(Previously known as MailMarshal SEG)
Last Revision:
September 11, 2018
These notes are additional to the SEG User Guide and supersede information supplied in that Guide.
The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q20902.
New Features
System Requirements
Upgrade Instructions
Uninstalling
Release History
For more information about additional minor features and bug fixes, see the release history.
%ProgramFiles%\Trustwave\Secure Email Gateway\
HKey_Local_Machine\Software\Trustwave\Secure
Email Gateway
%ProgramFiles(x86)%\Trustwave\SEG
Web Components\
The following system requirements are the minimum levels required for a typical installation of the Trustwave SEG Array Manager and selected database.
Please review the SEG User Guide before upgrading.
Trustwave SEG 8.0 supports a direct upgrade from Trustwave SEG 7.3.0 and later versions. This is a change from 7.5.X and earlier.
If your installed version does not support direct upgrade, you can upgrade in steps.
You can access a supported SQL Express version from the Prerequisites tab of the SEG installation package. The "With SQL Express" version of the package also allows you to install SQL Express during the main SEG installation.
To upgrade a single SEG server from any version supporting direct upgrade, install the new version on the existing server. You do not need to uninstall your existing version. The database will be upgraded in place, if necessary.
After upgrading the Array Manager you can upgrade the processing servers through the Configurator, with no need to log on to the processing servers. For more information, see the Upgrading section in the User Guide.
To upgrade from a version prior to 7.3.0, first upgrade to version 7.3.0. Full details about upgrading to version 7.3.0 from older versions can be found in the documentation for the target version.
Note: The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q20902.
Read the notes for all versions newer than your installed version. This list only includes information about versions newer than 7.3.0. For earlier versions, see the release notes of each version.
{install}
variable, the installer
updates configuration as required to continue to
reference the original location.SEG can be installed in a variety of scenarios. For full information on uninstalling SEG from a production environment, see the Trustwave SEG User Guide.
To uninstall a trial installation on a single computer:
The following additional items have been changed or updated in the specific build versions of Trustwave SEG (previously MailMarshal) listed.
Note: The information in this document is current as of the date of publication. To check for any later information, please see Trustwave Knowledge Base article Q20902.
MM-6564 | In earlier 8.1 releases, certain badly formatted email addresses in the MAIL FROM or RCPT TO caused the Receiver to stop unexpectedly. Fixed. |
MM-6571 | After upgrade from version 8.0 to earlier 8.1 releases, the Credit Card Number, Social Security Number and PCIDSS TextCensor scripts had no "apply to" options selected. Fixed. |
MM-6584 | The Sender service could stop unexpectedly in rare cases due to message routing issues. Fixed. |
MM-6621 | The MessageId is changed when a message is released from quarantine (reverting to the behavior in all releases before 8.1.2). To control this behavior, see Trustwave Knowledge Base article Q21049. |
MM-6364 | Syslog record transmissions in RFC-3164 format now include the TAG: format to start the content portion of the record. |
MM-6465 | Syslog Rejected Messages records now populate the From variable with the Return Path address if the From address is empty. |
MM-6467 | The rule execution profiler result display is improved. |
MM-6499 | The Sender and Receiver services could fail to stop on command in some cases when a processing thread was unresponsive. Fixed. |
MM-6500 | Sender logging for null MX record detection is improved. |
MM-6504 | The MessageId is no longer changed when a message is released from quarantine. The previous behavior can be used if required. |
MM-6530 | In earlier 8.1 releases, configuration upgrade or import from earlier versions failed if older, unused Routing Tables were present. Fixed. |
MM-6531 | In earlier 8.1 releases, the Web Admin Console could not connect with Windows Authentication, due to a limitation of the REST interface. Fixed: the Web Admin Console uses the earlier port 19001 interface. |
MM-6532 | Web Admin Console connections to the Array Manager are reset to use port 19001 if port 19006 had been selected in an earlier 8.1 installation. |
MM-6534 | Syslog database connections did not work when the database user credential was a Windows username. Fixed. |
MM-6535 | SpamProfiler cartridge (executable) files could not be updated through automatic updates. Fixed. |
MM-6536 | Upgrade from release 8.0.1 to 8.1.1 (only) did not correctly upgrade the database. Fixed. |
MM-6546 | The SpamProfiler cartridge (executable) included in the release has been updated. |
MM-6556 | The engine could stop unexpectedly when attempting to extract URLs for validation. Fixed. |
MM-6560 | The version of the PDF unpacker that is included in the installation has been updated. |
MM-6496 | Sender logging for null MX record detection is improved. |
MM-6498 | In release 8.1.0, the Sender and Receiver services might not stop as requested when under load. Fixed. |
MM-2058 | Notification email messages for expired TLS certificates are improved. |
MM-2267 | Category script evaluation is now performed once per message. Engine performance is improved. |
MM-3433 | The REST API now provides the ability to retrieve a message in the sender queue. |
MM-4133 | The REST API now provides the ability to locate a user in a usergroup by exact match or wildcard. |
MM-4331 | Rule execution profiling is improved. |
MM-4396 | Email processing nodes send a notification email every hour if they cannot contact the Array Manager. For configuration settings see Knowledge Base article Q20987. |
MM-4476 | Storage of the Routing Tables in Registry has been revised for ease of use. |
MM-4839 | SEG service logs now provide consistent service startup information. |
MM-5131 | For SEG Service Provider Edition installations, the Maximum Recipients Per Message setting was not honored by the Receiver. Fixed. |
MM-5237 | URL rewriting for BTM changed XMLNS tags. Fixed. |
MM-5656 | The SQM User Settings page did not display the Message Digests tab if digests were configured with user groups containing AD users. Fixed. |
MM-5720 | Visual C++ 2015 redistributables are now included in the installation. |
MM-5721 | When a message is released, the processing node performs additional validation to ensure appropriate recipients. |
MM-5730 | In version 8.0, the Basic Install option did not connect to the local SQL Express instance on the first attempt. Fixed. |
MM-5806 | Installing SQL Express from the Prerequisites tab of the install window now sets the same options as the install wizard (Mixed Mode and TCP enabled). |
MM-5886 | On the Configurator DMARC Dashboard, search selections were not properly retained. Fixed. |
MM-5994 | The size of string data allowed in database logging files from nodes to Array Manager has been increased. |
MM-6026 | The Engine service would not stop when a thread was hung, in specific cases. Fixed. |
MM-6053 | Messages rejected at the Receiver are logged to the database. |
MM-6117 | The web access component included with the product is updated. |
MM-6132 | The Array Manager could fail to start while retrieving the database details. Fixed. |
MM-6139 | URL rewriting for BTM changed the envelope subject of a message upon rewriting the subject of an attached message. Fixed. |
MM-6153 | The Web Console now communicates with the Array Manager using the REST interface. |
MM-6154 | The Sender service now checks for Null MX records and does not deliver messages to a domain with a valid Null MX entry. |
MM-6160 | Message rejection codes are added for some additional cases (internal to Receiver processing). |
MM-6297 | The Receiver waits for SpamProfiler to be ready before accepting mail. On a new installation, SpamProfiler file download and initialization can take several minutes. |
MM-6322 | The version of the REST SDK used has been updated. |
MM-6347 | The Database Provider can be changed to MSSQLOLEDB using a Registry setting. This option is provided to allow connection to SQL servers that require TLS 1.2. For configuration settings see Knowledge Base article Q21020. |
MM-6370 | The TLS/SSL library used by SEG has been updated. |
MM-6380 | The SpamProfiler cartridge installed with SEG has been updated. |
MM-6383 | Text logging could cause services to stop where certain values were logged. Fixed. |
MM-6405 | Installation uses the Microsoft Universal C++ Runtime package. |
MM-6427 | TextCensor scripts could show an item match limit of 0 (zero). Fixed: the limit displays correctly as "ALL". Script triggering is not affected by the change. |
MM-6434 | The Engine log could show repeated errors concerning URL Categorization Cache. Fixed. |
MM-6365 | The Receiver could stop unexpectedly when processing a malformed DMARC record. Fixed. |
MM-6371 | The version of Image Analyzer included in the installation has been updated to correct an issue with initialization on Windows 2016 servers. |
MM-6373 | DMARC message database logging could cause SQL deadlocks under heavy load. Fixed. |
MM-6376 | DMARC aggregate reports had an incorrect Content Type header. Fixed. |
MM-6378 | The version of the PDF unpacker that is included in the installation has been updated. |
MM-6379 | The TLS/SSL library used by SEG has been updated. |
MM-6382 | .XZ compressed files are unpacked. |
MM-6393 | Adding message users to groups could cause delays on a busy system with large groups. Fixed. |
MM-6395 | The 7zip filesincluded in the installation has been updated to address known vulnerabilities. This update was also released to SEG Automatic Updates for earlier supported versions. |
MM-6396 | User group pruning performance has been enhanced. |
MM-6452 | The DKIM key text field on the DKIM window now includes a scrollbar to allow the full key to be viewed and copied. |
MM-4120 | Folder names entered in the Configurator could include invalid characters. Fixed. |
MM-6209 | Domain and route entries could not contain the underscore character. Fixed. |
MM-6261 | For SEG Service Provider Edition installations, the sender no longer attempts to deliver messages to domains that resolve to loopback entries. |
MM-6296 | Default values used for message unpacking limits in the controller did not match the engine settings. Fixed. |
MM-6298 | Certain characters in email addresses caused DMARC validation to fail. Fixed. |
MM-6300 | The DMARC Report Service could stop when dealing with corrupted or large DMARC reports. Fixed. |
MM-6301 | Loading of IPv6 addresses in IP groups during array manager startup could fail under certain circumstances. Fixed. |
MM-6302 | The Array Manager did not always use the "preferred server for notifications" when it was available. Fixed. |
MM-6315 | The sender DNS cache could incorrectly return permanent DNS failures after two consecutive temporary failures. Fixed. |
MM-6317 | For SEG Service Provider Edition installations, the "Send a copy of the message to host" action no longer requires TLS when TLS is required for the recipient domain. |
MM-6320 | For SEG Service Provider Edition installations, retrieval of queue information through REST is more efficient. |
MM-6321 | The REST API could consume a large amount of CPU resource. Fixed. |
MM-6323 | In earlier 8.0 releases, message details could not be viewed in consoles if the message had been released for all recipients. Fixed. |
MM-6331 | The receiver now enforces TLS cipher strength ordering (strongest preferred) by default. |
MM-6333 | Minor improvements and corrections are made to REST API functionality. |
MM-5981 | DKIM keys could not be replicated if the Array Manager and processing server were in unrelated domains. Fixed: It is possible to use a generic credential to connect. For details, contact Trustwave Technical Support. |
MM-6166 | DMARC reports were sent with a blank MAIL FROM. Fixed: reports are sent "from" the DMARC organizational address for the domain. |
MM-6210 | Messages could not be viewed in the Console if a custom file type was invoked, in some cases. Fixed. |
MM-6211 | The REST API now provides the ability to list, add, get, and edit TextCensor scripts. |
MM-6235 | In earlier 8.0 releases, stripping of attachments within archives did not work as expected. Fixed. |
MM-6236 | In earlier 8.0 releases, setting folder retention to an explicit value longer than 68 years caused unexpected deletion of all messages in the folder. Fixed. |
MM-6238 | Additional information about DKIM signing and verification is logged. |
MM-6256 | In earlier 8.0 releases, opening the Database tab of the server tool caused the tool to stop. Fixed. |
MM-6258 | In earlier 8.0 releases, TLS certificate expiry notifications were not sent from separate processing nodes. Fixed. |
MM-5846 | Message subjects are stored in the database as Unicode. Some interfaces, including SQM and digests, display wide characters in subjects correctly. For more information, see article Q20902. |
MM-6134 | In a database under heavy load, the user summarization stored procedure could time out. Fixed. |
MM-6135 | For SEG Service Provider Edition installations, queued messages can now be retrieved by customer ID. |
MM-6136 | The REST API now provides a check for availability of a remote delivery server. |
MM-6152 | In earlier 8.0 releases, the REST interface could fail to find a message. Fixed. |
MM-6161 | Configuration import failed when processing some valid combinations of nested user groups. Fixed. |
MM-6163 | In earlier 8.0 releases, Web Console installation did not present the option of Forms or NTLM authentication. Fixed. |
MM-6164 | Web Console installation did not enable Windows authentication on the virtual directory when NTLM authentication was specified. Fixed. |
MM-5999 | On upgrade from 7.X, some Registry values that store time values were not correctly updated to REG_QWORD. Fixed. |
MM-6005 | Message stamping has been made more efficient. |
MM-6030 | The Configurator now shows the date created, date modified, and user names for each rule and policy group. |
MM-6031 | In earlier 8.0 releases, exceptions in the Yara module could cause the SEG Engine to stop. Fixed. |
MM-6045 | In earlier 8.0 releases, policy group schedules were not honored. Fixed. |
MM-6090 | The DMARC dashboard menu for domain selection did not honor the period selected. Fixed. |
MM-6118 | On upgrade from 7.X, the custom file type list (filetype.cfg) was not copied to all required locations. Fixed. |
MM-6120 | Changing the retention period on the DMARC Reports folder caused some other properties of the folder to be unset. Fixed. |
MM-6121 | DMARC Dashboard views in the Console can now be filtered by DMARC alignment status. |
MM-6122 | The version of the PDF unpacker that is included in the installation has been updated. |
MM-3812 |
The SEG variables {ServerAddressSender} and {ServerAddressRecipient}
were not correctly used when sending notification messages from
templates. Fixed. |
MM-5882 | Receiver performance could be affected during a configuration reload. Fixed. |
MM-5980 | In earlier 8.0 releases, requests to upgrade nodes from the Configurator did not succeed. Fixed. |
MM-5907 | In earlier 8.0 releases the Hash module of Yara was not supported. Fixed. In addition, the version of the Yara Analysis Engine is updated to 1.0.4. |
MM-5977 | The Console RSS functionality has been improved. |
MM-5979 | Upgrade is blocked if CountryCensor rules or files are present. |
MM-5993 | Upgrading to earlier 8.0 releases could fail due to a lock on previous SpamProfiler executable files. Fixed. |
MM-5995 | On upgrade from 7.X, some Registry values that store time values were not correctly updated to REG_QWORD. Fixed. |
MM-5996 | Upgrade from 7.X did not check for a supported operating system version (Server 2008 R2 or above) before beginning to copy Registry keys. Fixed. |
MM-5997 | The version of the PDF unpacker that is included in the installation has been updated. |
MM-5998 | On upgrade from 7.X, if the upgrade failed the manager listening port was set to 0. Fixed: the port is reverted to the previous value. |
MM-6002 | When a DMARC disposition was set on a message and the message was not quarantined, it was not delivered. Fixed. |
MM-6004 | Message stamping at the top of a HTML message did not always correctly identify the beginning of the HTML body. Fixed. |
MM-6006 | SpamProfiler scores and analysis are always logged to the Receiver log. |
MM-6007 | The TLD Difference evaluation for domain similarity matched on other local domain names. Fixed. |
MM-6008 | Items with a SpamProfiler score between 96 and 99 inclusive are tagged as "Spam-Suspect". |
MM-6009 | Console Audit logs now record opening the message detail. |
MM-6010 | Header matching now decodes headers (such as UTF-8 encoded headers) if required, and checks both raw and decoded text. |
MM-6013 | The Edit Distance evaluation for domain similarity could match on other exact local domain names. Fixed. |
MM-6023 | Cleanup of long paths in the unpacking directory has been improved. |
MM-6024 | The customized version of the archive unpacker included with SEG has been updated. |
MM-5902 | The customized version of the archive unpacker included with SEG has been updated with long filename support. |
MM-5904 | Receiver socket buffer size is now set dynamically by default to enhance performance. |
MM-5906 | SPF Fail records can be viewed in the DMARC dashboard. |
MM-5909 | Calls to message repacking commands are now fully quoted. |
MM-5914 | In release 8.0.0, category scripts might not be run for all attachments. Fixed. |
MM-5915 | SpamCensor scanning of parent message and all attached messages has been improved. |
MM-5917 | On upgrade from versions below 8.X, the destination folder could not be chosen in some cases. Fixed. Also, some 32-bit DLLs are deleted on upgrade as not required. |
MM-5918 | XML files that were not category scripts could cause upgrade from versions below 8.X to stop. Fixed. |
MM-5919 | SpamProfiler technology has been updated. For upgrades from version below 7.5.8, the update URLs have changed. For more information about required URLs, see Knowledge Base article Q12992. |
MM-5920 | The version of the PDF unpacker that is included in the installation has been updated. |
MM-5961 | On upgrade the SpamProfiler service is updated to the new technology as required. |
MM-1678 | SEG variables can be used in Engine Header Rewrite rules. |
MM-3142 | A domain route can be explicitly marked as "down". Messages that would be delivered through this route will be held without retry or timeout until the route is marked as "up". |
MM-3323 | Server Properties, General page now shows correct server and time zone information for currently supported Windows versions. |
MM-3391 | The Engine service better handles stopping and restarting under load (for example with virus scanner reloading). |
MM-3841 | The Receiver connection count could display an incorrect very high number. Fixed. |
MM-3905 | Regular Expression checking of attachments in Category Scripts now searches over line breaks in the content by default. |
MM-4293 | Invalid date formatting in templates was not correctly handled. This issue could cause services to stop. Fixed: variables with invalid date formatting are not substituted. |
MM-4386 | Blended Threat rewriting incorrectly affected schema names in TNEF attachments. Fixed. |
MM-4590 | Installers and executables include manifests, as per Microsoft certification requirements. |
MM-4836 | The Sender service could stop unexpectedly in rare cases related to deadlettering of multiple messages. Fixed. |
MM-4890 | Server Thread settings can be configured for each processing server. Engine default settings are optimized by default, based on the number of processors on the individual server. On upgrade, customized settings are not changed. |
MM-5128 | URL rewriting for Blended Threat analysis uses a HTTPS link to the scanner if the original link is a HTTPS link. |
MM-5214 | Logging of TLS certificates to disk did not save the entire chain. Fixed. |
MM-5248 | When a message exceeds the maximum size for SpamProfiler evaluation, the truncated message is now evaluated. |
MM-5253 | CRL Distribution Points could not be extracted from certificates with a single v3 extension distribution point entry. Fixed. |
MM-5273 | DKIM library initialization is more efficient. |
MM-5406 | URL rewriting for Blended Threat analysis did not correctly handle links with @ characters in the path or query string. Fixed. |
MM-5408 | SPF evaluation supports IPv6. |
MM-5409 | URL rewriting for Blended Threat analysis passed an incorrectly escaped version of the URL to the scanner. Fixed. |
MM-5420 | All functions that require a list of Top Level Domains now use a copy of the Mozilla TLD file, which will be updated as required. The listing is used by Blended Threat rewriting, DMARC, and SpamSURBL functions. |
MM-5446 | SpamCensor Types evaluation could fail to trigger as expected because scoring was not summed correctly. Fixed. |
MM-5447 | When a message had invalid header format (no line breaks), the Receiver dropped the connection with no message. Fixed: the connection is terminated with a SMTP 554 response. |
MM-5453 | On upgrade, TextCensor scripts are checked for compatibility with the new version of the TextCensor engine. |
MM-5474 | Memory used for CRL list retrieval in the Receiver by TLS/SSL was not fully released. Fixed. |
MM-5478 | The version of the PDF unpacker that is included in the installation has been updated to 5.0.0.13 |
MM-5516 | For SEG Service Provider Edition installations, if a connection was denied due to relaying restrictions, some other criteria were still checked to no purpose. Fixed. |
MM-5517 | TLS certificate manager in the Controller service has more efficient threading. |
MM-5523 | The Receiver service could stop due to problems in TLS/SSL routines. Addressed with improvements in TLS/SSL libraries. |
MM-5542 | SpamCensor now scans a parent message and all attached messages. |
MM-5565 | On installation, logging when setting the MaxUserPort value is improved. |
MM-5569 | Digesting could fail when the SQL server default collation was Case Sensitive, due to inconsistent capitalization in a stored procedure. Fixed. |
MM-5596 | Management of DKIM keys and selectors has been enhanced. DKIM keys can be created directly in the Configurator. |
MM-5623 | The Controller could stop when importing a signed certificate with a blank password. Fixed. |
MM-5624 | The Yara functionality could not be completely updated through automatic updates. Fixed. |
MM-5626 | The version of the Yara Analysis Engine is updated to 1.0.3 (Yara codebase 3.5.0). |
MM-5627 | An incorrectly formatted or corrupt certificate or private key file could cause the Receiver or Sender service to stop. Fixed. |
MM-5629 | The Sender only loads a client certificate if it is requested by the remote server. |
MM-5633 | Loading of certificates in the Sender is improved. |
MM-5642 | The Receiver service could stop in specific cases due to an issue in TLS negotiation. Fixed. |
MM-5643 | Web Components installation on Windows Server 2016 did not check prerequisites. Fixed. |
MM-5652 | TextCensor could add blank lines to the Engine log. Fixed. |
MM-5661 | The TLS/SSL library used by SEG has been updated. |
MM-5670 | The default setting for minimum TLS cipher strength is set to "Medium" for new installations, and also on upgrade if the setting was "Low". |
MM-5672 | If a message processed through SEG does not include a Message-Id header, SEG adds this header to allow better tracking of any issues with onward delivery. |
MM-5675 | Loading and initialization of virus scanners has been made more efficient. |
MM-5685 | Default SSL cipher strings have been updated to disable "Diffie Hellman Authentication" ciphers, for compatibility with Exchange 2003 defaults. |
MM-5696 | Automatic updates now provide the ability to set parameters for file unpacking components. |
MM-5717 | When scanning a message with attached child messages, SpamCensor stops scanning at the first message that triggers and returns information about that message. |
MM-5728 | Email between local domain addresses that is checked by SpamProfiler is now validated with the Outbound SpamProfiler configuration. |
MM-5777 | GeoLite2 is used to provide geographical information for DMARC reports. GeoLite2 database updates are provided as part of the Automatic Updates to the Array Manager. |
MM-5782 | Business Email Compromise fraud detection is enhanced with the ability to enter and match local executive user names and addresses, and to check for domain similarity. |
MM-5786 | Category Script evaluation can now check SEG Envelope properties. For more details see the Advanced Anti-Spam document available from the SEG Documentation page (requires customer login). |
MM-5793 | Re-packing of a message could be unnecessarily triggered by the Blended Threat functionality if all URLs found were exempt from re-writing. Fixed. |
MM-5807 | The SpamProfiler executables have been updated. |
MM-5808 | Changes in TLS configuration are now applied to messages in the Sender retry queue. |
MM-5812 | Email addresses with certain invalid domain formats could cause the Sender to stop. Fixed: the affected messages are deadlettered. |
MM-5813 | A REST API call is available to delete messages from all queues based on search criteria. |
MM-5826 | Notification messages created by rule action are now identified by message name in the service logs. |
MM-5829 | If a CAB file contained a single file, the extracted file was incorrectly named. Fixed. |
MM-5835 | Category Script evaluation can now be used to check values in the headers of a message. For more details see the Advanced Anti-Spam document available from the SEG Documentation page (requires customer login). |
MM-5836 | Checking of free disk space has been made more efficient to avoid possible issues with slow disk access. |
MM-5844 | Category Script evaluation can now check for domain similarity (to enhance fraud detection). For more details see the Advanced Anti-Spam document available from the SEG Documentation page (requires customer login). |
MM-5521 | For SEG Service Provider Edition installations, the SMTP relay denied response did not include any details of the source IP or recipient. Fixed. |
MM-5524 | Additional functions required for BTM rewriting have been moved to the file retrieved through automatic updates, to better support automatic updating. |
MM-5541 | For SEG Service Provider Edition installations, IP Relay source matching could function incorrectly where ranges entered by multiple customers and the Service Provider overlapped. Fixed. |
MM-5548 | For SEG Service Provider Edition installations, Marshal IP Reputation Service unlicensed notifications could be sent in error. Fixed. |
MM-5568 | The SEG Engine now reports "starting" for a longer period to reduce misleading "failed to start" reports from other services on slow systems. |
MM-5599 | BTM rewriting was unnecessarily rewriting links in signed messages, resulting in deadletters. Fixed. |
MM-5609 | The Engine could fail to restart because anti-virus DLLs did not exit completely before reporting as stopped to the Service Control Manager. Fixed. |
MM-5610 | For SEG Service Provider Edition installations, SpamProfiler now ignores certain checks for messages between SPE customers. |
MM-5620 | The TLS/SSL library that SEG uses has been updated to version 1.0.2h. |
MM-5622 | The customized version of the archive unpacker included with SEG has been updated to support newer decompression methods (version 16.02). |
MM-5630 | User group membership could be incorrectly updated (members could be missing) if an error occurred while refreshing a sub-group. Fixed. |
MM-5640 | For SEG Service Provider Edition installations, in certain cases IP based relay restrictions were not applied. Fixed. |
MM-5271 | Proxy port entry for internet access allowed only four digits. Fixed: five digits are allowed. |
MM-5274 | CRL distribution points were not extracted from certificates with v3 extensions. Fixed. |
MM-5277 | Suspect URL detection did not correctly normalize some URLs before querying the service. Fixed. |
MM-5278 | TextCensor memory usage has been improved. |
MM-5390 | In release 7.5.5, top-level message attachments were not scanned by TextCensor. Fixed. |
MM-5391 | The list of event sources shown in the Console Event Viewer has been updated with the current malware scanners. |
MM-5392 | Certain malformed RTF message bodies caused the engine to stop. Fixed. |
MM-5399 | Text log files are better formatted for 5 digit thread IDs. |
MM-5400 | The customized version of the archive unpacker included with SEG has been updated to address recently reported vulnerabilities in 7zip files. |
MM-5404 | The SEG product version is no longer present in the SMTP greeting string by default. |
MM-5405 | TextCensor evaluation is no longer single-threaded. |
MM-5195 | In recent releases, the message viewer did not provide information about message components for delivered messages. Fixed: this information is retrieved from the database if a full message file is not present on disk. |
MM-5196 | If a message was marked temporarily undeliverable during a configuration reload, it would not be retried until the Sender was restarted. Fixed. |
MM-5198 | Whitespace at the start or end of plain text message stamps is no longer trimmed when edited and saved. Blank lines can be added for formatting. |
MM-5208 | TextCensor now does not check sub-components when the parent has already been scanned or excepted from scanning. |
MM-5209 | Attempts to retrieve CRLs from a location that could not be reached caused the Controller to stop. Fixed. |
MM-5210 | In previous 7.5 releases, update downloading did not correctly process gzip encoded web responses. Fixed. |
MM-5211 | The header Reply-To field is now available as a template variable {Header-Reply-To}. The message return path is used if Reply-To is not set. |
MM-5212 | The TLS/SSL library that SEG uses has been updated to version 1.0.1q. |
MM-5218 | Signing of executable files now uses a SHA256 certificate. |
MM-5220 | YAE scripts now support the Hash function of Yara. |
MM-5238 | The SpamProfiler integration SDK has been upgraded. |
MM-5240 | For SEG Service Provider Edition installations, RBL license notification emails are not sent if the installation is not licensed. |
MM-5242 | Uninstallation of the SQM site did not de-register the interface DLL. Fixed. |
MM-5247 | Logging of quarantine release actions to the service text logs has been improved. |
MM-5251 | For new installations, the Malware - AMAX folder is included in the virus reporting group. |
MM-5200 | In release 7.5.0, reporting a message as spam or not spam caused the Controller service to stop. Fixed. |
MM-4251 | SEG now corrects headers that violate the RFC limit of 998 characters, "folding" the header onto multiple lines by default. |
MM-4726 | File name checking could fail for very long MIME encoded file names. Fixed. |
MM-4727 | Improved decoding of MIME Encoded-Word content has been implemented for message subject display (digests and console), Header Rewrite, and filename rules. |
MM-4832 | Multi-line content-disposition headers were not extracted correctly, so attachments with long file names might be incorrectly filtered. Fixed. |
MM-4883 | Libcurl is updated to use Visual Studio 2013. |
MM-4909 | Additional file types have been added to support anti-spam scanning. These types are not currently selectable in rules. |
MM-4961 | The default name of the product database for new installations is now TrustwaveSEG. Upgrading does not alter the database name. |
MM-4999 | A setting is available to control acceptance of multiple HELO commands within a session. For details of this advanced option, contact Trustwave Support. |
MM-5038 | For SEG Service Provider Edition installations, the From address for spam and not spam reports can be set as required. |
MM-5049 | Long-running Receiver threads could incorrectly log a low data transfer rate. Fixed. |
MM-5054 | URL rewriting for BTM incorrectly treated text with two consecutive dots as a URL if the text after the dots was a valid TLD. Fixed. |
MM-5065 | When a user selects SpamProfiler options with potential for higher false positives in the Configurator, an extra confirmation message is presented. |
MM-5069 | Default message template text and From addresses (for new installations) have been branded for Trustwave. |
MM-5077 | Some URLs containing escaped characters were not rewritten for Blended Threats inspection. Fixed. |
MM-5085 | Image Analyzer has been updated to version 6. This version offers 30%-60% fewer false positives for the same level of detection, depending on the sensitivity setting. |
MM-5115 | The TLS/SSL library that SEG uses has been updated to version 1.0.1p. |
MM-5124 | A small memory cleanup issue in the Array Manager has been corrected. |
MM-5135 | The default Scams TextCensor Script is updated for new installations. |
MM-5164 | A new YAE based rule to detect malformed PDF documents is included on new installations and in the Upgrade Rules policy group for upgrades. |
MM-5173 | The web access component included with the product is updated . |
MM-5141 | The Engine and Array Manager are now able to access up to 4GB of memory on a 64 bit system. Larger rulesets can be loaded without issues and performance enhancement is expected. |
MM-5143 | The version of the PDF unpacker that is included in the installation has been updated to 4.4.0.8 |
MM-5144 | URL rewriting for BTM incorrectly treated some inline CSS declarations as URLs. Fixed. |
MM-5145 | Deletion of unpacked files with certain filenames could fail. Addressed by re-trying the deletion with no string parsing of the file name. |
MM-3499 | Configuration import could fail due to incorrect case-sensitive comparison of user group members. Fixed. |
MM-3509 | Active Directory authentication for SQM failed for users with a text name containing [ ] characters. Fixed. |
MM-4709 | TLS can now be configured with specific lists of cipher suites, overriding the generic selections. For details of this advanced option, contact Trustwave Support. |
MM-4823 | A problem with group synchronization in the Controller could cause the Receiver to stop processing messages. Fixed. |
MM-4837 | Clean installations no longer install MSXML4. |
MM-4857 | The Receiver now supports ECDHE key exchange for PFS (TLS "Perfect Forward Secrecy"). |
MM-4862 | Some utility files such as TextCensor2 DLLs might not be correctly updated on upgrade. Fixed: upgrade checks file version numbers instead of creation dates. |
MM-4863 | Links enclosed in round brackets and rewritten by the Blended Threats function incorrectly included the trailing round bracket in the rewritten link. Fixed. |
MM-4864 | For SEG Service Provider Edition installations, relay source checking was not limited to specific customer domains. Fixed. |
MM-4866 | Cleanup of TLS/SSL sessions has been improved. |
MM-4867 | Service executable paths were not quoted. Fixed. |
MM-4869 | Notification messages created by the Engine are now DKIM signed if required. |
MM-4872 | TLS now disables SSLv3 by default as per recent security best practice. |
MM-4873 | TLS cipher lists now exclude Anonymous, MD5, RC4, and IDEA ciphers as per recent security best practice. |
MM-4874 | Text logging includes better thread information. |
MM-4876 | The FileType DLL is now replaceable through the automatic update process. |
MM-4880 | The TLS/SSL DLLs are now replaceable through the automatic update process. |
MM-4892 | UUEncoded streams in the message body could be altered by the Blended Threats function. Fixed. |
MM-4911 | DKIM signing failed in some cases for email with headers longer than 2048 bytes. Fixed. |
MM-4930 | The version of the PDF unpacker that is included in the installation has been updated to 4.4.0.1. |
MM-4932 | By default "bare" CR or LF characters in messages are changed to CRLF. |
MM-4933 | For SEG Service Provider Edition installations, some earlier versions allowed an incorrect entry of a hostname as the "forward to IP." Fixed: On upgrade the configuration is corrected to use these entries as hostnames. |
MM-4935 | Additional indexing is performed on the Message table in the database to enhance performance. |
MM-4944 | For SEG Service Provider Edition installations, SpamProfiler could apply the wrong direction for scanning. Fixed. |
MM-4945 | The Controller log now records DNS query responses that took over 1 second. |
MM-4948 | DKIM signing and verification incorrectly ignored whitespace at the top of the message body in text-only messages. Fixed. |
MM-4951 | Slow DNS responses could cause the Receiver to stop accepting messages. Addressed with changes to the process that updates lists of anti-relay and blocked hosts. |
MM-4952 | The web access component included with the product is updated to 7.41.0. |
MM-4960 | SpamProfiler "valid bulk" classifications were not triggered due to unexpected format in data returned by SpamProfiler. Fixed. |
MM-4965 | URLCensor could perform unnecessary checks for incorrect URLs. Fixed. |
MM-4968 | SpamProfiler uses the same criteria for "inbound" and "outbound" messages that are used for other processing. |
MM-4969 | Full information about TLS negotiation is saved in the local message envelope. |
MM-4979 | Logging of DoS, DHA, relay, and other Receiver block events to the Event Log can be suppressed. For more information, see Trustwave Knowledge Base articles Q20228. |
MM-4988 | SpamProfiler responses were slow if IPv6 was enabled on the server. Fixed. The processing nodes MUST have a loopback adapter listening on the default IPv4 loopback address 127.0.0.1. |
MM-4990 | SpamProfiler responses were slow due to settings applied to the HTTP connection with the local SpamProfiler process. Fixed. |
MM-5001 | For SEG Service Provider Edition installations, Customer ID was not correctly determined for some Out Of Office messages. Fixed. |
MM-5002 | Blended Threats rewriting of subject lines added a space to the line. Fixed. |
MM-5028 | The TLS/SSL library that SEG uses has been updated to version 1.0.1m. |
MM-3597 | The last lines of the Receiver log were not captured into the message envelope as expected. Fixed. |
MM-4514 | Email notifications are sent to the SEG Administrator from the local server when maintenance is about to expire or has expired. |
MM-4591 | The file extension .cpl has been added to the default Suspect Attachments rules. |
MM-4628 | File components that do not trigger a rule condition now do not add a line in text logs by default. |
MM-4629 | Visual C++ 2013 redistributables are now included in the installation. |
MM-4674 | The "monitor only" installation option and policy group have been removed. |
MM-4706 | DNS results were truncated if they exceeded the UDP packet size (notably when a large number of PTR records existed). Fixed by enabling EDNS0 in the DNS resolver. |
MM-4710 | Unpacking of XML based Excel documents now gets text from additional tags. |
MM-4711 | Unpacking of XML based Office Documents uses a simpler and more efficient parser. |
MM-4723 | Extracted binary unknown files could cause the engine to stop in TextCensor2 analysis due to improper formatting of extracted filenames. Fixed. |
MM-4725 | Moving or inserting User Groups by drag and drop now prompts for confirmation by default. |
MM-4727 | Better support for decoding Quoted Printable strings is provided. |
MM-4729 | For SEG Service Provider Edition installations, group information is loaded more efficiently. |
MM-4731 | Deleting User Groups now prompts for confirmation by default (in addition to the check for groups used in policy). |
MM-4748 | The TLS/SSL library that SEG uses has been updated to version 1.0.1i. |
MM-4753 | Calls to TextCensor2 did not correctly handle the case where the requested file could not be opened. Fixed. |
MM-4760 | The default theme of SQM has been updated to a Trustwave branded theme. |
MM-4764 | The Array Manager could encounter a database deadlock when manipulating folder records. Fixed. |
MM-4766 | If a message file was manually deleted from the queue, the sender service could become unresponsive. Fixed. |
MM-4767 | When releasing a message through a digest link, a text note about adding the sender to safe senders was displayed in error. Fixed. |
MM-4773 | Default values for suspicious compression and max header lines have been updated to reflect current email sizes. Additional unpacking space could be required. See Trustwave Knowledge Base articles Q10868 and Q11369. |
MM-4774 | Links with query parameters could be invalidated when processed by a Blended Threats rewriting rule. Fixed. |
MM-4781 | Utility DLL files used by TextCensor have been reverted to the version installed with SEG 7.2.2. |
MM-4786 | The product End User License Agreement has been updated. |
MM-4789 | The storage location for automatic configuration backups can be set. See Trustwave Knowledge Base article Q19556. |
MM-4795 | SMTP Authentication failed with some remote systems due to incorrectly encoded strings. Fixed. |
MM-4797 | TLS Certificate verification in Connection rules did not work when SMTP Authentication was enabled. Fixed. |
MM-4799 | When adding a new node to an array, the node controller service could fail on startup, due to a problem with IP whitelist retrieval. Fixed. |
MM-4821 | A record of the creation and last modification of rules and policies (by user and time) is now stored in the Registry. |
MM-4834 | Messages with malformed headers containing bare linefeeds could cause the Receiver to fail in some cases. Fixed. |
To review Release History prior to version 7.3.0, please see the Release Notes for the specific versions.
Copyright © 2018 Trustwave Holdings, Inc.
All rights reserved. This document is protected by copyright and any distribution, reproduction, copying, or decompilation is strictly prohibited without the prior written consent of Trustwave. No part of this document may be reproduced in any form or by any means without the prior written authorization of Trustwave. While every precaution has been taken in the preparation of this document, Trustwave assumes no responsibility for errors or omissions. This publication and features described herein are subject to change without notice.
While the authors have used their best efforts in preparing this document,
they make no representation or warranties with respect to the accuracy or
completeness of the contents of this document and specifically disclaim any
implied warranties of merchantability or fitness for a particular purpose. No
warranty may be created or extended by sales representatives or written sales
materials. The advice and strategies contained herein may not be suitable for
your situation. You should consult with a professional where appropriate.
Neither the author nor Trustwave shall be liable for any loss of profit or any
commercial damages, including but not limited to direct, indirect, special,
incidental, consequential, or other damages.
Trustwave and the Trustwave logo are trademarks of Trustwave. Such trademarks shall not be used, copied, or disseminated in any manner without the prior written permission of Trustwave.
Trustwave helps businesses fight cybercrime, protect data and reduce security risk. With cloud and managed security services, integrated technologies and a team of security experts, ethical hackers and researchers, Trustwave enables businesses to transform the way they manage their information security and compliance programs. More than three million businesses are enrolled in the Trustwave TrustKeeper® cloud platform, through which Trustwave delivers automated, efficient and cost-effective threat, vulnerability and compliance management. Trustwave is headquartered in Chicago, with customers in 96 countries. For more information about Trustwave
, visit https://www.trustwave.com.