Trustwave SEG 7.5 Release Notes

(Previously known as MailMarshal SEG)

Last Revision: July 04, 2017

These notes are additional to the SEG User Guide and supersede information supplied in that Guide.

The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q20247.

New Features
System Requirements
Upgrade Instructions
Uninstalling
Release History

New Features

For more information about additional minor features and bug fixes, see the release history.

Features New in 7.5.8

SpamProfiler uses a new technology. The format of results is not changed. Required update URLs have changed. For more information about required URLs, see Knowledge Base article Q12992.

Features new in 7.5.6

BitDefender Anti-Virus Support: Trustwave SEG now supports integration with BitDefender (BitDefender for Marshal). Trial licenses support this package. For customer trial or purchase, contact Trustwave.

Features new in 7.5.5

TLS Delivery rule action: Delivery over TLS can be set for a message based on rule criteria (such as recipient domain)

Features new in 7.5

Operating System Support: Installation on Windows Server 2016 and Windows 10 is supported. Use of Windows 10 for server components is not recommended (as for all workstation operating systems).
New malware detection capability: SEG can now evaluate messages using the Yara Analysis Engine. Configuration scripts for this functionality are provided and updated by Trustwave SpiderLabs. Advanced users can create custom scripts.
New suspect URL detection capability: SEG can now evaluate URLs extracted from messages using a cloud based service. This service is available to customers with valid maintenance.
Enhanced unpacking and file type detection: For a list of updates in these areas, see the Unpacker Release Notes and File Type Release Notes linked from Trustwave Knowledge Base article Q20247.
Database Software Support: SQL Server 2005 and 2005 Express are no longer supported.

Features new in 7.3.6

Installation on Windows 10 Permitted: Trustwave SEG servers, Configurator, and Console can now be installed on Windows 10. Web Components installation on Windows 10 is not available in this release. Full validation will be performed in a later release.

Features new in 7.3.5

Support for Perfect Forward Secrecy: Trustwave SEG now supports PFS for TLS connections.
Improved Reputation Service provisioning: Retrieval of credentials for the IP Reputation Service is performed automatically by the Array Manager.
Database Software Support: SQL Server 2014 and 2014 Express are supported.
Enhanced File Type detection and unpacking: Additional file types are recognized, including encrypted and IRM protected Office documents, XFA forms in PDF, and ZixCorp Encrypted Mail. For more details see Trustwave Knowledge Base article Q20251. XPS Embedded fonts (ODTTF) are unpacked from XPS documents.

Features new in 7.3

Support for DKIM: Trustwave SEG now supports validation of messages using DKIM (DomainKeys Identified Mail).
Updated TLS support: TLS protocol versions 1.1 and 1.2 are now available. SSLv2 is disabled by default.
New SpamProfiler options: SpamProfiler uses a new technology. You can choose which sub-categories in the database trigger the condition.
Branding: The product is now known as Trustwave SEG.
Changes in hardware recommendations: The minimum recommended memory is 3GB (2GB available to SEG, 1GB for operating system), plus an additional 1GB if SQL Express is installed locally. This change reflects changes in typical email size and policy complexity.

Features new in 7.2.3

Enhanced File Type detection: Additional file types are recognized: DOS device driver, JBIG2 Picture format, Mac OSX Finder Info, Microsoft Programmer Library, OpenXML Document, Packet Capture Next Generation, Striata Encrypted Mail Communication, Visual Studio Source Safe Code Control, XPS document. For full details see Knowledge Base article Q19440.

Features new in 7.2.2

Enhanced File Type detection: Additional file types and variations are recognized:
- Better detection of variations: MP4, AAC, Word (Mac OSX), Excel 2003. For full details see Knowledge Base article Q16666.
- New types: AXCrypt, AppleDouble, HD Photo (wdp), Adobe Indesign document, InfoSlips, Java object serialization, Microsoft build .cache, Microsoft OneNote, Microsoft PDB, oledata.mso, Oracle Report Definition Files, Packet Capture (PCAP), SQLite database.
- PDF files that do not begin with the string %PDF do not comply with the PDF standard. These files are now recognized separately.
- Note: You can use the "Not Spam" submission in the MailMarshal Console to submit files that are not recognized (Binary Unknown) to Trustwave for possible inclusion in future file type updates.
Certified for Windows Server 2012 and Windows Server 2012 R2: "Demonstrates that a mission critical or line-of business application meets Microsoft's highest technical bar for Windows fundamentals, best practices and platform compatibility."
Updated SpamProfiler Cartridge: The SpamProfiler cartridge has been updated to version 3052.
Changes in Operating System support: Installation on Windows 2012 R2 is supported.
Authentication by Active Directory group: It is now possible to validate SMTP authentication using an AD group. For details of configuration options and limitations, see Trustwave Knowledge Base article Q16649.

Features New in 7.2

Changes in Operating System support:
- Installation on Windows Server 2003 or 2003 R2 is no longer supported.
- Installation on Windows 2012, Windows 7, and Windows 8 is supported.
For full details of supported installation environments, see the User Guide.
IPv6 support: MailMarshal now supports IPv6 for email traffic and product configuration (Array Manager connections to nodes and database server). For details of configuration options and limitations, see Trustwave Knowledge Base article Q15607.
Automatic configuration backup: Configuration can now be backed up automatically (daily, and/or after configuration commit). See MailMarshal Properties > Backup in the Configurator. Backup after commit reflects the changes committed.
Updated TextCensor: The TextCensor facility has been enhanced and uses a new syntax. For more information see the User Guide and Help. For details of minor changes in matching behavior, see Trustwave Knowledge Base article Q14720.
Maintenance display and enforcement: Product maintenance validity is now displayed in the Configurator and Console with other licensing information. Maintenance affects spam definition updates, use of the Marshal IP Reputation Service, other automatic updates, and product upgrade entitlement.
NOD32 (ESET) command line scanner parameter change: The pre-configured settings for the NOD32 (ESET) command line virus scanner have been updated to the required settings for version 4 and above.
Branding: MailMarshal SEG is rebranded for Trustwave.

Features New in 7.1

Updated Blended Threat Module functionality: BTM now works as a rule action that rewrites selected URLs in the message body. URL checking is done in real time as the links are clicked. The rule condition used in previous versions is no longer available.
Database Software Support: SQL Server 2012 and 2012 Express are supported.

Features New in 7.0

Note: Version 7.0 was released only for use by MailMarshal SPE customers. The features listed below are available to MailMarshal SEG customers from version 7.1.

Automatic Updates: Updates to message unpacking are now provided (if necessary) through the Automatic Updates process that is used for SpamCensor updates. To be sure you have the latest available unpacking updates, verify that this process is correctly configured.
Changes in upgrade prerequisites: Direct upgrade is supported from MailMarshal SMTP 6.7 and above.
Changes in Operating System support: Installation on Windows Server 2008 requires SP2. Installation on SBS 2003 is no longer supported. Installation of Server components on Windows 7 and Windows Vista is not supported in this version. For full details of supported installation environments, see the User Guide.
TLS enhancements: Additional functionality is available when sending and receiving via TLS.
- Use of outbound TLS is enabled by default for new installations
- TLS certificate generation supports Subject Alternative Names
- Outbound TLS supports providing a client certificate if requested
- New rule conditions are available:
  - Where message was/was not received via TLS
  - Where the negotiated TLS parameters match criteria (certificate checking)
Additional Dead Letter Rule condition: Dead Letter rules now allow the condition "where detected as spam by SpamProfiler."
Additional Dead Letter Rule actions: Dead Letter rules now allow the BCC, Send mail template notification, Set message routing, Write message classification, Move to folder, and Delete actions.
Lines before boundary handling: Messages that would previously have been deadlettered with "Too many lines before boundary" are now unpacked and scanned.
Branding: The product formerly known as MailMarshal SMTP is now M86 MailMarshal SEG (Secure Email Gateway).

Features New in 6.9

Rules structure: Email Policy is divided into Connection Policy, Content Analysis Policy, and Dead Letter Policy. Rules formerly known as "receiver rules" are now found in Connection Policy; "standard rules" are now found in Content Analysis Policy. Filtering order and behavior is not changed.
Dead Letter Rules: A new type of rule allows messages that cannot be processed to be passed through based on user matching and the text of the Dead Letter reason code.
PDF unpacking improvements: Images, attachments, and annotations are now unpacked from PDF documents. Supported images types are JPG, JPG 2000, TIF, and RAW. The PDF unpacker can be updated automatically through the MailMarshal Automatic Updates (SpamCensor updater). This improvement addresses numerous other issues with PDF unpacking. See release history for details.
Changes in upgrade prerequisites: Direct upgrade is supported from MailMarshal SMTP 6.5.1 and above.
Reports change: Marshal Reporting Console is the supported reporting interface. The MailMarshal Reports application (based on MMC and Crystal Reports) is no longer included.
Message Logs Change: Text log information for messages is now stored in each message (MML) file. Logs for delivered messages are stored in a special folder named Sent History. You can use the Configurator to change the permissions and retention period for this folder. You cannot rename it, delete it, or view it in the Console.
Database Software Support: SQL Server 2008 R2 and 2008 Express R2 are supported.

System Requirements

The following system requirements are the minimum levels required for a typical installation of the Trustwave SEG Array Manager and selected database.

A full discussion of requirements for all supported configurations is available in the Trustwave SEG User Guide. See also Trustwave Knowledge Base article Q11358.

Table 1: System Requirements
Category	Requirements
Processor	Pentium 4
Disk Space	10GB (NTFS), and additional space to support email archiving
Memory	3GB (2GB available to SEG plus 1GB for operating system). Allow an additional 1GB if SQL Express is installed locally.
Supported Operating System	Windows Server 2008 (SP2 or above) , Server 2008 R2, Server 2012, Server 2012 R2, Server 2016 (Standard or Enterprise versions) Microsoft Small Business Server (SBS) 2008 or 2011. For Web Components on SBS, see Trustwave Knowledge Base article Q12671). Windows 7, Windows 8, Windows 8.1, Windows 10 (Installation of server components on these workstation operating systems is not recommended) Note: Trustwave SEG Client components (Configurator and Console) can also be installed on Windows Vista SP2.
Network Access	TCP/IP protocol Domain structure External DNS name resolution - DNS MX record to allow Trustwave SEG Server to receive inbound email
Software	Microsoft .NET Framework 3.5 SP1 Database server: SQL Server 2014, SQL Server 2012, SQL Server 2008 R2 (SP2), SQL Server 2008 (SP3) Database server (free versions): SQL 2014 Express, SQL 2012 Express, SQL 2008 R2 Express (SP2), SQL 2008 Express (SP3) (Service packs listed are the minimum required for compatibility with all supported operating systems)
Port Access	Port 53 - for DNS external email server name resolution Port 80 (HTTP) and Port 443 (HTTPS) - for SpamCensor updates Port 1433 - for connection to SQL Server database and Reports console computers Port 19001 - between Array Manager and Processing Nodes Note: Additional ports are required by the Nodes for email and updates.

Upgrade Instructions

Please review the SEG User Guide before upgrading.

Trustwave SEG 7.5 supports a direct upgrade from MailMarshal SMTP 6.9.5 and later versions. This is a change from 7.3.0 and earlier.

If your installed version does not support direct upgrade, you can upgrade in steps. In this case, you should also consider performing a clean installation instead of an upgrade.

Database Prerequisites

SQL 2005 is no longer supported. See the System Requirements section for the latest list of supported SQL Server versions. If your database is hosted on a SQL 2005 server, before upgrading you must move the database to a supported SQL Server. See Trustwave Knowledge Base article Q10410.
MailMarshal supports Windows Authentication as well as SQL Authentication. Mixed Mode is no longer required.

You can access a supported SQL Express version from the Prerequisites tab of the SEG installation package. The "With SQL Express" version of the package also allows you to install SQL Express during the main SEG installation.

Upgrading a Single Server

To upgrade a single SEG server from any version supporting direct upgrade, install the new version over your existing version. You do not need to uninstall your existing version. The database will be upgraded in place, if necessary.

Upgrading an Array of Servers

After upgrading the Array Manager you can upgrade the processing servers through the Configurator, with no need to log on to the processing servers. For more information, see the Upgrading section in the User Guide.

Upgrading From Older Versions

To upgrade from a version prior to 6.9.5, first upgrade to version 6.9.5. Full details about upgrading to version 6.9.5 from older versions can be found in the documentation for the target version, and in Trustwave Knowledge Base articles Q11025, Q11026, and Q11027.

Notes on Upgrading

Note: The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q20247.

7.5.5 SpamProfiler integration update: The SpamProfiler module has been updated. The first start of the Receiver is expected to take longer than usual as the SpamProfiler cache is re-initialized.
7.5 SQL Server support: SQL 2005 and SQL Express 2005 are no longer supported. If your database is hosted on a SQL 2005 server, BEFORE upgrading you must move the database to a supported SQL Server. See Trustwave Knowledge Base article Q10410.
7.3.5 SSL/TLS support: After upgrade, for installations that used the default settings, TLSv1.0, TLSv1.1 and TLSv1.2 are enabled. SSLv2 and SSLv3 are disabled. When upgrading from versions below 7.3.0, any custom settings are reset. If custom settings were configured, or if you want to change the new settings, see Trustwave Knowledge Base article Q19541.
7.3.5 Bare CR/LF change: On upgrade, if the behavior for "bare" CR or LF characters was set to "ignore", it is changed to "fix." This change helps to detect and block malware or spam messages with invalid formatting. Ignore was the default in earlier versions.
7.3 Configuration backup: Note that DKIM keys are not included in the SEG backup. If you configure DKIM signing, be sure to keep a copy of the private key(s) that you imported to SEG (files in DER format).
7.3 SpamProfiler Update URLs: The new SpamProfiler implementation requires access to different external URLS from earlier versions. If you limit through-firewall access to specific URLs you may need to alter firewall rules. For details, see Knowledge Base article Q12292.
7.3 Unpacking limits: Default values for suspicious compression and max header lines have been updated to reflect current email sizes. On upgrade, if a custom value was set that is smaller than the new default, the default value will be used. Unpacking folders might require additional disk space. For new default values, see Trustwave Knowledge Base articles Q10868 and Q11369.
7.2 IPv6 support: On upgrade, binding to IPv6 is disabled, to avoid unexpected changes in policy results for IP address rules. For additional notes and details, see Trustwave Knowledge Base article Q15607.
7.2 .NET Framework installation: All components of MailMarshal SEG now require .NET 3.5 SP1. The installer will download and install this software if necessary.
- For Windows Server 2008, to minimize bandwidth and time required, you can download the package separately from Microsoft and install it on each server before upgrading. Download .NET 3.5 SP1.
- For Windows Server 2008 R2, it is most efficient to allow the MailMarshal installer to enable this feature.
7.2 TextCensor Scripts: TextCensor Scripts will be upgraded to the new format automatically by the upgrade process. Any problems will be reported. Trustwave recommends you review the scripts to ensure that they still function as expected.
- For details of minor changes in matching behavior, see Trustwave Knowledge Base article Q14720.
- "Decreasing" scores for repeated matches are no longer supported and will be changed to "Add the score for first 3 matches."
- "Increasing" scores for repeated matches are no longer supported and will be changed to "Add the score every time the expression matches."
7.2 Automatic Backup: On upgrade, configuration backup is set to occur daily and backups are retained for a week. To adjust this behavior, see MailMarshal Properties > Backup in the Configurator.
7.2 NOD32 (ESET) command line scanner parameter change: The pre-configured settings for the NOD32 (ESET) command line virus scanner are changed to the required settings for version 4 and above. If you are still using an earlier version of NOD32, you must upgrade NOD32 (strongly recommended) or change the settings to the required values for your version.
7.2 Social Security Number detection: The Category Script for detection of social security numbers has been updated. Detection of related keywords (such as "Social" or "SSN") is no longer performed in the Category Script. Default rules now check for related keywords using a TextCensor script, but rules are not changed on upgrade. To avoid false positives, you should update your rules manually. You can download the new TextCensor script from the MailMarshal Scripts page.
7.2 Credit Card Number detection: The Category Script for detection of credit card numbers has been updated. Default rules now reduce false positives by checking for related keywords using a TextCensor script, but rules are not changed on upgrade. You can download the new TextCensor script from the MailMarshal Scripts page.
7.1 BTM changes: During upgrade, rules that use a BTM condition are removed. You will be prompted to remove (manually) any rules that refer to the removed rules. URL exclusion lists are maintained for possible use with the new Blended Threats rule action. Messages that were held for BTM check will be reprocessed.
7.1 Service Restart Behavior: In earlier versions, restarting the Array Manager Service or the Array Manager server also forced a restart of services and full refresh of configuration on all nodes. This behavior no longer applies. You can force a restart and refresh by clicking Force Configuration Reload on the Configurator Tools menu.
7.1 Statistic Data Change: During upgrade, the console statistics data stored in SQL is pruned and a table is re-indexed. This activity can take a few minutes.
7.0 Outbound TLS Configuration: You can now set outbound TLS to provide a client certificate if requested by the remote server. This setting is not enabled on upgrade, to preserve existing behavior. This setting is enabled by default for new installations. Trustwave recommends that you enable this setting if you use outbound TLS.
7.0 Inbound TLS Policy: You can now configure rules to take action based on TLS connections and TLS certificate features.
7.0 Receiver Socket Timeout: The default value for transmission timeout is now 30 seconds (the previous default was 300 seconds). Existing settings are not changed. However, Trustwave recommends the new value for most installations to enhance performance. If your internet connection is slow, you may need to set a higher value. See MailMarshal Properties > Receiver Properties > Advanced.
6.9 TLS Configuration: You can now select a minimum cipher strength to be used for TLS connections. Upgrade sets the minimum to "low" for compatibility with earlier versions. To enhance security, Trustwave recommends you set the value to at least "medium." Be aware that changing this setting could cause some connections to be rejected.
6.9 Deadletter Folder Retention: Upgrade resets the retention period for deadletter folders to 7 days. Any changes that you previously made using the method described in Knowledge Base article Q10260 will be lost. After upgrading, use the Configurator to set the desired values.
6.9 Policy changes: On upgrade, existing Receiver rules are moved to the Connection Policy container. Standard rules are moved to the Content Analysis Policy container. Policy groups are created as necessary. Filtering order and behavior is not changed.
6.9 File Type Identification: Version 6.9 identifies the following as executable files:
- Plain text files with extension .CMD or .BAT
- Binary unknown files with extension .COM or .EXE
- Previous versions identified these files as "text" or "binary unknown". You may wish to review and adjust your rules.
6.9 Sent History folder: Version 6.9 uses a special folder named Sent History to preserve processing logs for messages that have been successfully delivered. If you have a folder named Sent History, the installer will prompt you to rename it before you can proceed with the upgrade.
6.9 Message Logs: If you have selected the "copy message log file" feature for quarantined or archived messages, you should consider unselecting this option. The Sent History feature provides the same information automatically.
6.9 .NET version requirement: The Web Components now require .NET 4.0.
6.9 database upgrade: To resolve an issue with reporting of IP addresses, the upgrade rewrites some existing data. This process can take significant time to complete for large databases. The upgrade installer provides an estimate of the time required.

Uninstalling

SEG can be installed in a variety of scenarios. For full information on uninstalling SEG from a production environment, see the Trustwave SEG User Guide.

To uninstall a trial installation on a single computer:

Close all instances of the SEG Configurator and SEG Console.
Use Add/Remove Programs from the Windows Control Panel to remove Trustwave SEG.
Use Add/Remove Programs from the Windows Control Panel to remove additional components you may have installed, such as Web components or the Marshal Reporting Console.
If you have installed any components (such as the Configurator, Console, Web components, or Marshal Reporting Console) on other computers, uninstall them.
If you have installed SQL Express specifically to support SEG and no other applications are using it, uninstall SQL Express.

Release History

The following additional items have been changed or updated in the specific build versions of Trustwave SEG (previously MailMarshal) listed.

Note: The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q20247.

7.5.8 (July 04, 2017)

MM-5642	The TLS/SSL library that SEG uses has been updated.
MM-5919	SpamProfiler technology has been updated. Required update URLs have changed.
MM-5952	On upgrade the SpamProfiler service is updated to the new technology as required.
MM-5955	The version of the PDF unpacker that is included in the installation has been updated.
MM-5956	The customized version of the archive unpacker included with SEG has been updated with long filename support.

7.5.7.9061 (October 4, 2016)

MM-5521	For SEG Service Provider Edition installations, the SMTP relay denied response did not include any details of the source IP or recipient. Fixed.
MM-5524	Additional functions required for BTM rewriting have been moved to the file retrieved through automatic updates, to better support automatic updating.
MM-5541	For SEG Service Provider Edition installations, IP Relay source matching could function incorrectly where ranges entered by multiple customers and the Service Provider overlapped. Fixed.
MM-5548	For SEG Service Provider Edition installations, Marshal IP Reputation Service unlicensed notifications could be sent in error. Fixed.
MM-5568	The SEG Engine now reports "starting" for a longer period to reduce misleading "failed to start" reports from other services on slow systems.
MM-5599	BTM rewriting was unnecessarily rewriting links in signed messages, resulting in deadletters. Fixed.
MM-5609	The Engine could fail to restart because anti-virus DLLs did not exit completely before reporting as stopped to the Service Control Manager. Fixed.
MM-5610	For SEG Service Provider Edition installations, SpamProfiler now ignores certain checks for messages between SPE customers.
MM-5620	The TLS/SSL library that SEG uses has been updated to version 1.0.2h.
MM-5622	The customized version of the archive unpacker included with SEG has been updated to support newer decompression methods (version 16.02).
MM-5630	User group membership could be incorrectly updated (members could be missing) if an error occurred while refreshing a sub-group. Fixed.
MM-5640	For SEG Service Provider Edition installations, in certain cases IP based relay restrictions were not applied. Fixed.

7.5.6 (June 7, 2016)

MM-5271	Proxy port entry for internet access allowed only four digits. Fixed: five digits are allowed.
MM-5274	CRL distribution points were not extracted from certificates with v3 extensions. Fixed.
MM-5277	Suspect URL detection did not correctly normalize some URLs before querying the service. Fixed.
MM-5278	TextCensor memory usage has been improved.
MM-5390	In release 7.5.5, top-level message attachments were not scanned by TextCensor. Fixed.
MM-5391	The list of event sources shown in the Console Event Viewer has been updated with the current malware scanners.
MM-5392	Certain malformed RTF message bodies caused the engine to stop. Fixed.
MM-5399	Text log files are better formatted for 5 digit thread IDs.
MM-5400	The customized version of the archive unpacker included with SEG has been updated to address recently reported vulnerabilities in 7zip files.
MM-5404	The SEG product version is no longer present in the SMTP greeting string by default.
MM-5405	TextCensor evaluation is no longer single-threaded.

7.5.5.8150 (March 3, 2016)

MM-5195	In recent releases, the message viewer did not provide information about message components for delivered messages. Fixed: this information is retrieved from the database if a full message file is not present on disk.
MM-5196	If a message was marked temporarily undeliverable during a configuration reload, it would not be retried until the Sender was restarted. Fixed.
MM-5198	Whitespace at the start or end of plain text message stamps is no longer trimmed when edited and saved. Blank lines can be added for formatting.
MM-5208	TextCensor now does not check sub-components when the parent has already been scanned or excepted from scanning.
MM-5209	Attempts to retrieve CRLs from a location that could not be reached caused the Controller to stop. Fixed.
MM-5210	In previous 7.5 releases, update downloading did not correctly process gzip encoded web responses. Fixed.
MM-5211	The header Reply-To field is now available as a template variable {Header-Reply-To}. The message return path is used if Reply-To is not set.
MM-5212	The TLS/SSL library that SEG uses has been updated to version 1.0.1q.
MM-5218	Signing of executable files now uses a SHA256 certificate.
MM-5220	YAE scripts now support the Hash function of Yara.
MM-5238	The SpamProfiler integration SDK has been upgraded.
MM-5240	For SEG Service Provider Edition installations, RBL license notification emails are not sent if the installation is not licensed.
MM-5242	Uninstallation of the SQM site did not de-register the interface DLL. Fixed.
MM-5247	Logging of quarantine release actions to the service text logs has been improved.
MM-5251	For new installations, the Malware - AMAX folder is included in the virus reporting group.

7.5.1.8064 (December 8, 2015)

MM-5200

In release 7.5.0, reporting a message as spam or not spam caused the Controller service to stop. Fixed.

7.5.0.8055 (November 24, 2015)

MM-4251	SEG now corrects headers that violate the RFC limit of 998 characters, "folding" the header onto multiple lines by default.
MM-4726	File name checking could fail for very long MIME encoded file names. Fixed.
MM-4727	Improved decoding of MIME Encoded-Word content has been implemented for message subject display (digests and console), Header Rewrite, and filename rules.
MM-4832	Multi-line content-disposition headers were not extracted correctly, so attachments with long file names might be incorrectly filtered. Fixed.
MM-4883	Libcurl is updated to use Visual Studio 2013.
MM-4909	Additional file types have been added to support anti-spam scanning. These types are not currently selectable in rules.
MM-4961	The default name of the product database for new installations is now TrustwaveSEG. Upgrading does not alter the database name.
MM-4999	A setting is available to control acceptance of multiple HELO commands within a session. For details of this advanced option, contact Trustwave Support.
MM-5038	For SEG Service Provider Edition installations, the From address for spam and not spam reports can be set as required.
MM-5049	Long-running Receiver threads could incorrectly log a low data transfer rate. Fixed.
MM-5054	URL rewriting for BTM incorrectly treated text with two consecutive dots as a URL if the text after the dots was a valid TLD. Fixed.
MM-5065	When a user selects SpamProfiler options with potential for higher false positives in the Configurator, an extra confirmation message is presented.
MM-5069	Default message template text and From addresses (for new installations) have been branded for Trustwave.
MM-5077	Some URLs containing escaped characters were not rewritten for Blended Threats inspection. Fixed.
MM-5085	Image Analyzer has been updated to version 6. This version offers 30%-60% fewer false positives for the same level of detection, depending on the sensitivity setting.
MM-5115	The TLS/SSL library that SEG uses has been updated to version 1.0.1p.
MM-5124	A small memory cleanup issue in the Array Manager has been corrected.
MM-5135	The default Scams TextCensor Script is updated for new installations.
MM-5164	A new YAE based rule to detect malformed PDF documents is included on new installations and in the Upgrade Rules policy group for upgrades.
MM-5173	The web access component included with the product is updated .

7.3.6.7949 (September 10, 2015)

MM-5141	The Engine and Array Manager are now able to access up to 4GB of memory on a 64 bit system. Larger rulesets can be loaded without issues and performance enhancement is expected.
MM-5143	The version of the PDF unpacker that is included in the installation has been updated to 4.4.0.8
MM-5144	URL rewriting for BTM incorrectly treated some inline CSS declarations as URLs. Fixed.
MM-5145	Deletion of unpacked files with certain filenames could fail. Addressed by re-trying the deletion with no string parsing of the file name.

7.3.5.7612 (April 21, 2015)

MM-3499	Configuration import could fail due to incorrect case-sensitive comparison of user group members. Fixed.
MM-3509	Active Directory authentication for SQM failed for users with a text name containing [ ] characters. Fixed.
MM-4709	TLS can now be configured with specific lists of cipher suites, overriding the generic selections. For details of this advanced option, contact Trustwave Support.
MM-4823	A problem with group synchronization in the Controller could cause the Receiver to stop processing messages. Fixed.
MM-4837	Clean installations no longer install MSXML4.
MM-4857	The Receiver now supports ECDHE key exchange for PFS (TLS "Perfect Forward Secrecy").
MM-4862	Some utility files such as TextCensor2 DLLs might not be correctly updated on upgrade. Fixed: upgrade checks file version numbers instead of creation dates.
MM-4863	Links enclosed in round brackets and rewritten by the Blended Threats function incorrectly included the trailing round bracket in the rewritten link. Fixed.
MM-4864	For SEG Service Provider Edition installations, relay source checking was not limited to specific customer domains. Fixed.
MM-4866	Cleanup of TLS/SSL sessions has been improved.
MM-4867	Service executable paths were not quoted. Fixed.
MM-4869	Notification messages created by the Engine are now DKIM signed if required.
MM-4872	TLS now disables SSLv3 by default as per recent security best practice.
MM-4873	TLS cipher lists now exclude Anonymous, MD5, RC4, and IDEA ciphers as per recent security best practice.
MM-4874	Text logging includes better thread information.
MM-4876	The FileType DLL is now replaceable through the automatic update process.
MM-4880	The TLS/SSL DLLs are now replaceable through the automatic update process.
MM-4892	UUEncoded streams in the message body could be altered by the Blended Threats function. Fixed.
MM-4911	DKIM signing failed in some cases for email with headers longer than 2048 bytes. Fixed.
MM-4930	The version of the PDF unpacker that is included in the installation has been updated to 4.4.0.1.
MM-4932	By default "bare" CR or LF characters in messages are changed to CRLF.
MM-4933	For SEG Service Provider Edition installations, some earlier versions allowed an incorrect entry of a hostname as the "forward to IP." Fixed: On upgrade the configuration is corrected to use these entries as hostnames.
MM-4935	Additional indexing is performed on the Message table in the database to enhance performance.
MM-4944	For SEG Service Provider Edition installations, SpamProfiler could apply the wrong direction for scanning. Fixed.
MM-4945	The Controller log now records DNS query responses that took over 1 second.
MM-4948	DKIM signing and verification incorrectly ignored whitespace at the top of the message body in text-only messages. Fixed.
MM-4951	Slow DNS responses could cause the Receiver to stop accepting messages. Addressed with changes to the process that updates lists of anti-relay and blocked hosts.
MM-4952	The web access component included with the product is updated to 7.41.0.
MM-4960	SpamProfiler "valid bulk" classifications were not triggered due to unexpected format in data returned by SpamProfiler. Fixed.
MM-4965	URLCensor could perform unnecessary checks for incorrect URLs. Fixed.
MM-4968	SpamProfiler uses the same criteria for "inbound" and "outbound" messages that are used for other processing.
MM-4969	Full information about TLS negotiation is saved in the local message envelope.
MM-4979	Logging of DoS, DHA, relay, and other Receiver block events to the Event Log can be suppressed. For more information, see Trustwave Knowledge Base articles Q20228.
MM-4988	SpamProfiler responses were slow if IPv6 was enabled on the server. Fixed. The processing nodes MUST have a loopback adapter listening on the default IPv4 loopback address 127.0.0.1.
MM-4990	SpamProfiler responses were slow due to settings applied to the HTTP connection with the local SpamProfiler process. Fixed.
MM-5001	For SEG Service Provider Edition installations, Customer ID was not correctly determined for some Out Of Office messages. Fixed.
MM-5002	Blended Threats rewriting of subject lines added a space to the line. Fixed.
MM-5028	The TLS/SSL library that SEG uses has been updated to version 1.0.1m.

7.3.0.7277 (October 10, 2014)

MM-3597	The last lines of the Receiver log were not captured into the message envelope as expected. Fixed.
MM-4514	Email notifications are sent to the SEG Administrator from the local server when maintenance is about to expire or has expired.
MM-4591	The file extension .cpl has been added to the default Suspect Attachments rules.
MM-4628	File components that do not trigger a rule condition now do not add a line in text logs by default.
MM-4629	Visual C++ 2013 redistributables are now included in the installation.
MM-4674	The "monitor only" installation option and policy group have been removed.
MM-4706	DNS results were truncated if they exceeded the UDP packet size (notably when a large number of PTR records existed). Fixed by enabling EDNS0 in the DNS resolver.
MM-4710	Unpacking of XML based Excel documents now gets text from additional tags.
MM-4711	Unpacking of XML based Office Documents uses a simpler and more efficient parser.
MM-4723	Extracted binary unknown files could cause the engine to stop in TextCensor2 analysis due to improper formatting of extracted filenames. Fixed.
MM-4725	Moving or inserting User Groups by drag and drop now prompts for confirmation by default.
MM-4727	Better support for decoding Quoted Printable strings is provided.
MM-4729	For SEG Service Provider Edition installations, group information is loaded more efficiently.
MM-4731	Deleting User Groups now prompts for confirmation by default (in addition to the check for groups used in policy).
MM-4748	The TLS/SSL library that SEG uses has been updated to version 1.0.1i.
MM-4753	Calls to TextCensor2 did not correctly handle the case where the requested file could not be opened. Fixed.
MM-4760	The default theme of SQM has been updated to a Trustwave branded theme.
MM-4764	The Array Manager could encounter a database deadlock when manipulating folder records. Fixed.
MM-4766	If a message file was manually deleted from the queue, the sender service could become unresponsive. Fixed.
MM-4767	When releasing a message through a digest link, a text note about adding the sender to safe senders was displayed in error. Fixed.
MM-4773	Default values for suspicious compression and max header lines have been updated to reflect current email sizes. Additional unpacking space could be required. See Trustwave Knowledge Base articles Q10868 and Q11369.
MM-4774	Links with query parameters could be invalidated when processed by a Blended Threats rewriting rule. Fixed.
MM-4781	Utility DLL files used by TextCensor have been reverted to the version installed with SEG 7.2.2.
MM-4786	The product End User License Agreement has been updated.
MM-4789	The storage location for automatic configuration backups can be set. See Trustwave Knowledge Base article Q19556.
MM-4795	SMTP Authentication failed with some remote systems due to incorrectly encoded strings. Fixed.
MM-4797	TLS Certificate verification in Connection rules did not work when SMTP Authentication was enabled. Fixed.
MM-4799	When adding a new node to an array, the node controller service could fail on startup, due to a problem with IP whitelist retrieval. Fixed.
MM-4821	A record of the creation and last modification of rules and policies (by user and time) is now stored in the Registry.
MM-4834	Messages with malformed headers containing bare linefeeds could cause the Receiver to fail in some cases. Fixed.

7.2.3.6978 (June 19, 2014)

MM-4679	In release 7.2.2, navigation and updating of the SQM (next/previous message) failed due to improper encoding of item keys. Fixed.
MM-4681	In earlier 7.2 releases, Engine memory usage could grow due to a problem in TextCensor2. Fixed.
MM-4704	In earlier releases, Engine memory usage could grow slightly when configuration was reloaded. Fixed.
MM-4749	The McAfee linking DLL (MsMcAfee.dll) that is included in the installation has been updated to version 1.3.4. This version improves engine restarting after a signature update.
MM-4751	The findmapsentry (RBL or reputation service check) option in the MMLookup tool did not return any results. Fixed.
MM-4754	Rewriting of URLs in the subject line for Blended Threat analysis can be disabled with a registry entry. See Trustwave Knowledge Base article Q19439.
MM-4755	The TLS/SSL library that MailMarshal uses has been updated to version 1.0.0m.
MM-4757	For MailMarshal SPE installations, BTM rewriting could cause the Engine to stop if more than one instance of rewriting was running. Fixed.
MM-4758	SpamProfiler could initialize with an invalid license in specific circumstances. Fixed.
MM-4759	The version of the PDF unpacker that is included in the installation has been updated to 4.3.0.
MM-4761	Evaluation of CRLs that use the Issuing Distribution Point extension caused the Receiver Fixed.

7.2.2.6606 (February 13, 2014)

MM-3728	The Console closed unexpectedly when a different folder was selected while viewing a message. Fixed.
MM-3804	For MailMarshal SPE installations, a message sent to both internal and external addresses was not correctly delivered to the external addresses in some cases. Fixed.
MM-3810	For MailMarshal SPE installations, an internal message sent to customers hosted on different arrays could be deadlettered. Fixed.
MM-4352	For MailMarshal SPE installations, messages are now delivered directly between customers hosted on the same node.
MM-4540	The Configurator Server information did not show the server operating system accurately. Fixed.
MM-4543	Additional entities are translated by the SpamChecker HTML to plain text extractor.
MM-4556	The upgrade installer will not proceed if the Array Manager executable cannot be replaced.
MM-4559	For MailMarshal SPE installations, the Marshal Agent and Marshal Interface Agent services are now stopped during upgrade installation.
MM-4562	Columns on the Configurator Servers page were incorrectly labeled. Fixed.
MM-4563	Inserting new fields with header rewrite did not correctly add required line breaks. Fixed.
MM-4564	The version of SQL Express included in installers has been updated to 2008 R2 SP2.
MM-4567	SpamCensorType functionality did not work with TextCensor 2 expressions in some cases. Fixed.
MM-4568	In the Console, searching for a partial message name could fail due to a missing parameter. Fixed.
MM-4570	Handling of unpacking problems is improved.
MM-4572	In earlier 7.2 releases, detailed logging of TextCensor criteria did not work as documented. Fixed: detailed logging with expression values is enabled by default.
MM-4573	The Array Manager stopped unexpectedly when a product maintenance web response was malformed. Fixed.
MM-4574	In earlier 7.2 versions, releasing a message from a digest link could require clicking twice. Fixed.
MM-4579	SMTP Authentication can now be validated against an Active Directory group. For details, see Trustwave Knowledge Base article Q16649.
MM-4580	A new option `RELEASETRUST` for HTML Message Digests allows the user to release a message and add the sender to Safe Senders.
MM-4582	The Statistic Data Purge procedure could cause high CPU usage due to SQL transaction locking. Fixed.
MM-4587	The File Type DLL included has been updated to version 7.10.1.
MM-4593	The SQM Blocked Mail page returned a "potentially dangerous request" error for some email addresses. Fixed.
MM-4597	The SpamProfiler cartridge has been updated to version 3052.

7.2.1.6300 (October 18, 2013)

MM-3577	The "suspicious compression" feature could fail for certain values of file sizes. Fixed.
MM-4546	In earlier 7.2 releases, DNS queries could fail through some DNS servers due to the servers not responding correctly to the DNS "ANY" keyword. Fixed.
MM-4549	MailMarshal components could fail to open a message file (MML) due to delay in the Windows file system releasing the file from a previous operation. Fixed.
MM-4550	The unpacker DLL could be overwritten by an older version when restoring configuration. Fixed.
MM-4555	The Controller service could stop unexpectedly due to a memory issue with IPv6 DNS lookups. Fixed.

7.2.0.6272 (September 24, 2013)

MM-1342	The Regular Expression engine has been updated in all areas of the product. Matching behavior is unchanged.
MM-2265	SpamCensor, SpamBotCensor, and Spam Category scores are available as variables for substitution.
MM-2350	Extraction of IP addresses from header lines could incorrectly include other strings in dotted format. This could result in false triggers on DNS Blacklists and country lookups. Fixed.
MM-2984	The SQM "latest blocked email" list (homepage) now includes the TO address.
MM-3547	The MMLViewer application now includes separate tabs for Connection, Content, and Delivery logs.
MM-3562	Unknown or blank Content Transfer Encoding strings are now handled more gracefully. For more details and available settings see Trustwave Knowledge Base article Q10166.
MM-3576	CSR and Private Key signing in the TLS wizard now uses stronger algorithms. Older deprecated algorithms are no longer available.
MM-3579	MailMarshal now passes tests for immunity to plaintext command injection in STARTTLS (CERT VU#555316) . Earlier releases were also immune through functionality not tested by commercial tests.
MM-3596	When unpacking fails, the detected type of file is logged in the Engine log.
MM-3599	Web components installation now enables IIS Static Content to ensure files such as stylesheets will be served.
MM-3735	Configuration can now be backed up automatically. By default configuration is backed up daily and backups are retained for a week.
MM-3738	Log messages relating to DBLog files (database logging from nodes) now include the file name for ease in debugging.
MM-3871	Small images are exempt from Image Analyzer processing. The default minimum size processed is 75x75 pixels. For details of how to adjust this value, see Trustwave Knowledge Base article Q14960.
MM-3881	When a message is received via TLS, the protocol version is recorded in the message envelope to enable further processing based on this value.
MM-3892	New Connection and Content Rule conditions are available to match the TLS protocol version used when receiving a message.
MM-3914	Sent History log files are compressed to save disk space. This change applies only to new files (upgrading does not compress existing files).
MM-4014	Running services from the command line with -debug did not log the verbose information seen in the command window to the text logs (for some services). Fixed.
MM-4036	Email viewed in the Console could be unpacked differently than during email processing, because custom file types were not applied in the Console unpacking. Fixed.
MM-4058	In some earlier versions the POP3 service would be started automatically at system restart even if not required, and could prevent configuration reload. Fixed.
MM-4071	Category script evaluation includes additional exception handling and logging.
MM-4083	Performing Manual Update of SpamCensor and other files did not set the correct reload or restart requests. Fixed.
MM-4084	In DOCX and PPTX files, edited or deleted text was not extracted correctly and was not correctly detected by TextCensor or Category Script regular expression matching. Fixed.
MM-4112	TLS Client Certificate checking for Common Name and Subject Alternative Name did not correctly handle wildcard certificates. Fixed.
MM-4136	The Credit Card category script and the associated default rule have been updated. See the upgrade notes above.
MM-4141	The MMLookup utility now accepts a parameter to clear the MailMarshal DNS cache (?clearcache)
MM-4187	For MailMarshal SPE installations, items with a null SMTP MAIL FROM are correctly processed.
MM-4193	Visual C runtime requirements have been consolidated or moved to newer versions.
MM-4200	Text was not correctly extracted from non-English Office 2003 documents. Fixed.
MM-4209	SPF checking could return an unexplained error after failing on a malformed record. Fixed: Items after an "all" terminator are discarded (a warning is logged). Additional details are logged.
MM-4213	Text was not correctly extracted from some complex Word documents containing Unicode text blocks of more than 1023 bytes. Fixed.
MM-4232	TextCensor can optionally log details of matched expressions to the Engine (Content Analysis) text log. See Trustwave Knowledge Base article Q15173.
MM-4234	The TextCensor matching engine can be updated automatically through the SpamCensor update function.
MM-4236	The Image Analyzer module has been updated to version 5.1.
MM-4237	Maintenance entitlement information is now retrieved through a web service and displayed in the Configurator and Console.
MM-4283	The SQM website could become unresponsive when handling messages with malformed "from" addresses. Fixed.
MM-4291	In version 7.1, domain-specific overrides for the {Administrator} and {ServerAddress} variables were not honored. Fixed.
MM-4296	the version of MSKaspersky.DLL installed with MailMarshal was not the latest released version. Fixed.
MM-4304	Comparison of file names during configuration import was failing due to case sensitivity. Fixed.
MM-4308	In some 7.1 releases, Blended Threats provisioning was not storing retrieved credentials. Fixed.
MM-4311	Some duplicate expressions have been removed from TextCensor scripts.
MM-4313	Installation or upgrade now installs .NET Framework 3.5 SP1 as necessary.
MM-4314	The MailMarshal Support tool is now included in product installation.
MM-4323	Automatic message release could fail in some cases due to a corrupted release code caused by certain webmail clients and browsers. Fixed.
MM-4341	the version of MSKaspersky.DLL included with the product is updated to 1.0.2.
MM-4347	SQM sessions with forms authentication did not expire after the configured period. Fixed.
MM-4351	A new option on the External Command Rule Action allows you to request repacking of a message (so that any changes made by the command will be included in the delivered message).
MM-4353	In version 7.1, calculation of the oldest message date could cause the array manager to stop. Fixed.
MM-4354	When upgrading to version 7.1, the prior version database log files with Blended Threats properties were not correctly processed (property id 3 does not exist). Fixed.
MM-4358	An obsolete column used by the old BTM functions was removed from the SQL database.
MM-4363	Blended Threats provisioning did not work correctly through certain proxies. Fixed.
MM-4364	Unpacking of PDF documents now times out after 4 minutes by default. The timeout can be adjusted using a Registry setting. See Knowledge Base article Q15160.
MM-4365	Security for the storage of passwords in SQM is enhanced.
MM-4366	A SQM page was vulnerable to arbitrary redirection. Fixed.
MM-4367	SQM did not clear session identifiers on logout. Fixed.
MM-4368	Blended Threats license provisioning is now checked immediately when a new license key is entered.
MM-4374	The Sync Tool creates a dump file if it encounters an unhandled exception.
MM-4375	The Sync Tool did not gracefully handle non-MML files in the quarantine folders. Fixed.
MM-4376	Server ID numbers are shown for each server in the lists in Configurator and Console.
MM-4377	Options for the command line ESET NOD32 virus scanner now match the syntax for NOD32 version 4. Note that if you have an earlier version of NOD32 you must upgrade NOD32 (strongly recommended) or manually reconfigure the settings.
MM-4383	Installation of SQM did not properly detect and use a pre-existing installation of .NET 4.5. Fixed.
MM-4394	Entry and validation of Blocked Hosts now supports network ranges in CIDR notation.
MM-4397	Certificate Signing Requests created by the TLS certificate wizard contained the local hostname or FQDN in the SAN field if no other SAN entries were specified. Fixed.
MM-4414	Database partitioning issues could cause the Array manager to be unable to start. Fixed. Note that this issue affects only SQL Server Enterprise installations.
MM-4423	Retrieval of CRLs used by the TLS functions now times out more quickly. Timeouts can be configured with Registry entries; see Knowledge Base article Q15590.
MM-4449	iCalendar message parts (MIME type text/calendar) were not correctly recognized and unpacked. Fixed.
MM-4452	TLS CRL retrieval attempted to retrieve CRLs from unsupported locations. Fixed: only HTTP and HTTPS locations are checked.
MM-4458	Logging of valid PTR checks has been enhanced.
MM-4462	When a configuration was imported from an installation with a different directory location, SpamCensor updates could retain entries for two sets of files. Fixed.
MM-4465	Sender IP address match ranges entered in previous versions could have invalid netmask entries. On upgrade these ranges will not be imported. IP ranges are now entered in CIDR notation.
MM-4485	Web Components installation did not correctly detect the presence of ASP.NET 4.5. Fixed.
MM-4501	If a TLS client certificates was expired or not yet valid, attempting to retrieve the CRL could cause the Receiver to fail. Fixed.
MM-4502	The date of expiration of the product maintenance contract is now displayed in the Console and Configurator.
MM-4518	The Social Security Number category script and the associated default rule have been updated. See the upgrade notes above.

7.1.2.5326 (December 5, 2012)

MM-4277

In earlier 7.1 releases, BTM Provisioning caused an automatic commit of configuration every 24 hours. Fixed: configuration is only committed when required.

7.1.1.5205 (November 20, 2012)

MM-2988	The Sophos for Marshal (MSSophos.dll) version included with MailMarshal has been updated to 1.3.4.0. This version improves the behavior when updating the Sophos Engine under load.
MM-4252	Utilities that retrieve content using HTTPS did not properly release memory. Fixed.
MM-4255	The SecureTrust and Secure Global CA certificates are now installed to the Windows certificate store by the MailMarshal installation. These root certificates are used by Trustwave-issued SSL certificates and are not part of the default certificate set in some Windows releases.
MM-4259	The Blended Threats provisioning process did not correctly encode high order characters before submitting via HTTP. HTTP error 400 could be returned in some cases. Fixed.
MM-4265	The Blended Threats provisioning process did not succeed on servers with XSD validation enabled (the default setting for Windows 2003). Fixed.

7.1.0.4874 (September 17, 2012)

MM-1256	In earlier versions, restarting the Array Manager Service or the Array Manager server forced a restart of services and full refresh of configuration on all nodes. This behavior no longer applies. You can force a restart and refresh by clicking Force Configuration Reload on the Configurator Tools menu.
MM-1449	The minimum period for retention in Archive and Sent History folders is now 1 day. The default is now 7 days.
MM-2792	For MailMarshal SPE installations, the SSMURL setting (base URL of SQM) can be set for each customer.
MM-2899	SPF thresholds can be altered, if necessary, by setting Registry values. For details, see Trustwave Knowledge Base article Q14723.
MM-3139	A new Content Analysis Rule Condition is available to check whether or not a message was received over a SMTP Authenticated connection.
MM-3466	Some Excel 2007 (XLSX) files could take an hour or more to unpack due to inefficient XML parsing. Fixed.
MM-3583	In version 6.9 and above, sender logs were not available in the Console for "temporarily undeliverable" messages. Fixed.
MM-3760	In rare cases, a TEXT file could have been incorrectly identified as COM due to a buffer size issue. Fixed.
MM-3796	In versions 6.7 and above, SpamProfiler user group exclusions were not correctly applied at the receiver if the group was not used in another rule, and the User Group selected could be deleted even though it was used in policy. Fixed.
MM-3845	Client TLS certificates are supported for Inbound TLS.
MM-3901	The optional notification emails for automatic updates (SpamCensor updates) are now generated for failed updates as well as successful updates.
MM-3924	TLS negotiation could fail when using a chained certificate due to a problem with the TLS/SSL library. Fixed.
MM-3927	The stored procedure used to purge statistics data in version 6.9 was inefficient. Fixed. Note that on upgrade, irrelevant old records are purged and a SQL table is re-indexed.
MM-3929	In some earlier versions the SQM "maximum blocked mail displayed" setting was not correctly applied. Fixed.
MM-3950	In rare cases, a multi-part MIME message would not be properly unpacked due to a weakly formatted boundary line. Fixed.
MM-3952	Older archived messages might not be shown in the Console if the retention time setting was extended. Fixed.
MM-3955	In the TLS Certificate Wizard, the Key Length field could be edited to include inappropriate characters. Fixed.
MM-3956	Upgrading removes rule conditions and files used by the previous version of the Blended Threats Module.
MM-3960	In the TLS Certificate Wizard, when importing a signed certificate, the password text was not obscured. Fixed.
MM-3961	In version 7.0, service text logs showed false "invalid file" errors for deadletter folders. Fixed.
MM-3962	In version 7.0, some entries in the Controller text log did not display the names of dead letter folders. Fixed.
MM-3963	Logs now include information about the MailMarshal version at the beginning of processing for each service for each message.
MM-3967	In some earlier versions, the rule print output displayed some HTML tags in the text. Fixed.
MM-3977	The Engine rewrites URLs in messages bodies as required for the new BTM rule action, including obfuscated URLs.
MM-4005	In some cases where an attachment was an Office 2003 document containing an embedded Office 2007/2010 document, the message was deadlettered due to an unpacking problem. Fixed.
MM-4013	In version 6.9.5 and above, processing logs were not appended to the "report as spam/not spam" information. Fixed.
MM-4015	Global exclusions to BTM rewriting are remotely updated through the automatic update service (SpamCensor updates).
MM-4018	TextCensor scanning was applied to the top level of Office 2007 documents, resulting in false positives. Fixed: for these documents, TextCensor now applies only to extracted text.
MM-4024	For MailMarshal SPE installations, the array delivery override setting was not being applied. Fixed.
MM-4033	The product End User License Agreement has been updated.
MM-4037	The MailMarshal installer recognizes and supports SQL Server 2012 and SQL Express 2012.
MM-4039	The MailMarshal product works with SQL Server 2012 and SQL Express 2012.
MM-4051	The EMF unpacker caused a fault in the Engine service when unpacking items with zero size. Fixed.
MM-4052	The TLS/SSL library that MailMarshal uses has been updated to version 1.0.0i.
MM-4107	The selected TLS Certificate Validation options are more clearly presented in the rule summary.
MM-4111	TLS Certificate Validation can be configured to access any required Windows certificate stores. Frequently used stores are used by default.
MM-4113	TLS Certificate Validation can save certificate information to disk for debugging.
MM-4137	The version of the PDF unpacker that is included in the installation has been updated.
MM-4140	For MailMarshal SPE installations, a Local Domain could not be re-used if moved to another array, re-created, or disabled and enabled. Fixed.
MM-4158	In some cases content extracted from Office documents was incorrectly identified as EMF instead of WMF, resulting in a dead lettered message. Fixed.

7.0.2.4629 (June 8, 2012) (SPE Only)

MM-4091	For MailMarshal SPE installations, messages between customers hosted on the same array were not always handled correctly. Fixed.
MM-4092	For MailMarshal SPE installations, an incorrect SMTP verb was sent to non-SPE servers, causing messages to be rejected. Fixed.

7.0.1.4245 (March 13, 2012) (SPE Only)

MM-3969	During installation of MailMarshal or Web Components, prerequisite detection failed if a newer version of Visual C++ 2010 runtimes were already installed. Fixed.
MM-3972	On upgrade to 7.0.0, an incorrect error displayed when no WMI dependent services needed to be stopped. Fixed.
MM-3978	In version 7.0.0, lines in the Receiver log file were double-spaced. Fixed.
MM-3980	In version 6.9 and above, PDF attachments with Unicode characters in the filename were not unpacked and scanned. Fixed.

7.0.0.4137 (February 7, 2012) (SPE Only)

MM-157	TLS certificate creation now supports Subject Alternative Names.
MM-1603	Rule printing output was not correctly escaping HTML. Fixed.
MM-1633	Connection and Content Analysis rules now include TLS properties criteria.
MM-1688	Connection and Content Analysis rules now include a "Received via TLS" condition.
MM-1928	Setting content size or count rule conditions to 0 caused the Engine to stop. Fixed.
MM-2328	The TLS/SSL library that MailMarshal uses has been updated to version 1.0.0e.
MM-2544	Initial changes have been made to support IPv6 in a future release. (No IPv6 functionality is available for use in this release.)
MM-2783	Outbound TLS is enabled by default for new installations.
MM-3120	The SMTP Authentication username (if any) is logged to the Receiver and Engine text logs.
MM-3276	The installer logic to stop and re-start the WMI service has been improved.
MM-3635	Dead Letter rules now allow the Send mail template notification action.
MM-3650	Messages that would have been deadlettered with "too many lines before boundary" are now unpacked and the pre-boundary material is scanned as text. The registry entry for `MaxPreBoundaryLines` is irrelevant and is removed on upgrade.
MM-3651	Dead Letter rule actions were not applied correctly where different actions were required for different recipients. Fixed.
MM-3694	The default Receiver Socket Timeout (SMTP transmission timeout) has been changed to 30 seconds (was 300 seconds).
MM-3726	The SpamProfiler cartridge has been updated to version 3051.
MM-3750	Outbound TLS can be configured to offer a client certificate if requested.
MM-3756	The product is rebranded as M86 MailMarshal SEG.
MM-3779	Database upgrade now checks for pre-existing customer created objects with the same name as objects that would be created.
MM-3797	Retrieval of User Group information from the Array Manager to processing servers could cause performance issues when used over slow WAN links. Fixed.
MM-3799	Dead Letter rules now allow the Delete action.
MM-3800	Dead Letter rules now allow the BCC action.
MM-3801	Dead Letter rules now allow the Set Message Routing to Host action.
MM-3802	Dead Letter rules now allow the Write log message with classification action.
MM-3813	It is now possible to specify that message delay notifications should be sent externally. See Trustwave Knowledge Base article Q14383.
MM-3819	Dead Letter rules now allow the Where detected as spam by SpamProfiler condition.
MM-3822	Dead Letter rules now allow the Move to folder action.
MM-3850	More detailed debugging information about SpamProfiler classification is included in message log files.
MM-3870	Unpacking and file type functionality can now be updated automatically, using the same Internet update functions used for SpamCensor.
MM-3872	Setting count rule conditions to "less than 0" was allowed by the Configurator. Fixed.
MM-3954	In version 6.9, MailMarshal rejected messages when the local part of the email address was longer than the RFC length of 64 characters. This restriction is now disabled by default. To enforce the restriction, contact Trustwave Support for details of a registry entry.

6.9.9.4075 (January 17, 2012)

MM-3904	DOC files with poor formatting in the User Summary Info area can cause MailMarshal services to stop. If you encounter this issue, please contact Trustwave Support for details of a setting to skip processing of this part of documents.
MM-3907	Sent History retention cannot be set to less than one month. If Sent History items are consuming excessive disk resource, please contact Trustwave Support for details of additional options.
MM-3909	In earlier 6.9 versions, messages with invalid envelope information were not properly deadlettered. Fixed.
MM-3911	Unpacking of certain poorly formatted PDF files can fail. If you encounter this issue, please contact Trustwave Support for details of additional options.
MM-3912	Word documents with null fields in Document Summary Info could cause the Engine to stop. Fixed.
MM-3913	Certain Word documents with invalid document summary information were incorrectly deadlettered. Fixed.
MM-3918	It is now possible to specify that message delay notifications should be sent externally. See Trustwave Knowledge Base article Q14383.

6.9.8.3800 (November 3, 2011)

MM-3755	Messages with attached Office 2003 documents that contained embedded Office 2007/2010 documents were deadlettered. Fixed.
MM-3855	In 6.9.7, specific formatting in OLE document summary information could cause messages to be incorrectly deadlettered. Viewing these messages in the Console could cause additional problems. Fixed.

6.9.7.3719 (October 18, 2011)

MM-3770	Upgrade now provides more user friendly information about status during database upgrade.
MM-3771	Upgrade now provides more user friendly information about status while calculating time required for database upgrade.
MM-3816	In 6.9.6, the Web Console could return an error for non-administrative users under Windows Authentication. Fixed.
MM-3817	In 6.9.6, OLE documents with document summary information over a certain length could cause the Engine to stop. Fixed.
MM-3818	In 6.9.6, unpacking of OLE data from Excel files could cause the Engine to stop in specific cases. Fixed.
MM-3836	In 6.9.6, checking of mailbox name length could return an incorrect result for some cases using ESMTP extensions. Fixed.
MM-3844	In 6.9.6, warning messages generated during PDF unpacking were not handled correctly in some cases. Fixed: The affected documents are unpacked and scanned. Any warnings concerning embedded content (such as images in unsupported formats) are logged to the Engine text logfile.

6.9.6.3437 (September 7, 2011)

MM-108	Many images are now extracted from PDF documents.
MM-1483	Help and header text for the Rule Profiler function has been added to mmlookup.exe.
MM-1567	PDF unpacking now handles Unicode.
MM-2236	Some PDF files caused recursion in the Engine and could not be unpacked. Fixed.
MM-2363	The version of the archive unpacker included with MailMarshal has been updated. This version handles additional compression formats.
MM-2834	PDF files with limitations on printing and other functions were incorrectly identified as Encrypted PDF. Fixed.
MM-2837	Image Analyzer has been updated to version 5.
MM-2859	Binary files are now better recognized as type COM or EXE.
MM-2977	PDF Xref detection is improved.
MM-3332	Receiver, Engine, and Sender logs for each message are now stored in the message file. The Console message viewer displays the available information in separate tabs. Message log information for items that have been successfully delivered is now retained in a reserved folder named "Sent History."
MM-3339	Messages to be sent over TLS were not properly retried after temporary failure. Fixed.
MM-3366	The Receiver service could incorrectly detect that the mailbox name was too long (more than 255 characters). Fixed.
MM-3367	Certain Office 2007 documents were not recognized due to internal structure. Fixed.
MM-3387	SQL code for database creation and upgrade is now within a transaction to allow easier rollback if problems are encountered.
MM-3405	MailMarshal Sender throughput has been enhanced with increased buffer sizes.
MM-3406	MailMarshal Receiver throughput has been enhanced with increased buffer sizes.
MM-3410	DBlog files now correctly handle larger content.
MM-3419	Office 2007 files generated through the OpenXML SDK were not correctly unpacked. Fixed.
MM-3422	PDF unpacking has been improved, notably for Unicode and some encodings of images.
MM-3427	The MailMarshal database now supports index partitioning if installed on SQL Server Enterprise Edition (for new databases only).
MM-3431	Database and processing enhancements have been made to support MailMarshal SPE with multiple customers.
MM-3456	User Defined and custom document properties are now unpacked and scanned in Word 2003 and Word 2007 documents.
MM-3472	The Server Tool now checks the validity of the configured database on startup (this allows the database to be re-created when the SQL server has been rebuilt).
MM-3494	Word documents encrypted with IRM in Word 2007 (2003 compatibility mode) were deadlettered. Fixed: these documents are correctly recognized.
MM-3495	The minimum version allowed for upgrade is 6.5.1.
MM-3513	Messages quarantined with a default release action of "skip remaining rules" were not reprocessed as requested upon release. Fixed.
MM-3514	Console Dashboard data was never purged from the database. Fixed.
MM-3536	TLS now allows selection of a minimum cipher strength for inbound and outbound connections.
MM-3538	The certificate used to sign executable files has been updated.
MM-3539	The message parking feature logged redundant messages when a message was unparked. Fixed.
MM-3550	Logging of low disk space warnings has been enhanced for readability.
MM-3551	The Array Manager could stop unexpectedly if a new database was created and configuration was not synchronized. Fixed.
MM-3553	Routing enhancements have been made to support MailMarshal SPE with multiple customers.
MM-3582	A full BTM database update could stop message processing for a significant time. Fixed.
MM-3598	PDF unpacking has been enhanced. Images, attachments, and annotations are unpacked.
MM-3604	Deadlettered messages can be passed through to users by rule action.
MM-3611	Sender and Recipient IP addresses could be logged incorrectly (with reversed octets). Fixed.
MM-3612	The integration with Norman Endpoint Protection is updated.
MM-3613	Retention and permissions for Deadletter folders are now set through the Configurator.
MM-3622	Receiver rules with the message size conditions "equal to" and "not equal to" caused the receiver to fail. Fixed.
MM-3628	EMF files are now correctly unpacked and the contents are scanned. See also MM-3725.
MM-3634	New database objects are included to summarize traffic data for MailMarshal SPE installations.
MM-3649	Additional logging has been added in the Engine service for Dead Letter rule processing.
MM-3676	Configuration of the Marshal IP Reputation Service was invalidated when another Reputation Service was configured. Fixed.
MM-3684	Error messages logged to the Event Log could cause issues due to recursive substitution of variables. Fixed.
MM-3691	BTM updates could prevent reloading of configuration at the Engine. Fixed.
MM-3696	PDF unpacking has been improved. Incorrect character strings are no longer present.
MM-3697	PDF unpacking now supports "linearized" PDF.
MM-3699	Selecting the default message digest template for new digests loaded additional incorrect characters. Fixed.
MM-3705	The Console and Configurator now use the terms "Connection Policy" or "Connection Log", "Content Analysis Policy" or "Content Analysis Log," and "Delivery Log".
MM-3712	A more descriptive logging message is written by the Array Manager on shutdown when the SQL database is unavailable.
MM-3722	The Sender would stop in the unlikely event that no route at all could be found for a message. Fixed.
MM-3725	Files unpacked from EMF files (MM-3628) are only saved and scanned if they are of a recognized type. Type BIN (unknown) files are not saved.

To review Release History prior to version 6.9.5, please see the Release Notes for the specific versions.

Legal Notice

All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.

While the authors have used their best efforts in preparing this document, they make no representation or warranties with respect to the accuracy or completeness of the contents of this document and specifically disclaim any implied warranties of merchantability or fitness for a particular purpose. No warranty may be created or extended by sales representatives or written sales materials. The advice and strategies contained herein may not be suitable for your situation. You should consult with a professional where appropriate. Neither the author nor Trustwave shall be liable for any loss of profit or any commercial damages, including but not limited to direct, indirect, special, incidental, consequential, or other damages.

Trademarks

Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.

About Trustwave®

Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave, visit https://www.trustwave.com.