WebMarshal

Version: 6.0.3a, Last Revision: March 13, 2008

These notes are additional to the WebMarshal User Guide and supersede information supplied in that Guide.

The information in this document is current as of the date of publication. To check for any later information, please see Marshal Knowledge Base article Q11840.

What's New
Upgrading WebMarshal
Uninstalling
Hardware and Software Requirements
Change History

What's New

For more information about additional minor features and bug fixes, see the change history.

Features New in 6.0.3

Disk Space Checking: WebMarshal Proxy now checks free disk space and refuses requests if space is low. The minimum required is 512MB by default. The warning level is 1.5GB. For details, see Marshal Knowledge Base article Q11896.
Sophos for Marshal Support: Marshal now provides an integrated package (updater and scanner) using the Sophos Anti-virus engine. You can download Sophos for Marshal from the Marshal website. Version 6.0.3 and above trial keys enable this component. If you want to try Sophos for Marshal and you already have a permanent WebMarshal key, please contact Marshal to obtain a special time-limited key.

Features New in Release 6.0

Array Support: WebMarshal 6.0 is more scalable and now supports centrally managed arrays.
Server Groups: Rules and configuration settings can be applied to groups of processing servers.
Database Outage Resilience: WebMarshal will continue processing user requests even if the database goes offline. The database is not used to store configuration. Database log records are queued until the database comes back online.
Content Type Detection: WebMarshal can now block content based on the Content-Type header returned by websites. This means WebMarshal does not need to download a file to block it by type. This saves bandwidth usage.
Archive and Document File Unpacking: WebMarshal recursively unpacks archive and document file types and applies content rules to the contained files.
Active Directory Connectors: WebMarshal can now import users and groups using native Active Directory Connectors. WebMarshal can import from the local AD domain and trusted domains.
Policy Connectors: The structure of WebMarshal rules has been improved to allow for nested policy containers. This allows for clearer more intuitive policy layout and additional flexibility.
Additional Access Control: WebMarshal now allows different levels of access to Console items and the Array Manager. Access can be granted to helpdesk staff.
Streamlined User Interface: WebMarshal now has an updated configuration console, designed to make administration tasks easier and more intuitive, including an improved policy tester.
Text Logging: WebMarshal services log functional and error information to text log files.
Revert Configuration: You can re-set any configuration changes that have been made in the Console and not yet committed.

Features of previous versions that are not included in the initial 6.0 release

ISA Plug-in Support: Plug-in (WebFilter API) installation to ISA is not supported in this release. Same-server chained installation is supported.
Feedback: URL Aggregator feedback to Marshal is not implemented.
Rule Action 'Send Net Popup': This action has been removed.

Features New in Release 3.7.5

Marshal URL Filtering List: WebMarshal now offers a new URL Categorization list with automatic updating, over 60 million web sites and 55 categories. WebMarshal trials include this list; full licenses are available through Marshal.

Features New in Release 3.7.4

Malware Scanner Selection:

WebMarshal now provides greater flexibility in Malware scanner usage.

Virus and Spyware scanners are now listed separately in the Console.
Malware Scanning rules conditions allow selection of a single scanner, all scanners of a type (Virus or Spyware), or all scanners. This allows separate rules to be created for Virus and Spyware scanning.

Client Authentication Pass-Through

WebMarshal can use the client's credentials when requesting files from an upstream proxy (basic authentication only). This allows client information to be logged at the upstream proxy.

WELF Logging

WebMarshal can now create web activity logs in WebTrends Extended Logging Format (WELF) for use with Marshal Security Reporting Center.

Feedback

WebMarshal can now send summarized feedback information about browsing to Marshal for use in product improvement. To participate, see the Feedback tab of Server Properties.

Features New in WebMarshal 2006

Multiple Filtering Lists:

WebMarshal can now use URL categories provided by multiple filtering lists.

FileFilter (text based) and URLCensor (DNS BL lookup) are available with the standard WebMarshal license.
Secure Computing SmartFilter is also available (licensed separately).
Support for additional lists is planned.

Malicious Content Scanner Support:

WebMarshal can now scan files for spyware and other malicious content (in addition to viruses).

PestPatrol and CounterSpy plugins are available (trial included with WebMarshal trial, full license at additional cost).

HTTP/1.1 Support:

WebMarshal now supports use of the “HTTP/1.1 through proxy” setting in Web browsers. This support is available by default and no configuration is required.

New Main taskpad:

Taskpad view now includes an introductory taskpad providing access to the main features of the Console.

Note: WebMarshal 2006 does not support the N2H2 filtering list.

The N2H2 filtering list has been declared End of Life by the vendor (Secure Computing). It is replaced by the Secure Computing SmartFilter list.
Upgrading to WebMarshal 2006 from versions supporting N2H2 disables N2H2 integration. Existing N2H2 categories are replaced with equivalent SmartFilter categories. To enable SmartFilter you will need a valid Secure Computing license key. Existing N2H2 keys are not valid. Contact Marshal for assistance.

Features New in 3.5.4

Secure Computing URL Filtering List Integration

Added support for Secure Computing SmartFilter third-party filtering List (formerly N2H2 filtering list).

Features New in 3.5.3

Scan Text Downloads for Embedded Viruses

WebMarshal can detect viruses embedded in downloaded text files, such as HTML code. You can configure WebMarshal to scan all downloaded text files before the files load on the client computer. Scanning downloaded files may impact the performance of the WebMarshal Engine.

To configure WebMarshal to scan downloaded text files:

Start the WebMarshal console.
In the left pane, select WebMarshal.
On the Action menu, click Properties.
On the Download Options tab, select Scan all downloaded text files and HTML code for embedded viruses.
Click OK.

Support for ISA Server 2004 and 2006

This version provides support for Microsoft Internet Security and Acceleration Server 2004 and 2006 (ISA Server). With these versions, you can deploy WebMarshal as a Web filter plug-in.

If you are upgrading to ISA Server 2004, you do not need to change your ISA Server configuration or permissions settings. The WebMarshal plug-in continues to run under the Local System account.

Support for Norman Virus Control 5.8

This version updates the Norman antivirus engine to support Norman Virus Control version 5.8 (SDK Interface 12).

Features New in 3.5

User Quota Management

Create quotas to limit user browsing time and/or volume.
Quotas can be applied by user, group, or globally, and by the time of day, or type of content.
Includes quota management tools to allow managers to centrally track quota usage.
Users can check their available personal quota at any time via the internal http://webmarshal.home/ intranet site.
New reports allow monitoring of quota usage.

ISA Proxy Integration Changes

Now supports IP authentication model when plugged into Microsoft ISA Server.
Now supports ISA Server Secure NAT integration, which enables zero-overhead deployment of WebMarshal.
Additional http://webmarshal.home/ alias created http://www.marshalsoftware.com/webmarshal.home/

User Interface and Other Changes

Updated MMC TaskPads and product Wizards.
Added new MMC Task Pad for viewing the Event Log and monitoring server health remotely.
Updated server event logging to include additional information and unique event id's.
Added new rule condition "Where the URL domain is an IP address" to block bypassing of content filtering.
Display warning page once action can now be set to only display the page once a day or week.
Improved URL category matching speed, resulting in increased product performance.
Extended online-help for dialogs and wizards.
Can now change the SQL 'sa' password during database creation.
Added support for Panda and Symantec anti-virus scanners, and remote scanner installations.
Improved Text Censor script viewer and editor.

Features New in 3.0

URL Filtering List Integration

Added support for N2H2 third-party URL filtering list.
Added additional filtering list related reports.
Updated default rules for filtering lists.

User Interface

Added MMC Task Pad support for improved product usability.
Added new common virus scanner interface for all Marshal products.
Added new rule action "Add user to user group" to enable the creation of more dynamic content policy.
NDS connector now supports search NDS tree option to simplify proxy authentication.
Active Sessions now automatically refreshes every 10 seconds.

Proxy Server

Support for content filter bypass for specified web sites.

Other Changes

Improved user group synchronization (as often as every 5 minutes)
Limited array support allows multiple WebMarshal servers to share the same configuration/rules (contact support for more information)

Upgrading WebMarshal

Due to the changes in policy structure and server communication in WebMarshal 6.0, you must install WebMarshal 6.0 as a new installation. Database and software upgrade from version 3.X or earlier versions is not supported. Upgrade from Beta releases of WebMarshal 6.0 is not supported.: Note: Previous version license keys are not valid for WebMarshal 6.0. You must obtain a new permanent key. When installed, WebMarshal generates a 30-day trial key.

You can install WebMarshal 6.0 side-by-side with WebMarshal 3.X on the same server. For details, please see Marshal Knowledge Base article Q11833.

Upgrading from 6.0.2 to 6.0.3

When you upgrade from release 6.0.2 to 6.0.3, be sure to upgrade any WebMarshal Console installations on other workstations. 6.0.2 Consoles do not work with 6.0.3 because the .NET remoting version has been changed.

Note: Marshal always recommends that upgrades should include all components.

Uninstalling

You can cleanly uninstall the program using the following steps:

Close the WebMarshal applications including the Console and Reports on all workstations.
On the WebMarshal server(s), use the Windows Add/Remove Programs control panel to remove WebMarshal.
On any other workstations where WebMarshal components were installed, use the Windows Add/Remove Programs control panel to remove them. These components can include WebMarshal console software and WebMarshal Reports.
You can drop the WebMarshal database from the SQL server by using the SQL Express administration tools.

Hardware and Software Requirements

Hardware required is dependent on the number of concurrent web users and the rules in use. Use of Filtering Lists improves performance. Heavy use of TextCensor decreases performance.

Typically a computer with the following specifications is adequate as a processing server for 250-500 concurrent users.

Pentium 4 1GHz or better.
20 GB free disk space (additional disk required for Filtering Lists and text logging)
1GB RAM

WebMarshal Array Manager and processing servers require the following software:

Windows 2003 Server SP1 and above, Windows XP SP2 (32 bit versions only).
Utility prerequisites:
- Microsoft Visual C++ 2005 SP1 runtimes
- Microsoft XML 6.0
- Microsoft .NET 2.0
  Note: The above software will be installed as part of the WebMarshal installation if necessary.
- Windows Installer 3.1. You can obtain this software from Microsoft or in the Extras folder of the WebMarshal installation CD-Rom.
For database logging (optional), SQL Server 2005 or SQL Express.
Note: A WebMarshal installation package that includes SQL Express is available. This package will offer to install SQL Express locally with appropriate options (Named Pipes and TCP/IP enabled, using the default instance if possible).
For NDS integration, Novell NDS Client (Version 4.83 or later recommended)

WebMarshal Console requires:

Windows 2003 Server SP1 and above, Windows XP SP2 (32 bit versions only).

WebMarshal Reports require:

Windows 2003 Server SP1 and above, Windows XP SP2 (32 bit versions only).

Change History

The following additional items have been changed or updated in the specific build versions of WebMarshal listed.

6.0.3a (March 13, 2008)

WM-1803

Browsing performance has been increased by improving IP-to-host lookup times.

6.0.3 (December 06, 2007)

WM-588	Filtering Lists can now be enabled and disabled.
WM-838	NTLM authentication prompts could recur randomly when using Firefox. Fixed.
WM-853	When an IP User Group was created, the Console did not request a commit configuration from the user. Fixed.
WM-864	WebMarshal did not correctly pass FTP credentials as encoded by some browsers. Fixed.
WM-1103	When viewing rules that apply to a user or server, you can now select from items explicitly defined on the object, or effective permissions.
WM-1126	The event log could display entries twice, when both the WebMarshal proxy and Array Manager were configured to run on the same machine. Fixed.
WM-1170	Email notification fields allowed user to enter invalid email addresses. Fixed.
WM-1243	File names containing spaces caused problems when performing a FTP LIST with some IIS servers. Fixed.
WM-1382	The lower pane of the active sessions window was not refreshing. Fixed.
WM-1441	File names containing '&' were not correctly logged. Fixed.
WM-1468	Selecting multiple Users in an imported User Group incorrectly caused a delete button to display (imported users cannot be deleted). Fixed.
WM-1472	Excel 2007 binary files can now be recognized and unpacked.
WM-1474	The Server Properties window sometimes truncated the time zone information. Fixed.
WM-1480	Moving the system time back could cause problems. The clock can now be moved back by up to a day without issues.
WM-1490	Console sorting by columns has been improved.
WM-1492	Days until WebMarshal license expires was reported differently by the Console and the email notification message sent. Fixed.
WM-1494	'Exclude from reporting' did not work correctly for HTTPS sites in Content Analysis rules. Fixed.
WM-1496	When policy is printed, disabled rules now display in gray text.
WM-1507	In a multi-domain Active Directory environment, only one domain could be seen when browsing for users. Fixed.
WM-1510	'Exclude from reporting' did not prevent domain logging in certain cases. Fixed.
WM-1512	File classification is now available as a Standard Rule action.
WM-1517	The installation now includes a tool that can be used to gather information required by Marshal Technical Support. For details, see Marshal Knowledge Base article Q11886.
WM-1521	Active Directory would not import more than 1000 users. Fixed
WM-1522	Binding a proxy port to a specific IP address would cause the proxy service to stop on other processing servers in a multi node environment. Fixed.
WM-1528	When an category was added to the MarshalFilter database download, MarshalFilter would fail. Fixed.
WM-1533	Signed files were incorrectly detected as encrypted. Fixed.
WM-1539	Browsing as an IP user could add the IP address to two different IP groups. Fixed.
WM-1540	Users added to groups via overlapping IP address ranges are incorrectly being added to multiple groups. Fixed.
WM-1541	Unable to insert Users or Groups into a newly created Group due to the Group list not refreshing correctly. Fixed.
WM-1548	Unable to delete Users or Groups when entered into a Group due to the Group list not refreshing correctly. Fixed.
WM-1551	Errors from filtering lists are now logged in text logs.
WM-1556	IP-to-hostname lookups for client computers can cause delay when the processing server is in a DMZ. A configuration flag has been added to disable these lookups if necessary. See Marshal Knowledge Base article Q11895.
WM-1557	Requests that returned a HTTP 304 response could generate a TextCensor error. Fixed.
WM-1561	Importing large numbers of URL categories caused the Console to be unresponsive. Fixed.
WM-1571	Importing an Active Directory group now imports child groups recursively.
WM-1581	When URLs were deleted from a Category, the console did not request a commit configuration from the user. Fixed.
WM-1587	Some virus scanners did not correctly detect password protected archives as "unable to scan". Fixed: By default, WebMarshal instructs scanners to unpack archives. This behavior can be changed with a setting in `WMEngine.config.xml.`
WM-1617	Virus scanning only checked the top level attachment (not unpacked items). Fixed.
WM-1632	The default rules named 'Block-Archives' actually blocked executable files. Fixed for default rules. Existing installations are not changed on upgrade.
WM-1637	License key request could fail because the request did not correctly use the required proxy credentials. Fixed.

6.0.2.2867 (October 23, 2007)

WM-316	The Exclude from Reporting rule action now completely excludes the specific request that triggers it.
WM-318	All components support NTLM authentication to SQL Server.
WM-323	WebMarshal proxy could fail under certain conditions when using the Safari browser on a Macintosh. Fixed.
WM-461	Some sites with trailing periods caused the Sophos virus scanner to generate a 'file could not be opened' error when 'Scan all downloaded text files and html code' was selected. Fixed.
WM-489	Panda anti-virus software is no longer supported.
WM-542	WebMarshal 3.7 (and earlier) License Keys are not supported. You must obtain a new permanent key.
WM-575	WMF files were not properly detected. Fixed.
WM-595	WebMarshal services are automatically added for access through Windows Firewall if possible.
WM-599	See WM-316.
WM-619	The From address for administrative email notifications can be customized.
WM-1016	The number of dump files saved for each service is limited to the most recent 10.
WM-1072	The default domain setting for basic authentication is no longer required.