information about status while calculating time required for database upgrade.
MM-3816	In 6.9.6, the Web Console could return an error for non-administrative users under Windows Authentication. Fixed.
MM-3817	In 6.9.6, OLE documents with document summary information over a certain length could cause the Engine to stop. Fixed.
MM-3818	In 6.9.6, unpacking of OLE data from Excel files could cause the Engine to stop in specific cases. Fixed.
MM-3836	In 6.9.6, checking of mailbox name length could return an incorrect result for some cases using ESMTP extensions. Fixed.
MM-3844	In 6.9.6, warning messages generated during PDF unpacking were not handled correctly in some cases. Fixed: The affected documents are unpacked and scanned. Any warnings concerning embedded content (such as images in unsupported formats) are logged to the Engine text logfile.

6.9.6.3437 (September 7, 2011)

MM-108	Many images are now extracted from PDF documents.
MM-1483	Help and header text for the Rule Profiler function has been added to mmlookup.exe.
MM-1567	PDF unpacking now handles Unicode.
MM-2236	Some PDF files caused recursion in the Engine and could not be unpacked. Fixed.
MM-2363	The version of the archive unpacker included with MailMarshal has been updated. This version handles additional compression formats.
MM-2834	PDF files with limitations on printing and other functions were incorrectly identified as Encrypted PDF. Fixed.
MM-2837	Image Analyzer has been updated to version 5.
MM-2859	Binary files are now better recognized as type COM or EXE.
MM-2977	PDF Xref detection is improved.
MM-3332	Receiver, Engine, and Sender logs for each message are now stored in the message file. The Console message viewer displays the available information in separate tabs. Message log information for items that have been successfully delivered is now retained in a reserved folder named "Sent History."
MM-3339	Messages to be sent over TLS were not properly retried after temporary failure. Fixed.
MM-3366	The Receiver service could incorrectly detect that the mailbox name was too long (more than 255 characters). Fixed.
MM-3367	Certain Office 2007 documents were not recognized due to internal structure. Fixed.
MM-3387	SQL code for database creation and upgrade is now within a transaction to allow easier rollback if problems are encountered.
MM-3405	MailMarshal Sender throughput has been enhanced with increased buffer sizes.
MM-3406	MailMarshal Receiver throughput has been enhanced with increased buffer sizes.
MM-3410	DBlog files now correctly handle larger content.
MM-3419	Office 2007 files generated through the OpenXML SDK were not correctly unpacked. Fixed.
MM-3422	PDF unpacking has been improved, notably for Unicode and some encodings of images.
MM-3427	The MailMarshal database now supports index partitioning if installed on SQL Server Enterprise Edition (for new databases only).
MM-3431	Database and processing enhancements have been made to support MailMarshal SPE with multiple customers.
MM-3456	User Defined and custom document properties are now unpacked and scanned in Word 2003 and Word 2007 documents.
MM-3472	The Server Tool now checks the validity of the configured database on startup (this allows the database to be re-created when the SQL server has been rebuilt).
MM-3494	Word documents encrypted with IRM in Word 2007 (2003 compatibility mode) were deadlettered. Fixed: these documents are correctly recognized.
MM-3495	The minimum version allowed for upgrade is 6.5.1.
MM-3513	Messages quarantined with a default release action of "skip remaining rules" were not reprocessed as requested upon release. Fixed.
MM-3514	Console Dashboard data was never purged from the database. Fixed.
MM-3536	TLS now allows selection of a minimum cipher strength for inbound and outbound connections.
MM-3538	The certificate used to sign executable files has been updated.
MM-3539	The message parking feature logged redundant messages when a message was unparked. Fixed.
MM-3550	Logging of low disk space warnings has been enhanced for readability.
MM-3551	The Array Manager could stop unexpectedly if a new database was created and configuration was not synchronized. Fixed.
MM-3553	Routing enhancements have been made to support MailMarshal SPE with multiple customers.
MM-3582	A full BTM database update could stop message processing for a significant time. Fixed.
MM-3598	PDF unpacking has been enhanced. Images, attachments, and annotations are unpacked.
MM-3604	Deadlettered messages can be passed through to users by rule action.
MM-3611	Sender and Recipient IP addresses could be logged incorrectly (with reversed octets). Fixed.
MM-3612	The integration with Norman Endpoint Protection is updated.
MM-3613	Retention and permissions for Deadletter folders are now set through the Configurator.
MM-3622	Receiver rules with the message size conditions "equal to " and "not equal to" caused the receiver to fail. Fixed.
MM-3628	EMF files are now correctly unpacked and the contents are scanned. See also MM-3725.
MM-3634	New database objects are included to summarize traffic data for MailMarshal SPE installations.
MM-3649	Additional logging has been added in the Engine service for Dead Letter rule processing.
MM-3676	Configuration of the Marshal IP Reputation Service was invalidated when another Reputation Service was configured. Fixed.
MM-3684	Error messages logged to the Event Log could cause issues due to recursive substitution of variables. Fixed.
MM-3691	BTM updates could prevent reloading of configuration at the Engine. Fixed.
MM-3696	PDF unpacking has been improved. Incorrect character strings are no longer present.
MM-3697	PDF unpacking now supports "linearized" PDF.
MM-3699	Selecting the default message digest template for new digests loaded additional incorrect characters. Fixed.
MM-3705	The Console and Configurator now use the terms "Connection Policy" or "Connection Log", "Content Analysis Policy" or "Content Analysis Log," and "Delivery Log".
MM-3712	A more descriptive logging message is written by the Array Manager on shutdown when the SQL database is unavailable.
MM-3722	The Sender would stop in the unlikely event that no route at all could be found for a message. Fixed.
MM-3725	Files unpacked from EMF files (MM-3628) are only saved and scanned if they are of a recognized type. Type BIN (unknown) files are not saved.

6.8.4.9558 (November 16, 2010)

MM-3330	The Receiver service could stop if it encountered to a RPC exception while attempting to log Receiver Rule entries. Fixed.
MM-3342	The Controller service could stop due to a problem with the Group Manager function. Fixed.
MM-3415	The Route to host function failed for messages with more than 127 recipients. Fixed.
MM-3420	SPF evaluation could cause a service failure while evaluating certain malformed SPF redirects. Fixed.
MM-3424	Deleted text (tagged `w:delText`) was not extracted from Office 2007 documents and could not be scanned. Fixed.
MM-3442	A vulnerability was identified in the SQM website code that could potentially allow inappropriate access to some information. Fixed.
MM-3452	Reloading configuration under very heavy load could cause a deadlock condition and processing services could stop responding. Fixed.
MM-3453	SpamCensor, BTM, and Console RSS updates could fail through some firewalls due to wrongly formatted HTTP request headers. Fixed.
MM-3465	Some SPF related updates in earlier releases were not applied to code used by the Engine. The related Change History items are MM-2228, MM-2676, MM-3116, and MM-3138. Fixed.

6.8.3.9481 (June 3, 2010)

MM-3363	The Array Manager did not correctly use the Windows authentication credential entered in Server Tool. Fixed.
MM-3365	In version 6.8, when a message was split for sending due to a large number of recipients, sending for additional groups of recipients was delayed. Fixed.
MM-3368	The default rule "Attachment Management (Outbound): Park Large Files for Later Delivery" was not updated with the new release action parameter in version 6.7. This could cause the engine to stop. Fixed.
MM-3369	Database names were not correctly escaped in all cases. This problem could result in inability to connect to a database with a name containing characters other than a-z and 0-9. Fixed.
MM-3377	The Array Manager did not correctly return the date of a message when queried by MailMarshal SPE. Fixed.
MM-3379	Database upgrade from version 6.4 to 6.8 could time out. Fixed. The problem could also be worked around by upgrading to version 6.7 and then to 6.8.
MM-3380	Upgrade did not correctly use port numbers in the connection string when connecting to SQL. Fixed.
MM-3385	In MailMarshal 6.8.2, SpamCensor processed message components in an incorrect order, and results could differ from other versions. Fixed.

6.8.2.9371 (April 27, 2010)

MM-333	Console day folder display and digest generation were affected by Daylight Saving changes in a few cases. Fixed.
MM-558	Users can add email addresses to the Safe Senders list when releasing a message from a digest. The administrator can enable or disable this feature.
MM-601	The registry location for MailMarshal is now `HKEY_LOCAL_MACHINE\SOFTWARE\Marshal`. Upgrading moves the registry hive.
MM-809	The GetVersion stored procedure now has public execute rights to allow non-administrators to connect from the reporting console.
MM-1327	End-user whitelists and blacklists were not correctly updated if system times differed between the Array Manager and nodes. Fixed.
MM-1790	Many issues with updates through proxy have been resolved. See MM-2273. Updates affected include SpamCensor, BTM, and RSS feeds.
MM-1839	The Array Manager could stop if the SQL Server was slow to start during system startup. Fixed.
MM-2273	Web updates now use a third party component (instead of the deprecated Microsoft component WinInet).
MM-2450	End user whitelist and blacklist information was updated inefficiently, which could affect performance with large sets. Fixed.
MM-2501	The Receiver service could fail during shutdown in some cases. Fixed.
MM-2575	In some earlier versions, using a database with case-sensitive settings caused errors. Fixed.
MM-2726	Group reload times can now be specified (with a Registry entry).
MM-2727	LDAP and AD user group names could not be entered in the Configurator by typing. Fixed.
MM-2730	When a sending route is available but some messages are being refused with 400 level responses, the particular messages are now retried less often to save MailMarshal processing effort.
MM-2776	The MailMarshal Engine could stop unexpectedly while committing configuration under heavy load with McAfee virus scanning enabled. Fixed.
MM-2807	The installation package has been updated to SQL 2008 Express SP1.
MM-2840	Obsolete command line virus scanners McAfee NetShield and Vet NT 10.x have been removed from the selection list. The scanners continue to work if installed.
MM-2975	Transmission of log files from the Controller to the Array Manager has been made more efficient.
MM-3003	The Web Components installer did not check for all IIS prerequisites on some operating systems. Fixed.
MM-3011	the version of MSSavi.DLL included with MailMarshal has been updated to 1.3.3.1.
MM-3013	MailMarshal now unpacks ISO image files.
MM-3010	IP addresses could be shown reversed in results of database queries. Fixed.
MM-3024	MailMarshal now supports installation on Windows 7, including Windows 7 Logo certification.
MM-3043	Logging by the Array Manager Spam RPC interface has been improved.
MM-3049	Certain PDF files caused an error in processing. Fixed.
MM-3055	The product has been rebranded for M86 Security.
MM-3064	Deleting all policy groups and creating a new one caused the Configurator to fail. Fixed.
MM-3066	DNS Blacklist rules could cause processing delays if the DNS server was unavailable. DNSBL requests are now cached separately from delivery requests to enhance performance.
MM-3067	Upgrade did not correctly handle LDAP groups used in the SpamProfiler Receiver exclusions. Fixed.
MM-3068	No Reputation Service entries could be created when using a Temporary key. Fixed: this restriction now only applies to the Marshal IP Reputation Service, by design.
MM-3070	The administrator can now allow end users to subscribe and unsubscribe from digests.
MM-3072	The Blended Threats Module has been updated with new rule conditions and a "hold queue" action.
MM-3073	Many improvements have been made to SQL support, including support for instances, support for Windows authentication, and assignment of user rights.
MM-3074	The Marshal IP Reputation Service "Test" button could return incorrect results depending on the response from DNS name servers. Fixed.
MM-3075	Sophos Anti-Virus (not Sophos for Marshal) could return "Not enough storage is available to complete this operation" on configuration commit. Fixed.
MM-3076	The MailMarshal Today page now provides summary information for a user selectable time period and is renamed the Dashboard.
MM-3095	BTM updates could cause the MailMarshal Engine to stop due to a database exception. Fixed.
MM-3096	The Server Tool has been improved.
MM-3110	Submitting a message to M86 as spam or not spam from the Console now submits the message log as well as the message.
MM-3116	SPF evaluation did not correctly check PTR domains. Fixed.
MM-3135	Certain malformed TNEF files caused an error in processing. Fixed: These files are deadlettered.
MM-3138	SPF evaluation could fail in rare cases due to an issue with timeout evaluation. Fixed.
MM-3141	Certain PDF files caused an error in processing. Fixed.
MM-3147	IP group updates did not occur unless configuration was reloaded. Fixed. Also, reload times can now be specified (with a Registry entry).
MM-3165	After upgrading to version 6.7, some messages quarantined before the upgrade could not be released using the Console due to a change in message release handling. Fixed.
MM-3166	Certain PDF files caused an error in processing due to invalid paths in embedded files. Fixed.
MM-3205	The BTM status display in Configurator and Console did not show "out of date" while the initial database download was in progress. Fixed.
MM-3208	Some Configurator dialogs did not display toolbars correctly with some display themes. Fixed.
MM-3214	In version 6.7, the option "override default folder security" was selected by default for all folders. Fixed: this option is selected by default only for folders that may contain dangerous items (to avoid accidental release of these items).
MM-3270	Users imported with Group File Import tool were marked as "never seen" for pruning. Fixed: Imported users are now marked as "Seen today."
MM-3271	Partial message bodies shown in digests were not properly escaped or encoded. Fixed.
MM-3301	The Web Components installer now allows installation on Windows Server 2008, Web edition.
MM-3328	Unpacking of large Excel files could use excessive memory. Fixed.
MM-3344	The "Archive messages visible for..." setting did not apply in all locations within the Console. Fixed.
MM-3348	The Message Release external command did not work for nodes with ID greater than 9. Fixed.

6.7.2.8378 (November 2, 2009)

MM-466	SpamCensor now checks attached email messages as well as the top level message.
MM-1664	User groups can be "pruned" of entries that have not matched recently.
MM-1675	The MMC "export list" functionality now works in the Console message search window.
MM-1763	The SQM website can now authenticate users in multiple AD domains. For details, see Knowledge Base article Q12902.
MM-1774	When a key request is submitted, MailMarshal opens a webpage providing more information about the key request process.
MM-1799	Some Excel 2007 documents saved in Excel 2003 format were detected as type OLE. Fixed.
MM-2010	Image Analyzer could return different scores for the same image. Fixed.
MM-2028	From and Recipient IP addresses are now included in the message record in the database.
MM-2060	Unpacking of OpenOffice file types has been validated.
MM-2299	SQM website searching on "From" addresses has been improved.
MM-2128	MailMarshal now correctly detects Microsoft Document Imaging (MDI) files.
MM-2314	Web installer and CD-Rom autorun packages are now digitally signed.
MM-2395	Watermark text is now extracted from many Microsoft Office files including Word 2003 and 2007, PowerPoint 2003 and 2007, and Word XML formatted files.
MM-2440	Message purging performance has been significantly improved for large installations with long archive retention.
MM-2441	SMTP response text returned by the Receiver can now be customized. For details, see Knowledge Base article Q12897.
MM-2482	The default retention period for new Archive folders is now 3 months.
MM-2487	User groups can be searched for an email address.
MM-2525	Web Components did not function correctly on SBS2008. Fixed.
MM-2560	Emptying the Console Mail Recycle Bin did not delete all physical files. Fixed. Note that the fix only corrects the deletion behavior. Earlier files must be removed manually.
MM-2571	Installation now checks for supported SQL service pack as well as major version.
MM-2588	An updated Quarantine Sync tool is provided with the product installation.
MM-2590	The SQM website now provides users the option to receive or not receive digests (if enabled by the administrator).
MM-2595	Configuration commits can now be scheduled through the Configurator \| Server Properties.
MM-2612	When the SQM website connects to a different version Array Manager, the message returned to the web user is now informative.
MM-2640	MailMarshal expected a specific, older version of MSXML. Fixed.
MM-2643	Unpacking of BinHEX files has been improved.
MM-2652	The SpamProfiler registry settings were not correctly updated during upgrade from 6.4. Fixed.
MM-2662	In the Web Admin Console, Mail History and Folder searches only returned the first page of results. Fixed.
MM-2669	When a user group was renamed in the Configurator, the name was not updated in the rule wizard display. This was a display issue only. Fixed.
MM-2672	The Sender could consume all threads delivering a single message to many domains. Fixed: a maximum of 10 concurrent threads will be used for each message.
MM-2673	Default thread counts for "small" and "large" sites have been increased. Upgrading does not change existing settings.
MM-2676	The Receiver service could stop unexpected due to an error in the SPF evaluation. Fixed.
MM-2689	The ability to add file fingerprints from the Console has been reinstated. The feature can be enabled for specific folders.
MM-2694	Creating an account with a password over 60 characters caused the Configurator to fail. Fixed: a limit of 100 characters is supported and enforced.
MM-2706	Certain binary files were incorrectly recognized as type ARJ. Fixed.
MM-2707	File type identification now includes separate types for web form text and web form binary data.
MM-2708	Multiple local domain and default route entries could be added to a routing table. Fixed. For upgraded installations, the Configurator enforces a single entry when the routing table is edited.
MM-2712	Messages with MIME content-type fields spanning thousands of lines could cause the MailMarshal Engine to fail. Fixed.
MM-2713	SpamProfiler updates could fail due to a download timeout, particularly if the update was started manually. Fixed.
MM-2718	SpamCensor can now scan MIME headers for all parts of a message.
MM-2719	SpamProfiler cartridge version 3050 is included in the product installation.
MM-2728	File type identification has been improved for Word 6 and Word Document with IRM types.
MM-2750	Configuration reload status now displays in the MMC status bar (lower right).
MM-2760	Certain Excel 2007 files caused the MailMarshal Engine to fail during unpacking. Fixed.
MM-2789	Upgrading the database from version 6.5.4 or below could fail due to the database update script attempting to drop a non-existent property. Fixed.
MM-2795	In some earlier versions, attachments with filenames in Arabic caused message to be deadlettered. Fixed.
MM-2803	In version 6.5.4, when the DNS server was not contactable, messages were returned instead of being queued. Fixed.
MM-2818	Handling of bare LF characters at the end of messages by the Sender has been corrected.
MM-2819	Handling of bare LF characters by the Receiver has been corrected.
MM-2820	The Sender now delivers the oldest untried messages for a route first.
MM-2821	The Sender now limits thread usage so that no one type of delivery can consume all available threads. The delivery types are new messages, deferred messages, DNS routes, and static routes.
MM-2822	A DNS lookup that returned "no data" resulted in the message being retried. Fixed: the message is now marked as undeliverable.
MM-2823	PDF unpacking is now more robust when unpacking malformed attachments.
MM-2826	SpamProfiler scores are now logged to text logs as with SpamCensor scores.
MM-2857	SpamProfiler has been moved out of the Receiver process for reliability.
MM-2867	A new Upgrade Tasks page is included in the Configurator.
MM-2879	The default SpamProfiler threshold is now >99 (was >95).
MM-2913	Visual C++ redistributable versions included in the installer have been updated.
MM-2922	the version of MSSavi.DLL included with MailMarshal has been updated to 1.3.3.0. This DLL resolves issues with Sophos engine updates while under load.
MM-2960	Configuration changes have been made to improve compatibility of the Web Components with SBS2008 and Windows 2008 64 bit editions. Additional manual changes may be required. For details, see Knowledge Base article Q12671.
MM-2964	The MailMarshal engine could fail while unpacking specific embedded PDF files. Fixed.
MM-2986	The default SMTP response when a message is refused at the Receiver due to SpamProfiler evaluation has been improved. The new text is: `550 Message refused by MailMarshal SpamProfiler`.
MM-3036	Key requests did not include information about some additional items enabled by the existing key. Fixed.
MM-3037	The SQM website might not show the latest messages on the main page, because the user last logged in time was not always set correctly. Fixed.
MM-3045	When multiple virus scanners were in use, a virus could be undetected if the first scanner invoked did not detect it. Fixed.

6.5.4.7535 (May 22, 2009)

MM-2634	In previous 6.5 releases, the Console did not display sender information for messages with a blank Return Path, due to the changes made for issue MM-1390. These changes have been reverted.
MM-2647	In previous 6.5 releases, the Console and SQM Website encountered performance issues, due to the changes made for issue MM-1390. These changes have been reverted.
MM-2652	In previous 6.5 releases, upgrading from earlier versions caused a problem with the SMTP response sent by SpamProfiler message rejection. Fixed.
MM-2654	The custom engine threads setting is now validated when entered in the Configurator. The valid range is 1 to 5 threads.

6.5.3.7407 (May 18, 2009)

MM-2629	The upgrade installation did not correctly roll back when cancelled due to lock on the MMPrfMon.dll. Fixed.
MM-2630	Messages with improperly formatted Content-Type declaration could cause a loop in the MailMarshal Engine. Fixed.
MM-2631	Certain Excel binary worksheets caused an exception when opened for examination. Fixed.

6.5.1.7247 (May 1, 2009)

MM-2598	User defined filetypes were not available in version 6.5.0. Fixed.
MM-2577	Improved the error message returned when attempting to connect to Array Manager from a mismatched version of the Spam Quarantine Management website.

6.5.0.7203 (March 25, 2009)

MM-57	When connecting the Console to a remote server in a workgroup, an uninformative error message could be returned. Fixed.
MM-106	PDF unpacking has been improved for documents with unknown inline image types.
MM-109	The global Maximum Number of Recipients can now be set separately for incoming and outgoing messages.
MM-145	Nested TNEF messages now display correctly in the Console and MML Viewer.
MM-195	Sorting by size in the Sender node of the Console did not work correctly. Fixed.
MM-488	If an array is managed by MailMarshal SPE, the Configurator now raises a warning when connecting.
MM-584	The Image Analyzer DLL is now installed in the `\config` directory to allow remote updates if required.
MM-604	Renaming elements was not supported in Taskpad view under MMC 3.0. Fixed.
MM-637	Image Analyzer could return the result "unsupported" for several files after processing one unsupported file. Fixed.
MM-643	Handling of PDFs with embedded files in annotations has been improved.
MM-805	In some earlier versions, running the installer in Modify mode could place some folders in an incorrect location. Fixed.
MM-904	The {Date=%%c} variable did not use locale settings as required. Fixed.
MM-941	In the Web Console, clicking the Delete link for a message twice within Mail History could return an exception. Fixed: the message display is now updated after deletion so that the correct link displays.
MM-959	Unpacking of PDF files with embedded object streams has been improved.
MM-995	Some DNSBL matches were not logged. Fixed.
MM-1141	A number of potential attachment stripping vulnerabilities have been addressed.
MM-1213	The default use of URIBL evaluation no longer includes greylisted domains. These entries often resulted in false positive identification of spam.
MM-1228	The Server Tool could not stop the Controller service if dependencies were running. Fixed: the Server Tool now stops dependencies if required.
MM-1229	The Server Tool did not restart the Updater service on a node when "Restart Running Services" was selected. Fixed.
MM-1234	Header rewriting could incorrectly add new header lines in the middle of an existing folded line that contained blank lines. Fixed.
MM-1239	To ensure that routing exceptions are processed, new routing table entries are created above an existing Local Domains entry.
MM-1264	Office 2007 Macro files could not be saved from the message viewed. Fixed.
MM-1301	The default action for release from deadletter folders in the Web Console is now to pass through (matching the MMC Console).
MM-1312	ACE archives with permissions set on individual contained files could not be unpacked or deleted. Fixed.
MM-1313	Unpacking of compressed RTF documents has been improved.
MM-1328	The SQM website could generate a JavaScript error on the login page after first installation. Fixed.
MM-1329	The SQM website did not grant the first user Administrator permission when initially configured with Forms authentication. Fixed.
MM-1340	If the Controller executable was locked during upgrade, the old version could continue to run without warning, causing other issues. Fixed: If the Controller is locked, the installer warns the user and offers to postpone changes until the next restart.
MM-1348	Handling of header rewriting for invalid email addresses has been improved.
MM-1357	In the Web Console, attempting to release a message and selecting no recipients caused an exception. Fixed.
MM-1360	Changing the location of Array Manager logging with the server tool did not work for standalone array managers. Fixed.
MM-1364	A potential memory access problem was identified in the Base64 decoder. Fixed. See also MM-1141.
MM-1371	File naming for unpacked files has been improved to address vulnerabilities (trailing dots).
MM-1385	Web Components did not install correctly if the "C:\Program Files" folder did not exist. Fixed.
MM-1388	A new Norman integration DLL is included in this version. Some deadlock issues are fixed.
MM-1390	The "From" field in the SQM website views now shows the return-path email address as used in MailMarshal user matching.
MM-1391	When a TLS self-signed certificate was already present, creating a Certificate Signing Request deleted the existing certificate. Fixed: the CSR now generates a separate file (`csrprivkey.pem`) and warns the user appropriately if files will be deleted.
MM-1427	Disabling SpamProfiler in the Configurator now stops SpamProfiler internet updates.
MM-1585	DNS blacklist exclusions in `SpamHaus.xml` were not applied due to an incorrect group name label. Fixed.
MM-1772	TIF images are now visible in the Console preview. Large BMP, GIF, TIF, PNG, and JPG files are displayed as thumbnails for enhanced performance.
MM-1773	PDF unpacking could fail due to Unicode characters in file names. Fixed.
MM-1796	The Safe and Blocked Senders features of the SQM website can now be disabled.
MM-1806	Messages deadlettered as Undetermined were incorrectly placed in the Malformed folder. Fixed.
MM-1814	HTML formatted email with META REFRESH tags could potentially redirect to malicious content when viewed in the console. Fixed.
MM-1817	The Zero Day Protection Framework default rule used an incorrect email notification template. The default has been fixed.
MM-1832	In version 6.4 the Remote MTA information was not included in "undeliverable" notifications. Fixed.
MM-1834	The SQM website did not show the latest messages on the main page, because the user last logged in time was updated inappropriately. Fixed.
MM-1838	Folder names could be entered with leading or trailing whitespace, which could cause email processing services to fail. Fixed.
MM-1844	Reloading an empty AD universal group generated inappropriate error messages. Fixed.
MM-1855	Configuration Merge files are no longer available in the installation.
MM-1867	The SQM administrator function to delete all users was not implemented. Fixed.
MM-1892	A current SpamProfiler cartridge is provided for new product installs.
MM-1899	In version 6.4.5, specific TNEF files were not unpacked properly. Fixed.
MM-1911	SpamProfiler updates can now roll back the cartridge version as well as incrementing it.
MM-1915	The Web Console again allows transparent authentication by NTLM where possible.
MM-1916	SQM forms based authentication now allows logging in with email address domains such as @local (as well as public Top Level Domains)
MM-1920	MailMarshal can now identify Word 6.0 documents. Older data structures found in these documents could theoretically be used to inject malicious content.
MM-1925	A required DLL (`cmae.dll`) was not included with Array Manager only installations. Fixed.
MM-1927	Office 2007 hyperlinks were incorrectly treated as unpackable files. Fixed.
MM-1931	MailMarshal Manager and Array Properties have been converted from tabbed dialogs to a property page with a selection tree.
MM-1945	Upgrading from version 6.4.1 to 6.4.5 did not correctly update some stored procedures. Fixed.
MM-1949	Files unpacked from Office 2007 documents could contain path information that caused the McAfee scanner to fail. Fixed.
MM-1950	Each rule that quarantines messages can now specify what rules apply to the messages when released.
MM-1957	The database MessageName index now includes the message edition. Message purging speed will be enhanced. Existing databases are upgraded by the installer.
MM-1963	The SQM Create User function did not set a primary user email alias. Digesting could be affected. Fixed.
MM-1971	SpamProfiler can now be used in a Standard Rule condition.
MM-1974	Image Analyzer integration has been updated to use the latest version of Image Analyzer software.
MM-2003	The SQM website did not allow a delegate user name that contained a space. Fixed.
MM-2004	The chart data displayed on the SQM website did not add to 100% due to rounding. Fixed.
MM-2011	Incorrect locking in the group management code could cause the Controller service to stop. Fixed.
MM-2015	MailMarshal services and interfaces are granted Administrator privilege to run under UAC.
MM-2073	Temporary unpacked files with Unicode characters in the names are now renamed if necessary to complete processing.
MM-2098	Encrypted PDF documents could be detected as type PDF (not encrypted). Detection of this type has been improved.
MM-2117	The Clean theme in the SQM could display untidily when very log message subjects were displayed. Fixed.
MM-2135	When releasing a message from the link in a digest email the time displayed was shown in GMT instead of local time. Fixed.
MM-2136	Folder message counts displayed in the SQM website could be incorrect in some circumstances. Fixed.
MM-2137	The SQM home page display did not update when all message were deleted. Fixed.
MM-2138	The "add email address" function in the SQM website can be disabled by the administrator.
MM-2140	Certain malformed email addresses could cause errors in the SQM website. Fixed.
MM-2142	SQM website loading times are significantly improved with .NET 3.5 and other enhancements.
MM-2182	JPEG2000 files were not correctly identified. Fixed.
MM-2187	TLS could not use certificates that were provided by the CA as multiple certificates in a certificate chain. Fixed.
MM-2205	The user selection of Safe and Blocked senders lists enable/disable from the SQM website was not applied correctly. Fixed.
MM-2222	If TLS is required for a domain, MailMarshal Sender will always attempt to connect using EHLO regardless of other settings.
MM-2228	SPF or Sender ID records with badly formatted includes could cause the Receiver to stop. Fixed.
MM-2257	Some PDF files were not identified as encrypted. Fixed.
MM-2269	Certain PDF documents have highly recursive element nesting and can cause unpacking to fail. MailMarshal now limits unpacking of PDF to 500 levels of nesting by default. You can set the limit using a registry value. See M86 Security Knowledge Base article Q12243.
MM-2276	Additional text such as watermarks is now extracted from PowerPoint documents.
MM-2277	Watermark text is now extracted from Word 2003 and Word 2007 documents.
MM-2324	The Sender service did not honor the LogMask entry (to specify logging level) in the Registry. Fixed.
MM-2341	The "pass message to rule" action did not validate selection of the rule to pass to, which could result in an invalid configuration causing the Engine to stop. Fixed.
MM-2358	The latest CountryCensor database is included in this release.
MM-2361	The maximum number of recipients per connection from the sender can be set with a Registry value. The default number of recipients per connection is 250.
MM-2404	Hotkey conflicts have been resolved on some wizard pages.
MM-2444	Blocked Hosts did not correctly resolve FQDN entries. Fixed.
MM-2451	SQM with authentication by email address now requires email addresses to be within the MailMarshal local domains at the time of registration.
MM-2455	Message recipients with a + symbol in their email address could not release messages from digest links. Fixed.
MM-2466	The Migration Tool and Quarantine Upgrade Tool are no longer provided with the product installation. To upgrade from version 5.5, you must first upgrade to version 6.4 or below.
MC-1	File Type checking now can access files named with Unicode characters.
MC-2	Excel 2003 worksheets created in Excel 2007 were incorrectly recognized as file type OLE. Fixed.
MC-4	Certain MSI files were incorrectly recognized as OLE files. Fixed.
MC-6	.torrent files are now recognized (type Bittorent .torrent metainfo file).
MC-7	Certain PowerPoint files generated in Microsoft Office 2002 SP2) were incorrectly recognized as file type OLE. Fixed.
MC-8	UTF-8 files with small numbers of errors are not correctly detected.
MC-9	Some executables were wrongly detected as self-extracting ZIP files. Fixed.
MC-12	Certain True Type fonts were detected as type BIN. Fixed.
MC-13	Certain CAB files were detected as type BIN. Fixed.
MC-14	OGG audio and video streams are now detected.
MC-20	Certificate Revocation Lists (CRLs) are now detected.
MC-21	Firefox updates (MAR) are now detected.
MC-22	Google Safe Browsing updates are now detected.
MC-25	Some PowerPoint files were incorrectly recognized as OLE files. Fixed.
MC-34	Detection of HTML has been improved where large amounts of other text content was present at the top of the file.
MC-37	PDF detection has been enhanced with a new type for documents with operations protected (Protected Acrobat PDF Document). These files can be unpacked and scanned.
MC-39	Microsoft Document Imaging (MDI) files are now recognized.
MC-40	Many Open Office document file types are now recognized.
MC-41	Word 2007 documents with Restricted Access were detected as type OLE. Fixed: these documents are now detected as encrypted Word documents.
MC-42	Some RAR files caused a timeout when unpacked. Fixed.

6.4.7.6160 (September 9, 2008)

MM-1962

SQM support for MailMarshal SPE 2.3.

6.4.6.5922 (August 6, 2008)

MM-1896

In version 6.4.5, messages were not automatically released from parking folders as specified. Fixed.

6.4.5.5695 (June 26, 2008)

MM-781	Receiver Rule logging could cause database deadlock errors. The issue has been further addressed with sorting of items from multiple nodes.
MM-1447	DeadLetter templates now include separate options for inbound or outbound messages.
MM-1486	A new more descriptive variable name `{ReputationServices}` duplicates `{MMSmtpMapsRBL}`.
MM-1487	DOS and DHA blocking times are now based on the time when the block was first applied (not the time of the most recent attempt).
MM-1488	Folders and classifications now cannot be deleted when they are used in classification groups.
MM-1493	Automatically generated trial keys now support Sophos for Marshal.
MM-1495	MailMarshal can now unpack Microsoft SZDD archives.
MM-1496	Certain upgrade scenarios could create an open email relay. Fixed.
MM-1503	The Route to Host rule action now accepts a port number.
MM-1507	SQM did not allow updating a safe or blocked entry to a wildcard string. Fixed.
MM-1510	The installer now checks for and installs the correct version of Microsoft Visual C redistributable (8.0 SP1)
MM-1511	SpamProfiler updating now supports NTLM for proxy authentication.
MM-1516	Receiver rule checking for FQDN hostnames now accepts hostnames with between 3 and 10 parts by default. This behavior can be changed with a Registry entry. See M86 Security Knowledge Base article Q12041.
MM-1518	Messages quarantined by SpamProfiler and released could pass through MailMarshal without being virus scanned. Fixed with rule changes.
MM-1519	When the engine started, it could create a crash dump zip file unnecessarily. Fixed.
MM-1524	The Route to Host rule action can now specify that the remote host is MailMarshal SES. Additional data is sent to preserve message logging between servers.
MM-1552	The SpamCensor updater now provides a better error message when update fails due to problems retrieving the Certificate Revocation List.
MM-1556	Releasing a message from the SQM website did not honor the folder options for pass through or continue processing. Fixed.
MM-1569	Image Analyzer has been updated to the latest available version.
MM-1576	The rule condition "Where Sender's IP address matches address" is now available in Standard rules as well as Receiver rules.
MM-1765	Some other servers could reject MailMarshal digest messages as malformed due to invalid UTF-7 encoding. Addressed with a registry setting to disable this encoding if necessary.
MM-1788	Internet access settings for nodes were not honored. Fixed.
MM-1793	The LDAP connector now has improved ability to recognize the end of returned data ("no such object").

6.4.1.5038 (March 06, 2008)

MM-1382	MP3 files could cause the file type checker to exit unexpectedly. Fixed.
MM-1396	Receiver disk check could give incorrect results. Addressed with updated logic. Also, this check can now be disabled. See M86 Security Knowledge Base article Q11669.
MM-1398	Messages tagged by SpamProfiler could never be released when reprocessed. Fixed.
MM-1400	Creation of zip files used for debugging of the unpacking process could cause issues. Fixed.
MM-1406	SpamProfiler now allows exceptions by User Group and by Safe Senders lists.
MM-1412	In previous 6.4 releases, environment variables did not work in message templates. Fixed.
MM-1418	Inappropriate POP3 alias errors appeared in the event log when POP3 accounts were created for authentication. Fixed.
MM-1422	Upgrade converted anti-relay IP ranges (from netmask to range format) incorrectly. Fixed.
MM-1432	The Engine now supports "rule profiling" to record the average run time of a rule and the number of times it is run. The result can be queried using MMLookup.exe. See M86 Security Knowledge Base article Q11981.
MM-1440	Problems with message formatting in the Sender service could cause the service to exit unexpectedly. Fixed.
MM-1442	The Sender notifications did not provide a detailed reason for failure. Fixed.
MM-1459	The -r (list of recipient fields) option of MMGetMail did not function. Fixed.
MM-1461	After upgrade some local domains variables in templates could be blank. Fixed.
MM-1467	Attempting to upgrade the Spam Quarantine Management component actually uninstalled it. Fixed.
MM-1475	The RemoteIP variable was not populated in the sender notification template. Fixed.

6.4.0.4772 (January 30, 2008)

MM-1337	Could receive error "Error talking to client 'nnn.nnn.nnn.nnn' Property IpAutoWhitelisted not found" when using TLS. Fixed.
MM-1363	The version number of the configuration merge file `CurrentConfigMerge.xml` was incorrect. Fixed.
MM-1367	Deleting messages for a route from the Console caused all later messages for that route to be deleted until the Sender service was restarted. Fixed.
MM-1373	Execution of a SQL query by the Array Manager to determine the license count has been removed for performance reasons.
MM-1374	Zero length strings could cause services to exit unexpectedly (due to change in behavior in a new version of runtime libraries). Fixed.

6.4.0.4743 (January 25, 2008)

MM-1355

The installer will now prevent installation on Windows 2000 machines (for both new installations and upgrades).

6.4.0.4714 (January 22, 2008)

MM-1333	When upgrading, the MMReceiver and BlockedHostIP tables could generate duplicates and cause the upgrade to fail. Fixed.
MM-1336	The Configurator ceased to function when the "Server and Array Properties" window has been opened from the "MailMarshal Manager properties" window. Fixed.
MM-1337	Could receive error "Error talking to client 'nnn.nnn.nnn.nnn' Property IpAutoWhitelisted not found" when RBL check is enabled. Fixed.
MM-1341	Certain regular expression behavior differed from previous releases. Fixed.
MM-1343	Option added to change SpamProfiler behavior to apply to inbound messages only, or inbound and outbound messages.

6.4.0.4659 (January 15, 2008)

MM-166	Routing overrides did not work for local domain delivery. Fixed.
MM-232	Message size is now available as a MailMarshal variable for use in templates. This variable reflects the size as originally received.
MM-345	Messages that cannot be delivered after multiple retries now have a final classification of "undeliverable."
MM-404	Deletion of nested user groups is handled properly.
MM-445	Messages in deleted folders no longer appear in the Console Mail Recycle Bin.
MM-447	Storage and reloading of "valid fingerprints" is now more efficient.
MM-449	Messages with no body are handled correctly at all points in the product.
MM-452	The Blocked Host IP table (used by DoS and DHA functions) is now purged of data over 7 days old.
MM-453	Forward slashes in Active Directory group member names could cause errors in updating the groups. Fixed.
MM-455	Some Unicode files were incorrectly recognized as Binary. Fixed.
MM-482	Server From and Administrator email addresses can now be set for each Local Domain and will be used for messages relating to the domain.
MM-492	Some subject lines were incorrectly converted from UTF-7 to Unicode. Fixed.
MM-516	Detection of MP3 files has been improved.
MM-550	The console now allows you to configure the oldest message to display in archive folders.
MM-568	The rule interface for Spam Type categories did not save the correct selection. Fixed.
MM-578	Certain attached log files could be identified as mail headers. Fixed.
MM-595	URLCensor did not correctly look up a URL ending in . (dot). Fixed.
MM-637	Image Analyzer behavior with unsupported TIF files is improved.
MM-640	SORBS Reputation Service is no longer used by default.
MM-669	The Sender can now be bound to a specific IP using a Registry entry
MM-738	The keyboard Delete key did not function correctly in the Console under MMC 3.0. Fixed.
MM-776	Deadlettered messages are now logged with folder classifications and can be reported on by folder.
MM-781	Receiver Rule logging could cause database deadlock errors. The issue has been further addressed with changes to batch insertion of these records.
MM-793	Error handling for SPF records over 512 characters was not correct. Fixed.
MM-818	Messages with MIME boundaries declared in the headers are now deadlettered by default.
MM-819	Active Directory imported groups that contain child groups could not be deleted. Fixed.
MM-821	Message count and size rule conditions now allow "equal to" and "not equal to" an exact value.
MM-891	Digest generation failed for email addresses with a comma in the local part. Fixed.
MM-906	If the MailMarshal Sender gets a 500 response to the DATA command, the message will be retried.
MM-922	Office 2007 files are correctly recognized and unpacked. See also MM-962.
MM-935	"Scraping" of email addresses from LDAP connectors has been improved and better documented.
MM-953	Mail Batching is no longer supported within the product. The `MMGetMail.exe` external utility is available to perform this function.
MM-962	Excel 2007 Binary format (.xlsb) files are recognized as "Excel 2007 Binary document" but not fully unpacked. See also MM-922.
MM-963	Rule criteria evaluation for "greater than 0" failed. Fixed.
MM-1001	Deadletter folders now have a default release type of pass through with no further processing.
MM-1039	A Category script has been added for HIPAA compliance support.
MM-1068	Sophos could be invoked twice for a message if used in multiple rules with different conditions. Fixed.
MM-1123	Regular Expression filtering is now available to limit the items written to text logs.
MM-1182	The MailMarshal Web Configuration Tool is not used by the 6.4 Web components and has been removed.
MM-1206	Message digesting could fail when using a classification, if a classification of the same name had previously been deleted. Fixed.

To review Change History prior to version 6.4, please see the Release Notes for the specific versions.

All text and figures included in this publication are the exclusive property of M86 Security. This document may not, in whole or in part, be copied, published or reproduced without prior written consent from M86 Security. Every effort has been made to ensure the accuracy of the content contained in this document. Such content is provided “as is” without warranty of any kind. M86 Security disclaims all warranties and conditions with regard to this content, including all expressed or implied warranties and conditions of merchantability, and fitness for a particular purpose. The company shall not under any circumstance be liable for any errors or damages of any kind (including but not limited to compensatory, special, indirect or consequential damages) in connection with the document’s contents. Any information in this document is subject to change without notice.

M86 Security, the M86 Security logo and M86-branded products are registered trademarks under license by M86 Security. All other product and company names mentioned herein are trademarks or registered trademarks of their respective companies. All rights reserved.