WebMarshal
Version: 6.0.3a, Last Revision:
March 13, 2008
These notes are additional to the WebMarshal User Guide and supersede
information supplied in that Guide.
The information in this document is current as of the date of
publication. To check for any later information, please see Marshal
Knowledge Base article
Q11840.
Table of Contents
What's New
Upgrading WebMarshal
Uninstalling
Hardware and Software Requirements
Change History
For more information about additional minor features and bug fixes, see the
change history.
Features New in 6.0.3
- Disk Space Checking
- WebMarshal Proxy now checks free disk space and refuses requests
if space is low. The minimum required is 512MB by default. The
warning level is 1.5GB. For details, see Marshal Knowledge Base
article
Q11896.
- Sophos for Marshal Support
- Marshal now provides an integrated package (updater and scanner)
using the Sophos Anti-virus engine. You can download Sophos for
Marshal from the Marshal website. Version 6.0.3 and above trial keys
enable this component. If you want to try Sophos for Marshal and you
already have a permanent WebMarshal key, please contact Marshal to
obtain a special time-limited key.
Features New in Release 6.0
- Array Support
- WebMarshal 6.0 is more scalable and now supports
centrally managed arrays.
- Server Groups
- Rules and configuration settings can be applied to groups of
processing servers.
- Database Outage Resilience
- WebMarshal will continue processing user requests even if the
database goes offline. The database is not used to store
configuration. Database log records are queued until the
database comes back online.
- Content Type Detection
- WebMarshal can now block content based on the Content-Type
header returned by websites. This means WebMarshal does not need to
download a file to block it by type. This saves bandwidth usage.
- Archive and Document File Unpacking
- WebMarshal recursively unpacks archive and document file types and applies
content rules to the contained files.
- Active Directory Connectors
- WebMarshal can now import users and groups using native Active
Directory Connectors. WebMarshal can import from the local AD domain
and trusted domains.
- Policy Connectors
- The structure of WebMarshal rules has been improved to allow for
nested policy containers. This allows for clearer more intuitive
policy layout and additional flexibility.
- Additional Access Control
- WebMarshal now allows different levels of access to Console
items and the Array Manager. Access can be granted to helpdesk staff.
- Streamlined User Interface
- WebMarshal now has an updated configuration console, designed to
make administration tasks easier and more intuitive, including an
improved policy tester.
- Text Logging
- WebMarshal services log functional and error information to text
log files.
- Revert Configuration
- You can re-set any configuration changes that have been made in
the Console and not yet committed.
Features of previous versions that are not included in the initial
6.0 release
- ISA Plug-in Support
- Plug-in (WebFilter API) installation to ISA is not
supported in this release. Same-server chained installation is
supported.
- Feedback
- URL Aggregator feedback to Marshal is not implemented.
- Rule Action 'Send Net Popup'
- This action has been removed.
Features New in Release 3.7.5
- Marshal URL Filtering List
- WebMarshal now offers a new URL Categorization list with automatic
updating, over 60 million web sites and 55 categories. WebMarshal trials
include this list; full licenses are available through Marshal.
Features New in Release 3.7.4
- Malware Scanner Selection:
- WebMarshal now provides greater flexibility in Malware scanner
usage.
- Virus and Spyware scanners are now listed separately in
the Console.
- Malware Scanning rules conditions allow
selection of a single scanner, all scanners of a type (Virus
or Spyware), or
all scanners. This allows separate rules to be created for
Virus and Spyware scanning.
- Client Authentication Pass-Through
- WebMarshal can use the client's credentials when requesting files
from an upstream proxy (basic authentication only). This allows client
information to be logged at the upstream proxy.
- WELF Logging
- WebMarshal can now create web activity logs in WebTrends
Extended Logging Format (WELF) for use with Marshal Security
Reporting Center.
- Feedback
- WebMarshal can now send summarized feedback information about
browsing to Marshal for use in product improvement. To participate,
see the Feedback tab of Server Properties.
Features New in WebMarshal 2006
- Multiple Filtering Lists:
-
WebMarshal can now use URL categories provided by multiple filtering lists.
-
FileFilter (text based) and URLCensor (DNS BL lookup) are available with the
standard WebMarshal license.
-
Secure Computing SmartFilter is also available (licensed separately).
-
Support for additional lists is planned.
- Malicious Content Scanner Support:
-
WebMarshal can now scan files for spyware and other malicious content (in
addition to viruses).
-
-
PestPatrol and CounterSpy plugins are available (trial included with WebMarshal
trial, full license at additional cost).
- HTTP/1.1 Support:
-
WebMarshal now supports use of the “HTTP/1.1 through proxy” setting in Web
browsers. This support is available by default and no configuration is
required.
- New Main taskpad:
-
Taskpad view now includes an introductory taskpad providing access to the main
features of the Console.
Note: WebMarshal 2006 does not support the N2H2 filtering list.
-
The N2H2 filtering list has been declared End of Life by the vendor (Secure
Computing). It is replaced by the Secure Computing SmartFilter list.
-
Upgrading to WebMarshal 2006 from versions supporting N2H2 disables
N2H2 integration. Existing N2H2 categories are replaced with equivalent
SmartFilter categories. To enable SmartFilter you will need a valid Secure
Computing license key. Existing N2H2 keys are not valid. Contact Marshal for
assistance.
Features New in 3.5.4
Secure Computing URL Filtering List Integration
Added support for Secure Computing SmartFilter third-party filtering List
(formerly N2H2 filtering list).
Features New in 3.5.3
Scan Text Downloads for Embedded Viruses
WebMarshal can detect viruses embedded in downloaded text files, such as HTML
code. You can configure WebMarshal to scan all downloaded text files before the
files load on the client computer. Scanning downloaded files may impact the
performance of the WebMarshal Engine.
To configure WebMarshal to scan downloaded text files:
-
Start the WebMarshal console.
-
In the left pane, select WebMarshal.
-
On the Action menu, click Properties.
-
On the Download Options tab, select Scan all downloaded text files and HTML code
for embedded viruses.
-
Click OK.
Support for ISA Server 2004 and 2006
This version provides support for Microsoft Internet Security and Acceleration
Server 2004 and 2006 (ISA Server). With these versions, you can deploy WebMarshal as a Web
filter plug-in.
If you are upgrading to ISA Server 2004, you do not need to change your ISA
Server configuration or permissions settings. The WebMarshal plug-in continues
to run under the Local System account.
Support for Norman Virus Control 5.8
This version updates the Norman antivirus engine to support Norman Virus Control
version 5.8 (SDK Interface 12).
Features New in 3.5
User Quota Management
-
Create quotas to limit user browsing time and/or volume.
-
Quotas can be applied by user, group, or globally, and by the time of day, or
type of content.
-
Includes quota management tools to allow managers to centrally track quota
usage.
-
Users can check their available personal quota at any time via the internal
http://webmarshal.home/
intranet site.
-
New reports allow monitoring of quota usage.
ISA Proxy Integration Changes
User Interface and Other Changes
-
Updated MMC TaskPads and product Wizards.
-
Added new MMC Task Pad for viewing the Event Log and monitoring server health
remotely.
-
Updated server event logging to include additional information and unique event
id's.
-
Added new rule condition "Where the URL domain is an IP address" to block
bypassing of content filtering.
-
Display warning page once action can now be set to only display the page once a
day or week.
-
Improved URL category matching speed, resulting in increased product
performance.
-
Extended online-help for dialogs and wizards.
-
Can now change the SQL 'sa' password during database creation.
-
Added support for Panda and Symantec anti-virus scanners, and remote scanner
installations.
-
Improved Text Censor script viewer and editor.
Features New in 3.0
URL Filtering List Integration
-
Added support for N2H2 third-party URL filtering list.
-
Added additional filtering list related reports.
-
Updated default rules for filtering lists.
User Interface
-
Added MMC Task Pad support for improved product usability.
-
Added new common virus scanner interface for all Marshal products.
-
Added new rule action "Add user to user group" to enable the creation of more
dynamic content policy.
-
NDS connector now supports search NDS tree option to simplify proxy
authentication.
-
Active Sessions now automatically refreshes every 10 seconds.
Proxy Server
-
Support for content filter bypass for specified web sites.
Other Changes
-
Improved user group synchronization (as often as every 5 minutes)
-
Limited array support allows multiple WebMarshal servers to share the same
configuration/rules (contact support for more information)
- Due to the changes in policy structure and server communication
in WebMarshal 6.0, you must install WebMarshal 6.0 as a new
installation. Database and software upgrade from version 3.X or earlier versions is
not supported. Upgrade from Beta releases of WebMarshal 6.0 is not
supported.
- Note: Previous version license keys are not valid for
WebMarshal 6.0. You must obtain a new permanent key. When
installed, WebMarshal generates a 30-day trial key.
-
- You can install WebMarshal 6.0 side-by-side with
WebMarshal 3.X on the same server. For details, please see Marshal
Knowledge Base article
Q11833.
Upgrading from 6.0.2 to 6.0.3
When you upgrade from release 6.0.2 to 6.0.3, be sure to upgrade any
WebMarshal Console installations on other workstations. 6.0.2 Consoles
do not work with 6.0.3 because the .NET remoting version has been
changed.
Note: Marshal always recommends that upgrades should
include all components.
You can cleanly uninstall the program using the following steps:
-
Close the WebMarshal applications including the Console and Reports on all
workstations.
-
On the WebMarshal server(s), use the Windows Add/Remove Programs control panel to
remove WebMarshal.
-
On any other workstations where WebMarshal components were installed, use the
Windows Add/Remove Programs control panel to remove them. These components can
include WebMarshal console software and WebMarshal Reports.
-
You can drop the WebMarshal database from the SQL server by using
the SQL Express administration tools.
Hardware required is dependent on the number of concurrent web users
and the rules in use. Use of Filtering Lists improves performance. Heavy
use of TextCensor decreases performance.
Typically a computer with the following specifications is
adequate as a processing server for 250-500 concurrent users.
-
Pentium 4 1GHz or better.
-
20 GB free disk space (additional disk required for Filtering Lists
and text logging)
-
1GB RAM
WebMarshal Array Manager and processing servers require the following software:
- Windows 2003 Server SP1 and above, Windows XP SP2 (32 bit versions
only).
- Utility prerequisites:
- Microsoft Visual C++ 2005 SP1 runtimes
- Microsoft XML 6.0
- Microsoft .NET 2.0
Note: The above software will be installed as part of the
WebMarshal installation if necessary.
- Windows Installer 3.1. You can obtain this software from
Microsoft or in the Extras folder of the WebMarshal installation
CD-Rom.
- For database logging (optional),
SQL Server 2005 or SQL Express.
Note: A WebMarshal installation package that includes SQL
Express is available. This package will offer to install SQL Express
locally with appropriate options (Named Pipes and TCP/IP enabled,
using the default instance if possible).
- For NDS integration, Novell NDS
Client (Version 4.83 or later
recommended)
WebMarshal Console requires:
-
Windows 2003 Server SP1 and above, Windows XP SP2 (32 bit
versions only).
WebMarshal Reports require:
-
Windows 2003 Server SP1 and above, Windows XP SP2 (32 bit
versions only).
The following additional items have been changed or updated in the specific
build versions of WebMarshal listed.
6.0.3a (March 13, 2008)
WM-1803 |
Browsing performance has been increased by improving
IP-to-host lookup times. |
6.0.3 (December 06, 2007)
WM-588 |
Filtering Lists can now be enabled and disabled. |
WM-838 |
NTLM authentication prompts could recur randomly when using
Firefox. Fixed. |
WM-853 |
When an IP User Group was created, the Console did not request
a commit configuration from the user. Fixed. |
WM-864 |
WebMarshal did not correctly pass FTP credentials as encoded
by some browsers. Fixed. |
WM-1103 |
When viewing rules that apply to a user or server, you can
now select from items explicitly defined on the object, or
effective permissions. |
WM-1126 |
The event log could display entries twice, when both the
WebMarshal proxy and Array Manager were configured to
run on the same machine. Fixed. |
WM-1170 |
Email notification fields allowed user to enter invalid
email addresses. Fixed. |
WM-1243 |
File names containing spaces caused problems when performing
a FTP LIST with some IIS servers. Fixed. |
WM-1382 |
The lower pane of the active sessions window was not
refreshing. Fixed. |
WM-1441 |
File names containing '&' were not correctly logged. Fixed. |
WM-1468 |
Selecting multiple Users in an imported User Group
incorrectly caused a delete
button to display (imported users cannot be deleted). Fixed. |
WM-1472 |
Excel 2007 binary files can now be recognized and unpacked. |
WM-1474 |
The Server Properties window sometimes truncated the time zone
information. Fixed. |
WM-1480 |
Moving the system time back could cause problems. The clock
can now be moved back by up to a day without issues. |
WM-1490 |
Console sorting by columns has been improved. |
WM-1492 |
Days until WebMarshal license expires was reported
differently by the Console and
the email notification message sent. Fixed. |
WM-1494 |
'Exclude from reporting' did not work correctly for HTTPS
sites in Content Analysis rules. Fixed. |
WM-1496 |
When policy is printed, disabled rules now display in gray
text. |
WM-1507 |
In a multi-domain Active Directory environment, only one
domain could be seen when browsing for users. Fixed. |
WM-1510 |
'Exclude from reporting' did not prevent domain logging in
certain cases. Fixed. |
WM-1512 |
File classification is now available as a Standard Rule
action. |
WM-1517 |
The installation now includes a tool that can be used to gather information
required by Marshal Technical
Support. For details, see Marshal
Knowledge Base article
Q11886. |
WM-1521 |
Active Directory would not import more than 1000 users.
Fixed |
WM-1522 |
Binding a proxy port to a specific IP address would cause the proxy service
to stop on other processing servers in a multi node environment. Fixed. |
WM-1528 |
When an category was added to the MarshalFilter database
download, MarshalFilter would fail. Fixed. |
WM-1533 |
Signed files were incorrectly detected as encrypted. Fixed. |
WM-1539 |
Browsing as an IP user could add the IP address to two
different IP groups. Fixed. |
WM-1540 |
Users added to groups via overlapping IP address ranges are
incorrectly being added to multiple groups. Fixed. |
WM-1541 |
Unable to insert Users or Groups into a newly created
Group due to the Group list not refreshing correctly. Fixed. |
WM-1548 |
Unable to delete Users or Groups when entered into a Group
due to the Group list not refreshing correctly. Fixed. |
WM-1551 |
Errors from filtering lists are now logged in text logs. |
WM-1556 |
IP-to-hostname lookups for client computers can cause delay
when the processing server is in a DMZ. A configuration flag
has been added to disable these lookups if necessary. See
Marshal Knowledge Base article
Q11895. |
WM-1557 |
Requests that returned a HTTP 304 response could generate a TextCensor
error. Fixed. |
WM-1561 |
Importing large numbers of URL categories caused the Console
to be unresponsive. Fixed. |
WM-1571 |
Importing an Active Directory group now imports child groups
recursively. |
WM-1581 |
When URLs were deleted from a Category, the console did not
request a commit configuration from the user. Fixed. |
WM-1587 |
Some virus scanners did not correctly detect password
protected archives as "unable to scan". Fixed: By default,
WebMarshal instructs scanners to unpack archives. This
behavior can be changed with a setting in
WMEngine.config.xml. |
WM-1617 |
Virus scanning only checked the top level attachment (not
unpacked items). Fixed. |
WM-1632 |
The default rules named 'Block-Archives' actually blocked
executable files. Fixed for default rules. Existing
installations are not changed on upgrade. |
WM-1637 |
License key request could fail because the request did not
correctly use the required proxy credentials. Fixed. |
6.0.2.2867 (October 23, 2007)
WM-316 |
The Exclude from Reporting rule action now completely
excludes the specific request that triggers it. |
WM-318 |
All components support NTLM authentication to SQL Server. |
WM-323 |
WebMarshal proxy could fail under certain conditions when using
the Safari browser on a Macintosh. Fixed. |
WM-461 |
Some sites with trailing periods caused the Sophos virus
scanner to generate a 'file could not be opened' error when
'Scan all downloaded text files and html code' was selected.
Fixed. |
WM-489 |
Panda anti-virus software is no longer supported. |
WM-542 |
WebMarshal 3.7 (and earlier) License Keys are not supported.
You must obtain a new permanent key. |
WM-575 |
WMF files were not properly detected. Fixed. |
WM-595 |
WebMarshal services are automatically added for access
through Windows Firewall if possible. |
WM-599 |
See WM-316. |
WM-619 |
The From address for administrative email notifications can
be customized. |
WM-1016 |
The number of dump files saved for each service is limited
to the most recent 10. |
WM-1072 |
The default domain setting for basic authentication is no
longer required. |
Copyright © Marshal Limited
2007