This patch supersedes and replaces patches 10.6.3-266 and 10.6.3-267
This patch addresses the following issues:
A problem where the links in Spam Quarantine Notification Summary emails did not take a user to the correct message, but instead resulted in an error. (This problem was only introduced in patch 267; it did not exist previously.)
A problem where messages that were Disarmed had content types removed that the customer had not configured (e.g. fonts, in PDF files).
A potential remote code execution via the Control Center.
A potential for Cross Site Scripting in the Control Center.
The ability to enable or disable "Allow email addresses to start with a dash" was inadvertently removed in a previous release; this configuration option has been restored.
An issue where certain malformed Microsoft Office documents will fail to be detected or modified by the Disarm feature. These document types will now be processed by Disarm in the expected fashion.
Symantec recommends that SMG systems be updated to the latest release and patch level at the earliest opportunity.
Instructions for applying patch 10.6.3-268 may be found at TECH246891
Subscribing will provide email updates when this Article is updated. Login is required.