Messaging Gateway 10.7 release notes and late breaking news

Products

Messaging Gateway

Issue/Introduction

Release notes and late breaking information for Symantec Messaging Gateway (SMG) 10.7.

Resolution

System Status and Outage Information

Symantec Messaging Gateway Status

Release Notes

Late Breaking News

Patch 10.7.5-292

SMG Patch 10.7.5-292 is cumulative with SMG patch 10.7.5-291. Patch 10.7.5-292 includes all fixes in patch 291

Issues addressed with patch 10.7.5-292

Messages with a blank subject are not processed when the policy action "Modify clickable URLs in message" is enabled. Such messages fail to send, and are diverted.
Your configured Threat Isolation Server will report an error when it tests a URL present at the end of an email subject if the action "Modify clickable URLs in message - Threat Isolation" is enabled. Additionally, if the message is outbound and the option "Undo a modification for outbound messages" is enabled, the message fails to send and is diverted to the bad message queue.
Policies where the "Modify Clickable URLs" action is applied to Custom URLs will not reflect changes to the Customer-specific URL Category settings until the policy itself is updated or saved.
If a policy is created with the condition "If a message contains Customer-specific URL content", and the Customer-specific URL Category Settings list is empty, there is no warning to indicate that the policy will have no effect. The system now displays a warning under these circumstances.
If a policy is created with the condition "If a message contains Customer-specific URL content", or with the action "Modify Clickable URLs" where the action is being applied to Custom URLs, there is no warning displayed to the user if all of the categories in thee Customer-specific URL Category Settings are deleted. There will now be a warning displayed under these circumstances.
It may not be possible to download a new version before attempting to upgrade if the underlying platform is Hyper-V.
Any attempt to edit the Customer-specific URL Category Settings will result in the error "The file webpulse_categories.xml does not exist" when the SMG system is configured as a Control Center Only.
Messages with body content encoded as BINARY or a custom or non-standard type fail URL modification.
Messages with attachments fail URL modification when they have no body text.
Message delivery may fail in cases where the MX record of an email's destination domain contains upper case characters.
Administrators cannot change the Control Center's minimum TLS level using the cc-config command.
Configuration backups using SCPRSA fail cannot be scheduled or processed.
This patch provides mitigation for CVE-2021-4034.
This patch provides mitigation for CVE-2012-6708.
The Control Center's minimum TLS level is always displayed as TLS 1.2, regardless of its actual value.
The MTA will occasionally fail to deliver a message which requires TLS delivery with the error "503 5.5.1 MAIL first."
There is a Cross-Site scripting vulnerability on the Edit Annotations page of the Control Center.\
Administrators cannot create a valid Certificate Signing Request since the Add Certificate page requires that an OU be entered.
This patch provides mitigation for CVE-2022-0778.

Patch 10.7.5-291

SMG patch 10.7.5-291 is cumulative with SMG patch 10.7.5-290. Patch 10.7.5-291 includes all fixes in patch 290.

Issues addressed with patch 10.7.5-291

Messages with a blank subject are not processed when the policy action Modify Clickable URLs is enabled.
When a URL is referenced at the end of the line in an email subject, the policy action Modify Clickable URLs for Threat Isolation produces an unresolvable URL.
Policy can be written using an empty customer-specific URL category list.
Customer-specific URL category list can be modified, even when in use in an active policy.
The Update Download activity fails on Hyper-V systems.
Administrators are unable to edit the customer-specific URL Category Settings on a system configured only as a Control Center.
Messages with body content encoded as BINARY or a custom or non-standard type fail URL modification.
Messages with attachments fail URL modification when they have no body text.
Where the MX record of an email's destination domain contains upper case characters, delivery of a message may fail.
Administrators cannot change the Control Center's minimum TLS level using the cc-config command.
Configuration backups using SCPRSA fail cannot be scheduled or processed.

Please see Installing and removing patches for Messaging Gateway for details on patch installation.

Patch 10.7.5-290

Issues addressed with patch 10.7.5-290

Messages with a blank subject are not processed when the policy
action Modify Clickable URLs is enabled.
When a URL is referenced at the end of the line in an email subject,
the policy action Modify Clickable URLs for Threat Isolation produces
an unresolvable URL.
Administrators are able to create a policy using an empty customer-
specific URL category list.
Administrators are able to delete all entries in a customer-specific
URL category list, even if the list is in use by an active policy.
The "update download" activity fails on systems running under Hyper-V.
Administrators are unable to edit the customer-specific URL Category
Settings on a system configured only as a Control Center.

Please see Installing and removing patches for Messaging Gateway for details on patch installation.

10.7.5

New issues

Issues addressed with the 10.7.5 release

Outstanding issues

Patch 10.7.4-287

Issues addressed with patch 10.7.4-287

Patch 10.7.5-287 includes all fixes in 10.7.4-285
Some CAS / Threat Defense integration service crashes

Patch 10.7.4-285

Issues addressed with patch 10.7.4-285

SNMP queries for MTA statistics fail after upgrade to 10.7.4
The MTA service does start after upgrade to 10.7.4
Unable to generate a certificate signing request (CSR) after upgrade to 10.7.4
Global policy does not display 'Status' link if the policy name includes double-quotes
Message Audit Logs do not show Accept From IP information

10.7.4

Note: SMG 10.7.4 has dropped the Korean and Chinese languages from the list of available languages for the Control Center web GUI. Supported languages are English, French, Japanese, and Spanish

Issues addressed with the 10.7.4 release

Outstanding issues

Patch 10.7.3-281

Issues addressed with the 10.7.3-281 patch

'Modify clickable URLs' action now affects URLs in the message Subject
'Modify clickable URLs' action is not applied to URLs which have already been modified by the Modify clickable URLs action such as URLs in replies for forwarded messages
Disables the Control Center client certificate authentication

10.7.3

Issues addressed with the 10.7.3 release

Security Advisory SYMSA1501 - Symantec Messaging Gateway Multiple Issues

TECH235661 - LDAP-based admins are unable to authenticate using sAMAccountName as primary email
TECH254253 - SNMP trap events are not sent for RAID/disk events on the DVT 450 hardware platform
TECH256823 - Messaging Gateway does not detect password protected PDF files
TECH235661 - LDAP-based admins are unable to authenticate using sAMAccountName as primary email
TECH256824 - Expired license alerts are only sent twice
TECH256825 - BMI_AUDIT logs sent to a syslog server do not include the hostname
TECH254881 - Messages with long reply threads treated as Unscannable: due to limits exceeded
TECH256826 - Dashboard shows a green check for virus definitions despite the timestamp showing out of date
TECH255175 - Cannot import a CA certificate with unescaped single quote in Subject Common Name
TECH256827 - Messages with headers exceeding 8K in total size were not properly decomposed for content filtering
TECH256828 - When Disarm replaces a document attachment, it may change the filename
TECH256829 - Error: ...Symantec/Brightmail/mta/lib/scriptlets/smg/utils.lua:25: attempt to index local 's' (a boolean value)
TECH256467 - Messaging Gateway and changes to Brazilian daylight savings time
TECH256830 - Failure to extract and strip offending files from archives: rar, cab & bzip2
TECH256831 - The Messaging Gateway Disarm feature takes all actions on a disarmable attachment, even if not all actions are selected by the administrator configuration

Outstanding Issues

TECH257071 - License file is registered successfully but Licenses does not show updated end date
TECH257095 - Cannot connect to SMG Control Center after update to 10.7.3

10.7.2

SMG 10.7.2 is an internal release target specific to the inclusion of new hardware requirements and contains no customer facing features or bug fixes

10.7.1 patch 276

Issues addressed with Patch 276

TECH254215 - Messaging Gateway 10.7 antivirus does not report UTF-8 filenames consistently

10.7.1

Issues addressed with the 10.7.1 release

Security Advisory SYMSA1486 - Symantec Messaging Gateway Privilege Escalation

TECH254636 - Messaging Gateway does not pass the grub bootloader after upgrade to 10.7.0
TECH254647 - Kernel panic following update to Messaging Gateway 10.7.0
TECH254866 - Messaging Gateway 10.7 stops processing email
TECH254727 - Messaging Gateway does not upgrade to 10.7 when FIPS mode is enabled

Outstanding Issues

TECH255442 - Messages are aborted when trying to send outbound email with over 52 recipients
TECH255682 - Slow memory leak in the 10.7.1 conduit process
TECH256823 - Messaging Gateway does not detect password protected PDF files
TECH256467 - Messaging Gateway and changes to Brazilian daylight savings time

10.7.0 patch 275

Issues addressed with Patch 275

TECH255525 - Cannot update Messaging Gateway 10.7.0 - Unable to access repository.

10.7.0

Warning: Potential Update Issues

Due to the current issues with update to 10.7.0, please be certain to follow software update best practices including backing up configuration and delivering all messages from the queues prior to update.

TECH254636 - Messaging Gateway does not pass the grub bootloader after upgrade to 10.7.0
TECH254647 - Kernel panic following update to Messaging Gateway 10.7.0
TECH254866 - Messaging Gateway 10.7 stops processing email

Issues addressed with the 10.7 release

Addresses issues related to Security Advisory SYMSA1482

TECH254200 - Messaging Gateway audit logging shows "Processing status" when unlicensed
TECH254201 - Cannot reroute a queued message in Messaging Gateway
TECH254202 - Messaging Gateway stops sending Message Audit data to remote syslog server
TECH254203 - Lost password recovery not functioning in Messaging Gateway 10.6.6
TECH254206 - Messaging Gateway does not send CSV files to Threat Defense / CAS
TECH254207 - Unable to copy submitter ID from one control center to another control center
TECH254210 - Some URLs not modified by Modify Clickable URL policy
TECH254213 - Spreadsheets embedded in Word docs are not True-typed as "Spreadsheet Document"
TECH254217 - Warning and error messages logged during update to Messaging Gateway 10.7
TECH254243 - Moonshine service not accessible from the command line 'service' command
TECH254244 - Failure unmounting Configuration file system during system reboot
TECH254245 - '[ERROR] mysqld: Table "./brightmail/xxxxxxxx" is marked as crashed and should be repaired' during upgrade to SMG 10.7

Outstanding Issues

TECH254208 - Unable to remove policy group from Bounce Attack Prevention policy
TECH254209 - Dashboard "All scanners accessibe" does not properly indicate scanner accessibility
TECH254211 - Email Messages: Total Message Size report always shows same value
TECH254212 - A specific incoming message causes "421 4.4.2 service timed out" error in Messaging Gateway
TECH254214 - SMIME-encrypted email is not True-typed as PGP encrypted
TECH254215 - Messaging Gateway 10.7 antivirus does not report UTF-8 filenames consistently
TECH254204 - Local Bad Sender Domains wildcard domains do not match as expected
TECH254756 - RSA key command line authentication fails following update to SMG 10.7.0
TECH254710 - Console or Control Center authentication issues following update to SMG 10.7
TECH254881 - Messages with long reply threads treated as Unscannable: due to limits exceeded
TECH254963 - Messaging Gateway on Hyper-V loses network connectivity when number of CPUs is changed
TECH255175 - Cannot import a CA certificate with unescaped single quote in Subject Common Name
TECH255476 - PDF attachment files trigger the Executable Files rule in Messaging Gateway 10.7